VYPR

Vendor CVEs

Cisco Systems, Inc.

All CVEs

7,229 total · sorted by risk
  • CVE-2021-1567HigJun 16, 2021
    risk 0.46cvss 7.0epss 0.00

    A vulnerability in the DLL loading mechanism of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the VPN Posture (HostScan) Module is installed on the AnyConnect client.…

  • CVE-2021-1496HigMay 6, 2021
    risk 0.46cvss 7.0epss 0.01

    Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the application. A successful exploit could allow the…

  • CVE-2021-1430HigMay 6, 2021
    risk 0.46cvss 7.0epss 0.00

    Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the application. A successful exploit could allow the…

  • CVE-2021-1429HigMay 6, 2021
    risk 0.46cvss 7.0epss 0.00

    Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the application. A successful exploit could allow the…

  • CVE-2021-1428HigMay 6, 2021
    risk 0.46cvss 7.0epss 0.00

    Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the application. A successful exploit could allow the…

  • CVE-2021-1427HigMay 6, 2021
    risk 0.46cvss 7.0epss 0.00

    Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the application. A successful exploit could allow the…

  • CVE-2021-1426HigMay 6, 2021
    risk 0.46cvss 7.0epss 0.00

    Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the application. A successful exploit could allow the…

  • CVE-2021-1365HigMay 6, 2021
    risk 0.46cvss 7.1epss 0.01

    Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities are due to improper…

  • CVE-2021-1363HigMay 6, 2021
    risk 0.46cvss 7.1epss 0.01

    Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities are due to improper…

  • CVE-2021-1386HigApr 8, 2021
    risk 0.46cvss 7.0epss 0.00

    A vulnerability in the dynamic link library (DLL) loading mechanism in Cisco Advanced Malware Protection (AMP) for Endpoints Windows Connector, ClamAV for Windows, and Immunet could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected Windows…

  • CVE-2020-3483HigOct 14, 2020
    risk 0.46cvss 7.1epss 0.00

    Duo has identified and fixed an issue with the Duo Network Gateway (DNG) product in which some customer-provided SSL certificates and private keys were not excluded from logging. This issue resulted in certificate and private key information being written out in plain-text to…

  • CVE-2019-16007HigSep 23, 2020
    risk 0.46cvss 7.1epss 0.00

    A vulnerability in the inter-service communication of Cisco AnyConnect Secure Mobility Client for Android could allow an unauthenticated, local attacker to perform a service hijack attack on an affected device or cause a denial of service (DoS) condition. The vulnerability is…

  • CVE-2020-3267HigJun 3, 2020
    risk 0.46cvss 7.1epss 0.01

    A vulnerability in the API subsystem of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to change the availability state of any agent. The vulnerability is due to insufficient authorization enforcement on an affected system. An…

  • CVE-2020-3264HigMar 19, 2020
    risk 0.46cvss 7.1epss 0.01

    A vulnerability in Cisco SD-WAN Solution software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted traffic to…

  • CVE-2020-3148HigMar 4, 2020
    risk 0.46cvss 7.1epss 0.01

    A vulnerability in the web-based interface of Cisco Prime Network Registrar (CPNR) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections in the…

  • CVE-2019-1836HigMay 3, 2019
    risk 0.46cvss 7.1epss 0.00

    A vulnerability in the system shell for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to use symbolic links to overwrite system files. These system files may be sensitive and should not be…

  • CVE-2019-1688HigFeb 12, 2019
    risk 0.46cvss 7.1epss 0.00

    A vulnerability in the management web interface of Cisco Network Assurance Engine (NAE) could allow an unauthenticated, local attacker to gain unauthorized access or cause a Denial of Service (DoS) condition on the server. The vulnerability is due to a fault in the password…

  • CVE-2018-0092HigJan 18, 2018
    risk 0.46cvss 7.1epss 0.00

    A vulnerability in the network-operator user role implementation for Cisco NX-OS System Software could allow an authenticated, local attacker to improperly delete valid user accounts. The network-operator role should not be able to delete other configured users on the device.…

  • CVE-2017-12215HigSep 21, 2017
    risk 0.46cvss 7.1epss 0.02

    A vulnerability in the email message filtering feature of Cisco AsyncOS Software for the Cisco Email Security Appliance could allow an unauthenticated, remote attacker to cause an affected device to run out of memory and stop scanning and forwarding email messages. When system…

  • CVE-2017-6767HigAug 17, 2017
    risk 0.46cvss 7.1epss 0.01

    A vulnerability in Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to gain higher privileges than the account is assigned. The attacker will be granted the privileges of the last user to log in, regardless of whether those…

  • CVE-2017-6728HigJul 10, 2017
    risk 0.46cvss 7.0epss 0.00

    A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary code at the root privilege level on an affected system, because of Incorrect Permissions. More Information: CSCvb99389. Known Affected Releases: 6.2.1.BASE.…

  • CVE-2017-6625HigMay 3, 2017
    risk 0.46cvss 7.1epss 0.02

    A "Cisco Firepower Threat Defense 6.0.0 through 6.2.2 and Cisco ASA with FirePOWER Module Denial of Service" vulnerability in the access control policy of Cisco Firepower System Software could allow an authenticated, remote attacker to cause an affected system to stop inspecting…

  • CVE-2017-6601HigApr 7, 2017
    risk 0.46cvss 7.1epss 0.01

    A vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More…

  • CVE-2016-1435HigJun 23, 2016
    risk 0.46cvss 7.0epss 0.00

    Cisco 8800 phones with software 11.0(1) do not properly enforce mounted-filesystem permissions, which allows local users to write to arbitrary files by leveraging shell access, aka Bug ID CSCuz03014.

  • CVE-2016-1393HigMay 12, 2016
    risk 0.46cvss 7.1epss 0.01

    SQL injection vulnerability in Cisco Cloud Network Automation Provisioner (CNAP) 1.0 and 1.1 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuy72175.

  • CVE-2016-1360HigMar 12, 2016
    risk 0.46cvss 7.1epss 0.00

    Cisco Prime LAN Management Solution (LMS) through 4.2.5 uses the same database decryption key across different customers' installations, which allows local users to obtain cleartext data by leveraging console connectivity, aka Bug ID CSCuw85390.

  • CVE-2023-20209MedAug 16, 2023
    risk 0.45cvss 6.5epss 0.38

    A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with read-write privileges on the application to perform a command injection attack that could…

  • CVE-2021-1384MedMar 24, 2021
    risk 0.45cvss 6.5epss 0.35

    A vulnerability in Cisco IOx application hosting environment of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands into the underlying operating system as the root user. This vulnerability is due to incomplete validation of fields in the…

  • CVE-2026-20171MedMay 20, 2026
    risk 0.44cvss 6.8epss 0.00

    A vulnerability in the Border Gateway Protocol (BGP) enforce-first-as feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to trigger BGP peer flaps, resulting in a…

  • CVE-2026-20025MedMar 4, 2026
    risk 0.44cvss 6.8epss 0.00

    A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an authenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition. To exploit this vulnerability, the attacker…

  • CVE-2026-20024MedMar 4, 2026
    risk 0.44cvss 6.8epss 0.00

    A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an authenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition. To exploit this vulnerability, the attacker…

  • CVE-2026-20020MedMar 4, 2026
    risk 0.44cvss 6.8epss 0.00

    A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition. If OSPF authentication is enabled, the…

  • CVE-2026-20050MedMar 4, 2026
    risk 0.44cvss 6.8epss 0.00

    A vulnerability in the Do Not Decrypt exclusion feature of the SSL decryption feature of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability…

  • CVE-2026-20099MedFeb 25, 2026
    risk 0.44cvss 6.7epss 0.01

    A vulnerability in the web-based management interface of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local attacker with administrative privileges to perform command injection attacks on an affected system and elevate privileges…

  • CVE-2025-20314MedSep 24, 2025
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to an affected device to execute persistent code at boot time and break the chain of trust. This vulnerability is…

  • CVE-2025-20313MedSep 24, 2025
    risk 0.44cvss 6.7epss 0.00

    Multiple vulnerabilities in Cisco IOS XE Software of could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to the device to execute persistent code at boot time and break the chain of trust. These…

  • CVE-2025-31228MedMay 12, 2025
    risk 0.44cvss 6.8epss 0.00

    The issue was addressed with improved authentication. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7. An attacker with physical access to a device may be able to access notes from the lock screen.

  • CVE-2021-34752MedNov 15, 2024
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the CLI of Cisco FTD Software could allow an authenticated, local attacker with administrative privileges to execute arbitrary commands with root privileges on the underlying operating system of an affected device. This vulnerability is due to…

  • CVE-2024-20413MedAug 28, 2024
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in Cisco NX-OS Software could allow an authenticated, local attacker with privileges to access the Bash shell to elevate privileges to network-admin on an affected device. This vulnerability is due to insufficient security restrictions when executing…

  • CVE-2024-20411MedAug 28, 2024
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in Cisco NX-OS Software could allow an authenticated, local attacker with privileges to access the Bash shell to execute arbitrary code as root on an affected device. This vulnerability is due to insufficient security restrictions when executing commands…

  • CVE-2024-20277MedJan 17, 2024
    risk 0.44cvss 6.8epss 0.01

    A vulnerability in the web-based management interface of Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type, could allow an authenticated, remote attacker to perform a command injection and elevate privileges to root. This vulnerability is due to…

  • CVE-2023-20272MedNov 21, 2023
    risk 0.44cvss 6.7epss 0.01

    A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to upload malicious files to the web root of the application. This vulnerability is due to insufficient file input validation. An attacker could…

  • CVE-2023-20042MedNov 1, 2023
    risk 0.44cvss 6.8epss 0.01

    A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This…

  • CVE-2023-20236MedSep 13, 2023
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device. This vulnerability is due to insufficient image verification. An attacker could exploit this…

  • CVE-2023-20116MedJun 28, 2023
    risk 0.44cvss 6.8epss 0.01

    A vulnerability in the Administrative XML Web Service (AXL) API of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to cause a denial of service…

  • CVE-2023-20100MedMar 23, 2023
    risk 0.44cvss 6.8epss 0.01

    A vulnerability in the access point (AP) joining process of the Control and Provisioning of Wireless Access Points (CAPWAP) protocol of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, remote attacker to cause a denial of service (DoS)…

  • CVE-2023-20081MedMar 23, 2023
    risk 0.44cvss 6.8epss 0.01

    A vulnerability in the IPv6 DHCP (DHCPv6) client module of Cisco Adaptive Security Appliance (ASA) Software, Cisco Firepower Threat Defense (FTD) Software, Cisco IOS Software, and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service…

  • CVE-2023-20044MedJan 20, 2023
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges. This vulnerability is due to insecure file permissions. An attacker could exploit this vulnerability by persuading support to update settings which call the…

  • CVE-2023-20043MedJan 20, 2023
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges. This vulnerability is due to insecure file permissions. An attacker could exploit this vulnerability by calling the script with sudo. A successful exploit…

  • CVE-2022-20930MedSep 30, 2022
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite and possibly corrupt files on an affected system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting…

Page 40 of 145