VYPR

Vendor CVEs

Cisco Systems, Inc.

All CVEs

7,231 total · sorted by risk
  • CVE-2018-0415MedAug 15, 2018
    risk 0.44cvss 6.8epss 0.01

    A vulnerability in the implementation of Extensible Authentication Protocol over LAN (EAPOL) functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an authenticated, adjacent attacker to…

  • CVE-2018-0342MedJul 18, 2018
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the configuration and monitoring service of the Cisco SD-WAN Solution could allow an authenticated, local attacker to execute arbitrary code with root privileges or cause a denial of service (DoS) condition on an affected device. The vulnerability is due to…

  • CVE-2018-0294MedJun 20, 2018
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the write-erase feature of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to configure an unauthorized administrator account for an affected device. The vulnerability exists because the affected software does not…

  • CVE-2018-0352MedJun 7, 2018
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the Disk Check Tool (disk-check.sh) for Cisco Wide Area Application Services (WAAS) Software could allow an authenticated, local attacker to elevate their privilege level to root. The attacker must have valid user credentials with super user privileges (level…

  • CVE-2018-0324MedMay 17, 2018
    risk 0.44cvss 6.7epss 0.01

    A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, high-privileged, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command parameters in the CLI…

  • CVE-2018-0275MedApr 19, 2018
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the support tunnel feature of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to access the device's shell. The vulnerability is due to improper configuration of the support tunnel feature. An attacker could exploit this…

  • CVE-2018-0184MedMar 28, 2018
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerability is due to the affected…

  • CVE-2018-0183MedMar 28, 2018
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerability is due to the affected…

  • CVE-2018-0224MedMar 8, 2018
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected operating system. The vulnerability is due to…

  • CVE-2018-0221MedMar 8, 2018
    risk 0.44cvss 6.7epss 0.01

    A vulnerability in specific CLI commands for the Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to perform command injection to the underlying operating system or cause a hang or disconnect of the user session. The attacker needs valid…

  • CVE-2018-0217MedMar 8, 2018
    risk 0.44cvss 6.7epss 0.01

    A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to perform a command injection attack on an affected system. The vulnerability is due to insufficient validation of…

  • CVE-2018-0115MedJan 18, 2018
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected host operating system. The vulnerability is due to insufficient…

  • CVE-2018-0088MedJan 18, 2018
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in one of the diagnostic test CLI commands on Cisco Industrial Ethernet 4010 Series Switches running Cisco IOS Software could allow an authenticated, local attacker to impact the stability of the device. This could result in arbitrary code execution or a denial…

  • CVE-2017-12352MedNov 30, 2017
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in certain system script files that are installed at boot time on Cisco Application Policy Infrastructure Controllers could allow an authenticated, local attacker to gain elevated privileges and execute arbitrary commands with root privileges on an affected host…

  • CVE-2017-12342MedNov 30, 2017
    risk 0.44cvss 6.8epss 0.00

    A vulnerability in the Open Agent Container (OAC) feature of Cisco Nexus Series Switches could allow an unauthenticated, local attacker to read and send packets outside the scope of the OAC. The vulnerability is due to insufficient internal security measures in the OAC feature.…

  • CVE-2017-12341MedNov 30, 2017
    risk 0.44cvss 6.7epss 0.01

    A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. An attacker would need valid administrator credentials to perform this exploit. The vulnerability is due to insufficient input validation…

  • CVE-2017-12334MedNov 30, 2017
    risk 0.44cvss 6.7epss 0.01

    A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. An attacker would need valid administrator credentials to perform this exploit. The vulnerability is due to insufficient input validation…

  • CVE-2017-12333MedNov 30, 2017
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software image. The vulnerability is due to insufficient NX-OS signature verification for software images. An authenticated, local attacker…

  • CVE-2017-12331MedNov 30, 2017
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software patch. The vulnerability is due to insufficient NX-OS signature verification for software patches. An authenticated, local…

  • CVE-2017-12313MedNov 16, 2017
    risk 0.44cvss 6.7epss 0.01

    An untrusted search path (aka DLL Preload) vulnerability in the Cisco Network Academy Packet Tracer software could allow an authenticated, local attacker to execute arbitrary code via DLL hijacking if a local user with administrative privileges executes the installer in the…

  • CVE-2017-12312MedNov 16, 2017
    risk 0.44cvss 6.7epss 0.01

    An untrusted search path (aka DLL Preloading) vulnerability in the Cisco Immunet antimalware installer could allow an authenticated, local attacker to execute arbitrary code via DLL hijacking if a local user with administrative privileges executes the installer in the current…

  • CVE-2017-12305MedNov 16, 2017
    risk 0.44cvss 6.7epss 0.01

    A vulnerability in the debug interface of Cisco IP Phone 8800 series could allow an authenticated, local attacker to execute arbitrary commands, aka Debug Shell Command Injection. The vulnerability is due to insufficient input validation. An attacker could exploit this…

  • CVE-2017-12317MedOct 22, 2017
    risk 0.44cvss 6.7epss 0.00

    The Cisco AMP For Endpoints application allows an authenticated, local attacker to access a static key value stored in the local application software. The vulnerability is due to the use of a static key value stored in the application used to encrypt the connector protection…

  • CVE-2017-12301MedOct 19, 2017
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and gain unauthorized access to the underlying operating system of the device. The vulnerability exists due to insufficient…

  • CVE-2017-12239MedSep 29, 2017
    risk 0.44cvss 6.8epss 0.00

    A vulnerability in motherboard console ports of line cards for Cisco ASR 1000 Series Aggregation Services Routers and Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, physical attacker to access an affected device's operating system. The vulnerability…

  • CVE-2017-12255MedSep 21, 2017
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the CLI of Cisco UCS Central Software could allow an authenticated, local attacker to gain shell access. The vulnerability is due to insufficient input validation of commands entered in the CLI, aka a Restricted Shell Break Vulnerability. An attacker could…

  • CVE-2017-6796MedSep 7, 2017
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the USB-modem code of Cisco IOS XE Software running on Cisco ASR 920 Series Aggregation Services Routers could allow an authenticated, local attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. The…

  • CVE-2017-6794MedSep 7, 2017
    risk 0.44cvss 6.7epss 0.01

    A vulnerability in the CLI command-parsing code of Cisco Meeting Server could allow an authenticated, local attacker to perform command injection and escalate their privileges to root. The attacker must first authenticate to the application with valid administrator credentials.…

  • CVE-2017-6790MedAug 17, 2017
    risk 0.44cvss 6.8epss 0.02

    A vulnerability in the Session Initiation Protocol (SIP) on the Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the targeted appliance. The vulnerability is due to excessive SIP…

  • CVE-2017-6773MedAug 17, 2017
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to bypass the CLI restrictions and execute commands on the underlying operating system. The vulnerability is due…

  • CVE-2017-9497MedJul 31, 2017
    risk 0.44cvss 6.8epss 0.00

    The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) devices allows physically proximate attackers to execute arbitrary commands as root by pulling up the diagnostics menu on the set-top box, and then posting to a Web Inspector route.

  • CVE-2017-9496MedJul 31, 2017
    risk 0.44cvss 6.8epss 0.00

    The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) devices allows physically proximate attackers to access an SNMP server by connecting a cable to the Ethernet port, and then establishing communication with the device's link-local IPv6 address.

  • CVE-2017-6748MedJul 25, 2017
    risk 0.44cvss 6.7epss 0.01

    A vulnerability in the CLI parser of the Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid operator-level or administrator-level credentials.…

  • CVE-2017-6735MedJul 10, 2017
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the backup and restore functionality of Cisco FireSIGHT System Software could allow an authenticated, local attacker to execute arbitrary code on a targeted system. More Information: CSCvc91092. Known Affected Releases: 6.2.0 6.2.1.

  • CVE-2017-6732MedJul 10, 2017
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the installation procedure for Cisco Prime Network Software could allow an authenticated, local attacker to elevate their privileges to root privileges. More Information: CSCvd47343. Known Affected Releases: 4.2(2.1)PP1 4.2(3.0)PP6 4.3(0.0)PP4 4.3(1.0)PP2.…

  • CVE-2017-6719MedJul 4, 2017
    risk 0.44cvss 6.7epss 0.01

    A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands on the host operating system with root privileges, aka Command Injection. More Information: CSCvb99406. Known Affected Releases: 6.2.1.BASE. Known Fixed…

  • CVE-2017-6718MedJul 4, 2017
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to elevate privileges to the root level. More Information: CSCvb99384. Known Affected Releases: 6.2.1.BASE. Known Fixed Releases: 6.2.11.3i.ROUT 6.2.1.29i.ROUT 6.2.1.26i.ROUT.

  • CVE-2017-6628MedMay 3, 2017
    risk 0.44cvss 6.8epss 0.02

    A vulnerability in SMART-SSL Accelerator functionality for Cisco Wide Area Application Services (WAAS) 6.2.1, 6.2.1a, and 6.2.3a could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition where the WAN optimization could stop functioning while…

  • CVE-2017-6598MedApr 7, 2017
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the debug plug-in functionality of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to execute arbitrary…

  • CVE-2016-9197MedApr 7, 2017
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the CLI command parser of the Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers could allow an authenticated, local attacker to obtain access to the underlying operating system shell with root-level privileges. More Information: CSCvb70351.…

  • CVE-2016-9196MedApr 7, 2017
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in login authentication management in Cisco Aironet 1800, 2800, and 3800 Series Access Point platforms could allow an authenticated, local attacker to gain unrestricted root access to the underlying Linux operating system. The root Linux shell is provided for…

  • CVE-2017-3824MedFeb 3, 2017
    risk 0.44cvss 6.8epss 0.02

    A vulnerability in the handling of list headers in Cisco cBR Series Converged Broadband Routers could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a denial of service (DoS) condition. Cisco cBR-8 Converged Broadband Routers running…

  • CVE-2017-3812MedFeb 3, 2017
    risk 0.44cvss 6.8epss 0.03

    A vulnerability in the implementation of Common Industrial Protocol (CIP) functionality in Cisco Industrial Ethernet 2000 Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to a system memory leak. More Information:…

  • CVE-2016-1320MedFeb 12, 2016
    risk 0.44cvss 6.7epss 0.00

    The CLI in Cisco Prime Collaboration 9.0 and 11.0 allows local users to execute arbitrary OS commands as root by leveraging administrator privileges, aka Bug ID CSCux69286.

  • CVE-2025-24198MedMar 31, 2025
    risk 0.43cvss 6.6epss 0.00

    This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An attacker with physical access may be able to use Siri to access sensitive…

  • CVE-2018-0371MedJun 21, 2018
    risk 0.43cvss 6.5epss 0.03

    A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of incoming HTTP requests. An attacker could exploit this…

  • CVE-2018-0229MedApr 19, 2018
    risk 0.43cvss 6.5epss 0.04

    A vulnerability in the implementation of Security Assertion Markup Language (SAML) Single Sign-On (SSO) authentication for Cisco AnyConnect Secure Mobility Client for Desktop Platforms, Cisco Adaptive Security Appliance (ASA) Software, and Cisco Firepower Threat Defense (FTD)…

  • CVE-2017-6758MedAug 7, 2017
    risk 0.43cvss 6.5epss 0.04

    A vulnerability in the web framework of Cisco Unified Communications Manager 11.5(1.10000.6) could allow an authenticated, remote attacker to access arbitrary files in the context of the web root directory structure on an affected device. The vulnerability is due to insufficient…

  • CVE-2017-6637MedMay 22, 2017
    risk 0.43cvss 6.5epss 0.08

    A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 11.1) could allow an authenticated, remote attacker to delete any file from an affected system. The vulnerability exists because the affected software does not perform…

  • CVE-2017-6636MedMay 22, 2017
    risk 0.43cvss 6.5epss 0.06

    A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 11.1) could allow an authenticated, remote attacker to view any file on an affected system. The vulnerability exists because the affected software does not perform proper…

Page 19 of 145