VYPR

Vendor CVEs

Cisco Systems, Inc.

All CVEs

7,133 total · sorted by risk
  • CVE-2015-6434MedJan 8, 2016
    risk 0.40cvss 6.1epss 0.01

    Cisco Prime Infrastructure does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCux64856.

  • CVE-2026-20136MedApr 15, 2026
    risk 0.39cvss 6.0epss 0.01

    A vulnerability in the CLI of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, local attacker with administrative privileges to perform a command injection attack on the underlying operating system and…

  • CVE-2026-20016MedMar 4, 2026
    risk 0.39cvss 6.0epss 0.00

    A vulnerability in the Cisco FXOS Software CLI feature for Cisco Secure Firewall ASA Software and Secure FTD Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level privileges. To exploit this…

  • CVE-2026-20008MedMar 4, 2026
    risk 0.39cvss 6.0epss 0.00

    A vulnerability in a small subset of CLI commands that are used on Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to craft Lua code that could be used on the…

  • CVE-2026-20092MedJan 21, 2026
    risk 0.39cvss 6.0epss 0.00

    A vulnerability in the read-only maintenance shell of Cisco Intersight Virtual Appliance could allow an authenticated, local attacker with administrative privileges to elevate privileges to root on the virtual appliance. This vulnerability is due to improper file permissions…

  • CVE-2025-20248MedSep 10, 2025
    risk 0.39cvss 6.0epss 0.00

    A vulnerability in the installation process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR Software image signature verification and load unsigned software on an affected device. To exploit this vulnerability, the attacker must have…

  • CVE-2025-20295MedAug 27, 2025
    risk 0.39cvss 6.0epss 0.00

    A vulnerability in the CLI of Cisco UCS Manager Software could allow an authenticated, local attacker with administrative privileges to read or create a file or overwrite any file on the file system of the underlying operating system of an affected device, including system…

  • CVE-2025-20238MedAug 14, 2025
    risk 0.39cvss 6.0epss 0.00

    A vulnerability in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level privileges.…

  • CVE-2025-20237MedAug 14, 2025
    risk 0.39cvss 6.0epss 0.00

    A vulnerability in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level privileges.…

  • CVE-2025-20220MedAug 14, 2025
    risk 0.39cvss 6.0epss 0.00

    A vulnerability in the CLI of Cisco Secure Firewall Management Center (FMC) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root. This…

  • CVE-2025-20278MedJun 4, 2025
    risk 0.39cvss 6.0epss 0.00

    A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. This vulnerability is due to improper validation…

  • CVE-2025-20155MedMay 7, 2025
    risk 0.39cvss 6.0epss 0.00

    A vulnerability in the bootstrap loading of Cisco IOS XE Software could allow an authenticated, local attacker to write arbitrary files to an affected system. This vulnerability is due to insufficient input validation of the bootstrap file that is read by the system software…

  • CVE-2025-20178MedApr 16, 2025
    risk 0.39cvss 6.0epss 0.00

    A vulnerability in the web-based management interface of Cisco Secure Network Analytics could allow an authenticated, remote attacker with valid administrative credentials to execute arbitrary commands as root on the underlying operating system. This vulnerability is due to…

  • CVE-2025-20119MedFeb 26, 2025
    risk 0.39cvss 6.0epss 0.00

    A vulnerability in the system file permission handling of Cisco APIC could allow an authenticated, local attacker to overwrite critical system files, which could cause a DoS condition. To exploit this vulnerability, the attacker must have valid administrative credentials. …

  • CVE-2022-20845MedNov 15, 2024
    risk 0.39cvss 6.0epss 0.00

    A vulnerability in the TL1 function of Cisco Network Convergence System (NCS) 4000 Series could allow an authenticated, local attacker to cause a memory leak in the TL1 process. This vulnerability is due to TL1 not freeing memory under some conditions. An attacker could…

  • CVE-2024-20485MedOct 23, 2024
    risk 0.39cvss 6.0epss 0.00

    A vulnerability in the VPN web server of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level privileges are…

  • CVE-2024-20370MedOct 23, 2024
    risk 0.39cvss 6.0epss 0.00

    A vulnerability in the Cisco FXOS CLI feature on specific hardware platforms for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to elevate their administrative privileges to root.…

  • CVE-2024-20461MedOct 16, 2024
    risk 0.39cvss 6.0epss 0.00

    A vulnerability in the CLI of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an authenticated, local attacker with high privileges to execute arbitrary commands as the root user. This vulnerability exists because CLI input is not properly sanitized.…

  • CVE-2024-20492MedOct 2, 2024
    risk 0.39cvss 6.0epss 0.01

    A vulnerability in the restricted shell of Cisco Expressway Series could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have…

  • CVE-2024-20469MedSep 4, 2024
    risk 0.39cvss 6.0epss 0.00

    A vulnerability in specific CLI commands in Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must…

  • CVE-2024-20358MedApr 24, 2024
    risk 0.39cvss 6.0epss 0.01

    A vulnerability in the Cisco Adaptive Security Appliance (ASA) restore functionality that is available in Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating…

  • CVE-2024-20282MedApr 3, 2024
    risk 0.39cvss 6.0epss 0.00

    A vulnerability in Cisco Nexus Dashboard could allow an authenticated, local attacker with valid rescue-user credentials to elevate privileges to root on an affected device. This vulnerability is due to insufficient protections for a sensitive access token. An attacker could…

  • CVE-2024-20306MedMar 27, 2024
    risk 0.39cvss 6.0epss 0.00

    A vulnerability in the Unified Threat Defense (UTD) configuration CLI of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying host operating system. To exploit this vulnerability, an attacker must have level…

  • CVE-2023-20260MedJan 17, 2024
    risk 0.39cvss 6.0epss 0.00

    A vulnerability in the application CLI of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager could allow an authenticated, local attacker to gain escalated privileges. This vulnerability is due to improper processing of command line arguments to…

  • CVE-2023-20170MedNov 1, 2023
    risk 0.39cvss 6.0epss 0.00

    A vulnerability in a specific Cisco ISE CLI command could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, an attacker must have valid Administrator-level…

  • CVE-2023-20193MedSep 7, 2023
    risk 0.39cvss 6.0epss 0.00

    A vulnerability in the Embedded Service Router (ESR) of Cisco ISE could allow an authenticated, local attacker to read, write, or delete arbitrary files on the underlying operating system and escalate their privileges to root. To exploit this vulnerability, an attacker must have…

  • CVE-2023-20210MedJul 12, 2023
    risk 0.39cvss 6.0epss 0.00

    A vulnerability in Cisco BroadWorks could allow an authenticated, local attacker to elevate privileges to the root user on an affected device. The vulnerability is due to insufficient input validation by the operating system CLI. An attacker could exploit this vulnerability…

  • CVE-2023-20167MedMay 18, 2023
    risk 0.39cvss 6.0epss 0.00

    Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to perform path traversal attacks on the underlying operating system to either elevate privileges to root or read arbitrary files. To exploit these vulnerabilities, an attacker…

  • CVE-2023-20166MedMay 18, 2023
    risk 0.39cvss 6.0epss 0.00

    Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to perform path traversal attacks on the underlying operating system to either elevate privileges to root or read arbitrary files. To exploit these vulnerabilities, an attacker…

  • CVE-2023-20153MedApr 5, 2023
    risk 0.39cvss 6.0epss 0.00

    Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an…

  • CVE-2023-20122MedApr 5, 2023
    risk 0.39cvss 6.0epss 0.00

    Multiple vulnerabilities in the restricted shell of Cisco Evolved Programmable Network Manager (EPNM), Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure could allow an authenticated, local attacker to escape the restricted shell and gain root privileges on the…

  • CVE-2023-20121MedApr 5, 2023
    risk 0.39cvss 6.0epss 0.00

    Multiple vulnerabilities in the restricted shell of Cisco Evolved Programmable Network Manager (EPNM), Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure could allow an authenticated, local attacker to escape the restricted shell and gain root privileges on the…

  • CVE-2023-20152MedApr 5, 2023
    risk 0.39cvss 6.0epss 0.00

    Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an…

  • CVE-2023-20030MedApr 5, 2023
    risk 0.39cvss 6.0epss 0.01

    A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access sensitive information, conduct a server-side request forgery (SSRF) attack through an affected device, or negatively impact the…

  • CVE-2023-20023MedApr 5, 2023
    risk 0.39cvss 6.0epss 0.00

    Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an…

  • CVE-2023-20022MedApr 5, 2023
    risk 0.39cvss 6.0epss 0.00

    Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an…

  • CVE-2023-20021MedApr 5, 2023
    risk 0.39cvss 6.0epss 0.00

    Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an…

  • CVE-2023-20075MedMar 1, 2023
    risk 0.39cvss 6.0epss 0.00

    Vulnerability in the CLI of Cisco Secure Email Gateway could allow an authenticated, remote attacker to execute arbitrary commands. These vulnerability is due to improper input validation in the CLI. An attacker could exploit this vulnerability by injecting operating system…

  • CVE-2023-20015MedFeb 23, 2023
    risk 0.39cvss 6.0epss 0.00

    A vulnerability in the CLI of Cisco Firepower 4100 Series, Cisco Firepower 9300 Security Appliances, and Cisco UCS 6200, 6300, 6400, and 6500 Series Fabric Interconnects could allow an authenticated, local attacker to inject unauthorized commands. This vulnerability is due to…

  • CVE-2022-20934MedNov 15, 2022
    risk 0.39cvss 6.0epss 0.00

    A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software and Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root. This vulnerability is due to improper input validation…

  • CVE-2022-20909MedJul 22, 2022
    risk 0.39cvss 6.0epss 0.00

    Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could…

  • CVE-2022-20908MedJul 22, 2022
    risk 0.39cvss 6.0epss 0.00

    Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could…

  • CVE-2022-20907MedJul 22, 2022
    risk 0.39cvss 6.0epss 0.00

    Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could…

  • CVE-2022-20906MedJul 22, 2022
    risk 0.39cvss 6.0epss 0.00

    Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could…

  • CVE-2022-20665MedApr 6, 2022
    risk 0.39cvss 6.0epss 0.00

    A vulnerability in the CLI of Cisco StarOS could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient input validation of CLI commands. An attacker could exploit this vulnerability by sending crafted…

  • CVE-2021-34724MedSep 23, 2021
    risk 0.39cvss 6.0epss 0.00

    A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an authenticated, local attacker to elevate privileges and execute arbitrary code on the underlying operating system as the root user. An attacker must be authenticated on an affected device as a PRIV15 user.…

  • CVE-2021-34709MedSep 9, 2021
    risk 0.39cvss 6.0epss 0.00

    Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for Cisco 8000 Series Routers could allow an authenticated, local attacker to…

  • CVE-2021-34708MedSep 9, 2021
    risk 0.39cvss 6.0epss 0.00

    Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for Cisco 8000 Series Routers could allow an authenticated, local attacker to…

  • CVE-2021-1584MedAug 25, 2021
    risk 0.39cvss 6.0epss 0.00

    A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient restrictions during the execution of a…

  • CVE-2021-1558MedMay 22, 2021
    risk 0.39cvss 6.0epss 0.00

    Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an authenticated, local attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root. These vulnerabilities are due to insufficient restrictions during the execution of…

Page 63 of 143