VYPR

Vendor CVEs

Cisco Systems, Inc.

All CVEs

7,230 total · sorted by risk
  • CVE-2021-1480HigApr 8, 2021
    risk 0.51cvss 7.8epss 0.02

    Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see…

  • CVE-2021-1479HigApr 8, 2021
    risk 0.51cvss 7.8epss 0.02

    Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see…

  • CVE-2021-1137HigApr 8, 2021
    risk 0.51cvss 7.8epss 0.01

    Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see…

  • CVE-2021-1442HigMar 24, 2021
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in a diagnostic command for the Plug-and-Play (PnP) subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to the level of an Administrator user (level 15) on an affected device. The vulnerability is due to…

  • CVE-2021-1392HigMar 24, 2021
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the CLI command permissions of Cisco IOS and Cisco IOS XE Software could allow an authenticated, local attacker to retrieve the password for Common Industrial Protocol (CIP) and then remotely configure the device as an administrative user. This vulnerability…

  • CVE-2021-1366HigFeb 17, 2021
    risk 0.51cvss 7.8epss 0.01

    A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the VPN Posture (HostScan) Module is installed on the…

  • CVE-2021-1370HigFeb 4, 2021
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in a CLI command of Cisco IOS XR Software for the Cisco 8000 Series Routers and Network Convergence System 540 Series Routers running NCS540L software images could allow an authenticated, local attacker to elevate their privilege to root. To exploit this…

  • CVE-2021-1219HigJan 20, 2021
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in Cisco Smart Software Manager Satellite could allow an authenticated, local attacker to access sensitive information on an affected system. The vulnerability is due to insufficient protection of static credentials in the affected software. An attacker could…

  • CVE-2021-1280HigJan 20, 2021
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the loading mechanism of specific DLLs of Cisco Advanced Malware Protection (AMP) for Endpoints for Windows and Immunet for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker…

  • CVE-2021-1263HigJan 20, 2021
    risk 0.51cvss 7.8epss 0.01

    Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these…

  • CVE-2021-1262HigJan 20, 2021
    risk 0.51cvss 7.8epss 0.01

    Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these…

  • CVE-2021-1261HigJan 20, 2021
    risk 0.51cvss 7.8epss 0.01

    Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these…

  • CVE-2021-1260HigJan 20, 2021
    risk 0.51cvss 7.8epss 0.01

    Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these…

  • CVE-2021-1237HigJan 13, 2021
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the Network Access Manager and Web Security Agent components of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL injection attack. To exploit this vulnerability, the attacker would need to have…

  • CVE-2020-3367HigNov 18, 2020
    risk 0.51cvss 7.8epss 0.01

    A vulnerability in the log subscription subsystem of Cisco AsyncOS for the Cisco Secure Web Appliance (formerly Web Security Appliance) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. This vulnerability is due to…

  • CVE-2020-3604HigNov 6, 2020
    risk 0.51cvss 7.8epss 0.02

    Multiple vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements of a Webex…

  • CVE-2020-3603HigNov 6, 2020
    risk 0.51cvss 7.8epss 0.03

    Multiple vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements of a Webex…

  • CVE-2020-3600HigNov 6, 2020
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to insufficient security controls on the CLI. An attacker could exploit this vulnerability by using an…

  • CVE-2020-3595HigNov 6, 2020
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root group on the underlying operating system. The vulnerability is due to incorrect permissions being set when the affected command is executed. An attacker could…

  • CVE-2020-3594HigNov 6, 2020
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by providing crafted…

  • CVE-2020-3593HigNov 6, 2020
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted…

  • CVE-2020-3573HigNov 6, 2020
    risk 0.51cvss 7.8epss 0.03

    Multiple vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements of a Webex…

  • CVE-2020-3459HigOct 21, 2020
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could…

  • CVE-2020-3455HigOct 21, 2020
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the secure boot process of Cisco FXOS Software could allow an authenticated, local attacker to bypass the secure boot mechanisms. The vulnerability is due to insufficient protections of the secure boot process. An attacker could exploit this vulnerability by…

  • CVE-2020-3535HigOct 8, 2020
    risk 0.51cvss 7.8epss 0.01

    A vulnerability in the loading mechanism of specific DLLs in the Cisco Webex Teams client for Windows could allow an authenticated, local attacker to load a malicious library. To exploit this vulnerability, the attacker needs valid credentials on the Windows system. The…

  • CVE-2020-3404HigSep 24, 2020
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the persistent Telnet/Secure Shell (SSH) CLI of Cisco IOS XE Software could allow an authenticated, local attacker to gain shell access on an affected device and execute commands on the underlying operating system (OS) with root privileges. The vulnerability…

  • CVE-2020-3403HigSep 24, 2020
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to inject a command to the underlying operating system that will execute with root privileges upon the next reboot of the device. The authenticated user must have privileged EXEC…

  • CVE-2019-15287HigSep 23, 2020
    risk 0.51cvss 7.8epss 0.02

    Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient validation of certain…

  • CVE-2019-15285HigSep 23, 2020
    risk 0.51cvss 7.8epss 0.02

    Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient validation of certain…

  • CVE-2019-15283HigSep 23, 2020
    risk 0.51cvss 7.8epss 0.02

    Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient validation of certain…

  • CVE-2020-3473HigSep 4, 2020
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local CLI shell user to elevate privileges and gain full administrative control of the device. The vulnerability is due to incorrect mapping of a command to…

  • CVE-2020-3394HigAug 27, 2020
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the Enable Secret feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker to issue the enable command and get full administrative privileges. To exploit this…

  • CVE-2020-3388HigJul 16, 2020
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability…

  • CVE-2020-3380HigJul 16, 2020
    risk 0.51cvss 7.8epss 0.01

    A vulnerability in the CLI of Cisco Data Center Network Manager (DCNM) could allow an authenticated, local attacker to elevate privileges to root and execute arbitrary commands on the underlying operating system. The vulnerability is due to insufficient restrictions during the…

  • CVE-2020-3379HigJul 16, 2020
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in Cisco SD-WAN Solution Software could allow an authenticated, local attacker to elevate privileges to Administrator on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by…

  • CVE-2020-3180HigJul 16, 2020
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, local attacker to access an affected device by using an account that has a default, static password. This account has root privileges. The vulnerability exists because the affected software has a…

  • CVE-2019-16011HigApr 29, 2020
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by…

  • CVE-2020-3249HigApr 15, 2020
    risk 0.51cvss 7.5epss 0.23

    Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the…

  • CVE-2020-3240HigApr 15, 2020
    risk 0.51cvss 7.3epss 0.39

    Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the…

  • CVE-2020-3194HigApr 15, 2020
    risk 0.51cvss 7.8epss 0.02

    A vulnerability in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exists due to insufficient validation of certain elements with a…

  • CVE-2020-3266HigMar 19, 2020
    risk 0.51cvss 7.8epss 0.01

    A vulnerability in the CLI of Cisco SD-WAN Solution software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability…

  • CVE-2020-3265HigMar 19, 2020
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in Cisco SD-WAN Solution software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a…

  • CVE-2019-20326HigMar 16, 2020
    risk 0.51cvss 7.8epss 0.02

    A heap-based buffer overflow in _cairo_image_surface_create_from_jpeg() in extensions/cairo_io/cairo-image-surface-jpeg.c in GNOME gThumb before 3.8.3 and Linux Mint Pix before 2.4.5 allows attackers to cause a crash and potentially execute arbitrary code via a crafted JPEG file.

  • CVE-2020-3128HigMar 4, 2020
    risk 0.51cvss 7.8epss 0.02

    Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements…

  • CVE-2020-3127HigMar 4, 2020
    risk 0.51cvss 7.8epss 0.02

    Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements…

  • CVE-2020-3173HigFeb 26, 2020
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the local management (local-mgmt) CLI of Cisco UCS Manager Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS) on an affected device. The vulnerability is due to insufficient input…

  • CVE-2020-3171HigFeb 26, 2020
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the local management (local-mgmt) CLI of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS) of an affected device. The vulnerability is due to…

  • CVE-2020-3167HigFeb 26, 2020
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the CLI of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS). The vulnerability is due to insufficient input validation. An attacker could…

  • CVE-2019-15980HigJan 6, 2020
    risk 0.51cvss 7.2epss 0.50

    Multiple vulnerabilities in the REST and SOAP API endpoints and the Application Framework feature of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. To exploit these…

  • CVE-2019-17388HigDec 5, 2019
    risk 0.51cvss 7.8epss 0.01

    Weak file permissions applied to the Aviatrix VPN Client through 2.2.10 installation directory on Windows and Linux allow a local attacker to execute arbitrary code by gaining elevated privileges through file modifications.

Page 22 of 145