VYPR

Vendor CVEs

Cisco Systems, Inc.

All CVEs

7,231 total · sorted by risk
  • CVE-2018-0197MedOct 5, 2018
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the VLAN Trunking Protocol (VTP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to corrupt the internal VTP database on an affected device and cause a denial of service (DoS) condition. The…

  • CVE-2018-0391MedAug 1, 2018
    risk 0.42cvss 6.5epss 0.03

    A vulnerability in the password change function of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to cause the system to become inoperable. The vulnerability is due to insufficient validation of a password change request. An attacker could…

  • CVE-2018-0393MedJul 18, 2018
    risk 0.42cvss 6.5epss 0.01

    A Read-Only User Effect Change vulnerability in the Policy Builder interface of Cisco Policy Suite could allow an authenticated, remote attacker to make policy changes in the Policy Builder interface. The vulnerability is due to insufficient authorization controls. An attacker…

  • CVE-2018-0331MedJun 21, 2018
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the Cisco Discovery Protocol (formerly known as CDP) subsystem of devices running, or based on, Cisco NX-OS Software contain a vulnerability that could allow an unauthenticated, adjacent attacker to create a denial of service (DoS) condition. The vulnerability…

  • CVE-2018-0299MedJun 21, 2018
    risk 0.42cvss 6.5epss 0.02

    A vulnerability in the Simple Network Management Protocol (SNMP) feature of Cisco NX-OS on the Cisco Nexus 4000 Series Switch could allow an authenticated, remote attacker to cause the device to unexpectedly reload, resulting in a denial of service (DoS) condition. The…

  • CVE-2018-0291MedJun 20, 2018
    risk 0.42cvss 6.5epss 0.02

    A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco NX-OS Software could allow an authenticated, remote attacker to cause the SNMP application on an affected device to restart unexpectedly. The vulnerability is due to improper…

  • CVE-2018-0323MedMay 17, 2018
    risk 0.42cvss 6.5epss 0.02

    A vulnerability in the web management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to conduct a path traversal attack on a targeted system. The vulnerability is due to insufficient validation of web request…

  • CVE-2018-0285MedMay 2, 2018
    risk 0.42cvss 6.5epss 0.03

    A vulnerability in service logging for Cisco Prime Service Catalog could allow an authenticated, remote attacker to deny service to the user interface. The vulnerability is due to exhaustion of disk space. An attacker could exploit this vulnerability by performing certain…

  • CVE-2018-0278MedMay 2, 2018
    risk 0.42cvss 6.5epss 0.02

    A vulnerability in the management console of Cisco Firepower System Software could allow an unauthenticated, remote attacker to access sensitive data about the system. The vulnerability is due to improper cross-origin domain protections for the WebSocket protocol. An attacker…

  • CVE-2018-0267MedApr 19, 2018
    risk 0.42cvss 6.5epss 0.00

    A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, local attacker to view sensitive data that should be restricted. This could include LDAP credentials. The vulnerability is due to insufficient protection of database tables…

  • CVE-2018-0163MedMar 28, 2018
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the 802.1x multiple-authentication (multi-auth) feature of Cisco IOS Software could allow an unauthenticated, adjacent attacker to bypass the authentication phase on an 802.1x multi-auth port. The vulnerability is due to a logic change error introduced into…

  • CVE-2018-0140MedFeb 8, 2018
    risk 0.42cvss 6.5epss 0.02

    A vulnerability in the spam quarantine of Cisco Email Security Appliance and Cisco Content Security Management Appliance could allow an authenticated, remote attacker to download any message from the spam quarantine by modifying browser string information. The vulnerability is…

  • CVE-2017-12373MedDec 15, 2017
    risk 0.42cvss 5.9epss 0.13

    A vulnerability in the TLS protocol implementation of legacy Cisco ASA 5500 Series (ASA 5505, 5510, 5520, 5540, and 5550) devices could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher's Oracle Threat (ROBOT) attack. An…

  • CVE-2017-6679MedDec 1, 2017
    risk 0.42cvss 6.4epss 0.00

    The Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained an undocumented encrypted remote support tunnel (SSH) which auto initiated from the customer's appliance to Cisco's SSH Hubs in the Umbrella datacenters. These tunnels were primarily leveraged for remote…

  • CVE-2017-12364MedNov 30, 2017
    risk 0.42cvss 6.5epss 0.01

    A SQL Injection vulnerability in the web framework of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to execute unauthorized Structured Query Language (SQL) queries. The vulnerability is due to a failure to validate user-supplied input that is used…

  • CVE-2017-12362MedNov 30, 2017
    risk 0.42cvss 6.5epss 0.02

    A vulnerability in Cisco Meeting Server versions prior to 2.2.2 could allow an authenticated, remote attacker to cause the system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to video calls being made on systems with a particular…

  • CVE-2017-12359MedNov 30, 2017
    risk 0.42cvss 6.5epss 0.02

    A Buffer Overflow vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (.arf) files could allow an attacker to execute arbitrary code on a system. An attacker could exploit this vulnerability by providing a user with a malicious .arf file via email…

  • CVE-2017-12274MedNov 2, 2017
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in Extensible Authentication Protocol (EAP) ingress frame processing for the Cisco Aironet 1560, 2800, and 3800 Series Access Points could allow an unauthenticated, Layer 2 radio frequency (RF) adjacent attacker to cause the Access Point (AP) to reload, resulting…

  • CVE-2017-12273MedNov 2, 2017
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in 802.11 association request frame processing for the Cisco Aironet 1560, 2800, and 3800 Series Access Points could allow an unauthenticated, Layer 2 radio frequency (RF) adjacent attacker to cause the Access Point (AP) to reload, resulting in a denial of…

  • CVE-2017-12268MedOct 5, 2017
    risk 0.42cvss 6.5epss 0.00

    A vulnerability in the Network Access Manager (NAM) of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to enable multiple network adapters, aka a Dual-Homed Interface vulnerability. The vulnerability is due to insufficient NAM policy…

  • CVE-2017-12256MedOct 5, 2017
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the Akamai Connect feature of Cisco Wide Area Application Services (WAAS) Appliances could allow an unauthenticated, remote attacker to cause a denial-of-service (DoS) condition on an affected device. The vulnerability is due to certain file-handling…

  • CVE-2017-12222MedSep 29, 2017
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the wireless controller manager of Cisco IOS XE could allow an unauthenticated, adjacent attacker to cause a restart of the switch and result in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation. An attacker could…

  • CVE-2010-3050MedSep 25, 2017
    risk 0.42cvss 6.5epss 0.01

    Cisco IOS before 12.2(33)SXI allows remote authenticated users to cause a denial of service (device reboot).

  • CVE-2017-6720MedSep 21, 2017
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the Secure Shell (SSH) subsystem of Cisco Small Business Managed Switches software could allow an authenticated, remote attacker to cause a reload of the affected switch, resulting in a denial of service (DoS) condition. The vulnerability is due to improper…

  • CVE-2017-6793MedSep 7, 2017
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the Inventory Management feature of Cisco Prime Collaboration Provisioning Tool could allow an authenticated, remote attacker to view sensitive information on the system. The vulnerability is due to insufficient protection of restricted information. An…

  • CVE-2017-6792MedSep 7, 2017
    risk 0.42cvss 6.5epss 0.02

    A vulnerability in the batch provisioning feature in Cisco Prime Collaboration Provisioning Tool could allow an authenticated, remote attacker to overwrite system files as root. The vulnerability is due to lack of input validation of the parameters in BatchFileName and…

  • CVE-2017-12225MedSep 7, 2017
    risk 0.42cvss 6.5epss 0.02

    A vulnerability in the web functionality of the Cisco Prime LAN Management Solution could allow an authenticated, remote attacker to hijack another user's administrative session, aka a Session Fixation Vulnerability. The vulnerability is due to the reuse of a preauthentication…

  • CVE-2017-12224MedSep 7, 2017
    risk 0.42cvss 6.5epss 0.02

    A vulnerability in the ability for guest users to join meetings via a hyperlink with Cisco Meeting Server could allow an authenticated, remote attacker to enter a meeting with a hyperlink URL, even though access should be denied. The vulnerability is due to the incorrect…

  • CVE-2017-12223MedSep 7, 2017
    risk 0.42cvss 6.4epss 0.00

    A vulnerability in the ROM Monitor (ROMMON) code of Cisco IR800 Integrated Services Router Software could allow an unauthenticated, local attacker to boot an unsigned Hypervisor on an affected device and compromise the integrity of the system. The vulnerability is due to…

  • CVE-2017-6778MedAug 17, 2017
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the Elastic Services Controller (ESC) web interface of the Cisco Ultra Services Platform could allow an authenticated, remote attacker to acquire sensitive information. The vulnerability is due to the transmission of sensitive information as part of a GET…

  • CVE-2017-6759MedAug 7, 2017
    risk 0.42cvss 6.5epss 0.02

    A vulnerability in the UpgradeManager of the Cisco Prime Collaboration Provisioning Tool 12.1 could allow an authenticated, remote attacker to write arbitrary files as root on the system. The vulnerability is due to insufficient input validation. An attacker could exploit this…

  • CVE-2017-6754MedAug 7, 2017
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the web-based management interface of the Cisco Smart Net Total Care (SNTC) Software Collector Appliance 3.11 could allow an authenticated, remote attacker to perform a read-only, blind SQL injection attack, which could allow the attacker to compromise the…

  • CVE-2017-6665MedAug 7, 2017
    risk 0.42cvss 6.5epss 0.00

    A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to reset the Autonomic Control Plane (ACP) of an affected system and view ACP packets that are transferred in clear text within…

  • CVE-2012-5030MedAug 2, 2017
    risk 0.42cvss 6.5epss 0.01

    Cisco IOS before 15.2(4)S6 does not initialize an unspecified variable, which might allow remote authenticated users to cause a denial of service (CPU consumption, watchdog timeout, crash) by walking specific SNMP objects.

  • CVE-2017-9477MedJul 31, 2017
    risk 0.42cvss 6.5epss 0.01

    The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST) and DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to discover the CM MAC address by connecting to the device's xfinitywifi…

  • CVE-2017-9476MedJul 31, 2017
    risk 0.42cvss 6.5epss 0.02

    The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); and Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version…

  • CVE-2017-6704MedJul 4, 2017
    risk 0.42cvss 6.5epss 0.03

    A vulnerability in the web application in the Cisco Prime Collaboration Provisioning tool could allow an authenticated, remote attacker to perform arbitrary file downloads that could allow the attacker to read files from the underlying filesystem. More Information: CSCvc90335.…

  • CVE-2017-6697MedJun 13, 2017
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the web interface of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive system credentials that are stored in an affected system. More Information: CSCvd76339. Known Affected Releases: 2.2(9.76).

  • CVE-2017-6691MedJun 13, 2017
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive information on an affected system. More Information: CSCvd29403. Known Affected Releases: 2.3(2).

  • CVE-2017-6673MedJun 13, 2017
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in Cisco Firepower Management Center could allow an authenticated, remote attacker to obtain user information. An attacker could use this information to perform reconnaissance. More Information: CSCvc10894. Known Affected Releases: 6.1.0.2 6.2.0. Known Fixed…

  • CVE-2017-6655MedJun 13, 2017
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the Fibre Channel over Ethernet (FCoE) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition when an FCoE-related process unexpectedly reloads. This vulnerability affects…

  • CVE-2017-6614MedApr 20, 2017
    risk 0.42cvss 6.5epss 0.02

    A vulnerability in the file-download feature of the web user interface for Cisco FindIT Network Probe Software 1.0.0 could allow an authenticated, remote attacker to download and view any system file by using the affected software. The vulnerability is due to the absence of…

  • CVE-2017-6606MedApr 7, 2017
    risk 0.42cvss 6.4epss 0.01

    A vulnerability in a startup script of Cisco IOS XE Software could allow an unauthenticated attacker with physical access to the targeted system to execute arbitrary commands on the underlying operating system with the privileges of the root user. More Information: CSCuz06639…

  • CVE-2017-6603MedApr 7, 2017
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in Cisco ASR 903 or ASR 920 Series Devices running with an RSP2 card could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on a targeted system because of incorrect IPv6 Packet Processing. More Information: CSCuy94366.…

  • CVE-2017-3884MedApr 7, 2017
    risk 0.42cvss 6.5epss 0.02

    A vulnerability in the web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to access sensitive data. The attacker does not need administrator credentials and could use this information to…

  • CVE-2016-9194MedApr 6, 2017
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in 802.11 Wireless Multimedia Extensions (WME) action frame processing in Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to incomplete input…

  • CVE-2017-3880MedMar 17, 2017
    risk 0.42cvss 6.5epss 0.01

    An Authentication Bypass vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access limited meeting information on the Cisco WebEx Meetings Server. More Information: CSCvd50728. Known Affected Releases: 2.6 2.7 2.8 CWMS-2.5MR1…

  • CVE-2017-3877MedMar 17, 2017
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the web framework of Cisco Unified Communications Manager (CallManager) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web interface of the affected software. More Information:…

  • CVE-2017-3811MedMar 17, 2017
    risk 0.42cvss 6.5epss 0.01

    An XML External Entity vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to have read access to part of the information stored in the affected system. More Information: CSCvc39165. Known Affected Releases: 2.6. Known Fixed Releases:…

  • CVE-2017-3820MedFeb 3, 2017
    risk 0.42cvss 6.5epss 0.03

    A vulnerability in Simple Network Management Protocol (SNMP) functions of Cisco ASR 1000 Series Aggregation Services Routers running Cisco IOS XE Software Release 3.13.6S, 3.16.2S, or 3.17.1S could allow an authenticated, remote attacker to cause high CPU usage on an affected…

Page 21 of 145