VYPR

Vendor CVEs

Cisco Systems, Inc.

All CVEs

7,229 total · sorted by risk
  • CVE-2020-3211HigJun 3, 2020
    risk 0.47cvss 7.2epss 0.04

    A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges on the underlying operating system of an affected device. The vulnerability is due to improper input sanitization. An attacker…

  • CVE-2020-3184HigMay 22, 2020
    risk 0.47cvss 7.2epss 0.01

    A vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface…

  • CVE-2020-3309HigMay 6, 2020
    risk 0.47cvss 7.2epss 0.02

    A vulnerability in Cisco Firepower Device Manager (FDM) On-Box software could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation. An attacker could…

  • CVE-2019-16005HigJan 26, 2020
    risk 0.47cvss 7.2epss 0.04

    A vulnerability in the web-based management interface of Cisco Webex Video Mesh could allow an authenticated, remote attacker to execute arbitrary commands on the affected system. The vulnerability is due to improper validation of user-supplied input by the web-based management…

  • CVE-2019-12629HigJan 26, 2020
    risk 0.47cvss 7.2epss 0.02

    A vulnerability in the WebUI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. The vulnerability is due to insufficient input validation of data parameters for…

  • CVE-2019-15985HigJan 6, 2020
    risk 0.47cvss 7.2epss 0.03

    Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. To exploit these vulnerabilities, an attacker would need administrative…

  • CVE-2019-15979HigJan 6, 2020
    risk 0.47cvss 7.2epss 0.03

    Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with administrative privileges on the DCNM application to inject arbitrary commands on the underlying operating system (OS). For…

  • CVE-2019-12690HigOct 2, 2019
    risk 0.47cvss 7.2epss 0.04

    A vulnerability in the web UI of the Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to inject arbitrary commands that are executed with the privileges of the root user of the underlying operating system. The vulnerability is due to…

  • CVE-2019-1896HigAug 21, 2019
    risk 0.47cvss 7.2epss 0.02

    A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary commands and obtain root privileges. The vulnerability is due to insufficient validation of user-supplied input…

  • CVE-2019-1885HigAug 21, 2019
    risk 0.47cvss 7.2epss 0.04

    A vulnerability in the Redfish protocol of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject and execute arbitrary commands with root privileges on an affected device. The vulnerability is due to insufficient validation of…

  • CVE-2019-1871HigAug 21, 2019
    risk 0.47cvss 7.2epss 0.03

    A vulnerability in the Import Cisco IMC configuration utility of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition and implement arbitrary commands with root privileges on an affected device.…

  • CVE-2019-1850HigAug 21, 2019
    risk 0.47cvss 7.2epss 0.04

    A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on an affected device. An attacker would need to have…

  • CVE-2019-1634HigAug 21, 2019
    risk 0.47cvss 7.2epss 0.03

    A vulnerability in the Intelligent Platform Management Interface (IPMI) of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on the underlying operating system (OS). The…

  • CVE-2019-1944HigAug 7, 2019
    risk 0.47cvss 7.3epss 0.00

    Multiple vulnerabilities in the smart tunnel functionality of Cisco Adaptive Security Appliance (ASA) could allow an authenticated, local attacker to elevate privileges to the root user or load a malicious library file while the tunnel is being established. For more information…

  • CVE-2019-1894HigJul 6, 2019
    risk 0.47cvss 7.2epss 0.03

    A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker with administrator privileges to overwrite or read arbitrary files on the underlying operating system (OS) of an affected device. The vulnerability is due to…

  • CVE-2019-1889HigJul 4, 2019
    risk 0.47cvss 7.2epss 0.03

    A vulnerability in the REST API for software device management in Cisco Application Policy Infrastructure Controller (APIC) Software could allow an authenticated, remote attacker to escalate privileges to root on an affected device. The vulnerability is due to incomplete…

  • CVE-2019-1861HigJun 5, 2019
    risk 0.47cvss 7.2epss 0.04

    A vulnerability in the software update feature of Cisco Industrial Network Director could allow an authenticated, remote attacker to execute arbitrary code. The vulnerability is due to improper validation of files uploaded to the affected application. An attacker could exploit…

  • CVE-2019-1822HigMay 16, 2019
    risk 0.47cvss 7.2epss 0.04

    A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This…

  • CVE-2019-1862HigMay 13, 2019
    risk 0.47cvss 7.2epss 0.06

    A vulnerability in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability occurs because the affected software…

  • CVE-2019-1859HigMay 3, 2019
    risk 0.47cvss 7.2epss 0.01

    A vulnerability in the Secure Shell (SSH) authentication process of Cisco Small Business Switches software could allow an attacker to bypass client-side certificate authentication and revert to password authentication. The vulnerability exists because OpenSSH mishandles the…

  • CVE-2019-1756HigMar 28, 2019
    risk 0.47cvss 7.2epss 0.04

    A vulnerability in Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability occurs because the affected software improperly sanitizes user-supplied input.…

  • CVE-2018-15431HigOct 5, 2018
    risk 0.47cvss 7.3epss 0.00

    A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates…

  • CVE-2018-15430HigOct 5, 2018
    risk 0.47cvss 7.2epss 0.03

    A vulnerability in the administrative web interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to execute code with user-level privileges on the underlying operating system. The vulnerability…

  • CVE-2018-0440HigOct 5, 2018
    risk 0.47cvss 7.2epss 0.02

    A vulnerability in the web interface of Cisco Data Center Network Manager could allow an authenticated application administrator to execute commands on the underlying operating system with root-level privileges. The vulnerability is due to incomplete input validation of user…

  • CVE-2018-0348HigJul 18, 2018
    risk 0.47cvss 7.2epss 0.03

    A vulnerability in the CLI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by…

  • CVE-2018-0344HigJul 18, 2018
    risk 0.47cvss 7.2epss 0.02

    A vulnerability in the vManage dashboard for the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. The vulnerability is due…

  • CVE-2018-0300HigJun 21, 2018
    risk 0.47cvss 7.2epss 0.07

    A vulnerability in the process of uploading new application images to Cisco FXOS on the Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) and Firepower 9300 Security Appliance could allow an authenticated, remote attacker using path traversal techniques to create or…

  • CVE-2018-0116HigFeb 8, 2018
    risk 0.47cvss 7.2epss 0.01

    A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthenticated, remote attacker to be authorized as a subscriber without providing a valid password; however, the attacker must provide a valid username. The vulnerability is due to…

  • CVE-2017-6746HigJul 25, 2017
    risk 0.47cvss 7.2epss 0.04

    A vulnerability in the web interface of the Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid administrator credentials. Affected Products: Cisco…

  • CVE-2017-3796HigJan 26, 2017
    risk 0.47cvss 7.2epss 0.02

    A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute predetermined shell commands on other hosts. More Information: CSCuz03353. Known Affected Releases: 2.6.

  • CVE-2016-6373HigSep 22, 2016
    risk 0.47cvss 7.2epss 0.02

    The web-based GUI in Cisco Cloud Services Platform (CSP) 2100 2.0 allows remote authenticated administrators to execute arbitrary OS commands as root via crafted platform commands, aka Bug ID CSCva00541.

  • CVE-2012-0384HigMar 29, 2012
    risk 0.47cvss 7.2epss 0.04

    Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS before 3.1.2S, 3.2.xS through 3.4.xS before 3.4.2S, 3.5.xS before 3.5.1S, and 3.1.xSG and 3.2.xSG before 3.2.2SG, when AAA authorization is enabled, allow remote authenticated users to…

  • CVE-2026-28941HigMay 11, 2026
    risk 0.46cvss 7.1epss 0.00

    The issue was addressed with improved checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Tahoe 26.5. Processing a maliciously crafted file may lead to a denial-of-service or potentially disclose memory contents.

  • CVE-2026-20641HigFeb 11, 2026
    risk 0.46cvss 7.1epss 0.00

    A privacy issue was addressed with improved checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An app may be able to identify what other apps…

  • CVE-2026-20628HigFeb 11, 2026
    risk 0.46cvss 7.1epss 0.00

    A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An app may be able to break out of…

  • CVE-2026-20617HigFeb 11, 2026
    risk 0.46cvss 7.0epss 0.00

    A race condition was addressed with improved state handling. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An app may be able to gain root privileges.

  • CVE-2026-20606HigFeb 11, 2026
    risk 0.46cvss 7.1epss 0.00

    This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3. An app may be able to bypass certain Privacy preferences.

  • CVE-2025-43338HigNov 4, 2025
    risk 0.46cvss 7.1epss 0.00

    An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 26 and iPadOS 26, macOS Sonoma 14.8.2, macOS Sonoma 14.8.4, macOS Tahoe 26. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process…

  • CVE-2025-20317HigAug 27, 2025
    risk 0.46cvss 7.1epss 0.00

    A vulnerability in the Virtual Keyboard Video Monitor (vKVM) connection handling of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to redirect a user to a malicious website. This vulnerability is due to insufficient verification…

  • CVE-2025-43224HigJul 30, 2025
    risk 0.46cvss 7.1epss 0.00

    An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.

  • CVE-2025-43221HigJul 30, 2025
    risk 0.46cvss 7.1epss 0.00

    An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.

  • CVE-2025-31219HigMay 12, 2025
    risk 0.46cvss 7.1epss 0.01

    The issue was addressed with improved memory handling. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. An attacker may be able to cause unexpected system…

  • CVE-2025-24257HigMar 31, 2025
    risk 0.46cvss 7.1epss 0.00

    An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4, watchOS 11.4. An app may be able to cause unexpected system termination or write kernel memory.

  • CVE-2025-24209HigMar 31, 2025
    risk 0.46cvss 7.0epss 0.01

    A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, watchOS 11.4. Processing maliciously crafted web content may lead to an unexpected process crash.

  • CVE-2023-20253HigSep 27, 2023
    risk 0.46cvss 7.1epss 0.00

    A vulnerability in the command line interface (cli) management interface of Cisco SD-WAN vManage could allow an authenticated, local attacker to bypass authorization and allow the attacker to roll back the configuration on vManage controllers and edge router device. This…

  • CVE-2023-20168HigAug 23, 2023
    risk 0.46cvss 7.1epss 0.00

    A vulnerability in TACACS+ and RADIUS remote authentication for Cisco NX-OS Software could allow an unauthenticated, local attacker to cause an affected device to unexpectedly reload. This vulnerability is due to incorrect input validation when processing an authentication…

  • CVE-2023-20229HigAug 16, 2023
    risk 0.46cvss 7.1epss 0.00

    A vulnerability in the CryptoService function of Cisco Duo Device Health Application for Windows could allow an authenticated, local attacker with low privileges to conduct directory traversal attacks and overwrite arbitrary files on an affected system. This vulnerability is…

  • CVE-2022-20956HigNov 4, 2022
    risk 0.46cvss 7.1epss 0.01

    A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass authorization and access system files. This vulnerability is due to improper access control in the web-based management…

  • CVE-2022-20822HigOct 26, 2022
    risk 0.46cvss 7.1epss 0.01

    A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to read and delete files on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker…

  • CVE-2021-34788HigOct 6, 2021
    risk 0.46cvss 7.0epss 0.00

    A vulnerability in the shared library loading mechanism of Cisco AnyConnect Secure Mobility Client for Linux and Mac OS could allow an authenticated, local attacker to perform a shared library hijacking attack on an affected device if the VPN Posture (HostScan) Module is…

Page 39 of 145