VYPR

Vendor CVEs

Cisco Systems, Inc.

All CVEs

7,227 total · sorted by risk
  • CVE-2022-20819MedJun 15, 2022
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability exists because administrative privilege levels for sensitive…

  • CVE-2022-20796MedMay 4, 2022
    risk 0.42cvss 6.5epss 0.00

    On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2 could allow an authenticated, local attacker…

  • CVE-2022-20794MedMay 4, 2022
    risk 0.42cvss 6.5epss 0.01

    Multiple vulnerabilities in the web engine of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow a remote attacker to cause a denial of service (DoS) condition, view sensitive data on an affected device, or redirect users to an…

  • CVE-2022-20764MedMay 4, 2022
    risk 0.42cvss 6.5epss 0.01

    Multiple vulnerabilities in the web engine of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow a remote attacker to cause a denial of service (DoS) condition, view sensitive data on an affected device, or redirect users to an…

  • CVE-2022-20744MedMay 3, 2022
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the input protection mechanisms of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to view data without proper authorization. This vulnerability exists because of a protection mechanism that relies on the…

  • CVE-2022-20790MedApr 21, 2022
    risk 0.42cvss 6.5epss 0.02

    A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to read arbitrary files from the…

  • CVE-2022-20747MedApr 15, 2022
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the History API of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain access to sensitive information on an affected system. This vulnerability is due to insufficient API authorization checking on the underlying operating…

  • CVE-2022-20735MedApr 15, 2022
    risk 0.42cvss 6.5epss 0.00

    A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the…

  • CVE-2022-20782MedApr 6, 2022
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability is due to improper enforcement of administrative privilege…

  • CVE-2021-40120MedNov 4, 2021
    risk 0.42cvss 6.5epss 0.02

    A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker with administrative privileges to inject arbitrary commands into the underlying operating system and execute them using…

  • CVE-2021-34773MedNov 4, 2021
    risk 0.42cvss 6.5epss 0.00

    A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P)…

  • CVE-2021-34706MedOct 6, 2021
    risk 0.42cvss 6.4epss 0.01

    A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access sensitive information or conduct a server-side request forgery (SSRF) attack through an affected device. This vulnerability is…

  • CVE-2021-1589MedSep 23, 2021
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the disaster recovery feature of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain unauthorized access to user credentials. This vulnerability exists because access to API endpoints is not properly restricted. An attacker…

  • CVE-2021-34786MedSep 9, 2021
    risk 0.42cvss 6.5epss 0.01

    Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to delete arbitrary user accounts or gain elevated privileges on an affected system.

  • CVE-2021-34785MedSep 9, 2021
    risk 0.42cvss 6.5epss 0.01

    Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to delete arbitrary user accounts or gain elevated privileges on an affected system.

  • CVE-2021-1581MedAug 25, 2021
    risk 0.42cvss 6.5epss 0.01

    Multiple vulnerabilities in the web UI and API endpoints of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow a remote attacker to perform a command injection or file upload attack on an affected system. For more information about these…

  • CVE-2021-1580MedAug 25, 2021
    risk 0.42cvss 6.5epss 0.02

    Multiple vulnerabilities in the web UI and API endpoints of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow a remote attacker to perform a command injection or file upload attack on an affected system. For more information about these…

  • CVE-2021-34734MedAug 18, 2021
    risk 0.42cvss 6.5epss 0.00

    A vulnerability in the Link Layer Discovery Protocol (LLDP) implementation for the Cisco Video Surveillance 7000 Series IP Cameras firmware could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper…

  • CVE-2021-34707MedAug 4, 2021
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the REST API of Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to access sensitive data on an affected system. This vulnerability exists because the application does not sufficiently protect sensitive data when…

  • CVE-2021-1618MedJul 22, 2021
    risk 0.42cvss 6.5epss 0.03

    Multiple vulnerabilities in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to conduct a path traversal or command injection attack on an affected system. These vulnerabilities are due to insufficient input…

  • CVE-2021-1617MedJul 22, 2021
    risk 0.42cvss 6.5epss 0.02

    Multiple vulnerabilities in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to conduct a path traversal or command injection attack on an affected system. These vulnerabilities are due to insufficient input…

  • CVE-2021-1598MedJul 8, 2021
    risk 0.42cvss 6.5epss 0.00

    Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Video Surveillance 7000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an…

  • CVE-2021-1597MedJul 8, 2021
    risk 0.42cvss 6.5epss 0.00

    Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Video Surveillance 7000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an…

  • CVE-2021-1596MedJul 8, 2021
    risk 0.42cvss 6.5epss 0.00

    Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Video Surveillance 7000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an…

  • CVE-2021-1595MedJul 8, 2021
    risk 0.42cvss 6.5epss 0.00

    Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Video Surveillance 7000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an…

  • CVE-2021-1570MedJun 16, 2021
    risk 0.42cvss 6.5epss 0.01

    Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for Mac, and Cisco Jabber for mobile platforms could allow an attacker to access sensitive information or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the…

  • CVE-2021-1569MedJun 16, 2021
    risk 0.42cvss 6.5epss 0.01

    Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for Mac, and Cisco Jabber for mobile platforms could allow an attacker to access sensitive information or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the…

  • CVE-2021-1564MedJun 4, 2021
    risk 0.42cvss 6.5epss 0.00

    Multiple vulnerabilities in the implementation of the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) for Cisco Video Surveillance 7000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of…

  • CVE-2021-1563MedJun 4, 2021
    risk 0.42cvss 6.5epss 0.00

    Multiple vulnerabilities in the implementation of the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) for Cisco Video Surveillance 7000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of…

  • CVE-2021-1560MedMay 22, 2021
    risk 0.42cvss 6.5epss 0.03

    Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an authenticated, remote attacker to perform a command injection attack on an affected device. These vulnerabilities are due to insufficient input sanitization when executing affected commands. A high-privileged…

  • CVE-2021-1559MedMay 22, 2021
    risk 0.42cvss 6.5epss 0.03

    Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an authenticated, remote attacker to perform a command injection attack on an affected device. These vulnerabilities are due to insufficient input sanitization when executing affected commands. A high-privileged…

  • CVE-2020-26141MedMay 11, 2021
    risk 0.42cvss 6.5epss 0.03

    An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2…

  • CVE-2020-26140MedMay 11, 2021
    risk 0.42cvss 6.5epss 0.03

    An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network configuration.

  • CVE-2021-1532MedMay 6, 2021
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an authenticated, remote attacker to read arbitrary files from the underlying operating system. This vulnerability is due to…

  • CVE-2021-1521MedMay 6, 2021
    risk 0.42cvss 6.5epss 0.00

    A vulnerability in the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause an affected IP camera to reload. This vulnerability is due to missing checks when processing Cisco…

  • CVE-2021-1507MedMay 6, 2021
    risk 0.42cvss 6.4epss 0.01

    A vulnerability in an API of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against users of the application web-based interface. This vulnerability exists because the API does not properly…

  • CVE-2021-1489MedApr 29, 2021
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in filesystem usage management for Cisco Firepower Device Manager (FDM) Software could allow an authenticated, remote attacker to exhaust filesystem resources, resulting in a denial of service (DoS) condition on an affected device. This vulnerability is due to…

  • CVE-2021-1475MedApr 8, 2021
    risk 0.42cvss 6.5epss 0.01

    Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote attacker to perform formula and link injection attacks on an affected device. For more information about these vulnerabilities, see…

  • CVE-2021-1474MedApr 8, 2021
    risk 0.42cvss 6.5epss 0.01

    Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote attacker to perform formula and link injection attacks on an affected device. For more information about these vulnerabilities, see…

  • CVE-2021-1385MedMar 24, 2021
    risk 0.42cvss 6.5epss 0.03

    A vulnerability in the Cisco IOx application hosting environment of multiple Cisco platforms could allow an authenticated, remote attacker to conduct directory traversal attacks and read and write files on the underlying operating system or host system. This vulnerability occurs…

  • CVE-2021-1416MedFeb 17, 2021
    risk 0.42cvss 6.5epss 0.01

    Multiple vulnerabilities in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information. These vulnerabilities are due to improper enforcement of administrator privilege levels for sensitive data. An…

  • CVE-2021-1412MedFeb 17, 2021
    risk 0.42cvss 6.5epss 0.01

    Multiple vulnerabilities in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information. These vulnerabilities are due to improper enforcement of administrator privilege levels for sensitive data. An…

  • CVE-2021-1250MedJan 20, 2021
    risk 0.42cvss 6.5epss 0.01

    Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow a remote attacker with network-operator privileges to conduct a cross-site scripting (XSS) attack or a reflected file download (RFD) attack against a user of…

  • CVE-2021-1249MedJan 20, 2021
    risk 0.42cvss 6.5epss 0.01

    Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow a remote attacker with network-operator privileges to conduct a cross-site scripting (XSS) attack or a reflected file download (RFD) attack against a user of…

  • CVE-2021-1364MedJan 20, 2021
    risk 0.42cvss 6.5epss 0.01

    Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects…

  • CVE-2021-1357MedJan 20, 2021
    risk 0.42cvss 6.5epss 0.01

    Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects…

  • CVE-2021-1355MedJan 20, 2021
    risk 0.42cvss 6.5epss 0.01

    Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects…

  • CVE-2021-1349MedJan 20, 2021
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct Cypher query language injection attacks on an affected system. The vulnerability is due to insufficient input validation by the…

  • CVE-2021-1286MedJan 20, 2021
    risk 0.42cvss 6.5epss 0.01

    Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow a remote attacker with network-operator privileges to conduct a cross-site scripting (XSS) attack or a reflected file download (RFD) attack against a user of…

  • CVE-2021-1282MedJan 20, 2021
    risk 0.42cvss 6.5epss 0.01

    Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects…

Page 47 of 145