VYPR

Vendor CVEs

Cisco Systems, Inc.

All CVEs

7,231 total · sorted by risk
  • CVE-2018-0308CriJun 20, 2018
    risk 0.64cvss 9.8epss 0.06

    A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. The vulnerability exists because the affected software…

  • CVE-2018-0304CriJun 20, 2018
    risk 0.64cvss 9.8epss 0.09

    A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to read sensitive memory content, create a denial of service (DoS) condition, or execute arbitrary code as root. The…

  • CVE-2018-0321CriJun 7, 2018
    risk 0.64cvss 9.8epss 0.04

    A vulnerability in Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to access the Java Remote Method Invocation (RMI) system. The vulnerability is due to an open port in the Network Interface and Configuration Engine (NICE) service. An…

  • CVE-2018-0320CriJun 7, 2018
    risk 0.64cvss 9.8epss 0.04

    A vulnerability in the web framework code of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation on user-supplied input in SQL queries. An attacker…

  • CVE-2018-0319CriJun 7, 2018
    risk 0.64cvss 9.8epss 0.03

    A vulnerability in the password recovery function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to insufficient validation of a password recovery…

  • CVE-2018-0318CriJun 7, 2018
    risk 0.64cvss 9.8epss 0.03

    A vulnerability in the password reset function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to insufficient validation of a password reset request. An…

  • CVE-2018-0315CriJun 7, 2018
    risk 0.64cvss 9.8epss 0.08

    A vulnerability in the authentication, authorization, and accounting (AAA) security services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device or cause an affected device to reload, resulting in a denial of…

  • CVE-2018-0271CriMay 17, 2018
    risk 0.64cvss 9.8epss 0.03

    A vulnerability in the API gateway of the Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and access critical services. The vulnerability is due to a failure to normalize URLs prior to servicing requests.…

  • CVE-2018-0253CriMay 2, 2018
    risk 0.64cvss 9.8epss 0.07

    A vulnerability in the ACS Report component of Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. Commands executed by the attacker are processed at the targeted user's privilege level.…

  • CVE-2018-0175HigKEVMar 28, 2018
    risk 0.64cvss 8.0epss 0.04

    Format String vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with…

  • CVE-2018-0150CriMar 28, 2018
    risk 0.64cvss 9.8epss 0.05

    A vulnerability in Cisco IOS XE Software could allow an unauthenticated, remote attacker to log in to a device running an affected release of Cisco IOS XE Software with the default username and password that are used at initial boot, aka a Static Credential Vulnerability. The…

  • CVE-2018-0130CriFeb 22, 2018
    risk 0.64cvss 9.8epss 0.02

    A vulnerability in the use of JSON web tokens by the web-based service portal of Cisco Elastic Services Controller Software could allow an unauthenticated, remote attacker to gain administrative access to an affected system. The vulnerability is due to the presence of static…

  • CVE-2018-0124CriFeb 22, 2018
    risk 0.64cvss 9.8epss 0.05

    A vulnerability in Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to bypass security protections, gain elevated privileges, and execute arbitrary code. The vulnerability is due to insecure key generation during application…

  • CVE-2018-0121CriFeb 22, 2018
    risk 0.64cvss 9.8epss 0.03

    A vulnerability in the authentication functionality of the web-based service portal of Cisco Elastic Services Controller Software could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrator privileges on an affected…

  • CVE-2017-12337CriNov 16, 2017
    risk 0.64cvss 9.8epss 0.06

    A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affected device. The vulnerability occurs when a…

  • CVE-2017-12236CriSep 29, 2017
    risk 0.64cvss 9.8epss 0.03

    A vulnerability in the implementation of the Locator/ID Separation Protocol (LISP) in Cisco IOS XE 3.2 through 16.5 could allow an unauthenticated, remote attacker using an x tunnel router to bypass authentication checks performed when registering an Endpoint Identifier (EID) to…

  • CVE-2017-12229CriSep 29, 2017
    risk 0.64cvss 9.8epss 0.05

    A vulnerability in the REST API of the web-based user interface (web UI) of Cisco IOS XE 3.1 through 16.5 could allow an unauthenticated, remote attacker to bypass authentication to the REST API of the web UI of the affected software. The vulnerability is due to insufficient…

  • CVE-2017-6747CriAug 7, 2017
    risk 0.64cvss 9.8epss 0.05

    A vulnerability in the authentication module of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to bypass local authentication. The vulnerability is due to improper handling of authentication requests and policy assignment for externally…

  • CVE-2017-9521CriJul 31, 2017
    risk 0.64cvss 9.8epss 0.03

    The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST); Cisco DPC3941T (firmware…

  • CVE-2017-9483CriJul 31, 2017
    risk 0.64cvss 9.8epss 0.02

    The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows Network Processor (NP) Linux users to obtain root access to the Application Processor (AP) Linux system via shell metacharacters in commands.

  • CVE-2017-9482CriJul 31, 2017
    risk 0.64cvss 9.8epss 0.03

    The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to obtain root access to the Network Processor (NP) Linux system by enabling a TELNET daemon (through CVE-2017-9479 exploitation) and then…

  • CVE-2017-9479CriJul 31, 2017
    risk 0.64cvss 9.8epss 0.03

    The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to execute arbitrary commands as root by leveraging local network access and connecting to the syseventd server, as demonstrated by copying…

  • CVE-2017-11589CriJul 24, 2017
    risk 0.64cvss 9.8epss 0.01

    On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is no access control for info.html, wancfg.cmd, rtroutecfg.cmd, arpview.cmd, cpuview.cmd,…

  • CVE-2017-11588CriJul 24, 2017
    risk 0.64cvss 9.8epss 0.04

    On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is remote command execution via shell metacharacters in the pingAddr parameter to the waitPingqry.cgi…

  • CVE-2017-6714CriJul 6, 2017
    risk 0.64cvss 9.8epss 0.04

    A vulnerability in the AutoIT service of Cisco Ultra Services Framework Staging Server could allow an unauthenticated, remote attacker to execute arbitrary shell commands as the Linux root user. The vulnerability is due to improper shell invocations. An attacker could exploit…

  • CVE-2017-6713CriJul 6, 2017
    risk 0.64cvss 9.8epss 0.03

    A vulnerability in the Play Framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to gain full access to the affected system. The vulnerability is due to static, default credentials for the Cisco ESC UI that are shared between…

  • CVE-2017-6709CriJul 6, 2017
    risk 0.64cvss 9.8epss 0.01

    A vulnerability in the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to access administrative credentials for Cisco Elastic Services Controller (ESC) and Cisco OpenStack deployments in an affected system. The vulnerability…

  • CVE-2017-6708CriJul 6, 2017
    risk 0.64cvss 9.8epss 0.01

    A vulnerability in the symbolic link (symlink) creation functionality of the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to read sensitive files or execute malicious code on an affected system. The vulnerability is due to…

  • CVE-2017-6667CriJun 13, 2017
    risk 0.64cvss 9.8epss 0.05

    A vulnerability in the update process for the dynamic JAR file of the Cisco Context Service software development kit (SDK) could allow an unauthenticated, remote attacker to execute arbitrary code on the affected device with the privileges of the web server. More Information:…

  • CVE-2017-3834CriApr 6, 2017
    risk 0.64cvss 9.8epss 0.04

    A vulnerability in Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points running Cisco Mobility Express Software could allow an unauthenticated, remote attacker to take complete control of an affected device. The vulnerability is due to the existence of default…

  • CVE-2017-3853CriMar 22, 2017
    risk 0.64cvss 9.8epss 0.09

    A vulnerability in the Data-in-Motion (DMo) process installed with the Cisco IOx application environment could allow an unauthenticated, remote attacker to cause a stack overflow that could allow remote code execution with root privileges in the virtual instance running on an…

  • CVE-2017-3831CriMar 15, 2017
    risk 0.64cvss 9.8epss 0.05

    A vulnerability in the web-based GUI of Cisco Mobility Express 1800 Series Access Points could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges. The vulnerability is due to improper implementation of…

  • CVE-2017-3792CriFeb 1, 2017
    risk 0.64cvss 9.8epss 0.07

    A vulnerability in a proprietary device driver in the kernel of Cisco TelePresence Multipoint Control Unit (MCU) Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. The vulnerability is due to improper…

  • CVE-2016-9223CriDec 26, 2016
    risk 0.64cvss 9.8epss 0.03

    A vulnerability in the Docker Engine configuration of Cisco CloudCenter Orchestrator (CCO; formerly CliQr) could allow an unauthenticated, remote attacker to install Docker containers with high privileges on the affected system. Affected Products: This vulnerability affect all…

  • CVE-2016-6452CriNov 3, 2016
    risk 0.64cvss 9.8epss 0.03

    A vulnerability in the web-based graphical user interface (GUI) of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges. Cisco Prime Home versions 5.1.1.6 and earlier and 5.2.2.2…

  • CVE-2016-6448CriNov 3, 2016
    risk 0.64cvss 9.8epss 0.04

    A vulnerability in the Session Description Protocol (SDP) parser of Cisco Meeting Server could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. This vulnerability affects the following products: Cisco Meeting Server releases prior to…

  • CVE-2016-6447CriNov 3, 2016
    risk 0.64cvss 9.8epss 0.03

    A vulnerability in Cisco Meeting Server and Meeting App could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. This vulnerability affects the following products: Cisco Meeting Server releases prior to 2.0.1, Acano Server releases prior…

  • CVE-2016-6441CriNov 3, 2016
    risk 0.64cvss 9.8epss 0.05

    A vulnerability in the Transaction Language 1 (TL1) code of Cisco ASR 900 Series routers could allow an unauthenticated, remote attacker to cause a reload of, or remotely execute code on, the affected system. This vulnerability affects Cisco ASR 900 Series Aggregation Services…

  • CVE-2016-6397CriOct 28, 2016
    risk 0.64cvss 9.8epss 0.02

    A vulnerability in the interdevice communications interface of the Cisco IP Interoperability and Collaboration System (IPICS) Universal Media Services (UMS) could allow an unauthenticated, remote attacker to modify configuration parameters of the UMS and cause the system to…

  • CVE-2016-1453CriOct 6, 2016
    risk 0.64cvss 9.8epss 0.08

    Buffer overflow in the Overlay Transport Virtualization (OTV) GRE feature in Cisco NX-OS 5.0 through 7.3 on Nexus 7000 and 7700 devices allows remote attackers to execute arbitrary code via long parameters in a packet header, aka Bug ID CSCuy95701.

  • CVE-2016-6406CriSep 22, 2016
    risk 0.64cvss 9.8epss 0.04

    Cisco IronPort AsyncOS 9.1.2-023, 9.1.2-028, 9.1.2-036, 9.7.2-046, 9.7.2-047, 9.7.2-054, 10.0.0-124, and 10.0.0-125 on Email Security Appliance (ESA) devices, when Enrollment Client before 1.0.2-065 is installed, allows remote attackers to obtain root access via a connection to…

  • CVE-2016-6374CriSep 22, 2016
    risk 0.64cvss 9.8epss 0.04

    Cisco Cloud Services Platform (CSP) 2100 2.0 allows remote attackers to execute arbitrary code via a crafted dnslookup command in an HTTP request, aka Bug ID CSCuz89093.

  • CVE-2016-1473CriSep 2, 2016
    risk 0.64cvss 9.8epss 0.04

    Cisco Small Business 220 devices with firmware before 1.0.1.1 have a hardcoded SNMP community, which allows remote attackers to read or modify SNMP objects by leveraging knowledge of this community, aka Bug ID CSCuz76216.

  • CVE-2016-1416CriJul 2, 2016
    risk 0.64cvss 9.8epss 0.05

    Cisco Prime Collaboration Provisioning 10.6 SP2 (aka 10.6.0.10602) mishandles LDAP authentication, which allows remote attackers to obtain administrator privileges via a crafted login attempt, aka Bug ID CSCuv37513.

  • CVE-2016-1289CriJul 2, 2016
    risk 0.64cvss 9.8epss 0.06

    The API in Cisco Prime Infrastructure 1.2 through 3.0 and Evolved Programmable Network Manager (EPNM) 1.2 allows remote attackers to execute arbitrary code or obtain sensitive management information via a crafted HTTP request, as demonstrated by discovering managed-device…

  • CVE-2016-1395CriJun 19, 2016
    risk 0.64cvss 9.8epss 0.05

    The web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote attackers to execute arbitrary code as root via a crafted HTTP request, aka Bug ID…

  • CVE-2016-1388CriJun 3, 2016
    risk 0.64cvss 9.8epss 0.02

    Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) allow remote attackers to execute arbitrary OS commands via a crafted HTTP…

  • CVE-2016-1387CriMay 5, 2016
    risk 0.64cvss 9.8epss 0.02

    The XML API in TelePresence Codec (TC) 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, and 7.3.5 and Collaboration Endpoint (CE) 8.0.0, 8.0.1, and 8.1.0 in Cisco TelePresence Software mishandles authentication, which allows remote attackers to execute control commands or make…

  • CVE-2016-1363CriApr 21, 2016
    risk 0.64cvss 9.8epss 0.06

    Buffer overflow in the redirection functionality in Cisco Wireless LAN Controller (WLC) Software 7.2 through 7.4 before 7.4.140.0(MD) and 7.5 through 8.0 before 8.0.115.0(ED) allows remote attackers to execute arbitrary code via a crafted HTTP request, aka Bug ID CSCus25617.

  • CVE-2016-1352CriApr 14, 2016
    risk 0.64cvss 9.8epss 0.02

    Cisco Unified Computing System (UCS) Central Software 1.3(1b) and earlier allows remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuv33856.

Page 3 of 145