VYPR

Vendor CVEs

Cisco Systems, Inc.

All CVEs

7,227 total · sorted by risk
  • CVE-2020-3213MedJun 3, 2020
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the ROMMON of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to those of the root user of the underlying operating system. The vulnerability is due to the ROMMON allowing for special parameters to be passed to the…

  • CVE-2020-3210MedJun 3, 2020
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the CLI parsers of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an authenticated, local attacker to execute arbitrary shell commands on the…

  • CVE-2020-3209MedJun 3, 2020
    risk 0.44cvss 6.8epss 0.00

    A vulnerability in software image verification in Cisco IOS XE Software could allow an unauthenticated, physical attacker to install and boot a malicious software image or execute unsigned binaries on an affected device. The vulnerability is due to an improper check on the area…

  • CVE-2020-3208MedJun 3, 2020
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the image verification feature of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) could allow an authenticated, local attacker to boot a malicious software image on an affected device. The vulnerability is due…

  • CVE-2020-3207MedJun 3, 2020
    risk 0.44cvss 6.7epss 0.01

    A vulnerability in the processing of boot options of specific Cisco IOS XE Software switches could allow an authenticated, local attacker with root shell access to the underlying operating system (OS) to conduct a command injection attack during device boot. This vulnerability…

  • CVE-2020-3204MedJun 3, 2020
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker with privileged EXEC credentials to execute arbitrary code on the underlying operating system (OS) with root privileges.…

  • CVE-2020-3253MedMay 6, 2020
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the support tunnel feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to access the shell of an affected device even though expert mode is disabled. The vulnerability is due to improper configuration of the…

  • CVE-2020-3176MedMar 4, 2020
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in Cisco Remote PHY Device Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exists because the affected software does not properly sanitize…

  • CVE-2020-3169MedFeb 26, 2020
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root on an affected device. The vulnerability is due to insufficient validation of…

  • CVE-2020-3166MedFeb 26, 2020
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to read or write arbitrary files on the underlying operating system (OS). The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by…

  • CVE-2020-3138MedFeb 19, 2020
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the upgrade component of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to install a malicious file when upgrading. The vulnerability is due to insufficient signature validation. An attacker could exploit this…

  • CVE-2013-2679MedFeb 18, 2020
    risk 0.44cvss 6.1epss 0.20

    Multiple cross-site scripting (XSS) vulnerabilities in Cisco Linksys E4200 router with firmware 1.0.05 build 7 allow remote attackers to inject arbitrary web script or HTML via the (1) log_type, (2) ping_ip, (3) ping_size, (4) submit_type, or (5) traceroute_ip parameter to…

  • CVE-2019-15999MedJan 6, 2020
    risk 0.44cvss 6.3epss 0.04

    A vulnerability in the application environment of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to gain unauthorized access to the JBoss Enterprise Application Platform (JBoss EAP) on an affected device. The vulnerability is due to an…

  • CVE-2019-15689MedDec 2, 2019
    risk 0.44cvss 6.7epss 0.01

    Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud prior to version 2020 patch E have bug that allows a local user to execute arbitrary code via execution compromised file placed by an attacker with administrator rights.…

  • CVE-2019-15997MedNov 26, 2019
    risk 0.44cvss 6.7epss 0.01

    A vulnerability in Cisco DNA Spaces: Connector could allow an authenticated, local attacker to perform a command injection attack and execute arbitrary commands on the underlying operating system as root. The vulnerability is due to insufficient validation of arguments passed to…

  • CVE-2019-15996MedNov 26, 2019
    risk 0.44cvss 6.7epss 0.01

    A vulnerability in Cisco DNA Spaces: Connector could allow an authenticated, local attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root. The vulnerability is due to insufficient restrictions during the execution of an affected…

  • CVE-2019-15986MedNov 26, 2019
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the CLI of Cisco Unity Express could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. To exploit this vulnerability, an attacker would need valid administrator credentials. The vulnerability is due to…

  • CVE-2019-15277MedOct 16, 2019
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to execute code with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by…

  • CVE-2019-15275MedOct 16, 2019
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this…

  • CVE-2019-15274MedOct 16, 2019
    risk 0.44cvss 6.7epss 0.01

    A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to perform command injections. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by…

  • CVE-2019-12694MedOct 2, 2019
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the command line interface (CLI) of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker with administrative privileges to execute commands on the underlying operating system with root privileges. The vulnerability is due…

  • CVE-2019-12709MedSep 25, 2019
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in a CLI command related to the virtualization manager (VMAN) in Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with…

  • CVE-2019-12672MedSep 25, 2019
    risk 0.44cvss 6.8epss 0.01

    A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker with physical access to an affected device to execute arbitrary code on the underlying operating system (OS) with root privileges. The vulnerability is due to insufficient…

  • CVE-2019-12670MedSep 25, 2019
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker within the IOx Guest Shell to modify the namespace container protections on an affected device. The vulnerability is due to insufficient file permissions. An attacker could…

  • CVE-2019-12666MedSep 25, 2019
    risk 0.44cvss 6.7epss 0.01

    A vulnerability in the Guest Shell of Cisco IOS XE Software could allow an authenticated, local attacker to perform directory traversal on the base Linux operating system of Cisco IOS XE Software. The vulnerability is due to incomplete validation of certain commands. An attacker…

  • CVE-2019-12662MedSep 25, 2019
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service image and bypass signature verification on an affected device. The vulnerability is…

  • CVE-2019-12661MedSep 25, 2019
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in a Virtualization Manager (VMAN) related CLI command of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root. The vulnerability is due to…

  • CVE-2019-12649MedSep 25, 2019
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install and boot a malicious software image or execute unsigned binaries on an affected device. The vulnerability exists because, under certain…

  • CVE-2019-6145MedSep 20, 2019
    risk 0.44cvss 6.7epss 0.01

    Forcepoint VPN Client for Windows versions lower than 6.6.1 have an unquoted search path vulnerability. This enables local privilege escalation to SYSTEM user. By default, only local administrators can write executables to the vulnerable directories. Forcepoint thanks Peleg…

  • CVE-2019-1977MedAug 30, 2019
    risk 0.44cvss 6.8epss 0.01

    A vulnerability within the Endpoint Learning feature of Cisco Nexus 9000 Series Switches running in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an endpoint device in certain…

  • CVE-2019-1839MedAug 21, 2019
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in Cisco Remote PHY Device Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability occurs because the affected software improperly sanitizes…

  • CVE-2019-1972MedAug 8, 2019
    risk 0.44cvss 6.7epss 0.01

    A vulnerability the Cisco Enterprise NFV Infrastructure Software (NFVIS) restricted CLI could allow an authenticated, local attacker with valid administrator-level credentials to elevate privileges and execute arbitrary commands on the underlying operating system as root. The…

  • CVE-2019-1952MedAug 8, 2019
    risk 0.44cvss 6.7epss 0.01

    A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to overwrite or read arbitrary files. The attacker would need valid administrator privilege-level credentials. This vulnerability is due to improper…

  • CVE-2019-1945MedAug 7, 2019
    risk 0.44cvss 6.7epss 0.00

    Multiple vulnerabilities in the smart tunnel functionality of Cisco Adaptive Security Appliance (ASA) could allow an authenticated, local attacker to elevate privileges to the root user or load a malicious library file while the tunnel is being established. For more information…

  • CVE-2019-1932MedJul 6, 2019
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in Cisco Advanced Malware Protection (AMP) for Endpoints for Windows could allow an authenticated, local attacker with administrator privileges to execute arbitrary code. The vulnerability is due to insufficient validation of dynamically loaded modules. An…

  • CVE-2019-1909MedJul 6, 2019
    risk 0.44cvss 6.8epss 0.01

    A vulnerability in the implementation of Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to incorrect processing of…

  • CVE-2019-1622MedJun 27, 2019
    risk 0.44cvss 5.3epss 0.79

    A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device. The vulnerability is due to improper access controls for certain URLs on…

  • CVE-2019-1623MedJun 20, 2019
    risk 0.44cvss 6.7epss 0.01

    A vulnerability in the CLI configuration shell of Cisco Meeting Server could allow an authenticated, local attacker to inject arbitrary commands as the root user. The vulnerability is due to insufficient input validation during the execution of a vulnerable CLI command. An…

  • CVE-2019-1780MedMay 16, 2019
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying operating system of an affected device with elevated privileges. The…

  • CVE-2019-1851MedMay 16, 2019
    risk 0.44cvss 6.8epss 0.01

    A vulnerability in the External RESTful Services (ERS) API of the Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to generate arbitrary certificates signed by the Internal Certificate Authority (CA) Services on ISE. This vulnerability is due to…

  • CVE-2019-1768MedMay 16, 2019
    risk 0.44cvss 6.7epss 0.01

    A vulnerability in the implementation of a specific CLI command for Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to cause a buffer overflow condition or perform command injection. This could allow the attacker to execute…

  • CVE-2019-1813MedMay 15, 2019
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital…

  • CVE-2019-1812MedMay 15, 2019
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital…

  • CVE-2019-1811MedMay 15, 2019
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital…

  • CVE-2019-1810MedMay 15, 2019
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the Image Signature Verification feature used in an NX-OS CLI command in Cisco Nexus 3000 Series and 9000 Series Switches could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected…

  • CVE-2019-1809MedMay 15, 2019
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of…

  • CVE-2019-1795MedMay 15, 2019
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of…

  • CVE-2019-1791MedMay 15, 2019
    risk 0.44cvss 6.7epss 0.01

    A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands with elevated privileges on the underlying operating system of an affected device. The vulnerability is due to…

  • CVE-2019-1790MedMay 15, 2019
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with valid administrator credentials to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of…

  • CVE-2019-1784MedMay 15, 2019
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a…

Page 42 of 145