Vendor CVEs
Cisco Systems, Inc.
All CVEs
7,231 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-0345 | Hig | 0.57 | 8.8 | 0.03 | Jul 18, 2018 | A vulnerability in the configuration and management database of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary commands with the privileges of the vmanage user in the configuration management system of the affected software. The… | ||
| CVE-2018-0343 | Hig | 0.57 | 8.8 | 0.02 | Jul 18, 2018 | A vulnerability in the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary code with vmanage user privileges or cause a denial of service (DoS) condition on an affected system. The vulnerability is… | ||
| CVE-2018-0365 | Hig | 0.57 | 8.8 | 0.01 | Jun 21, 2018 | A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to… | ||
| CVE-2018-0364 | Hig | 0.57 | 8.8 | 0.01 | Jun 21, 2018 | A vulnerability in the web-based management interface of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is… | ||
| CVE-2018-0363 | Hig | 0.57 | 8.8 | 0.01 | Jun 21, 2018 | A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service (formerly CUPS) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected… | ||
| CVE-2018-0303 | Hig | 0.57 | 8.8 | 0.01 | Jun 21, 2018 | A vulnerability in the Cisco Discovery Protocol component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code as root or cause a denial of service (DoS) condition on the affected device. The vulnerability… | ||
| CVE-2018-0330 | Hig | 0.57 | 8.8 | 0.03 | Jun 20, 2018 | A vulnerability in the NX-API management application programming interface (API) in devices running, or based on, Cisco NX-OS Software could allow an authenticated, remote attacker to execute commands with elevated privileges. The vulnerability is due to a failure to properly… | ||
| CVE-2018-0292 | Hig | 0.57 | 8.8 | 0.02 | Jun 20, 2018 | A vulnerability in the Internet Group Management Protocol (IGMP) Snooping feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code and gain full control of an affected system. The attacker could also cause an affected system to… | ||
| CVE-2018-0336 | Hig | 0.57 | 8.8 | 0.02 | Jun 7, 2018 | A vulnerability in the batch provisioning feature of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to escalate privileges to the Administrator level. The vulnerability is due to insufficient authorization enforcement on batch processing. An… | ||
| CVE-2018-0322 | Hig | 0.57 | 8.8 | 0.03 | Jun 7, 2018 | A vulnerability in the web management interface of Cisco Prime Collaboration Provisioning (PCP) could allow an authenticated, remote attacker to modify sensitive data that is associated with arbitrary accounts on an affected device. The vulnerability is due to a failure to… | ||
| CVE-2018-0317 | Hig | 0.57 | 8.8 | 0.03 | Jun 7, 2018 | A vulnerability in the web interface of Cisco Prime Collaboration Provisioning (PCP) could allow an authenticated, remote attacker to escalate their privileges. The vulnerability is due to insufficient web portal access control checks. An attacker could exploit this… | ||
| CVE-2018-0270 | Hig | 0.57 | 8.8 | 0.01 | May 17, 2018 | A vulnerability in the web-based management interface of Cisco IoT Field Network Director (IoT-FND) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and alter the data of existing users and groups on an affected device. The… | ||
| CVE-2018-0259 | Hig | 0.57 | 8.8 | 0.01 | Apr 19, 2018 | A vulnerability in the web-based management interface of Cisco MATE Collector could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF… | ||
| CVE-2018-0255 | Hig | 0.57 | 8.8 | 0.01 | Apr 19, 2018 | A vulnerability in the device manager web interface of Cisco Industrial Ethernet Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of an affected system. The vulnerability is due to insufficient CSRF… | ||
| CVE-2018-0195 | Hig | 0.57 | 8.8 | 0.01 | Mar 28, 2018 | A vulnerability in the Cisco IOS XE Software REST API could allow an authenticated, remote attacker to bypass API authorization checks and use the API to perform privileged actions on an affected device. The vulnerability is due to insufficient authorization checks for requests… | ||
| CVE-2018-0152 | Hig | 0.57 | 8.8 | 0.03 | Mar 28, 2018 | A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to gain elevated privileges on an affected device. The vulnerability exists because the affected software does not reset the privilege level for each… | ||
| CVE-2018-0213 | Hig | 0.57 | 8.8 | 0.03 | Mar 8, 2018 | A vulnerability in the credential reset functionality for Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to gain elevated privileges. The vulnerability is due to a lack of proper input validation. An attacker could exploit this vulnerability… | ||
| CVE-2018-0210 | Hig | 0.57 | 8.8 | 0.01 | Mar 8, 2018 | A vulnerability in the web-based management interface of Cisco Data Center Network Manager could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to… | ||
| CVE-2018-0148 | Hig | 0.57 | 8.8 | 0.01 | Feb 22, 2018 | A vulnerability in the web-based management interface of Cisco UCS Director Software and Cisco Integrated Management Controller (IMC) Supervisor Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary… | ||
| CVE-2017-5826 | Hig | 0.57 | 8.8 | 0.03 | Feb 15, 2018 | An authenticated remote code execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found. | ||
| CVE-2017-5825 | Hig | 0.57 | 8.8 | 0.02 | Feb 15, 2018 | A privilege escalation vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found. | ||
| CVE-2018-0113 | Hig | 0.57 | 8.8 | 0.02 | Feb 8, 2018 | A vulnerability in an operations script of Cisco UCS Central could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the daemon user. The vulnerability is due to insufficient input validation. An attacker could exploit this… | ||
| CVE-2018-0107 | Hig | 0.57 | 8.8 | 0.01 | Jan 18, 2018 | A vulnerability in the web framework of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device. The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An attacker could exploit… | ||
| CVE-2018-0099 | Hig | 0.57 | 8.8 | 0.03 | Jan 18, 2018 | A vulnerability in the web management GUI of the Cisco D9800 Network Transport Receiver could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of GUI command arguments. An attacker could… | ||
| CVE-2017-12343 | Hig | 0.57 | 8.8 | 0.02 | Nov 30, 2017 | Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a… | ||
| CVE-2017-12262 | Hig | 0.57 | 8.8 | 0.01 | Nov 2, 2017 | A vulnerability within the firewall configuration of the Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) could allow an unauthenticated, adjacent attacker to gain privileged access to services only available on the internal network of the device.… | ||
| CVE-2017-12271 | Hig | 0.57 | 8.8 | 0.01 | Oct 19, 2017 | A vulnerability in Cisco SPA300 and SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device. The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An attacker could exploit this… | ||
| CVE-2017-12230 | Hig | 0.57 | 8.8 | 0.03 | Sep 29, 2017 | A vulnerability in the web-based user interface (web UI) of Cisco IOS XE 16.2 could allow an authenticated, remote attacker to elevate their privileges on an affected device. The vulnerability is due to incorrect default permission settings for new users who are created by using… | ||
| CVE-2017-12226 | Hig | 0.57 | 8.8 | 0.03 | Sep 29, 2017 | A vulnerability in the web-based Wireless Controller GUI of Cisco IOS XE Software for Cisco 5760 Wireless LAN Controllers, Cisco Catalyst 4500E Supervisor Engine 8-E (Wireless) Switches, and Cisco New Generation Wireless Controllers (NGWC) 3850 could allow an authenticated,… | ||
| CVE-2017-12253 | Hig | 0.57 | 8.8 | 0.01 | Sep 21, 2017 | A vulnerability in the Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An attacker could exploit this vulnerability by tricking the… | ||
| CVE-2017-12214 | Hig | 0.57 | 8.8 | 0.02 | Sep 21, 2017 | A vulnerability in the Operations, Administration, Maintenance, and Provisioning (OAMP) credential reset functionality for Cisco Unified Customer Voice Portal (CVP) could allow an authenticated, remote attacker to gain elevated privileges. The vulnerability is due to a lack of… | ||
| CVE-2017-12216 | Hig | 0.57 | 8.8 | 0.03 | Sep 7, 2017 | A vulnerability in the web-based user interface of Cisco SocialMiner could allow an unauthenticated, remote attacker to have read and write access to information stored in the affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries… | ||
| CVE-2017-6757 | Hig | 0.57 | 8.8 | 0.02 | Aug 7, 2017 | A vulnerability in Cisco Unified Communications Manager 10.5(2.10000.5), 11.0(1.10000.10), and 11.5(1.10000.6) could allow an authenticated, remote attacker to conduct a blind SQL injection attack. The vulnerability is due to a failure to validate user-supplied input used in SQL… | ||
| CVE-2017-6756 | Hig | 0.57 | 8.8 | 0.01 | Aug 7, 2017 | A vulnerability in the Web UI Application of the Cisco Prime Collaboration Provisioning Tool through 12.2 could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to a lack of defense against cross-site request forgery (CSRF) attacks.… | ||
| CVE-2017-9490 | Hig | 0.57 | 8.8 | 0.01 | Jul 31, 2017 | The Comcast firmware on Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices allows configuration changes via CSRF. | ||
| CVE-2017-9489 | Hig | 0.57 | 8.8 | 0.01 | Jul 31, 2017 | The Comcast firmware on Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST) devices allows configuration changes via CSRF. | ||
| CVE-2017-9488 | Hig | 0.57 | 8.8 | 0.01 | Jul 31, 2017 | The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) and DPC3941T (firmware version DPC3941_2.5s3_PROD_sey) devices allows remote attackers to access the web UI by establishing a session to the wan0 WAN IPv6 address and then… | ||
| CVE-2017-6712 | Hig | 0.57 | 8.8 | 0.02 | Jul 6, 2017 | A vulnerability in certain commands of Cisco Elastic Services Controller could allow an authenticated, remote attacker to elevate privileges to root and run dangerous commands on the server. The vulnerability occurs because a "tomcat" user on the system can run certain shell… | ||
| CVE-2017-6692 | Hig | 0.57 | 8.8 | 0.02 | Jun 13, 2017 | A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker to log in to the device with the privileges of the root user, aka an Insecure Default Account Information Vulnerability. More Information: CSCvd85710. Known Affected… | ||
| CVE-2017-6689 | Hig | 0.57 | 8.8 | 0.01 | Jun 13, 2017 | A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the admin user, aka an Insecure Default Administrator Credentials Vulnerability. More Information: CSCvc76661. Known Affected… | ||
| CVE-2017-6688 | Hig | 0.57 | 8.8 | 0.02 | Jun 13, 2017 | A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux root user, aka an Insecure Default Password Vulnerability. More Information: CSCvc76631. Known Affected Releases: 2.2(9.76). | ||
| CVE-2017-6687 | Hig | 0.57 | 8.8 | 0.01 | Jun 13, 2017 | A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker with access to the management network to log in to the affected device using default credentials present on the system, aka an Insecure Default Password Vulnerability.… | ||
| CVE-2017-6686 | Hig | 0.57 | 8.8 | 0.01 | Jun 13, 2017 | A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker with access to the management network to log in as an admin or oper user of the affected device, aka an Insecure Default Credentials Vulnerability. More Information:… | ||
| CVE-2017-6685 | Hig | 0.57 | 8.8 | 0.01 | Jun 13, 2017 | A vulnerability in Cisco Ultra Services Framework Staging Server could allow an authenticated, remote attacker with access to the management network to log in as an admin user of the affected device, aka an Insecure Default Credentials Vulnerability. More Information:… | ||
| CVE-2017-6684 | Hig | 0.57 | 8.8 | 0.02 | Jun 13, 2017 | A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux admin user, aka an Insecure Default Credentials Vulnerability. More Information: CSCvc76651. Known Affected Releases: 21.0.0. | ||
| CVE-2017-6682 | Hig | 0.57 | 8.8 | 0.02 | Jun 13, 2017 | A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to run arbitrary commands as the Linux tomcat user on an affected system. More Information: CSCvc76620. Known Affected Releases: 2.2(9.76). | ||
| CVE-2017-6659 | Hig | 0.57 | 8.8 | 0.01 | Jun 13, 2017 | A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. More Information: CSCvc91800.… | ||
| CVE-2017-6634 | Hig | 0.57 | 8.8 | 0.01 | May 22, 2017 | A vulnerability in the Device Manager web interface of Cisco Industrial Ethernet 1000 Series Switches 1.3 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of an affected system. The vulnerability is due to… | ||
| CVE-2017-6619 | Hig | 0.57 | 8.8 | 0.03 | Apr 20, 2017 | A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to execute arbitrary commands on an affected system. The vulnerability exists because the affected software does not sufficiently sanitize… | ||
| CVE-2017-6607 | Hig | 0.57 | 8.7 | 0.02 | Apr 20, 2017 | A vulnerability in the DNS code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause an affected device to reload or corrupt the information present in the device's local DNS cache. The vulnerability is due to a flaw in handling crafted DNS response… |
- risk 0.57cvss 8.8epss 0.03
A vulnerability in the configuration and management database of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary commands with the privileges of the vmanage user in the configuration management system of the affected software. The…
- risk 0.57cvss 8.8epss 0.02
A vulnerability in the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary code with vmanage user privileges or cause a denial of service (DoS) condition on an affected system. The vulnerability is…
- risk 0.57cvss 8.8epss 0.01
A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to…
- risk 0.57cvss 8.8epss 0.01
A vulnerability in the web-based management interface of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is…
- risk 0.57cvss 8.8epss 0.01
A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service (formerly CUPS) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected…
- risk 0.57cvss 8.8epss 0.01
A vulnerability in the Cisco Discovery Protocol component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code as root or cause a denial of service (DoS) condition on the affected device. The vulnerability…
- risk 0.57cvss 8.8epss 0.03
A vulnerability in the NX-API management application programming interface (API) in devices running, or based on, Cisco NX-OS Software could allow an authenticated, remote attacker to execute commands with elevated privileges. The vulnerability is due to a failure to properly…
- risk 0.57cvss 8.8epss 0.02
A vulnerability in the Internet Group Management Protocol (IGMP) Snooping feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code and gain full control of an affected system. The attacker could also cause an affected system to…
- risk 0.57cvss 8.8epss 0.02
A vulnerability in the batch provisioning feature of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to escalate privileges to the Administrator level. The vulnerability is due to insufficient authorization enforcement on batch processing. An…
- risk 0.57cvss 8.8epss 0.03
A vulnerability in the web management interface of Cisco Prime Collaboration Provisioning (PCP) could allow an authenticated, remote attacker to modify sensitive data that is associated with arbitrary accounts on an affected device. The vulnerability is due to a failure to…
- risk 0.57cvss 8.8epss 0.03
A vulnerability in the web interface of Cisco Prime Collaboration Provisioning (PCP) could allow an authenticated, remote attacker to escalate their privileges. The vulnerability is due to insufficient web portal access control checks. An attacker could exploit this…
- risk 0.57cvss 8.8epss 0.01
A vulnerability in the web-based management interface of Cisco IoT Field Network Director (IoT-FND) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and alter the data of existing users and groups on an affected device. The…
- risk 0.57cvss 8.8epss 0.01
A vulnerability in the web-based management interface of Cisco MATE Collector could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF…
- risk 0.57cvss 8.8epss 0.01
A vulnerability in the device manager web interface of Cisco Industrial Ethernet Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of an affected system. The vulnerability is due to insufficient CSRF…
- risk 0.57cvss 8.8epss 0.01
A vulnerability in the Cisco IOS XE Software REST API could allow an authenticated, remote attacker to bypass API authorization checks and use the API to perform privileged actions on an affected device. The vulnerability is due to insufficient authorization checks for requests…
- risk 0.57cvss 8.8epss 0.03
A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to gain elevated privileges on an affected device. The vulnerability exists because the affected software does not reset the privilege level for each…
- risk 0.57cvss 8.8epss 0.03
A vulnerability in the credential reset functionality for Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to gain elevated privileges. The vulnerability is due to a lack of proper input validation. An attacker could exploit this vulnerability…
- risk 0.57cvss 8.8epss 0.01
A vulnerability in the web-based management interface of Cisco Data Center Network Manager could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to…
- risk 0.57cvss 8.8epss 0.01
A vulnerability in the web-based management interface of Cisco UCS Director Software and Cisco Integrated Management Controller (IMC) Supervisor Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary…
- risk 0.57cvss 8.8epss 0.03
An authenticated remote code execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.
- risk 0.57cvss 8.8epss 0.02
A privilege escalation vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.
- risk 0.57cvss 8.8epss 0.02
A vulnerability in an operations script of Cisco UCS Central could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the daemon user. The vulnerability is due to insufficient input validation. An attacker could exploit this…
- risk 0.57cvss 8.8epss 0.01
A vulnerability in the web framework of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device. The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An attacker could exploit…
- risk 0.57cvss 8.8epss 0.03
A vulnerability in the web management GUI of the Cisco D9800 Network Transport Receiver could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of GUI command arguments. An attacker could…
- risk 0.57cvss 8.8epss 0.02
Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a…
- risk 0.57cvss 8.8epss 0.01
A vulnerability within the firewall configuration of the Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) could allow an unauthenticated, adjacent attacker to gain privileged access to services only available on the internal network of the device.…
- risk 0.57cvss 8.8epss 0.01
A vulnerability in Cisco SPA300 and SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device. The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An attacker could exploit this…
- risk 0.57cvss 8.8epss 0.03
A vulnerability in the web-based user interface (web UI) of Cisco IOS XE 16.2 could allow an authenticated, remote attacker to elevate their privileges on an affected device. The vulnerability is due to incorrect default permission settings for new users who are created by using…
- risk 0.57cvss 8.8epss 0.03
A vulnerability in the web-based Wireless Controller GUI of Cisco IOS XE Software for Cisco 5760 Wireless LAN Controllers, Cisco Catalyst 4500E Supervisor Engine 8-E (Wireless) Switches, and Cisco New Generation Wireless Controllers (NGWC) 3850 could allow an authenticated,…
- risk 0.57cvss 8.8epss 0.01
A vulnerability in the Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An attacker could exploit this vulnerability by tricking the…
- risk 0.57cvss 8.8epss 0.02
A vulnerability in the Operations, Administration, Maintenance, and Provisioning (OAMP) credential reset functionality for Cisco Unified Customer Voice Portal (CVP) could allow an authenticated, remote attacker to gain elevated privileges. The vulnerability is due to a lack of…
- risk 0.57cvss 8.8epss 0.03
A vulnerability in the web-based user interface of Cisco SocialMiner could allow an unauthenticated, remote attacker to have read and write access to information stored in the affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries…
- risk 0.57cvss 8.8epss 0.02
A vulnerability in Cisco Unified Communications Manager 10.5(2.10000.5), 11.0(1.10000.10), and 11.5(1.10000.6) could allow an authenticated, remote attacker to conduct a blind SQL injection attack. The vulnerability is due to a failure to validate user-supplied input used in SQL…
- risk 0.57cvss 8.8epss 0.01
A vulnerability in the Web UI Application of the Cisco Prime Collaboration Provisioning Tool through 12.2 could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to a lack of defense against cross-site request forgery (CSRF) attacks.…
- risk 0.57cvss 8.8epss 0.01
The Comcast firmware on Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices allows configuration changes via CSRF.
- risk 0.57cvss 8.8epss 0.01
The Comcast firmware on Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST) devices allows configuration changes via CSRF.
- risk 0.57cvss 8.8epss 0.01
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) and DPC3941T (firmware version DPC3941_2.5s3_PROD_sey) devices allows remote attackers to access the web UI by establishing a session to the wan0 WAN IPv6 address and then…
- risk 0.57cvss 8.8epss 0.02
A vulnerability in certain commands of Cisco Elastic Services Controller could allow an authenticated, remote attacker to elevate privileges to root and run dangerous commands on the server. The vulnerability occurs because a "tomcat" user on the system can run certain shell…
- risk 0.57cvss 8.8epss 0.02
A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker to log in to the device with the privileges of the root user, aka an Insecure Default Account Information Vulnerability. More Information: CSCvd85710. Known Affected…
- risk 0.57cvss 8.8epss 0.01
A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the admin user, aka an Insecure Default Administrator Credentials Vulnerability. More Information: CSCvc76661. Known Affected…
- risk 0.57cvss 8.8epss 0.02
A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux root user, aka an Insecure Default Password Vulnerability. More Information: CSCvc76631. Known Affected Releases: 2.2(9.76).
- risk 0.57cvss 8.8epss 0.01
A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker with access to the management network to log in to the affected device using default credentials present on the system, aka an Insecure Default Password Vulnerability.…
- risk 0.57cvss 8.8epss 0.01
A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker with access to the management network to log in as an admin or oper user of the affected device, aka an Insecure Default Credentials Vulnerability. More Information:…
- risk 0.57cvss 8.8epss 0.01
A vulnerability in Cisco Ultra Services Framework Staging Server could allow an authenticated, remote attacker with access to the management network to log in as an admin user of the affected device, aka an Insecure Default Credentials Vulnerability. More Information:…
- risk 0.57cvss 8.8epss 0.02
A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux admin user, aka an Insecure Default Credentials Vulnerability. More Information: CSCvc76651. Known Affected Releases: 21.0.0.
- risk 0.57cvss 8.8epss 0.02
A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to run arbitrary commands as the Linux tomcat user on an affected system. More Information: CSCvc76620. Known Affected Releases: 2.2(9.76).
- risk 0.57cvss 8.8epss 0.01
A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. More Information: CSCvc91800.…
- risk 0.57cvss 8.8epss 0.01
A vulnerability in the Device Manager web interface of Cisco Industrial Ethernet 1000 Series Switches 1.3 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of an affected system. The vulnerability is due to…
- risk 0.57cvss 8.8epss 0.03
A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to execute arbitrary commands on an affected system. The vulnerability exists because the affected software does not sufficiently sanitize…
- risk 0.57cvss 8.7epss 0.02
A vulnerability in the DNS code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause an affected device to reload or corrupt the information present in the device's local DNS cache. The vulnerability is due to a flaw in handling crafted DNS response…
Page 6 of 145