VYPR

Vendor CVEs

Cisco Systems, Inc.

All CVEs

7,132 total · sorted by risk
  • CVE-2024-20384MedOct 23, 2024
    risk 0.38cvss 5.8epss 0.00

    A vulnerability in the Network Service Group (NSG) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access control list (ACL) and allow traffic…

  • CVE-2024-20342MedOct 23, 2024
    risk 0.38cvss 5.8epss 0.01

    Multiple Cisco products are affected by a vulnerability in the rate filtering feature of the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured rate limiting filter. This vulnerability is due to an incorrect connection…

  • CVE-2024-20299MedOct 23, 2024
    risk 0.38cvss 5.8epss 0.00

    A vulnerability in the AnyConnect firewall for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access control list (ACL) and allow traffic that should have…

  • CVE-2024-20297MedOct 23, 2024
    risk 0.38cvss 5.8epss 0.00

    A vulnerability in the AnyConnect firewall for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access control list (ACL) and allow traffic that should have…

  • CVE-2024-20513MedOct 2, 2024
    risk 0.38cvss 5.8epss 0.00

    A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition for targeted users of the AnyConnect service on an affected device. This…

  • CVE-2024-20509MedOct 2, 2024
    risk 0.38cvss 5.8epss 0.00

    A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to hijack an AnyConnect VPN session or cause a denial of service (DoS) condition for individual users of the…

  • CVE-2024-20502MedOct 2, 2024
    risk 0.38cvss 5.8epss 0.01

    A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to insufficient resource…

  • CVE-2024-20500MedOct 2, 2024
    risk 0.38cvss 5.8epss 0.01

    A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. This vulnerability is due to…

  • CVE-2024-20385MedOct 2, 2024
    risk 0.38cvss 5.9epss 0.00

    A vulnerability in the SSL/TLS implementation of Cisco Nexus Dashboard Orchestrator (NDO) could allow an unauthenticated, remote attacker to intercept sensitive information from an affected device. This vulnerability exists because the Cisco NDO Validate Peer…

  • CVE-2024-20508MedSep 25, 2024
    risk 0.38cvss 5.8epss 0.00

    A vulnerability in Cisco Unified Threat Defense (UTD) Snort Intrusion Prevention System (IPS) Engine for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured security policies or cause a denial of service (DoS) condition on an affected…

  • CVE-2024-20465MedSep 25, 2024
    risk 0.38cvss 5.8epss 0.00

    A vulnerability in the access control list (ACL) programming of Cisco IOS Software running on Cisco Industrial Ethernet 4000, 4010, and 5000 Series Switches could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to the incorrect…

  • CVE-2024-20363MedMay 22, 2024
    risk 0.38cvss 5.8epss 0.00

    Multiple Cisco products are affected by a vulnerability in the Snort Intrusion Prevention System (IPS) rule engine that could allow an unauthenticated, remote attacker to bypass the configured rules on an affected system. This vulnerability is due to incorrect HTTP packet…

  • CVE-2024-20361MedMay 22, 2024
    risk 0.38cvss 5.8epss 0.00

    A vulnerability in the Object Groups for Access Control Lists (ACLs) feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass configured access controls on managed devices that are running Cisco Firepower Threat…

  • CVE-2024-20293MedMay 22, 2024
    risk 0.38cvss 5.8epss 0.00

    A vulnerability in the activation of an access control list (ACL) on Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the protection that is offered by a configured ACL on…

  • CVE-2024-20261MedMay 22, 2024
    risk 0.38cvss 5.8epss 0.00

    A vulnerability in the file policy feature that is used to inspect encrypted archive files of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured file policy to block an encrypted archive file. This vulnerability…

  • CVE-2024-20357MedMay 1, 2024
    risk 0.38cvss 5.9epss 0.00

    A vulnerability in the XML service of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to initiate phone calls on an affected device. This vulnerability exists because bounds-checking does not occur while parsing XML requests. An attacker could…

  • CVE-2024-28065MedApr 5, 2024
    risk 0.38cvss 5.9epss 0.00

    In Unify CP IP Phone firmware 1.10.4.3, files are not encrypted and contain sensitive information such as the root password hash.

  • CVE-2024-20316MedMar 27, 2024
    risk 0.38cvss 5.8epss 0.00

    A vulnerability in the data model interface (DMI) services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access resources that should have been protected by a configured IPv4 access control list (ACL). This vulnerability is due to improper…

  • CVE-2024-20265MedMar 27, 2024
    risk 0.38cvss 5.9epss 0.00

    A vulnerability in the boot process of Cisco Access Point (AP) Software could allow an unauthenticated, physical attacker to bypass the Cisco Secure Boot functionality and load a software image that has been tampered with on an affected device. This vulnerability exists…

  • CVE-2024-20322MedMar 13, 2024
    risk 0.38cvss 5.8epss 0.00

    A vulnerability in the access control list (ACL) processing on Pseudowire interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to improper assignment of lookup keys…

  • CVE-2024-20315MedMar 13, 2024
    risk 0.38cvss 5.8epss 0.01

    A vulnerability in the access control list (ACL) processing on MPLS interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to improper assignment of lookup keys to…

  • CVE-2024-20291MedFeb 29, 2024
    risk 0.38cvss 5.8epss 0.01

    A vulnerability in the access control list (ACL) programming for port channel subinterfaces of Cisco Nexus 3000 and 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to send traffic that should be blocked through an affected device. …

  • CVE-2024-20263MedJan 26, 2024
    risk 0.38cvss 5.8epss 0.00

    A vulnerability with the access control list (ACL) management within a stacked switch configuration of Cisco Business 250 Series Smart Switches and Business 350 Series Managed Switches could allow an unauthenticated, remote attacker to bypass protection offered by a configured…

  • CVE-2023-20246MedNov 1, 2023
    risk 0.38cvss 5.8epss 0.01

    Multiple Cisco products are affected by a vulnerability in Snort access control policies that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. This vulnerability is due to a logic error that occurs when the access…

  • CVE-2023-20071MedNov 1, 2023
    risk 0.38cvss 5.8epss 0.01

    Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. This vulnerability is due to a flaw in the FTP module of the Snort detection…

  • CVE-2023-20270MedNov 1, 2023
    risk 0.38cvss 5.8epss 0.01

    A vulnerability in the interaction between the Server Message Block (SMB) protocol preprocessor and the Snort 3 detection engine for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the configured policies or cause a denial…

  • CVE-2023-20245MedNov 1, 2023
    risk 0.38cvss 5.8epss 0.00

    Multiple vulnerabilities in the per-user-override feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access control list (ACL) and allow traffic that…

  • CVE-2023-20176MedSep 27, 2023
    risk 0.38cvss 5.8epss 0.01

    A vulnerability in the networking component of Cisco access point (AP) software could allow an unauthenticated, remote attacker to cause a temporary disruption of service. This vulnerability is due to overuse of AP resources. An attacker could exploit this vulnerability by…

  • CVE-2023-20191MedSep 13, 2023
    risk 0.38cvss 5.8epss 0.00

    A vulnerability in the access control list (ACL) processing on MPLS interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incomplete support for this feature. An…

  • CVE-2023-20190MedSep 13, 2023
    risk 0.38cvss 5.8epss 0.01

    A vulnerability in the classic access control list (ACL) compression feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass the protection that is offered by a configured ACL on an affected device. This vulnerability is due to incorrect…

  • CVE-2020-26082MedAug 4, 2023
    risk 0.38cvss 5.8epss 0.01

    A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass content filters that are configured on an affected device. The vulnerability is due to improper handling…

  • CVE-2023-20218MedAug 3, 2023
    risk 0.38cvss 5.8epss 0.00

    A vulnerability in web-based management interface of Cisco SPA500 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to to modify a web page in the context of a user's browser. This vulnerability is due to insufficient validation of…

  • CVE-2023-20215MedAug 3, 2023
    risk 0.38cvss 5.8epss 0.00

    A vulnerability in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass a configured rule, allowing traffic onto a network that should have been blocked. This vulnerability is due to improper…

  • CVE-2023-20051MedApr 5, 2023
    risk 0.38cvss 5.8epss 0.01

    A vulnerability in the Vector Packet Processor (VPP) of Cisco Packet Data Network Gateway (PGW) could allow an unauthenticated, remote attacker to stop ICMP traffic from being processed over an IPsec connection. This vulnerability is due to the VPP improperly handling a…

  • CVE-2022-20950MedNov 15, 2022
    risk 0.38cvss 5.8epss 0.01

    A vulnerability in the interaction of SIP and Snort 3 for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the Snort 3 detection engine to restart. This vulnerability is due to a lack of error-checking when SIP…

  • CVE-2022-20943MedNov 15, 2022
    risk 0.38cvss 5.8epss 0.01

    Multiple vulnerabilities in the Server Message Block Version 2 (SMB2) processor of the Snort detection engine on multiple Cisco products could allow an unauthenticated, remote attacker to bypass the configured policies or cause a denial of service (DoS) condition on an affected…

  • CVE-2022-20928MedNov 15, 2022
    risk 0.38cvss 5.8epss 0.01

    A vulnerability in the authentication and authorization flows for VPN connections in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to establish a connection as a different user. …

  • CVE-2022-20922MedNov 15, 2022
    risk 0.38cvss 5.8epss 0.01

    Multiple vulnerabilities in the Server Message Block Version 2 (SMB2) processor of the Snort detection engine on multiple Cisco products could allow an unauthenticated, remote attacker to bypass the configured policies or cause a denial of service (DoS) condition on an affected…

  • CVE-2022-20795MedApr 21, 2022
    risk 0.38cvss 5.8epss 0.01

    A vulnerability in the implementation of the Datagram TLS (DTLS) protocol in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause high CPU utilization, resulting in a denial of…

  • CVE-2022-20784MedApr 6, 2022
    risk 0.38cvss 5.8epss 0.01

    A vulnerability in the Web-Based Reputation Score (WBRS) engine of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass established web request policies and access blocked content on an affected device. This…

  • CVE-2022-20738MedFeb 10, 2022
    risk 0.38cvss 5.8epss 0.01

    A vulnerability in the Cisco Umbrella Secure Web Gateway service could allow an unauthenticated, remote attacker to bypass the file inspection feature. This vulnerability is due to insufficient restrictions in the file inspection feature. An attacker could exploit this…

  • CVE-2021-34754MedOct 27, 2021
    risk 0.38cvss 5.8epss 0.01

    Multiple vulnerabilities in the payload inspection for Ethernet Industrial Protocol (ENIP) traffic for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured rules for ENIP traffic. These vulnerabilities are due to…

  • CVE-2021-40122MedOct 21, 2021
    risk 0.38cvss 5.9epss 0.01

    A vulnerability in an API of the Call Bridge feature of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper handling of large series of message requests. An attacker could…

  • CVE-2021-1534MedOct 6, 2021
    risk 0.38cvss 5.8epss 0.01

    A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. This vulnerability is due to improper processing…

  • CVE-2021-34697MedSep 23, 2021
    risk 0.38cvss 5.8epss 0.01

    A vulnerability in the Protection Against Distributed Denial of Service Attacks feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct denial of service (DoS) attacks to or through the affected device. This vulnerability is due to incorrect…

  • CVE-2021-34696MedSep 23, 2021
    risk 0.38cvss 5.8epss 0.01

    A vulnerability in the access control list (ACL) programming of Cisco ASR 900 and ASR 920 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incorrect programming of hardware when an ACL is…

  • CVE-2021-1625MedSep 23, 2021
    risk 0.38cvss 5.8epss 0.01

    A vulnerability in the Zone-Based Policy Firewall feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to prevent the Zone-Based Policy Firewall from correctly classifying traffic. This vulnerability exists because ICMP and UDP responder-to-initiator…

  • CVE-2021-34737MedSep 9, 2021
    risk 0.38cvss 5.8epss 0.01

    A vulnerability in the DHCP version 4 (DHCPv4) server feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to trigger a crash of the dhcpd process, resulting in a denial of service (DoS) condition. This vulnerability exists because certain DHCPv4…

  • CVE-2021-1591MedAug 25, 2021
    risk 0.38cvss 5.8epss 0.01

    A vulnerability in the EtherChannel port subscription logic of Cisco Nexus 9500 Series Switches could allow an unauthenticated, remote attacker to bypass access control list (ACL) rules that are configured on an affected device. This vulnerability is due to oversubscription of…

  • CVE-2021-34749MedAug 18, 2021
    risk 0.38cvss 5.8epss 0.02

    A vulnerability in Server Name Identification (SNI) request filtering of Cisco Web Security Appliance (WSA), Cisco Firepower Threat Defense (FTD), and the Snort detection engine could allow an unauthenticated, remote attacker to bypass filtering technology on an affected device…

Page 65 of 143