VYPR

Vendor CVEs

Cisco Systems, Inc.

All CVEs

7,228 total · sorted by risk
  • CVE-2021-1265MedJan 20, 2021
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the configuration archive functionality of Cisco DNA Center could allow any privilege-level authenticated, remote attacker to obtain the full unmasked running configuration of managed devices. The vulnerability is due to the configuration archives files being…

  • CVE-2021-1259MedJan 20, 2021
    risk 0.42cvss 6.5epss 0.02

    A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain write access to sensitive files on an affected system. The vulnerability is due to insufficient…

  • CVE-2021-1253MedJan 20, 2021
    risk 0.42cvss 6.5epss 0.01

    Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow a remote attacker with network-operator privileges to conduct a cross-site scripting (XSS) attack or a reflected file download (RFD) attack against a user of…

  • CVE-2021-1246MedJan 13, 2021
    risk 0.42cvss 6.5epss 0.01

    Cisco Finesse, Cisco Virtualized Voice Browser, and Cisco Unified CVP OpenSocial Gadget Editor Unauthenticated Access Vulnerability A vulnerability in the web management interface of Cisco Finesse, Cisco Virtualized Voice Browser, and Cisco Unified CVP could allow an…

  • CVE-2021-1245MedJan 13, 2021
    risk 0.42cvss 6.5epss 0.01

    Cisco Finesse and Cisco Unified CVP OpenSocial Gadget Editor Cross-Site Scripting Vulnerability A vulnerability in the web-based management interface of Cisco Finesse and Cisco Unified CVP could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS)…

  • CVE-2021-1145MedJan 13, 2021
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the Secure FTP (SFTP) of Cisco StarOS for Cisco ASR 5000 Series Routers could allow an authenticated, remote attacker to read arbitrary files on an affected device. To exploit this vulnerability, the attacker would need to have valid credentials on the…

  • CVE-2021-1131MedJan 13, 2021
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause an affected IP camera to reload. The vulnerability is due to missing checks when Cisco Discovery Protocol…

  • CVE-2020-3482MedNov 18, 2020
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the Traversal Using Relays around NAT (TURN) server component of Cisco Expressway software could allow an unauthenticated, remote attacker to bypass security controls and send network traffic to restricted destinations. The vulnerability is due to improper…

  • CVE-2020-3471MedNov 18, 2020
    risk 0.42cvss 6.5epss 0.02

    A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to maintain bidirectional audio despite being expelled from an active Webex session. The vulnerability is due to a synchronization issue between meeting and…

  • CVE-2020-3419MedNov 18, 2020
    risk 0.42cvss 6.5epss 0.02

    A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to join a Webex session without appearing on the participant list. This vulnerability is due to improper handling of authentication tokens by a vulnerable…

  • CVE-2020-26078MedNov 18, 2020
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the file system of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to overwrite files on an affected system. The vulnerability is due to insufficient file system protections. An attacker could exploit this vulnerability by…

  • CVE-2020-3592MedNov 6, 2020
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system. The vulnerability is due to insufficient authorization checking on an…

  • CVE-2020-3590MedNov 6, 2020
    risk 0.42cvss 6.4epss 0.01

    A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user. The vulnerability exists because the web-based management interface does not…

  • CVE-2020-3587MedNov 6, 2020
    risk 0.42cvss 6.4epss 0.01

    A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user. The vulnerability exists because the web-based management interface does not…

  • CVE-2020-26084MedNov 6, 2020
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the REST API of Cisco Edge Fog Fabric could allow an authenticated, remote attacker to access files outside of their authorization sphere on an affected device. The vulnerability is due to incorrect authorization enforcement on an affected system. An attacker…

  • CVE-2020-3598MedOct 8, 2020
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to access confidential information or make configuration changes. The vulnerability is due to missing authentication for a specific…

  • CVE-2020-3567MedOct 8, 2020
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the management REST API of Cisco Industrial Network Director (IND) could allow an authenticated, remote attacker to cause the CPU utilization to increase to 100 percent, resulting in a denial of service (DoS) condition on an affected device. The vulnerability…

  • CVE-2020-3543MedOct 8, 2020
    risk 0.42cvss 6.5epss 0.00

    A vulnerability in the Cisco Discovery Protocol of Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. The vulnerability is due to…

  • CVE-2020-3487MedSep 24, 2020
    risk 0.42cvss 6.5epss 0.00

    Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS)…

  • CVE-2020-3486MedSep 24, 2020
    risk 0.42cvss 6.5epss 0.01

    Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS)…

  • CVE-2020-3429MedSep 24, 2020
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the WPA2 and WPA3 security implementation of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause denial of service (DoS) condition on an affected device. The vulnerability is…

  • CVE-2020-3428MedSep 24, 2020
    risk 0.42cvss 6.5epss 0.00

    A vulnerability in the WLAN Local Profiling feature of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to…

  • CVE-2020-3130MedSep 23, 2020
    risk 0.42cvss 6.5epss 0.02

    A vulnerability in the web management interface of Cisco Unity Connection could allow an authenticated remote attacker to overwrite files on the underlying filesystem. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by…

  • CVE-2020-3124MedSep 23, 2020
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the web-based interface of Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF…

  • CVE-2019-16004MedSep 23, 2020
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the REST API endpoint of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to bypass authentication on an affected device. The vulnerability is due to missing authentication on some of the API calls. An attacker could…

  • CVE-2019-15963MedSep 23, 2020
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive information in the web-based management interface of the affected software. The vulnerability is due to insufficient…

  • CVE-2020-3498MedSep 4, 2020
    risk 0.42cvss 6.5epss 0.02

    A vulnerability in Cisco Jabber software could allow an authenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of message contents. An attacker could exploit this vulnerability by sending specially crafted messages…

  • CVE-2020-3523MedAug 26, 2020
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based…

  • CVE-2020-3518MedAug 26, 2020
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of the affected software. The vulnerability…

  • CVE-2020-3505MedAug 26, 2020
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the Cisco Discovery Protocol of Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. The vulnerability is due to…

  • CVE-2020-3440MedAug 26, 2020
    risk 0.42cvss 6.5epss 0.03

    A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an unauthenticated, remote attacker to overwrite arbitrary files on an end-user system. The vulnerability is due to improper validation of URL parameters that are sent from a website to the affected…

  • CVE-2020-3437MedJul 16, 2020
    risk 0.42cvss 6.5epss 0.03

    A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying filesystem of the device. The vulnerability is due to insufficient file scope limiting. An attacker…

  • CVE-2020-3401MedJul 16, 2020
    risk 0.42cvss 6.5epss 0.03

    A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system. The vulnerability is due to insufficient…

  • CVE-2020-3385MedJul 16, 2020
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the deep packet inspection (DPI) engine of Cisco SD-WAN vEdge Routers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient handling of malformed packets.…

  • CVE-2020-3372MedJul 16, 2020
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to consume excessive system memory and cause a denial of service (DoS) condition on an affected system. The vulnerability is due to inefficient…

  • CVE-2020-3391MedJul 2, 2020
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to view sensitive information in clear text. The vulnerability is due to insecure storage of certain unencrypted credentials on an affected device. An attacker could…

  • CVE-2020-3241MedJun 18, 2020
    risk 0.42cvss 6.5epss 0.02

    A vulnerability in the orchestration tasks of Cisco UCS Director could allow an authenticated, remote attacker to perform a path traversal attack on an affected device. The vulnerability is due to insufficient validation of user-supplied input on the web-based management…

  • CVE-2020-3261MedApr 15, 2020
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the web-based management interface of Cisco Mobility Express Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the…

  • CVE-2020-3260MedApr 15, 2020
    risk 0.42cvss 6.5epss 0.00

    A vulnerability in Cisco Aironet Series Access Points Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the improper processing of client packets that are sent to an affected…

  • CVE-2020-3181MedMar 4, 2020
    risk 0.42cvss 6.5epss 0.02

    A vulnerability in the malware detection functionality in Cisco Advanced Malware Protection (AMP) in Cisco AsyncOS Software for Cisco Email Security Appliances (ESAs) could allow an unauthenticated remote attacker to exhaust resources on an affected device. The vulnerability is…

  • CVE-2020-3120MedFeb 5, 2020
    risk 0.42cvss 6.5epss 0.02

    A vulnerability in the Cisco Discovery Protocol implementation for Cisco FXOS Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition.…

  • CVE-2020-3134MedJan 26, 2020
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation…

  • CVE-2020-3131MedJan 26, 2020
    risk 0.42cvss 6.5epss 0.02

    A vulnerability in the Cisco Webex Teams client for Windows could allow an authenticated, remote attacker to cause the client to crash, resulting in a denial of service (DoS) condition. The attacker needs a valid developer account to exploit this vulnerability. The vulnerability…

  • CVE-2019-16027MedJan 26, 2020
    risk 0.42cvss 6.5epss 0.02

    A vulnerability in the implementation of the Intermediate System–to–Intermediate System (IS–IS) routing protocol functionality in Cisco IOS XR Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition in the IS–IS…

  • CVE-2019-16018MedJan 26, 2020
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of a…

  • CVE-2019-15255MedJan 26, 2020
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass authorization and access sensitive information related to the device. The vulnerability exists because the software fails to…

  • CVE-2019-12619MedJan 26, 2020
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the web interface for Cisco SD-WAN Solution vManage could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. The vulnerability is due to insufficient validation of user-supplied input. An…

  • CVE-2012-0334MedJan 15, 2020
    risk 0.42cvss 6.4epss 0.00

    Cisco IronPort Web Security Appliance AsyncOS software prior to 7.5 has a SSL Certificate Caching vulnerability which could allow man-in-the-middle attacks

  • CVE-2019-16002MedNov 26, 2019
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the vManage web-based UI (web UI) of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI…

  • CVE-2019-15995MedNov 26, 2019
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the web UI of Cisco DNA Spaces: Connector could allow an authenticated, remote attacker to execute arbitrary SQL queries. The vulnerability exists because the web UI does not properly validate user-supplied input. An attacker could exploit this vulnerability…

Page 48 of 145