VYPR

Vendor CVEs

Cisco Systems, Inc.

All CVEs

7,231 total · sorted by risk
  • CVE-2018-0345HigJul 18, 2018
    risk 0.57cvss 8.8epss 0.03

    A vulnerability in the configuration and management database of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary commands with the privileges of the vmanage user in the configuration management system of the affected software. The…

  • CVE-2018-0343HigJul 18, 2018
    risk 0.57cvss 8.8epss 0.02

    A vulnerability in the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary code with vmanage user privileges or cause a denial of service (DoS) condition on an affected system. The vulnerability is…

  • CVE-2018-0365HigJun 21, 2018
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to…

  • CVE-2018-0364HigJun 21, 2018
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in the web-based management interface of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is…

  • CVE-2018-0363HigJun 21, 2018
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service (formerly CUPS) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected…

  • CVE-2018-0303HigJun 21, 2018
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in the Cisco Discovery Protocol component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code as root or cause a denial of service (DoS) condition on the affected device. The vulnerability…

  • CVE-2018-0330HigJun 20, 2018
    risk 0.57cvss 8.8epss 0.03

    A vulnerability in the NX-API management application programming interface (API) in devices running, or based on, Cisco NX-OS Software could allow an authenticated, remote attacker to execute commands with elevated privileges. The vulnerability is due to a failure to properly…

  • CVE-2018-0292HigJun 20, 2018
    risk 0.57cvss 8.8epss 0.02

    A vulnerability in the Internet Group Management Protocol (IGMP) Snooping feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code and gain full control of an affected system. The attacker could also cause an affected system to…

  • CVE-2018-0336HigJun 7, 2018
    risk 0.57cvss 8.8epss 0.02

    A vulnerability in the batch provisioning feature of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to escalate privileges to the Administrator level. The vulnerability is due to insufficient authorization enforcement on batch processing. An…

  • CVE-2018-0322HigJun 7, 2018
    risk 0.57cvss 8.8epss 0.03

    A vulnerability in the web management interface of Cisco Prime Collaboration Provisioning (PCP) could allow an authenticated, remote attacker to modify sensitive data that is associated with arbitrary accounts on an affected device. The vulnerability is due to a failure to…

  • CVE-2018-0317HigJun 7, 2018
    risk 0.57cvss 8.8epss 0.03

    A vulnerability in the web interface of Cisco Prime Collaboration Provisioning (PCP) could allow an authenticated, remote attacker to escalate their privileges. The vulnerability is due to insufficient web portal access control checks. An attacker could exploit this…

  • CVE-2018-0270HigMay 17, 2018
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in the web-based management interface of Cisco IoT Field Network Director (IoT-FND) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and alter the data of existing users and groups on an affected device. The…

  • CVE-2018-0259HigApr 19, 2018
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in the web-based management interface of Cisco MATE Collector could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF…

  • CVE-2018-0255HigApr 19, 2018
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in the device manager web interface of Cisco Industrial Ethernet Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of an affected system. The vulnerability is due to insufficient CSRF…

  • CVE-2018-0195HigMar 28, 2018
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in the Cisco IOS XE Software REST API could allow an authenticated, remote attacker to bypass API authorization checks and use the API to perform privileged actions on an affected device. The vulnerability is due to insufficient authorization checks for requests…

  • CVE-2018-0152HigMar 28, 2018
    risk 0.57cvss 8.8epss 0.03

    A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to gain elevated privileges on an affected device. The vulnerability exists because the affected software does not reset the privilege level for each…

  • CVE-2018-0213HigMar 8, 2018
    risk 0.57cvss 8.8epss 0.03

    A vulnerability in the credential reset functionality for Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to gain elevated privileges. The vulnerability is due to a lack of proper input validation. An attacker could exploit this vulnerability…

  • CVE-2018-0210HigMar 8, 2018
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in the web-based management interface of Cisco Data Center Network Manager could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to…

  • CVE-2018-0148HigFeb 22, 2018
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in the web-based management interface of Cisco UCS Director Software and Cisco Integrated Management Controller (IMC) Supervisor Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary…

  • CVE-2017-5826HigFeb 15, 2018
    risk 0.57cvss 8.8epss 0.03

    An authenticated remote code execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.

  • CVE-2017-5825HigFeb 15, 2018
    risk 0.57cvss 8.8epss 0.02

    A privilege escalation vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.

  • CVE-2018-0113HigFeb 8, 2018
    risk 0.57cvss 8.8epss 0.02

    A vulnerability in an operations script of Cisco UCS Central could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the daemon user. The vulnerability is due to insufficient input validation. An attacker could exploit this…

  • CVE-2018-0107HigJan 18, 2018
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in the web framework of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device. The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An attacker could exploit…

  • CVE-2018-0099HigJan 18, 2018
    risk 0.57cvss 8.8epss 0.03

    A vulnerability in the web management GUI of the Cisco D9800 Network Transport Receiver could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of GUI command arguments. An attacker could…

  • CVE-2017-12343HigNov 30, 2017
    risk 0.57cvss 8.8epss 0.02

    Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a…

  • CVE-2017-12262HigNov 2, 2017
    risk 0.57cvss 8.8epss 0.01

    A vulnerability within the firewall configuration of the Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) could allow an unauthenticated, adjacent attacker to gain privileged access to services only available on the internal network of the device.…

  • CVE-2017-12271HigOct 19, 2017
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in Cisco SPA300 and SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device. The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An attacker could exploit this…

  • CVE-2017-12230HigSep 29, 2017
    risk 0.57cvss 8.8epss 0.03

    A vulnerability in the web-based user interface (web UI) of Cisco IOS XE 16.2 could allow an authenticated, remote attacker to elevate their privileges on an affected device. The vulnerability is due to incorrect default permission settings for new users who are created by using…

  • CVE-2017-12226HigSep 29, 2017
    risk 0.57cvss 8.8epss 0.03

    A vulnerability in the web-based Wireless Controller GUI of Cisco IOS XE Software for Cisco 5760 Wireless LAN Controllers, Cisco Catalyst 4500E Supervisor Engine 8-E (Wireless) Switches, and Cisco New Generation Wireless Controllers (NGWC) 3850 could allow an authenticated,…

  • CVE-2017-12253HigSep 21, 2017
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in the Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An attacker could exploit this vulnerability by tricking the…

  • CVE-2017-12214HigSep 21, 2017
    risk 0.57cvss 8.8epss 0.02

    A vulnerability in the Operations, Administration, Maintenance, and Provisioning (OAMP) credential reset functionality for Cisco Unified Customer Voice Portal (CVP) could allow an authenticated, remote attacker to gain elevated privileges. The vulnerability is due to a lack of…

  • CVE-2017-12216HigSep 7, 2017
    risk 0.57cvss 8.8epss 0.03

    A vulnerability in the web-based user interface of Cisco SocialMiner could allow an unauthenticated, remote attacker to have read and write access to information stored in the affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries…

  • CVE-2017-6757HigAug 7, 2017
    risk 0.57cvss 8.8epss 0.02

    A vulnerability in Cisco Unified Communications Manager 10.5(2.10000.5), 11.0(1.10000.10), and 11.5(1.10000.6) could allow an authenticated, remote attacker to conduct a blind SQL injection attack. The vulnerability is due to a failure to validate user-supplied input used in SQL…

  • CVE-2017-6756HigAug 7, 2017
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in the Web UI Application of the Cisco Prime Collaboration Provisioning Tool through 12.2 could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to a lack of defense against cross-site request forgery (CSRF) attacks.…

  • CVE-2017-9490HigJul 31, 2017
    risk 0.57cvss 8.8epss 0.01

    The Comcast firmware on Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices allows configuration changes via CSRF.

  • CVE-2017-9489HigJul 31, 2017
    risk 0.57cvss 8.8epss 0.01

    The Comcast firmware on Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST) devices allows configuration changes via CSRF.

  • CVE-2017-9488HigJul 31, 2017
    risk 0.57cvss 8.8epss 0.01

    The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) and DPC3941T (firmware version DPC3941_2.5s3_PROD_sey) devices allows remote attackers to access the web UI by establishing a session to the wan0 WAN IPv6 address and then…

  • CVE-2017-6712HigJul 6, 2017
    risk 0.57cvss 8.8epss 0.02

    A vulnerability in certain commands of Cisco Elastic Services Controller could allow an authenticated, remote attacker to elevate privileges to root and run dangerous commands on the server. The vulnerability occurs because a "tomcat" user on the system can run certain shell…

  • CVE-2017-6692HigJun 13, 2017
    risk 0.57cvss 8.8epss 0.02

    A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker to log in to the device with the privileges of the root user, aka an Insecure Default Account Information Vulnerability. More Information: CSCvd85710. Known Affected…

  • CVE-2017-6689HigJun 13, 2017
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the admin user, aka an Insecure Default Administrator Credentials Vulnerability. More Information: CSCvc76661. Known Affected…

  • CVE-2017-6688HigJun 13, 2017
    risk 0.57cvss 8.8epss 0.02

    A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux root user, aka an Insecure Default Password Vulnerability. More Information: CSCvc76631. Known Affected Releases: 2.2(9.76).

  • CVE-2017-6687HigJun 13, 2017
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker with access to the management network to log in to the affected device using default credentials present on the system, aka an Insecure Default Password Vulnerability.…

  • CVE-2017-6686HigJun 13, 2017
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker with access to the management network to log in as an admin or oper user of the affected device, aka an Insecure Default Credentials Vulnerability. More Information:…

  • CVE-2017-6685HigJun 13, 2017
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in Cisco Ultra Services Framework Staging Server could allow an authenticated, remote attacker with access to the management network to log in as an admin user of the affected device, aka an Insecure Default Credentials Vulnerability. More Information:…

  • CVE-2017-6684HigJun 13, 2017
    risk 0.57cvss 8.8epss 0.02

    A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux admin user, aka an Insecure Default Credentials Vulnerability. More Information: CSCvc76651. Known Affected Releases: 21.0.0.

  • CVE-2017-6682HigJun 13, 2017
    risk 0.57cvss 8.8epss 0.02

    A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to run arbitrary commands as the Linux tomcat user on an affected system. More Information: CSCvc76620. Known Affected Releases: 2.2(9.76).

  • CVE-2017-6659HigJun 13, 2017
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. More Information: CSCvc91800.…

  • CVE-2017-6634HigMay 22, 2017
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in the Device Manager web interface of Cisco Industrial Ethernet 1000 Series Switches 1.3 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of an affected system. The vulnerability is due to…

  • CVE-2017-6619HigApr 20, 2017
    risk 0.57cvss 8.8epss 0.03

    A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to execute arbitrary commands on an affected system. The vulnerability exists because the affected software does not sufficiently sanitize…

  • CVE-2017-6607HigApr 20, 2017
    risk 0.57cvss 8.7epss 0.02

    A vulnerability in the DNS code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause an affected device to reload or corrupt the information present in the device's local DNS cache. The vulnerability is due to a flaw in handling crafted DNS response…

Page 6 of 145