VYPR

Vendor CVEs

Cisco Systems, Inc.

All CVEs

7,231 total · sorted by risk
  • CVE-2018-0176HigMar 28, 2018
    risk 0.51cvss 7.8epss 0.01

    Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerabilities are due to…

  • CVE-2018-0169HigMar 28, 2018
    risk 0.51cvss 7.8epss 0.01

    Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerabilities are due to…

  • CVE-2017-12319MedKEVMar 27, 2018
    risk 0.51cvss 5.9epss 0.05

    A vulnerability in the Border Gateway Protocol (BGP) over an Ethernet Virtual Private Network (EVPN) for Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a denial of service (DoS) condition, or potentially corrupt…

  • CVE-2017-5829HigFeb 15, 2018
    risk 0.51cvss 7.8epss 0.01

    An access restriction bypass vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.

  • CVE-2018-0095HigJan 18, 2018
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the administrative shell of Cisco AsyncOS on Cisco Email Security Appliance (ESA) and Content Security Management Appliance (SMA) could allow an authenticated, local attacker to escalate their privilege level and gain root access. The attacker has to have a…

  • CVE-2018-0103HigJan 4, 2018
    risk 0.51cvss 7.8epss 0.02

    A Buffer Overflow vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a local attacker to execute arbitrary code on the system of a user. The attacker could exploit this vulnerability by sending the user a link or email…

  • CVE-2017-12314HigNov 16, 2017
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the Cisco FindIT Network Discovery Utility could allow an authenticated, local attacker to perform a DLL preloading attack, potentially causing a partial impact to the device availability, confidentiality, and integrity, aka Insecure Library Loading. The…

  • CVE-2017-12261HigNov 2, 2017
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the restricted shell of the Cisco Identity Services Engine (ISE) that is accessible via SSH could allow an authenticated, local attacker to run arbitrary CLI commands with elevated privileges. The vulnerability is due to incomplete input validation of the user…

  • CVE-2017-12252HigSep 21, 2017
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the Cisco FindIT Network Discovery Utility could allow an authenticated, local attacker to perform a DLL preloading attack, potentially causing a partial impact to device availability, confidentiality, and integrity. The vulnerability is due to the application…

  • CVE-2017-6768HigAug 17, 2017
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the build procedure for certain executable system files installed at boot time on Cisco Application Policy Infrastructure Controller (APIC) devices could allow an authenticated, local attacker to gain root-level privileges. The vulnerability is due to a custom…

  • CVE-2017-6669HigJun 26, 2017
    risk 0.51cvss 7.8epss 0.02

    Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files. An attacker could exploit these vulnerabilities by providing a user with a malicious ARF file via email or URL and convincing the user to launch…

  • CVE-2017-6638HigJun 8, 2017
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in how DLL files are loaded with Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and run an executable file with privileges equivalent to the Microsoft Windows SYSTEM account. The vulnerability is due to…

  • CVE-2017-6650HigMay 22, 2017
    risk 0.51cvss 7.8epss 0.01

    A vulnerability in the Telnet CLI command of Cisco NX-OS System Software 7.1 through 7.3 running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of…

  • CVE-2017-6649HigMay 22, 2017
    risk 0.51cvss 7.8epss 0.01

    A vulnerability in the CLI of Cisco NX-OS System Software 7.1 through 7.3 running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An…

  • CVE-2017-6623HigMay 18, 2017
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in a script file that is installed as part of the Cisco Policy Suite (CPS) Software distribution for the CPS appliance could allow an authenticated, local attacker to escalate their privilege level to root. The vulnerability is due to incorrect sudoers…

  • CVE-2017-6600HigApr 7, 2017
    risk 0.51cvss 7.8epss 0.01

    A vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More…

  • CVE-2017-6597HigApr 7, 2017
    risk 0.51cvss 7.8epss 0.01

    A vulnerability in the local-mgmt CLI command of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection…

  • CVE-2016-9215HigDec 14, 2016
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in Cisco IOS XR Software could allow an authenticated, local attacker to log in to the device with the privileges of the root user. More Information: CSCva38434. Known Affected Releases: 6.1.1.BASE.

  • CVE-2016-9192HigDec 14, 2016
    risk 0.51cvss 7.8epss 0.03

    A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and execute an arbitrary executable file with privileges equivalent to the Microsoft Windows operating system SYSTEM account. More Information:…

  • CVE-2016-6470HigDec 14, 2016
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the installation procedure of the Cisco Hybrid Media Service could allow an authenticated, local attacker to elevate privileges to the root level. More Information: CSCvb81344. Known Affected Releases: 1.0.

  • CVE-2016-6449HigDec 14, 2016
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the system management of certain FireAMP system processes in Cisco FireAMP Connector Endpoint software could allow an authenticated, local attacker to stop certain protected FireAMP processes without requiring a password. Stopping certain critical processes…

  • CVE-2016-6430HigNov 3, 2016
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the command-line interface of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an authenticated, local attacker to elevate the privilege level associated with their session. More Information: CSCva38636. Known Affected Releases:…

  • CVE-2016-6428HigOct 6, 2016
    risk 0.51cvss 7.8epss 0.00

    Cisco IOS XR 6.1.1 allows local users to execute arbitrary OS commands as root by leveraging admin privileges, aka Bug ID CSCva38349.

  • CVE-2016-6413HigSep 24, 2016
    risk 0.51cvss 7.8epss 0.00

    The installation procedure on Cisco Application Policy Infrastructure Controller (APIC) devices 1.3(2f) mishandles binary files, which allows local users to obtain root access via unspecified vectors, aka Bug ID CSCva50496.

  • CVE-2016-6414HigSep 22, 2016
    risk 0.51cvss 7.8epss 0.00

    iox in Cisco IOS, possibly 15.6 and earlier, and IOS XE, possibly 3.18 and earlier, allows local users to execute arbitrary IOx Linux commands on the guest OS via crafted iox command-line options, aka Bug ID CSCuz59223.

  • CVE-2016-6402HigSep 18, 2016
    risk 0.51cvss 7.8epss 0.00

    UCS Manager and UCS 6200 Fabric Interconnects in Cisco Unified Computing System (UCS) through 3.0(2d) allow local users to obtain OS root access via crafted CLI input, aka Bug ID CSCuz91263.

  • CVE-2016-6369HigAug 25, 2016
    risk 0.51cvss 7.8epss 0.00

    Cisco AnyConnect Secure Mobility Client before 4.2.05015 and 4.3.x before 4.3.02039 mishandles pathnames, which allows local users to gain privileges via a crafted INF file, aka Bug ID CSCuz92464.

  • CVE-2016-6362HigAug 22, 2016
    risk 0.51cvss 7.8epss 0.00

    Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.110.0, 8.2.12x before 8.2.121.0, and 8.3.x before 8.3.102.0 allow local users to gain privileges via crafted CLI parameters, aka Bug ID CSCuz24725.

  • CVE-2016-1456HigJul 15, 2016
    risk 0.51cvss 7.8epss 0.00

    The CLI in Cisco IOS XR 6.x through 6.0.1 allows local users to execute arbitrary OS commands in a privileged context by leveraging unspecified container access, aka Bug ID CSCuz62721.

  • CVE-2016-1420HigJun 10, 2016
    risk 0.51cvss 7.8epss 0.00

    The installation component on Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.3(2f) mishandles binary files, which allows local users to obtain root access via unspecified vectors, aka Bug ID CSCuz72347.

  • CVE-2016-1418HigJun 8, 2016
    risk 0.51cvss 7.8epss 0.00

    Cisco Aironet Access Point Software 8.2(100.0) on 1830e, 1830i, 1850e, 1850i, 2800, and 3800 access points allows local users to obtain Linux root access via crafted CLI command parameters, aka Bug ID CSCuy64037.

  • CVE-2016-1403HigJun 4, 2016
    risk 0.51cvss 7.8epss 0.01

    CISCO IP 8800 phones with software 11.0.1 and earlier allow local users to gain privileges for OS command execution via crafted CLI commands, aka Bug ID CSCuz03005.

  • CVE-2016-1390HigJun 4, 2016
    risk 0.51cvss 7.8epss 0.00

    Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) allow local users to obtain root access via crafted CLI input, aka Bug ID…

  • CVE-2016-4349HigApr 28, 2016
    risk 0.51cvss 7.8epss 0.00

    Untrusted search path vulnerability in Cisco WebEx Productivity Tools 2.40.5001.10012 allows local users to gain privileges via a Trojan horse cryptsp.dll, dwmapi.dll, msimg32.dll, ntmarta.dll, propsys.dll, riched20.dll, rpcrtremote.dll, secur32.dll, sxs.dll, or uxtheme.dll file…

  • CVE-2016-1339HigApr 16, 2016
    risk 0.51cvss 7.8epss 0.00

    Cisco Unified Computing System (UCS) Platform Emulator 2.5(2)TS4, 3.0(2c)A, and 3.0(2c)TS9 allows local users to gain privileges via crafted arguments on a ucspe-copy command line, aka Bug ID CSCux68832.

  • CVE-2013-7030HigDec 12, 2013
    risk 0.51cvss 7.3epss 0.05

    The TFTP service in Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to obtain sensitive information from a phone via an RRQ operation, as demonstrated by discovering a cleartext UseUserCredential field in an SPDefault.cnf.xml file. NOTE:…

  • CVE-2009-2055MedKEVAug 19, 2009
    risk 0.51cvss 5.9epss 0.03

    Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a denial of service (session reset) via a BGP UPDATE message with an invalid attribute, as demonstrated in the wild on 17 August 2009.

  • CVE-2008-1246HigMar 10, 2008
    risk 0.51cvss 7.8epss 0.00

    The Cisco PIX/ASA Finesse Operation System 7.1 and 7.2 allows local users to gain privileges by entering characters at the enable prompt, erasing these characters via the Backspace key, and then holding down the Backspace key for one second after erasing the final character.…

  • CVE-2004-1464MedKEVDec 31, 2004
    risk 0.51cvss 5.9epss 0.05

    Cisco IOS 12.2(15) and earlier allows remote attackers to cause a denial of service (refused VTY (virtual terminal) connections), via a crafted TCP connection to the Telnet or reverse Telnet port.

  • CVE-2026-20185HigMay 6, 2026
    risk 0.50cvss 7.7epss 0.00

    A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco 350 Series Managed Switches (SG350) and Cisco 350X Series Stackable Managed Switches (SG350X) firmware could allow an authenticated, remote attacker to cause a denial of service (DoS)…

  • CVE-2026-20167HigMay 6, 2026
    risk 0.50cvss 7.7epss 0.00

    A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to cause a DoS condition on a remotely managed router. This vulnerability is due to improper error handling. An attacker…

  • CVE-2026-20105HigMar 4, 2026
    risk 0.50cvss 7.7epss 0.00

    A vulnerability in the Remote Access SSL VPN functionality of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker with a valid VPN connection to exhaust device memory…

  • CVE-2026-20100HigMar 4, 2026
    risk 0.50cvss 7.7epss 0.00

    A vulnerability in the LUA interperter of the Remote Access SSL VPN feature of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker with a valid VPN connection to cause…

  • CVE-2026-20049HigMar 4, 2026
    risk 0.50cvss 7.7epss 0.00

    A vulnerability in the processing of Galois/Counter Mode (GCM)-encrypted Internet Key Exchange version 2 (IKEv2) IPsec traffic of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an…

  • CVE-2026-20014HigMar 4, 2026
    risk 0.50cvss 7.7epss 0.00

    A vulnerability in the IKEv2 feature of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an authenticated, remote attacker with valid VPN user credentials to cause a DoS condition on an affected device that may also impact the availability of services…

  • CVE-2026-20048HigFeb 25, 2026
    risk 0.50cvss 7.7epss 0.00

    A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to…

  • CVE-2025-20327HigSep 24, 2025
    risk 0.50cvss 7.7epss 0.00

    A vulnerability in the web UI of Cisco IOS Software could allow an authenticated, remote attacker with low privileges to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper input validation. An attacker could exploit this…

  • CVE-2025-20312HigSep 24, 2025
    risk 0.50cvss 7.7epss 0.00

    A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper error handling when…

  • CVE-2025-20244HigAug 14, 2025
    risk 0.50cvss 7.7epss 0.00

    A vulnerability in the Remote Access SSL VPN service for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow a remote attacker that is authenticated as a VPN user to cause the device to reload…

  • CVE-2025-20192HigMay 7, 2025
    risk 0.50cvss 7.7epss 0.00

    A vulnerability in the Internet Key Exchange version 1 (IKEv1) implementation of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The attacker must have valid IKEv1 VPN credentials to exploit this vulnerability. …

Page 11 of 145