VYPR

Vendor CVEs

Cisco Systems, Inc.

All CVEs

7,231 total · sorted by risk
  • CVE-2005-3803HigNov 24, 2005
    risk 0.49cvss 7.5epss 0.02

    Cisco IP Phone (VoIP) 7920 1.0(8) contains certain hard-coded ("fixed") public and private SNMP community strings that cannot be changed, which allows remote attackers to obtain sensitive information.

  • CVE-2005-2181HigJul 11, 2005
    risk 0.49cvss 7.5epss 0.01

    Cisco 7940/7960 Voice over IP (VoIP) phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote attackers to spoof messages such as the "Messages waiting" message.

  • CVE-2002-1706HigDec 31, 2002
    risk 0.49cvss 7.5epss 0.01

    Cisco IOS software 11.3 through 12.2 running on Cisco uBR7200 and uBR7100 series Universal Broadband Routers allows remote attackers to modify Data Over Cable Service Interface Specification (DOCSIS) settings via a DOCSIS file without a Message Integrity Check (MIC) signature,…

  • CVE-2026-20051HigFeb 25, 2026
    risk 0.48cvss 7.4epss 0.00

    A vulnerability with the Ethernet VPN (EVPN) Layer 2 ingress packet processing of Cisco Nexus 3600 Platform Switches and Cisco Nexus 9500-R Series Switching Platforms could allow an unauthenticated, adjacent attacker to trigger a Layer 2 traffic loop. This vulnerability is…

  • CVE-2026-20033HigFeb 25, 2026
    risk 0.48cvss 7.4epss 0.00

    A vulnerability in Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation when processing specific Ethernet…

  • CVE-2026-20010HigFeb 25, 2026
    risk 0.48cvss 7.4epss 0.00

    A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause the LLDP process to restart, which could cause an affected device to reload unexpectedly. This vulnerability is due to…

  • CVE-2020-37167HigFeb 12, 2026
    risk 0.48cvss 8.4epss 0.00

    ClamAV versions prior to 0.103.0-rc contain a vulnerability in function name processing through the ClamBC bytecode interpreter that allows attackers to manipulate bytecode function names. Attackers can exploit the weak input validation in function name encoding to potentially…

  • CVE-2025-43520MedKEVDec 12, 2025
    risk 0.48cvss 5.5epss 0.00

    A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A malicious application may…

  • CVE-2025-20311HigSep 24, 2025
    risk 0.48cvss 7.4epss 0.00

    A vulnerability in the handling of certain Ethernet frames in Cisco IOS XE Software for Catalyst 9000 Series Switches could allow an unauthenticated, adjacent attacker to cause an egress port to become blocked and drop all outbound traffic. This vulnerability is due to…

  • CVE-2025-20340HigSep 10, 2025
    risk 0.48cvss 7.4epss 0.01

    A vulnerability in the Address Resolution Protocol (ARP) implementation of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to trigger a broadcast storm, leading to a denial of service (DoS) condition on an affected device. This vulnerability is…

  • CVE-2025-20241HigAug 27, 2025
    risk 0.48cvss 7.4epss 0.00

    A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) feature of Cisco NX-OS Software for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the IS-IS…

  • CVE-2025-31238HigMay 12, 2025
    risk 0.48cvss 7.3epss 0.01

    The issue was addressed with improved checks. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to memory corruption.

  • CVE-2025-20191HigMay 7, 2025
    risk 0.48cvss 7.4epss 0.00

    A vulnerability in the Switch Integrated Security Features (SISF) of Cisco IOS Software, Cisco IOS XE Software, Cisco NX-OS Software, and Cisco Wireless LAN Controller (WLC) AireOS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS)…

  • CVE-2025-20111HigFeb 26, 2025
    risk 0.48cvss 7.4epss 0.00

    A vulnerability in the health monitoring diagnostics of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the device to reload unexpectedly, resulting in a denial of service…

  • CVE-2021-1285HigNov 18, 2024
    risk 0.48cvss 7.4epss 0.03

    Multiple Cisco products are affected by a vulnerability in the Ethernet Frame Decoder of the Snort detection engine that could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper handling of error…

  • CVE-2024-20318HigMar 13, 2024
    risk 0.48cvss 7.4epss 0.00

    A vulnerability in the Layer 2 Ethernet services of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the line card network processor to reset, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling…

  • CVE-2018-15373HigOct 5, 2018
    risk 0.48cvss 7.4epss 0.01

    A vulnerability in the implementation of Cisco Discovery Protocol functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust memory on an affected device, resulting in a denial of service (DoS) condition. The…

  • CVE-2018-0475HigOct 5, 2018
    risk 0.48cvss 7.4epss 0.01

    A vulnerability in the implementation of the cluster feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input…

  • CVE-2018-0471HigOct 5, 2018
    risk 0.48cvss 7.4epss 0.01

    A vulnerability in the Cisco Discovery Protocol (CDP) module of Cisco IOS XE Software Releases 16.6.1 and 16.6.2 could allow an unauthenticated, adjacent attacker to cause a memory leak that may lead to a denial of service (DoS) condition. The vulnerability is due to incorrect…

  • CVE-2018-0434HigOct 5, 2018
    risk 0.48cvss 7.4epss 0.01

    A vulnerability in the Zero Touch Provisioning feature of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate. The vulnerability is due to insufficient certificate validation by…

  • CVE-2018-0422HigOct 5, 2018
    risk 0.48cvss 7.3epss 0.01

    A vulnerability in the folder permissions of Cisco Webex Meetings client for Windows could allow an authenticated, local attacker to modify locally stored files and execute code on a targeted device with the privilege level of the user. The vulnerability is due to folder…

  • CVE-2018-0263HigJun 7, 2018
    risk 0.48cvss 7.4epss 0.01

    A vulnerability in Cisco Meeting Server (CMS) could allow an unauthenticated, adjacent attacker to access services running on internal device interfaces of an affected system. The vulnerability is due to incorrect default configuration of the device, which can expose internal…

  • CVE-2018-0235HigMay 2, 2018
    risk 0.48cvss 7.4epss 0.01

    A vulnerability in the 802.11 frame validation functionality of the Cisco Wireless LAN Controller (WLC) could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is…

  • CVE-2018-0241HigApr 19, 2018
    risk 0.48cvss 7.4epss 0.01

    A vulnerability in the UDP broadcast forwarding function of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to improper handling of UDP broadcast packets that…

  • CVE-2018-0165HigMar 28, 2018
    risk 0.48cvss 7.4epss 0.01

    A vulnerability in the Internet Group Management Protocol (IGMP) packet-processing functionality of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust buffers on an affected device, resulting in a denial of service (DoS) condition, aka a Memory…

  • CVE-2018-0102HigJan 18, 2018
    risk 0.48cvss 7.4epss 0.01

    A vulnerability in the Pong tool of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software attempts to free the same…

  • CVE-2017-12275HigNov 2, 2017
    risk 0.48cvss 7.4epss 0.01

    A vulnerability in the implementation of 802.11v Basic Service Set (BSS) Transition Management functionality in Cisco Wireless LAN Controllers could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service…

  • CVE-2014-0691HigOct 24, 2017
    risk 0.48cvss 7.3epss 0.01

    Cisco WebEx Meetings Server before 1.1 uses meeting IDs with insufficient entropy, which makes it easier for remote attackers to bypass authentication and join arbitrary meetings without a password, aka Bug ID CSCuc79643.

  • CVE-2017-3849HigMar 21, 2017
    risk 0.48cvss 7.4epss 0.01

    A vulnerability in the Autonomic Networking Infrastructure (ANI) registrar feature of Cisco IOS Software (possibly 15.2 through 15.6) and Cisco IOS XE Software (possibly 3.7 through 3.18, and 16) could allow an unauthenticated, adjacent attacker to cause a denial of service…

  • CVE-2016-6474HigDec 14, 2016
    risk 0.48cvss 7.3epss 0.01

    A vulnerability in the implementation of X.509 Version 3 for SSH authentication functionality in Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication on an affected system. More Information: CSCuv89417. Known Affected Releases:…

  • CVE-2016-6453HigNov 3, 2016
    risk 0.48cvss 7.3epss 0.01

    A vulnerability in the web framework code of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary SQL commands on the database. More Information: CSCva46542. Known Affected Releases: 1.3(0.876).

  • CVE-2016-6435MedOct 6, 2016
    risk 0.48cvss 6.5epss 0.37

    The web console in Cisco Firepower Management Center 6.0.1 allows remote authenticated users to read arbitrary files via crafted parameters, aka Bug ID CSCva30376.

  • CVE-2016-1392HigMay 5, 2016
    risk 0.48cvss 7.4epss 0.01

    Open redirect vulnerability in Cisco Prime Collaboration Assurance Software 10.5 through 11.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuu34121.

  • CVE-2016-1389HigApr 28, 2016
    risk 0.48cvss 7.4epss 0.01

    Open redirect vulnerability in Cisco WebEx Meetings Server (CWMS) 2.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuy44695.

  • CVE-2015-6336HigJan 15, 2016
    risk 0.48cvss 7.3epss 0.01

    Cisco Aironet 1800 devices with software 7.2, 7.3, 7.4, 8.1(112.3), 8.1(112.4), and 8.1(15.14) have a default account, which makes it easier for remote attackers to obtain access via unspecified vectors, aka Bug ID CSCuw58062.

  • CVE-2026-43656HigMay 11, 2026
    risk 0.47cvss 7.3epss 0.00

    An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. Parsing a maliciously crafted file may lead to an unexpected app…

  • CVE-2026-43655HigMay 11, 2026
    risk 0.47cvss 7.3epss 0.00

    An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. An app may be able to cause unexpected system termination or read kernel memory.

  • CVE-2026-20035HigMay 6, 2026
    risk 0.47cvss 7.2epss 0.00

    A vulnerability in the web UI of Cisco Unity Connection Web Inbox could allow an unauthenticated, remote attacker to conduct SSRF attacks through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit…

  • CVE-2026-20151HigApr 1, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability in the web interface of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to elevate privileges on an affected system. This vulnerability is due to the improper transmission of sensitive user information. An…

  • CVE-2026-20122MedKEVFeb 25, 2026
    risk 0.47cvss 5.4epss 0.07

    A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system. To exploit this vulnerability, the attacker must have valid read-only credentials with API access on the affected…

  • CVE-2018-15431HigOct 5, 2018
    risk 0.47cvss 7.3epss 0.00

    A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates…

  • CVE-2018-15430HigOct 5, 2018
    risk 0.47cvss 7.2epss 0.03

    A vulnerability in the administrative web interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to execute code with user-level privileges on the underlying operating system. The vulnerability…

  • CVE-2018-0440HigOct 5, 2018
    risk 0.47cvss 7.2epss 0.02

    A vulnerability in the web interface of Cisco Data Center Network Manager could allow an authenticated application administrator to execute commands on the underlying operating system with root-level privileges. The vulnerability is due to incomplete input validation of user…

  • CVE-2018-0348HigJul 18, 2018
    risk 0.47cvss 7.2epss 0.03

    A vulnerability in the CLI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by…

  • CVE-2018-0344HigJul 18, 2018
    risk 0.47cvss 7.2epss 0.02

    A vulnerability in the vManage dashboard for the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. The vulnerability is due…

  • CVE-2018-0300HigJun 21, 2018
    risk 0.47cvss 7.2epss 0.07

    A vulnerability in the process of uploading new application images to Cisco FXOS on the Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) and Firepower 9300 Security Appliance could allow an authenticated, remote attacker using path traversal techniques to create or…

  • CVE-2018-0116HigFeb 8, 2018
    risk 0.47cvss 7.2epss 0.01

    A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthenticated, remote attacker to be authorized as a subscriber without providing a valid password; however, the attacker must provide a valid username. The vulnerability is due to…

  • CVE-2017-6746HigJul 25, 2017
    risk 0.47cvss 7.2epss 0.04

    A vulnerability in the web interface of the Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid administrator credentials. Affected Products: Cisco…

  • CVE-2017-3796HigJan 26, 2017
    risk 0.47cvss 7.2epss 0.02

    A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute predetermined shell commands on other hosts. More Information: CSCuz03353. Known Affected Releases: 2.6.

  • CVE-2016-6373HigSep 22, 2016
    risk 0.47cvss 7.2epss 0.02

    The web-based GUI in Cisco Cloud Services Platform (CSP) 2100 2.0 allows remote authenticated administrators to execute arbitrary OS commands as root via crafted platform commands, aka Bug ID CSCva00541.

Page 17 of 145