Vendor CVEs
Cisco Systems, Inc.
All CVEs
7,227 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-3213 | Med | 0.44 | 6.7 | 0.00 | Jun 3, 2020 | A vulnerability in the ROMMON of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to those of the root user of the underlying operating system. The vulnerability is due to the ROMMON allowing for special parameters to be passed to the… | ||
| CVE-2020-3210 | Med | 0.44 | 6.7 | 0.00 | Jun 3, 2020 | A vulnerability in the CLI parsers of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an authenticated, local attacker to execute arbitrary shell commands on the… | ||
| CVE-2020-3209 | Med | 0.44 | 6.8 | 0.00 | Jun 3, 2020 | A vulnerability in software image verification in Cisco IOS XE Software could allow an unauthenticated, physical attacker to install and boot a malicious software image or execute unsigned binaries on an affected device. The vulnerability is due to an improper check on the area… | ||
| CVE-2020-3208 | Med | 0.44 | 6.7 | 0.00 | Jun 3, 2020 | A vulnerability in the image verification feature of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) could allow an authenticated, local attacker to boot a malicious software image on an affected device. The vulnerability is due… | ||
| CVE-2020-3207 | Med | 0.44 | 6.7 | 0.01 | Jun 3, 2020 | A vulnerability in the processing of boot options of specific Cisco IOS XE Software switches could allow an authenticated, local attacker with root shell access to the underlying operating system (OS) to conduct a command injection attack during device boot. This vulnerability… | ||
| CVE-2020-3204 | Med | 0.44 | 6.7 | 0.00 | Jun 3, 2020 | A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker with privileged EXEC credentials to execute arbitrary code on the underlying operating system (OS) with root privileges.… | ||
| CVE-2020-3253 | Med | 0.44 | 6.7 | 0.00 | May 6, 2020 | A vulnerability in the support tunnel feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to access the shell of an affected device even though expert mode is disabled. The vulnerability is due to improper configuration of the… | ||
| CVE-2020-3176 | Med | 0.44 | 6.7 | 0.00 | Mar 4, 2020 | A vulnerability in Cisco Remote PHY Device Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exists because the affected software does not properly sanitize… | ||
| CVE-2020-3169 | Med | 0.44 | 6.7 | 0.00 | Feb 26, 2020 | A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root on an affected device. The vulnerability is due to insufficient validation of… | ||
| CVE-2020-3166 | Med | 0.44 | 6.7 | 0.00 | Feb 26, 2020 | A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to read or write arbitrary files on the underlying operating system (OS). The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by… | ||
| CVE-2020-3138 | Med | 0.44 | 6.7 | 0.00 | Feb 19, 2020 | A vulnerability in the upgrade component of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to install a malicious file when upgrading. The vulnerability is due to insufficient signature validation. An attacker could exploit this… | ||
| CVE-2013-2679 | Med | 0.44 | 6.1 | 0.20 | Feb 18, 2020 | Multiple cross-site scripting (XSS) vulnerabilities in Cisco Linksys E4200 router with firmware 1.0.05 build 7 allow remote attackers to inject arbitrary web script or HTML via the (1) log_type, (2) ping_ip, (3) ping_size, (4) submit_type, or (5) traceroute_ip parameter to… | ||
| CVE-2019-15999 | Med | 0.44 | 6.3 | 0.04 | Jan 6, 2020 | A vulnerability in the application environment of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to gain unauthorized access to the JBoss Enterprise Application Platform (JBoss EAP) on an affected device. The vulnerability is due to an… | ||
| CVE-2019-15689 | Med | 0.44 | 6.7 | 0.01 | Dec 2, 2019 | Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud prior to version 2020 patch E have bug that allows a local user to execute arbitrary code via execution compromised file placed by an attacker with administrator rights.… | ||
| CVE-2019-15997 | Med | 0.44 | 6.7 | 0.01 | Nov 26, 2019 | A vulnerability in Cisco DNA Spaces: Connector could allow an authenticated, local attacker to perform a command injection attack and execute arbitrary commands on the underlying operating system as root. The vulnerability is due to insufficient validation of arguments passed to… | ||
| CVE-2019-15996 | Med | 0.44 | 6.7 | 0.01 | Nov 26, 2019 | A vulnerability in Cisco DNA Spaces: Connector could allow an authenticated, local attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root. The vulnerability is due to insufficient restrictions during the execution of an affected… | ||
| CVE-2019-15986 | Med | 0.44 | 6.7 | 0.00 | Nov 26, 2019 | A vulnerability in the CLI of Cisco Unity Express could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. To exploit this vulnerability, an attacker would need valid administrator credentials. The vulnerability is due to… | ||
| CVE-2019-15277 | Med | 0.44 | 6.7 | 0.00 | Oct 16, 2019 | A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to execute code with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by… | ||
| CVE-2019-15275 | Med | 0.44 | 6.7 | 0.00 | Oct 16, 2019 | A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this… | ||
| CVE-2019-15274 | Med | 0.44 | 6.7 | 0.01 | Oct 16, 2019 | A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to perform command injections. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by… | ||
| CVE-2019-12694 | Med | 0.44 | 6.7 | 0.00 | Oct 2, 2019 | A vulnerability in the command line interface (CLI) of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker with administrative privileges to execute commands on the underlying operating system with root privileges. The vulnerability is due… | ||
| CVE-2019-12709 | Med | 0.44 | 6.7 | 0.00 | Sep 25, 2019 | A vulnerability in a CLI command related to the virtualization manager (VMAN) in Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with… | ||
| CVE-2019-12672 | Med | 0.44 | 6.8 | 0.01 | Sep 25, 2019 | A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker with physical access to an affected device to execute arbitrary code on the underlying operating system (OS) with root privileges. The vulnerability is due to insufficient… | ||
| CVE-2019-12670 | Med | 0.44 | 6.7 | 0.00 | Sep 25, 2019 | A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker within the IOx Guest Shell to modify the namespace container protections on an affected device. The vulnerability is due to insufficient file permissions. An attacker could… | ||
| CVE-2019-12666 | Med | 0.44 | 6.7 | 0.01 | Sep 25, 2019 | A vulnerability in the Guest Shell of Cisco IOS XE Software could allow an authenticated, local attacker to perform directory traversal on the base Linux operating system of Cisco IOS XE Software. The vulnerability is due to incomplete validation of certain commands. An attacker… | ||
| CVE-2019-12662 | Med | 0.44 | 6.7 | 0.00 | Sep 25, 2019 | A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service image and bypass signature verification on an affected device. The vulnerability is… | ||
| CVE-2019-12661 | Med | 0.44 | 6.7 | 0.00 | Sep 25, 2019 | A vulnerability in a Virtualization Manager (VMAN) related CLI command of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root. The vulnerability is due to… | ||
| CVE-2019-12649 | Med | 0.44 | 6.7 | 0.00 | Sep 25, 2019 | A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install and boot a malicious software image or execute unsigned binaries on an affected device. The vulnerability exists because, under certain… | ||
| CVE-2019-6145 | Med | 0.44 | 6.7 | 0.01 | Sep 20, 2019 | Forcepoint VPN Client for Windows versions lower than 6.6.1 have an unquoted search path vulnerability. This enables local privilege escalation to SYSTEM user. By default, only local administrators can write executables to the vulnerable directories. Forcepoint thanks Peleg… | ||
| CVE-2019-1977 | Med | 0.44 | 6.8 | 0.01 | Aug 30, 2019 | A vulnerability within the Endpoint Learning feature of Cisco Nexus 9000 Series Switches running in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an endpoint device in certain… | ||
| CVE-2019-1839 | Med | 0.44 | 6.7 | 0.00 | Aug 21, 2019 | A vulnerability in Cisco Remote PHY Device Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability occurs because the affected software improperly sanitizes… | ||
| CVE-2019-1972 | Med | 0.44 | 6.7 | 0.01 | Aug 8, 2019 | A vulnerability the Cisco Enterprise NFV Infrastructure Software (NFVIS) restricted CLI could allow an authenticated, local attacker with valid administrator-level credentials to elevate privileges and execute arbitrary commands on the underlying operating system as root. The… | ||
| CVE-2019-1952 | Med | 0.44 | 6.7 | 0.01 | Aug 8, 2019 | A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to overwrite or read arbitrary files. The attacker would need valid administrator privilege-level credentials. This vulnerability is due to improper… | ||
| CVE-2019-1945 | Med | 0.44 | 6.7 | 0.00 | Aug 7, 2019 | Multiple vulnerabilities in the smart tunnel functionality of Cisco Adaptive Security Appliance (ASA) could allow an authenticated, local attacker to elevate privileges to the root user or load a malicious library file while the tunnel is being established. For more information… | ||
| CVE-2019-1932 | Med | 0.44 | 6.7 | 0.00 | Jul 6, 2019 | A vulnerability in Cisco Advanced Malware Protection (AMP) for Endpoints for Windows could allow an authenticated, local attacker with administrator privileges to execute arbitrary code. The vulnerability is due to insufficient validation of dynamically loaded modules. An… | ||
| CVE-2019-1909 | Med | 0.44 | 6.8 | 0.01 | Jul 6, 2019 | A vulnerability in the implementation of Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to incorrect processing of… | ||
| CVE-2019-1622 | Med | 0.44 | 5.3 | 0.79 | Jun 27, 2019 | A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device. The vulnerability is due to improper access controls for certain URLs on… | ||
| CVE-2019-1623 | Med | 0.44 | 6.7 | 0.01 | Jun 20, 2019 | A vulnerability in the CLI configuration shell of Cisco Meeting Server could allow an authenticated, local attacker to inject arbitrary commands as the root user. The vulnerability is due to insufficient input validation during the execution of a vulnerable CLI command. An… | ||
| CVE-2019-1780 | Med | 0.44 | 6.7 | 0.00 | May 16, 2019 | A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying operating system of an affected device with elevated privileges. The… | ||
| CVE-2019-1851 | Med | 0.44 | 6.8 | 0.01 | May 16, 2019 | A vulnerability in the External RESTful Services (ERS) API of the Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to generate arbitrary certificates signed by the Internal Certificate Authority (CA) Services on ISE. This vulnerability is due to… | ||
| CVE-2019-1768 | Med | 0.44 | 6.7 | 0.01 | May 16, 2019 | A vulnerability in the implementation of a specific CLI command for Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to cause a buffer overflow condition or perform command injection. This could allow the attacker to execute… | ||
| CVE-2019-1813 | Med | 0.44 | 6.7 | 0.00 | May 15, 2019 | A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital… | ||
| CVE-2019-1812 | Med | 0.44 | 6.7 | 0.00 | May 15, 2019 | A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital… | ||
| CVE-2019-1811 | Med | 0.44 | 6.7 | 0.00 | May 15, 2019 | A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital… | ||
| CVE-2019-1810 | Med | 0.44 | 6.7 | 0.00 | May 15, 2019 | A vulnerability in the Image Signature Verification feature used in an NX-OS CLI command in Cisco Nexus 3000 Series and 9000 Series Switches could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected… | ||
| CVE-2019-1809 | Med | 0.44 | 6.7 | 0.00 | May 15, 2019 | A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of… | ||
| CVE-2019-1795 | Med | 0.44 | 6.7 | 0.00 | May 15, 2019 | A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of… | ||
| CVE-2019-1791 | Med | 0.44 | 6.7 | 0.01 | May 15, 2019 | A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands with elevated privileges on the underlying operating system of an affected device. The vulnerability is due to… | ||
| CVE-2019-1790 | Med | 0.44 | 6.7 | 0.00 | May 15, 2019 | A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with valid administrator credentials to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of… | ||
| CVE-2019-1784 | Med | 0.44 | 6.7 | 0.00 | May 15, 2019 | A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a… |
- risk 0.44cvss 6.7epss 0.00
A vulnerability in the ROMMON of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to those of the root user of the underlying operating system. The vulnerability is due to the ROMMON allowing for special parameters to be passed to the…
- risk 0.44cvss 6.7epss 0.00
A vulnerability in the CLI parsers of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an authenticated, local attacker to execute arbitrary shell commands on the…
- risk 0.44cvss 6.8epss 0.00
A vulnerability in software image verification in Cisco IOS XE Software could allow an unauthenticated, physical attacker to install and boot a malicious software image or execute unsigned binaries on an affected device. The vulnerability is due to an improper check on the area…
- risk 0.44cvss 6.7epss 0.00
A vulnerability in the image verification feature of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) could allow an authenticated, local attacker to boot a malicious software image on an affected device. The vulnerability is due…
- risk 0.44cvss 6.7epss 0.01
A vulnerability in the processing of boot options of specific Cisco IOS XE Software switches could allow an authenticated, local attacker with root shell access to the underlying operating system (OS) to conduct a command injection attack during device boot. This vulnerability…
- risk 0.44cvss 6.7epss 0.00
A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker with privileged EXEC credentials to execute arbitrary code on the underlying operating system (OS) with root privileges.…
- risk 0.44cvss 6.7epss 0.00
A vulnerability in the support tunnel feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to access the shell of an affected device even though expert mode is disabled. The vulnerability is due to improper configuration of the…
- risk 0.44cvss 6.7epss 0.00
A vulnerability in Cisco Remote PHY Device Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exists because the affected software does not properly sanitize…
- risk 0.44cvss 6.7epss 0.00
A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root on an affected device. The vulnerability is due to insufficient validation of…
- risk 0.44cvss 6.7epss 0.00
A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to read or write arbitrary files on the underlying operating system (OS). The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by…
- risk 0.44cvss 6.7epss 0.00
A vulnerability in the upgrade component of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to install a malicious file when upgrading. The vulnerability is due to insufficient signature validation. An attacker could exploit this…
- risk 0.44cvss 6.1epss 0.20
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Linksys E4200 router with firmware 1.0.05 build 7 allow remote attackers to inject arbitrary web script or HTML via the (1) log_type, (2) ping_ip, (3) ping_size, (4) submit_type, or (5) traceroute_ip parameter to…
- risk 0.44cvss 6.3epss 0.04
A vulnerability in the application environment of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to gain unauthorized access to the JBoss Enterprise Application Platform (JBoss EAP) on an affected device. The vulnerability is due to an…
- risk 0.44cvss 6.7epss 0.01
Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud prior to version 2020 patch E have bug that allows a local user to execute arbitrary code via execution compromised file placed by an attacker with administrator rights.…
- risk 0.44cvss 6.7epss 0.01
A vulnerability in Cisco DNA Spaces: Connector could allow an authenticated, local attacker to perform a command injection attack and execute arbitrary commands on the underlying operating system as root. The vulnerability is due to insufficient validation of arguments passed to…
- risk 0.44cvss 6.7epss 0.01
A vulnerability in Cisco DNA Spaces: Connector could allow an authenticated, local attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root. The vulnerability is due to insufficient restrictions during the execution of an affected…
- risk 0.44cvss 6.7epss 0.00
A vulnerability in the CLI of Cisco Unity Express could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. To exploit this vulnerability, an attacker would need valid administrator credentials. The vulnerability is due to…
- risk 0.44cvss 6.7epss 0.00
A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to execute code with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by…
- risk 0.44cvss 6.7epss 0.00
A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this…
- risk 0.44cvss 6.7epss 0.01
A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to perform command injections. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by…
- risk 0.44cvss 6.7epss 0.00
A vulnerability in the command line interface (CLI) of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker with administrative privileges to execute commands on the underlying operating system with root privileges. The vulnerability is due…
- risk 0.44cvss 6.7epss 0.00
A vulnerability in a CLI command related to the virtualization manager (VMAN) in Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with…
- risk 0.44cvss 6.8epss 0.01
A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker with physical access to an affected device to execute arbitrary code on the underlying operating system (OS) with root privileges. The vulnerability is due to insufficient…
- risk 0.44cvss 6.7epss 0.00
A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker within the IOx Guest Shell to modify the namespace container protections on an affected device. The vulnerability is due to insufficient file permissions. An attacker could…
- risk 0.44cvss 6.7epss 0.01
A vulnerability in the Guest Shell of Cisco IOS XE Software could allow an authenticated, local attacker to perform directory traversal on the base Linux operating system of Cisco IOS XE Software. The vulnerability is due to incomplete validation of certain commands. An attacker…
- risk 0.44cvss 6.7epss 0.00
A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service image and bypass signature verification on an affected device. The vulnerability is…
- risk 0.44cvss 6.7epss 0.00
A vulnerability in a Virtualization Manager (VMAN) related CLI command of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root. The vulnerability is due to…
- risk 0.44cvss 6.7epss 0.00
A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install and boot a malicious software image or execute unsigned binaries on an affected device. The vulnerability exists because, under certain…
- risk 0.44cvss 6.7epss 0.01
Forcepoint VPN Client for Windows versions lower than 6.6.1 have an unquoted search path vulnerability. This enables local privilege escalation to SYSTEM user. By default, only local administrators can write executables to the vulnerable directories. Forcepoint thanks Peleg…
- risk 0.44cvss 6.8epss 0.01
A vulnerability within the Endpoint Learning feature of Cisco Nexus 9000 Series Switches running in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an endpoint device in certain…
- risk 0.44cvss 6.7epss 0.00
A vulnerability in Cisco Remote PHY Device Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability occurs because the affected software improperly sanitizes…
- risk 0.44cvss 6.7epss 0.01
A vulnerability the Cisco Enterprise NFV Infrastructure Software (NFVIS) restricted CLI could allow an authenticated, local attacker with valid administrator-level credentials to elevate privileges and execute arbitrary commands on the underlying operating system as root. The…
- risk 0.44cvss 6.7epss 0.01
A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to overwrite or read arbitrary files. The attacker would need valid administrator privilege-level credentials. This vulnerability is due to improper…
- risk 0.44cvss 6.7epss 0.00
Multiple vulnerabilities in the smart tunnel functionality of Cisco Adaptive Security Appliance (ASA) could allow an authenticated, local attacker to elevate privileges to the root user or load a malicious library file while the tunnel is being established. For more information…
- risk 0.44cvss 6.7epss 0.00
A vulnerability in Cisco Advanced Malware Protection (AMP) for Endpoints for Windows could allow an authenticated, local attacker with administrator privileges to execute arbitrary code. The vulnerability is due to insufficient validation of dynamically loaded modules. An…
- risk 0.44cvss 6.8epss 0.01
A vulnerability in the implementation of Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to incorrect processing of…
- risk 0.44cvss 5.3epss 0.79
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device. The vulnerability is due to improper access controls for certain URLs on…
- risk 0.44cvss 6.7epss 0.01
A vulnerability in the CLI configuration shell of Cisco Meeting Server could allow an authenticated, local attacker to inject arbitrary commands as the root user. The vulnerability is due to insufficient input validation during the execution of a vulnerable CLI command. An…
- risk 0.44cvss 6.7epss 0.00
A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying operating system of an affected device with elevated privileges. The…
- risk 0.44cvss 6.8epss 0.01
A vulnerability in the External RESTful Services (ERS) API of the Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to generate arbitrary certificates signed by the Internal Certificate Authority (CA) Services on ISE. This vulnerability is due to…
- risk 0.44cvss 6.7epss 0.01
A vulnerability in the implementation of a specific CLI command for Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to cause a buffer overflow condition or perform command injection. This could allow the attacker to execute…
- risk 0.44cvss 6.7epss 0.00
A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital…
- risk 0.44cvss 6.7epss 0.00
A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital…
- risk 0.44cvss 6.7epss 0.00
A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital…
- risk 0.44cvss 6.7epss 0.00
A vulnerability in the Image Signature Verification feature used in an NX-OS CLI command in Cisco Nexus 3000 Series and 9000 Series Switches could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected…
- risk 0.44cvss 6.7epss 0.00
A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of…
- risk 0.44cvss 6.7epss 0.00
A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of…
- risk 0.44cvss 6.7epss 0.01
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands with elevated privileges on the underlying operating system of an affected device. The vulnerability is due to…
- risk 0.44cvss 6.7epss 0.00
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with valid administrator credentials to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of…
- risk 0.44cvss 6.7epss 0.00
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a…
Page 42 of 145