VYPR

Vendor CVEs

Cisco Systems, Inc.

All CVEs

7,229 total · sorted by risk
  • CVE-2022-20865MedAug 25, 2022
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The attacker would need to have Administrator privileges on the device. This vulnerability is due to insufficient…

  • CVE-2022-20758MedApr 15, 2022
    risk 0.44cvss 6.8epss 0.01

    A vulnerability in the implementation of the Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to the incorrect…

  • CVE-2022-20694MedApr 15, 2022
    risk 0.44cvss 6.8epss 0.01

    A vulnerability in the implementation of the Resource Public Key Infrastructure (RPKI) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the Border Gateway Protocol (BGP) process to crash, resulting in a denial of service (DoS) condition.…

  • CVE-2022-20679MedApr 15, 2022
    risk 0.44cvss 6.8epss 0.01

    A vulnerability in the IPSec decryption routine of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to buffer exhaustion that occurs while…

  • CVE-2022-20774MedApr 6, 2022
    risk 0.44cvss 6.8epss 0.00

    A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based interface of an…

  • CVE-2021-40124MedNov 4, 2021
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the Network Access Manager (NAM) module of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to escalate privileges on an affected device. This vulnerability is due to incorrect privilege assignment to scripts…

  • CVE-2021-40114MedOct 27, 2021
    risk 0.44cvss 6.8epss 0.02

    Multiple Cisco products are affected by a vulnerability in the way the Snort detection engine processes ICMP traffic that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper…

  • CVE-2021-34756MedOct 27, 2021
    risk 0.44cvss 6.7epss 0.00

    Multiple vulnerabilities in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory.

  • CVE-2021-34755MedOct 27, 2021
    risk 0.44cvss 6.7epss 0.00

    Multiple vulnerabilities in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory.

  • CVE-2021-34729MedSep 23, 2021
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the CLI of Cisco IOS XE SD-WAN Software and Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges on an affected device. This vulnerability is due to insufficient validation of arguments…

  • CVE-2021-34726MedSep 23, 2021
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operating system of an affected device. This vulnerability is due to insufficient input…

  • CVE-2021-34725MedSep 23, 2021
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operating system. This vulnerability is due to insufficient input validation on…

  • CVE-2021-34723MedSep 23, 2021
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in a specific CLI command that is run on Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the configuration database of an affected device. This vulnerability is due to insufficient validation of specific…

  • CVE-2021-34703MedSep 23, 2021
    risk 0.44cvss 6.8epss 0.01

    A vulnerability in the Link Layer Discovery Protocol (LLDP) message parser of Cisco IOS Software and Cisco IOS XE Software could allow an attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due to improper…

  • CVE-2021-34722MedSep 9, 2021
    risk 0.44cvss 6.7epss 0.00

    Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges. For more information about these vulnerabilities, see…

  • CVE-2021-34721MedSep 9, 2021
    risk 0.44cvss 6.7epss 0.00

    Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges. For more information about these vulnerabilities, see…

  • CVE-2021-34716MedAug 18, 2021
    risk 0.44cvss 6.7epss 0.02

    A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system as the root user. This…

  • CVE-2021-33478MedJul 22, 2021
    risk 0.44cvss 6.8epss 0.00

    The TrustZone implementation in certain Broadcom MediaxChange firmware could allow an unauthenticated, physically proximate attacker to achieve arbitrary code execution in the TrustZone Trusted Execution Environment (TEE) of an affected device. This, for example, affects certain…

  • CVE-2021-1520MedMay 6, 2021
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the internal message processing of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, local attacker to run arbitrary commands with root privileges on the underlying operating system (OS). This vulnerability…

  • CVE-2021-1499MedMay 6, 2021
    risk 0.44cvss 5.3epss 0.80

    A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to upload files to an affected device. This vulnerability is due to missing authentication for the upload function. An attacker could exploit…

  • CVE-2021-1447MedMay 6, 2021
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the user account management system of Cisco AsyncOS for Cisco Content Security Management Appliance (SMA) could allow an authenticated, local attacker to elevate their privileges to root. This vulnerability is due to a procedural flaw in the password…

  • CVE-2021-1488MedApr 29, 2021
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the upgrade process of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to inject commands that could be executed with root privileges on the underlying operating…

  • CVE-2021-1476MedApr 29, 2021
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the CLI of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS) of an affected device. The…

  • CVE-2021-1376MedMar 24, 2021
    risk 0.44cvss 6.7epss 0.00

    Multiple vulnerabilities in the fast reload feature of Cisco IOS XE Software running on Cisco Catalyst 3850, Cisco Catalyst 9300, and Cisco Catalyst 9300L Series Switches could allow an authenticated, local attacker to either execute arbitrary code on the underlying operating…

  • CVE-2021-1375MedMar 24, 2021
    risk 0.44cvss 6.7epss 0.00

    Multiple vulnerabilities in the fast reload feature of Cisco IOS XE Software running on Cisco Catalyst 3850, Cisco Catalyst 9300, and Cisco Catalyst 9300L Series Switches could allow an authenticated, local attacker to either execute arbitrary code on the underlying operating…

  • CVE-2021-1453MedMar 24, 2021
    risk 0.44cvss 6.8epss 0.00

    A vulnerability in the software image verification functionality of Cisco IOS XE Software for the Cisco Catalyst 9000 Family of switches could allow an unauthenticated, physical attacker to execute unsigned code at system boot time. The vulnerability is due to an improper check…

  • CVE-2021-1452MedMar 24, 2021
    risk 0.44cvss 6.8epss 0.00

    A vulnerability in the ROM Monitor (ROMMON) of Cisco IOS XE Software for Cisco Catalyst IE3200, IE3300, and IE3400 Rugged Series Switches, Cisco Catalyst IE3400 Heavy Duty Series Switches, and Cisco Embedded Services 3300 Series Switches could allow an unauthenticated, physical…

  • CVE-2021-1449MedMar 24, 2021
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the boot logic of Cisco Access Points Software could allow an authenticated, local attacker to execute unsigned code at boot time. The vulnerability is due to an improper check that is performed by the area of code that manages system startup processes. An…

  • CVE-2021-1441MedMar 24, 2021
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the hardware initialization routines of Cisco IOS XE Software for Cisco 1100 Series Industrial Integrated Services Routers and Cisco ESR6300 Embedded Series Routers could allow an authenticated, local attacker to execute unsigned code at system boot time. This…

  • CVE-2021-1398MedMar 24, 2021
    risk 0.44cvss 6.8epss 0.00

    A vulnerability in the boot logic of Cisco IOS XE Software could allow an authenticated, local attacker with level 15 privileges or an unauthenticated attacker with physical access to execute arbitrary code on the underlying Linux operating system of an affected device. This…

  • CVE-2021-1244MedFeb 4, 2021
    risk 0.44cvss 6.7epss 0.00

    Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for the Cisco 8000 Series Routers could allow an authenticated, local attacker to execute unsigned code during…

  • CVE-2021-1136MedFeb 4, 2021
    risk 0.44cvss 6.7epss 0.00

    Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for the Cisco 8000 Series Routers could allow an authenticated, local attacker to execute unsigned code during…

  • CVE-2020-27129MedNov 6, 2020
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the remote management feature of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to inject arbitrary commands and potentially gain elevated privileges. The vulnerability is due to improper validation of commands to the remote…

  • CVE-2020-27122MedNov 6, 2020
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the Microsoft Active Directory integration of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to elevate privileges on an affected device. To exploit this vulnerability, an attacker would need to have a valid administrator…

  • CVE-2020-3555MedOct 21, 2020
    risk 0.44cvss 6.8epss 0.02

    A vulnerability in the SIP inspection process of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a crash and reload of an affected device, resulting in a denial of service…

  • CVE-2020-3458MedOct 21, 2020
    risk 0.44cvss 6.7epss 0.00

    Multiple vulnerabilities in the secure boot process of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software for the Firepower 1000 Series and Firepower 2100 Series Appliances could allow an authenticated, local attacker to bypass the…

  • CVE-2020-3457MedOct 21, 2020
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could…

  • CVE-2020-3524MedSep 24, 2020
    risk 0.44cvss 6.8epss 0.00

    A vulnerability in the Cisco IOS XE ROM Monitor (ROMMON) Software for Cisco 4000 Series Integrated Services Routers, Cisco ASR 920 Series Aggregation Services Routers, Cisco ASR 1000 Series Aggregation Services Routers, and Cisco cBR-8 Converged Broadband Routers could allow an…

  • CVE-2020-3513MedSep 24, 2020
    risk 0.44cvss 6.7epss 0.00

    Multiple vulnerabilities in the initialization routines that are executed during bootup of Cisco IOS XE Software for Cisco ASR 900 Series Aggregation Services Routers with a Route Switch Processor 3 (RSP3) installed could allow an authenticated, local attacker with high…

  • CVE-2020-3417MedSep 24, 2020
    risk 0.44cvss 6.8epss 0.00

    A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to execute persistent code at boot time and break the chain of trust. This vulnerability is due to incorrect validations by boot scripts when specific ROM monitor (ROMMON) variables are set. An…

  • CVE-2020-3416MedSep 24, 2020
    risk 0.44cvss 6.7epss 0.00

    Multiple vulnerabilities in the initialization routines that are executed during bootup of Cisco IOS XE Software for Cisco ASR 900 Series Aggregation Services Routers with a Route Switch Processor 3 (RSP3) installed could allow an authenticated, local attacker with high…

  • CVE-2020-3396MedSep 24, 2020
    risk 0.44cvss 6.8epss 0.00

    A vulnerability in the file system on the pluggable USB 3.0 Solid State Drive (SSD) for Cisco IOS XE Software could allow an authenticated, physical attacker to remove the USB 3.0 SSD and modify sensitive areas of the file system, including the namespace container protections.…

  • CVE-2019-16017MedSep 23, 2020
    risk 0.44cvss 6.8epss 0.01

    A vulnerability in the Operations, Administration, Maintenance and Provisioning (OAMP) OpsConsole Server for Cisco Unified Customer Voice Portal (CVP) could allow an authenticated, remote attacker to execute Insecure Direct Object Reference actions on specific pages within the…

  • CVE-2020-3152MedAug 26, 2020
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in Cisco Connected Mobile Experiences (CMX) could allow an authenticated, local attacker with administrative credentials to execute arbitrary commands with root privileges. The vulnerability is due to improper user permissions that are configured by default on an…

  • CVE-2020-3151MedAug 26, 2020
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the CLI of Cisco Connected Mobile Experiences (CMX) could allow an authenticated, local attacker with administrative credentials to bypass restrictions on the CLI. The vulnerability is due to insufficient security mechanisms in the restricted shell…

  • CVE-2020-3500MedAug 17, 2020
    risk 0.44cvss 6.8epss 0.02

    A vulnerability in the IPv6 implementation of Cisco StarOS could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of incoming IPv6 traffic. An attacker could exploit…

  • CVE-2020-3236MedJun 18, 2020
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to gain root shell access to the underlying operating system and overwrite or read arbitrary files. The attacker would need valid administrative…

  • CVE-2020-3220MedJun 3, 2020
    risk 0.44cvss 6.8epss 0.01

    A vulnerability in the hardware crypto driver of Cisco IOS XE Software for Cisco 4300 Series Integrated Services Routers and Cisco Catalyst 9800-L Wireless Controllers could allow an unauthenticated, remote attacker to disconnect legitimate IPsec VPN sessions to an affected…

  • CVE-2020-3216MedJun 3, 2020
    risk 0.44cvss 6.8epss 0.00

    A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, physical attacker to bypass authentication and gain unrestricted access to the root shell of an affected device. The vulnerability exists because the affected software has insufficient authentication…

  • CVE-2020-3215MedJun 3, 2020
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the Virtual Services Container of Cisco IOS XE Software could allow an authenticated, local attacker to gain root-level privileges on an affected device. The vulnerability is due to insufficient validation of a user-supplied open virtual appliance (OVA). An…

Page 41 of 145