Vendor CVEs
Cisco Systems, Inc.
All CVEs
7,226 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-31210 | Med | 0.42 | 6.5 | 0.00 | May 12, 2025 | The issue was addressed with improved UI. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7. Processing web content may lead to a denial-of-service. | ||
| CVE-2025-24225 | Med | 0.42 | 6.5 | 0.00 | May 12, 2025 | An injection issue was addressed with improved input validation. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7. Processing an email may lead to user interface spoofing. | ||
| CVE-2025-31203 | Med | 0.42 | 6.5 | 0.00 | Apr 29, 2025 | An integer overflow was addressed with improved input validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An attacker on the local network may be able to cause a… | ||
| CVE-2025-30445 | Med | 0.42 | 6.5 | 0.00 | Apr 29, 2025 | A type confusion issue was addressed with improved checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4. An attacker on the local network may cause an unexpected app… | ||
| CVE-2025-24251 | Med | 0.42 | 6.5 | 0.00 | Apr 29, 2025 | The issue was addressed with improved checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An attacker on the local network may cause an unexpected app… | ||
| CVE-2025-30432 | Med | 0.42 | 6.4 | 0.01 | Mar 31, 2025 | A logic issue was addressed with improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. A malicious app may be able to attempt passcode entries on a locked… | ||
| CVE-2025-24192 | Med | 0.42 | 6.5 | 0.01 | Mar 31, 2025 | A script imports issue was addressed with improved isolation. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4. Visiting a website may leak sensitive data. | ||
| CVE-2024-54467 | Med | 0.42 | 6.5 | 0.01 | Mar 10, 2025 | A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. A malicious website may exfiltrate data cross-origin. | ||
| CVE-2022-20652 | Med | 0.42 | 6.5 | 0.01 | Nov 15, 2024 | A vulnerability in the web-based management interface and in the API subsystem of Cisco Tetration could allow an authenticated, remote attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operating system. This vulnerability is… | ||
| CVE-2024-20416 | Med | 0.42 | 6.5 | 0.01 | Jul 17, 2024 | A vulnerability in the upload module of Cisco RV340 and RV345 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to insufficient boundary checks when processing specific HTTP… | ||
| CVE-2024-20262 | Med | 0.42 | 6.5 | 0.00 | Mar 13, 2024 | A vulnerability in the Secure Copy Protocol (SCP) and SFTP feature of Cisco IOS XR Software could allow an authenticated, local attacker to create or overwrite files in a system directory, which could lead to a denial of service (DoS) condition. The attacker would require valid… | ||
| CVE-2024-20287 | Med | 0.42 | 6.5 | 0.01 | Jan 17, 2024 | A vulnerability in the web-based management interface of the Cisco WAP371 Wireless-AC/N Dual Radio Access Point (AP) with Single Point Setup could allow an authenticated, remote attacker to perform command injection attacks against an affected device. This vulnerability is due… | ||
| CVE-2023-20271 | Med | 0.42 | 6.5 | 0.01 | Jan 17, 2024 | A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to improper… | ||
| CVE-2023-20258 | Med | 0.42 | 6.5 | 0.01 | Jan 17, 2024 | A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. This vulnerability is due to improper processing of serialized Java objects by the… | ||
| CVE-2023-20114 | Med | 0.42 | 6.5 | 0.01 | Nov 1, 2023 | A vulnerability in the file download feature of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to download arbitrary files from an affected system. This vulnerability is due to a lack of input sanitation. An attacker could exploit… | ||
| CVE-2023-20261 | Med | 0.42 | 6.5 | 0.01 | Oct 18, 2023 | A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to retrieve arbitrary files from an affected system. This vulnerability is due to improper validation of parameters that are sent to the web UI. An attacker could… | ||
| CVE-2023-20235 | Med | 0.42 | 6.5 | 0.01 | Oct 4, 2023 | A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user. This vulnerability… | ||
| CVE-2023-20250 | Med | 0.42 | 6.5 | 0.01 | Sep 6, 2023 | A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to improper validation of requests… | ||
| CVE-2023-20266 | Med | 0.42 | 6.5 | 0.00 | Aug 30, 2023 | A vulnerability in Cisco Emergency Responder, Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an authenticated, remote attacker to elevate privileges to… | ||
| CVE-2023-20221 | Med | 0.42 | 6.5 | 0.00 | Aug 16, 2023 | A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based management… | ||
| CVE-2023-20111 | Med | 0.42 | 6.5 | 0.01 | Aug 16, 2023 | A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access sensitive information. This vulnerability is due to the improper storage of sensitive information within the web-based… | ||
| CVE-2023-20017 | Med | 0.42 | 6.5 | 0.01 | Aug 16, 2023 | Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using root-level privileges. The attacker would need to have Administrator privileges on the affected device to exploit these… | ||
| CVE-2023-20013 | Med | 0.42 | 6.5 | 0.01 | Aug 16, 2023 | Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using root-level privileges. The attacker would need to have Administrator privileges on the affected device to exploit these… | ||
| CVE-2020-26065 | Med | 0.42 | 6.5 | 0.02 | Aug 4, 2023 | A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system. The vulnerability is due to insufficient… | ||
| CVE-2023-20164 | Med | 0.42 | 6.5 | 0.01 | May 18, 2023 | Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid… | ||
| CVE-2023-20163 | Med | 0.42 | 6.5 | 0.01 | May 18, 2023 | Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid… | ||
| CVE-2023-20110 | Med | 0.42 | 6.5 | 0.01 | May 18, 2023 | A vulnerability in the web-based management interface of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface… | ||
| CVE-2023-20131 | Med | 0.42 | 6.5 | 0.01 | Apr 5, 2023 | Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery… | ||
| CVE-2023-20130 | Med | 0.42 | 6.5 | 0.00 | Apr 5, 2023 | Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery… | ||
| CVE-2023-20129 | Med | 0.42 | 6.5 | 0.01 | Apr 5, 2023 | Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery… | ||
| CVE-2023-20127 | Med | 0.42 | 6.5 | 0.01 | Apr 5, 2023 | Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery… | ||
| CVE-2023-20124 | Med | 0.42 | 6.5 | 0.01 | Apr 5, 2023 | A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to improper validation… | ||
| CVE-2023-20073 | Med | 0.42 | 5.3 | 0.89 | Apr 5, 2023 | A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization… | ||
| CVE-2023-20113 | Med | 0.42 | 6.5 | 0.00 | Mar 23, 2023 | A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the… | ||
| CVE-2023-20066 | Med | 0.42 | 6.5 | 0.02 | Mar 23, 2023 | A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform a directory traversal and access resources that are outside the filesystem mountpoint of the web UI. This vulnerability is due to an insufficient security… | ||
| CVE-2023-20056 | Med | 0.42 | 6.5 | 0.00 | Mar 23, 2023 | A vulnerability in the management CLI of Cisco access point (AP) software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of commands supplied by the user.… | ||
| CVE-2023-20062 | Med | 0.42 | 6.5 | 0.01 | Mar 3, 2023 | Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on an affected system. Cisco plans to release software updates that address these… | ||
| CVE-2023-20061 | Med | 0.42 | 6.5 | 0.01 | Mar 3, 2023 | Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on an affected system. Cisco plans to release software updates that address these… | ||
| CVE-2023-20009 | Med | 0.42 | 6.5 | 0.01 | Mar 1, 2023 | A vulnerability in the Web UI and administrative CLI of the Cisco Secure Email Gateway (ESA) and Cisco Secure Email and Web Manager (SMA) could allow an authenticated remote attacker and or authenticated local attacker to escalate their privilege level and gain root access. The… | ||
| CVE-2023-25653 | Hig | 0.42 | 7.5 | 0.01 | Feb 16, 2023 | node-jose is a JavaScript implementation of the JSON Object Signing and Encryption (JOSE) for web browsers and node.js-based servers. Prior to version 2.2.0, when using the non-default "fallback" crypto back-end, ECC operations in `node-jose` can trigger a Denial-of-Service… | ||
| CVE-2023-20047 | Med | 0.42 | 6.5 | 0.00 | Jan 20, 2023 | A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco Webex Room Phone and Cisco Webex Share devices could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to… | ||
| CVE-2023-20026 | Med | 0.42 | 6.5 | 0.01 | Jan 20, 2023 | A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320 and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to improper… | ||
| CVE-2022-3643 | Med | 0.42 | 6.5 | 0.00 | Dec 7, 2022 | Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux… | ||
| CVE-2022-20949 | Med | 0.42 | 6.5 | 0.01 | Nov 15, 2022 | A vulnerability in the management web server of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker with high privileges to execute configuration commands on an affected system. This vulnerability exists because access to HTTPS… | ||
| CVE-2022-20826 | Med | 0.42 | 6.4 | 0.00 | Nov 15, 2022 | A vulnerability in the secure boot implementation of Cisco Secure Firewalls 3100 Series that are running Cisco Adaptive Security Appliance (ASA) Software or Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated attacker with physical access to the device… | ||
| CVE-2022-20942 | Med | 0.42 | 6.5 | 0.01 | Nov 4, 2022 | A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA), Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance, formerly known as Cisco Web Security Appliance (WSA), could allow an authenticated, remote attacker to retrieve… | ||
| CVE-2022-20810 | Med | 0.42 | 6.5 | 0.01 | Sep 30, 2022 | A vulnerability in the Simple Network Management Protocol (SNMP) of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an authenticated, remote attacker to access sensitive information. This vulnerability is due to insufficient restrictions that… | ||
| CVE-2022-20816 | Med | 0.42 | 6.5 | 0.01 | Aug 10, 2022 | A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to delete arbitrary files from an… | ||
| CVE-2022-20859 | Med | 0.42 | 6.5 | 0.01 | Jul 6, 2022 | A vulnerability in the Disaster Recovery framework of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection could allow an authenticated, remote attacker to perform… | ||
| CVE-2022-20791 | Med | 0.42 | 6.5 | 0.01 | Jul 6, 2022 | A vulnerability in the database user privileges of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could… |
- risk 0.42cvss 6.5epss 0.00
The issue was addressed with improved UI. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7. Processing web content may lead to a denial-of-service.
- risk 0.42cvss 6.5epss 0.00
An injection issue was addressed with improved input validation. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7. Processing an email may lead to user interface spoofing.
- risk 0.42cvss 6.5epss 0.00
An integer overflow was addressed with improved input validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An attacker on the local network may be able to cause a…
- risk 0.42cvss 6.5epss 0.00
A type confusion issue was addressed with improved checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4. An attacker on the local network may cause an unexpected app…
- risk 0.42cvss 6.5epss 0.00
The issue was addressed with improved checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An attacker on the local network may cause an unexpected app…
- risk 0.42cvss 6.4epss 0.01
A logic issue was addressed with improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. A malicious app may be able to attempt passcode entries on a locked…
- risk 0.42cvss 6.5epss 0.01
A script imports issue was addressed with improved isolation. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4. Visiting a website may leak sensitive data.
- risk 0.42cvss 6.5epss 0.01
A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. A malicious website may exfiltrate data cross-origin.
- risk 0.42cvss 6.5epss 0.01
A vulnerability in the web-based management interface and in the API subsystem of Cisco Tetration could allow an authenticated, remote attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operating system. This vulnerability is…
- risk 0.42cvss 6.5epss 0.01
A vulnerability in the upload module of Cisco RV340 and RV345 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to insufficient boundary checks when processing specific HTTP…
- risk 0.42cvss 6.5epss 0.00
A vulnerability in the Secure Copy Protocol (SCP) and SFTP feature of Cisco IOS XR Software could allow an authenticated, local attacker to create or overwrite files in a system directory, which could lead to a denial of service (DoS) condition. The attacker would require valid…
- risk 0.42cvss 6.5epss 0.01
A vulnerability in the web-based management interface of the Cisco WAP371 Wireless-AC/N Dual Radio Access Point (AP) with Single Point Setup could allow an authenticated, remote attacker to perform command injection attacks against an affected device. This vulnerability is due…
- risk 0.42cvss 6.5epss 0.01
A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to improper…
- risk 0.42cvss 6.5epss 0.01
A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. This vulnerability is due to improper processing of serialized Java objects by the…
- risk 0.42cvss 6.5epss 0.01
A vulnerability in the file download feature of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to download arbitrary files from an affected system. This vulnerability is due to a lack of input sanitation. An attacker could exploit…
- risk 0.42cvss 6.5epss 0.01
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to retrieve arbitrary files from an affected system. This vulnerability is due to improper validation of parameters that are sent to the web UI. An attacker could…
- risk 0.42cvss 6.5epss 0.01
A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user. This vulnerability…
- risk 0.42cvss 6.5epss 0.01
A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to improper validation of requests…
- risk 0.42cvss 6.5epss 0.00
A vulnerability in Cisco Emergency Responder, Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an authenticated, remote attacker to elevate privileges to…
- risk 0.42cvss 6.5epss 0.00
A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based management…
- risk 0.42cvss 6.5epss 0.01
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access sensitive information. This vulnerability is due to the improper storage of sensitive information within the web-based…
- risk 0.42cvss 6.5epss 0.01
Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using root-level privileges. The attacker would need to have Administrator privileges on the affected device to exploit these…
- risk 0.42cvss 6.5epss 0.01
Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using root-level privileges. The attacker would need to have Administrator privileges on the affected device to exploit these…
- risk 0.42cvss 6.5epss 0.02
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system. The vulnerability is due to insufficient…
- risk 0.42cvss 6.5epss 0.01
Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid…
- risk 0.42cvss 6.5epss 0.01
Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid…
- risk 0.42cvss 6.5epss 0.01
A vulnerability in the web-based management interface of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface…
- risk 0.42cvss 6.5epss 0.01
Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery…
- risk 0.42cvss 6.5epss 0.00
Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery…
- risk 0.42cvss 6.5epss 0.01
Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery…
- risk 0.42cvss 6.5epss 0.01
Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery…
- risk 0.42cvss 6.5epss 0.01
A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to improper validation…
- risk 0.42cvss 5.3epss 0.89
A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization…
- risk 0.42cvss 6.5epss 0.00
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the…
- risk 0.42cvss 6.5epss 0.02
A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform a directory traversal and access resources that are outside the filesystem mountpoint of the web UI. This vulnerability is due to an insufficient security…
- risk 0.42cvss 6.5epss 0.00
A vulnerability in the management CLI of Cisco access point (AP) software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of commands supplied by the user.…
- risk 0.42cvss 6.5epss 0.01
Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on an affected system. Cisco plans to release software updates that address these…
- risk 0.42cvss 6.5epss 0.01
Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on an affected system. Cisco plans to release software updates that address these…
- risk 0.42cvss 6.5epss 0.01
A vulnerability in the Web UI and administrative CLI of the Cisco Secure Email Gateway (ESA) and Cisco Secure Email and Web Manager (SMA) could allow an authenticated remote attacker and or authenticated local attacker to escalate their privilege level and gain root access. The…
- risk 0.42cvss 7.5epss 0.01
node-jose is a JavaScript implementation of the JSON Object Signing and Encryption (JOSE) for web browsers and node.js-based servers. Prior to version 2.2.0, when using the non-default "fallback" crypto back-end, ECC operations in `node-jose` can trigger a Denial-of-Service…
- risk 0.42cvss 6.5epss 0.00
A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco Webex Room Phone and Cisco Webex Share devices could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to…
- risk 0.42cvss 6.5epss 0.01
A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320 and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to improper…
- risk 0.42cvss 6.5epss 0.00
Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux…
- risk 0.42cvss 6.5epss 0.01
A vulnerability in the management web server of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker with high privileges to execute configuration commands on an affected system. This vulnerability exists because access to HTTPS…
- risk 0.42cvss 6.4epss 0.00
A vulnerability in the secure boot implementation of Cisco Secure Firewalls 3100 Series that are running Cisco Adaptive Security Appliance (ASA) Software or Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated attacker with physical access to the device…
- risk 0.42cvss 6.5epss 0.01
A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA), Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance, formerly known as Cisco Web Security Appliance (WSA), could allow an authenticated, remote attacker to retrieve…
- risk 0.42cvss 6.5epss 0.01
A vulnerability in the Simple Network Management Protocol (SNMP) of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an authenticated, remote attacker to access sensitive information. This vulnerability is due to insufficient restrictions that…
- risk 0.42cvss 6.5epss 0.01
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to delete arbitrary files from an…
- risk 0.42cvss 6.5epss 0.01
A vulnerability in the Disaster Recovery framework of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection could allow an authenticated, remote attacker to perform…
- risk 0.42cvss 6.5epss 0.01
A vulnerability in the database user privileges of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could…
Page 46 of 145