VYPR

Vendor CVEs

Cisco Systems, Inc.

All CVEs

7,231 total · sorted by risk
  • CVE-2017-6750HigJul 25, 2017
    risk 0.49cvss 7.5epss 0.03

    A vulnerability in AsyncOS for the Cisco Web Security Appliance (WSA) could allow an unauthenticated, local attacker to log in to the device with the privileges of a limited user or an unauthenticated, remote attacker to authenticate to certain areas of the web GUI, aka a Static…

  • CVE-2017-6672HigJul 25, 2017
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in certain filtering mechanisms of access control lists (ACLs) for Cisco ASR 5000 Series Aggregation Services Routers through 21.x could allow an unauthenticated, remote attacker to bypass ACL rules that have been configured for an affected device. More…

  • CVE-2017-11587HigJul 24, 2017
    risk 0.49cvss 7.5epss 0.02

    On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is directory traversal in the filename parameter to the /download.conf URI.

  • CVE-2017-6731HigJul 10, 2017
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in Multicast Source Discovery Protocol (MSDP) ingress packet processing for Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the MSDP session to be unexpectedly reset, causing a short denial of service (DoS) condition. The MSDP…

  • CVE-2017-6729HigJul 10, 2017
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the Border Gateway Protocol (BGP) processing functionality of the Cisco StarOS operating system for Cisco ASR 5000 Series Routers and Cisco Virtualized Packet Core (VPC) Software could allow an unauthenticated, remote attacker to cause the BGP process on an…

  • CVE-2017-6678HigJun 26, 2017
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the ingress UDP packet processing functionality of Cisco Virtualized Packet Core-Distributed Instance (VPC-DI) Software 19.2 through 21.0 could allow an unauthenticated, remote attacker to cause both control function (CF) instances on an affected system to…

  • CVE-2017-6681HigJun 13, 2017
    risk 0.49cvss 7.5epss 0.03

    A vulnerability in the AutoVNF VNFStagingView class of Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to execute a relative path traversal attack, enabling an attacker to read sensitive files on the system. More Information: CSCvc76662. Known…

  • CVE-2017-6680HigJun 13, 2017
    risk 0.49cvss 7.5epss 0.01

    A vulnerability in the AutoVNF logging function of Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to create arbitrary directories on the affected system. More Information: CSCvc76652. Known Affected Releases: 21.0.0.

  • CVE-2017-6674HigJun 13, 2017
    risk 0.49cvss 7.5epss 0.01

    A vulnerability in the feature-license management functionality of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass URL filters that have been configured for an affected device. More Information: CSCvb16413. Known Affected Releases: 6.0.1…

  • CVE-2017-6671HigJun 13, 2017
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the device, as demonstrated by the Attachment Filter. More Information: CSCvd34632.…

  • CVE-2017-6648HigJun 8, 2017
    risk 0.49cvss 7.5epss 0.04

    A vulnerability in the Session Initiation Protocol (SIP) of the Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause a TelePresence endpoint to reload unexpectedly, resulting in a denial of service (DoS)…

  • CVE-2017-6653HigMay 22, 2017
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the TCP throttling process for the GUI of the Cisco Identity Services Engine (ISE) 2.1(0.474) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device where the ISE GUI may fail to respond to new or…

  • CVE-2017-6641HigMay 22, 2017
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the TCP connection handling functionality of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to disable TCP ports and cause a denial of service (DoS) condition on an affected system. The vulnerability is due to a…

  • CVE-2017-6633HigMay 22, 2017
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the TCP throttling process of Cisco UCS C-Series Rack Servers 3.0(0.234) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate-limiting protection. An…

  • CVE-2017-6632HigMay 22, 2017
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the logging configuration of Secure Sockets Layer (SSL) policies for Cisco FirePOWER System Software 5.3.0 through 6.2.2 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high consumption of system resources.…

  • CVE-2017-6652HigMay 18, 2017
    risk 0.49cvss 7.5epss 0.04

    A vulnerability in the web framework of the Cisco TelePresence IX5000 Series could allow an unauthenticated, remote attacker to access arbitrary files on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability…

  • CVE-2017-6621HigMay 18, 2017
    risk 0.49cvss 7.5epss 0.06

    A vulnerability in the web interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to insufficient…

  • CVE-2017-6658HigMay 16, 2017
    risk 0.49cvss 7.5epss 0.01

    Cisco Sourcefire Snort 3.0 before build 233 has a Buffer Overread related to use of a decoder array. The size was off by one making it possible to read past the end of the array with an ether type of 0xFFFF. Increasing the array size solves this problem.

  • CVE-2017-6657HigMay 16, 2017
    risk 0.49cvss 7.5epss 0.01

    Cisco Sourcefire Snort 3.0 before build 233 mishandles Ether Type Validation. Since valid ether type and IP protocol numbers do not overlap, Snort++ stores all protocol decoders in a single array. That makes it possible to craft packets that have IP protocol numbers in the ether…

  • CVE-2017-6651HigMay 16, 2017
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in Cisco WebEx Meetings Server could allow unauthenticated, remote attackers to gain information that could allow them to access scheduled customer meetings. The vulnerability is due to an incomplete configuration of the robots.txt file on customer-hosted WebEx…

  • CVE-2017-3876HigMay 16, 2017
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the Event Management Service daemon (emsd) of Cisco IOS XR routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to improper handling of gRPC requests. An attacker…

  • CVE-2017-3873HigMay 16, 2017
    risk 0.49cvss 7.5epss 0.01

    A vulnerability in the Plug-and-Play (PnP) subsystem of the Cisco Aironet 1800, 2800, and 3800 Series Access Points running a Lightweight Access Point (AP) or Mobility Express image could allow an unauthenticated, adjacent attacker to execute arbitrary code with root privileges.…

  • CVE-2017-3825HigMay 16, 2017
    risk 0.49cvss 7.5epss 0.03

    A vulnerability in the ICMP ingress packet processing of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause the TelePresence endpoint to reload unexpectedly, resulting in a denial of service (DoS) condition. The…

  • CVE-2017-3808HigApr 20, 2017
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the Session Initiation Protocol (SIP) UDP throttling process of Cisco Unified Communications Manager (Cisco Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due…

  • CVE-2017-3832HigApr 6, 2017
    risk 0.49cvss 7.5epss 0.03

    A vulnerability in the web management interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a missing internal handler for the…

  • CVE-2016-9219HigApr 6, 2017
    risk 0.49cvss 7.5epss 0.03

    A vulnerability with IPv6 UDP ingress packet processing in Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause an unexpected reload of the device. The vulnerability is due to incomplete IPv6 UDP header validation. An attacker…

  • CVE-2017-3859HigMar 22, 2017
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the DHCP code for the Zero Touch Provisioning feature of Cisco ASR 920 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a format string vulnerability when…

  • CVE-2017-3857HigMar 22, 2017
    risk 0.49cvss 7.5epss 0.03

    A vulnerability in the Layer 2 Tunneling Protocol (L2TP) parsing function of Cisco IOS (12.0 through 12.4 and 15.0 through 15.6) and Cisco IOS XE (3.1 through 3.18) could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to…

  • CVE-2017-3856HigMar 22, 2017
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the web user interface of Cisco IOS XE 3.1 through 3.17 could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient resource handling by the affected software when the web user interface is…

  • CVE-2017-3851HigMar 22, 2017
    risk 0.49cvss 7.5epss 0.05

    A Directory Traversal vulnerability in the web framework code of the Cisco application-hosting framework (CAF) component of the Cisco IOx application environment could allow an unauthenticated, remote attacker to read any file from the CAF in the virtual instance running on the…

  • CVE-2017-3826HigMar 1, 2017
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the Stream Control Transmission Protocol (SCTP) decoder of the Cisco NetFlow Generation Appliance (NGA) with software before 1.1(1a) could allow an unauthenticated, remote attacker to cause the device to hang or unexpectedly reload, causing a denial of service…

  • CVE-2017-3841HigFeb 22, 2017
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the web interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to disclose sensitive information. More Information: CSCvc04854. Known Affected Releases: 5.8(2.5).

  • CVE-2017-3830HigFeb 22, 2017
    risk 0.49cvss 7.5epss 0.03

    A vulnerability in an internal API of the Cisco Meeting Server (CMS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected appliance. More Information: CSCvc89678. Known Affected Releases: 2.1. Known Fixed Releases: 2.1.2.

  • CVE-2016-9212HigDec 14, 2016
    risk 0.49cvss 7.5epss 0.03

    A vulnerability in the Decrypt for End-User Notification configuration parameter of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to connect to a secure website over Secure Sockets Layer (SSL) or Transport Layer Security…

  • CVE-2016-9211HigDec 14, 2016
    risk 0.49cvss 7.5epss 0.03

    A vulnerability in TCP port management in Cisco ONS 15454 Series Multiservice Provisioning Platforms could allow an unauthenticated, remote attacker to cause the controller card to unexpectedly reload. More Information: CSCuw26032. Known Affected Releases: 10.51.

  • CVE-2016-9210HigDec 14, 2016
    risk 0.49cvss 7.5epss 0.03

    A vulnerability in the Cisco Unified Reporting upload tool accessed via the Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to modify arbitrary files on the file system. More Information: CSCvb61698. Known Affected Releases: 11.5(1.11007.2).…

  • CVE-2016-9205HigDec 14, 2016
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the HTTP 2.0 request handling code of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon (emsd) to crash, resulting in a denial of service (DoS) condition. More Information: CSCvb14425. Known…

  • CVE-2016-9203HigDec 14, 2016
    risk 0.49cvss 7.5epss 0.03

    A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco ASR 5000 Series Software could allow an unauthenticated, remote attacker to cause a reload of the ipsecmgr process. More Information: CSCvb38398. Known Affected Releases: 20.2.3 20.2.3.65026. Known…

  • CVE-2016-9201HigDec 14, 2016
    risk 0.49cvss 7.5epss 0.03

    A vulnerability in the Zone-Based Firewall feature of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to pass traffic that should otherwise have been dropped based on the configuration. More Information: CSCuz21015. Known Affected Releases:…

  • CVE-2016-9198HigDec 14, 2016
    risk 0.49cvss 7.5epss 0.03

    A vulnerability in the Active Directory integration component of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform a denial of service (DoS) attack. More Information: CSCuw15041. Known Affected Releases: 1.2(1.199).

  • CVE-2016-9193HigDec 14, 2016
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the malicious file detection and blocking features of Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system. Affected Products: Cisco…

  • CVE-2016-6469HigDec 14, 2016
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in HTTP URL parsing of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) vulnerability due to the proxy process unexpectedly restarting. More Information: CSCvb04312. Known…

  • CVE-2016-6467HigDec 14, 2016
    risk 0.49cvss 7.5epss 0.03

    A vulnerability in IPv6 packet fragment reassembly of StarOS for Cisco Aggregation Services Router (ASR) 5000 Series Switch could allow an unauthenticated, remote attacker to cause an unexpected reload of the Network Processing Unit (NPU) process. More Information: CSCva84552.…

  • CVE-2016-6464HigDec 14, 2016
    risk 0.49cvss 7.5epss 0.03

    A vulnerability in the web management interface of the Cisco Unified Communications Manager IM and Presence Service could allow an unauthenticated, remote attacker to view information on web pages that should be restricted. More Information: CSCva49629. Known Affected Releases:…

  • CVE-2016-6466HigNov 19, 2016
    risk 0.49cvss 7.5epss 0.03

    A vulnerability in the IPsec component of StarOS for Cisco ASR 5000 Series routers could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from establishing, resulting in a denial of service (DoS) condition. This…

  • CVE-2016-6460HigNov 19, 2016
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the FTP Representational State Transfer Application Programming Interface (REST API) for Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass FTP malware detection rules and download malware over an FTP connection. Cisco…

  • CVE-2016-6458HigNov 19, 2016
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass content filters configured on an affected device. Email that should have been filtered could instead be…

  • CVE-2016-6455HigNov 3, 2016
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the Slowpath of StarOS for Cisco ASR 5500 Series routers with Data Processing Card 2 (DPC2) could allow an unauthenticated, remote attacker to cause a subset of the subscriber sessions to be disconnected, resulting in a partial denial of service (DoS)…

  • CVE-2016-6372HigOct 28, 2016
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the email message and content filtering for malformed Multipurpose Internet Mail Extensions (MIME) headers of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to…

  • CVE-2016-6360HigOct 28, 2016
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in Advanced Malware Protection (AMP) for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition due to the AMP process unexpectedly restarting.…

Page 14 of 145