VYPR

Vendor CVEs

Cisco Systems, Inc.

All CVEs

7,110 total · sorted by risk
  • CVE-2017-6703MedJul 4, 2017
    risk 0.38cvss 5.9epss 0.02

    A vulnerability in the web application in the Cisco Prime Collaboration Provisioning tool could allow an unauthenticated, remote attacker to hijack another user's session. More Information: CSCvc90346. Known Affected Releases: 12.1.

  • CVE-2017-3865MedJul 4, 2017
    risk 0.38cvss 5.8epss 0.02

    A vulnerability in the IPsec component of Cisco StarOS for Cisco ASR 5000 Series Routers could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from establishing, resulting in a denial of service (DoS) condition.…

  • CVE-2017-6656MedJun 13, 2017
    risk 0.38cvss 5.9epss 0.02

    A vulnerability in Session Initiation Protocol (SIP) call handling of Cisco IP Phone 8800 Series devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the SIP process unexpectedly restarting. All active phone calls are…

  • CVE-2017-6620MedMay 3, 2017
    risk 0.38cvss 5.8epss 0.02

    A vulnerability in the remote management access control list (ACL) feature of the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, remote attacker to bypass the remote management ACL. The vulnerability is due to incorrect implementation of the ACL decision…

  • CVE-2017-6613MedApr 20, 2017
    risk 0.38cvss 5.8epss 0.02

    A vulnerability in the DNS input packet processor for Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to cause the DNS process to momentarily restart, which could lead to a partial denial of service (DoS) condition on the affected system. The…

  • CVE-2017-3887MedApr 7, 2017
    risk 0.38cvss 5.9epss 0.01

    A vulnerability in the detection engine that handles Secure Sockets Layer (SSL) packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the Snort process unexpectedly restarts. This…

  • CVE-2017-3885MedApr 7, 2017
    risk 0.38cvss 5.9epss 0.01

    A vulnerability in the detection engine reassembly of Secure Sockets Layer (SSL) packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the Snort process consumes a high level of CPU…

  • CVE-2017-3870MedMar 17, 2017
    risk 0.38cvss 5.8epss 0.02

    A vulnerability in the URL filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured URL filter rule. Affected Products: This vulnerability affects all releases prior to the first…

  • CVE-2017-3827MedFeb 22, 2017
    risk 0.38cvss 5.8epss 0.02

    A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device.…

  • CVE-2017-3818MedFeb 3, 2017
    risk 0.38cvss 5.8epss 0.02

    A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device, aka a Malformed MIME Header Filtering…

  • CVE-2017-3814MedFeb 3, 2017
    risk 0.38cvss 5.8epss 0.02

    A vulnerability in Cisco Firepower System Software could allow an unauthenticated, remote attacker to maliciously bypass the appliance's ability to block certain web content, aka a URL Bypass. More Information: CSCvb93980. Known Affected Releases: 5.3.0 5.4.0 6.0.0 6.0.1 6.1.0.

  • CVE-2017-3809MedFeb 3, 2017
    risk 0.38cvss 5.8epss 0.02

    A vulnerability in the Policy deployment module of the Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to prevent deployment of a complete and accurate rule base. More Information: CSCvb95281. Known Affected Releases: 6.1.0 6.2.0. Known…

  • CVE-2017-3800MedJan 26, 2017
    risk 0.38cvss 5.8epss 0.02

    A vulnerability in the content scanning engine of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured message or content filters on the device. Affected Products: This vulnerability affects all…

  • CVE-2016-1411MedDec 14, 2016
    risk 0.38cvss 5.9epss 0.01

    A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Management Security Appliance (SMA) could allow an unauthenticated, remote attacker to impersonate the update…

  • CVE-2016-6461MedNov 19, 2016
    risk 0.38cvss 5.9epss 0.02

    A vulnerability in the HTTP web-based management interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to inject arbitrary XML commands on the affected system. More Information: CSCva38556. Known Affected Releases: 9.1(6.10).…

  • CVE-2016-6438MedOct 27, 2016
    risk 0.38cvss 5.9epss 0.01

    A vulnerability in Cisco IOS XE Software running on Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause a configuration integrity change to the vty line configuration on an affected device. This vulnerability affects the following…

  • CVE-2016-6437MedOct 27, 2016
    risk 0.38cvss 5.9epss 0.02

    A vulnerability in the SSL session cache management of Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high consumption of disk space. The user would see a performance degradation.…

  • CVE-2016-6403MedSep 18, 2016
    risk 0.38cvss 5.9epss 0.02

    The Data in Motion (DMo) application in Cisco IOS 15.6(1)T and IOS XE, when the IOx feature set is enabled, allows remote attackers to cause a denial of service via a crafted packet, aka Bug IDs CSCuy82904, CSCuy82909, and CSCuy82912.

  • CVE-2016-1346MedApr 6, 2016
    risk 0.38cvss 5.9epss 0.02

    The kernel in Cisco TelePresence Server 3.0 through 4.2(4.18) on Mobility Services Engine (MSE) 8710 devices allows remote attackers to cause a denial of service (panic and reboot) via a crafted sequence of IPv6 packets, aka Bug ID CSCuu46673.

  • CVE-2016-1321MedFeb 15, 2016
    risk 0.38cvss 5.8epss 0.01

    Cisco Universal Small Cell devices with firmware R2.12 through R3.5 contain an image-decryption key in flash memory, which allows remote attackers to bypass a certain certificate-validation feature and obtain sensitive firmware-image and IP address data via a request to an…

  • CVE-2015-6409MedDec 26, 2015
    risk 0.38cvss 5.9epss 0.01

    Cisco Jabber 10.6.x, 11.0.x, and 11.1.x on Windows allows man-in-the-middle attackers to conduct STARTTLS downgrade attacks and trigger cleartext XMPP sessions via unspecified vectors, aka Bug ID CSCuw87419.

  • CVE-2012-1342MedAug 6, 2012
    risk 0.38cvss 5.8epss 0.01

    Cisco Carrier Routing System (CRS) 3.9, 4.0, and 4.1 allows remote attackers to bypass ACL entries via fragmented packets, aka Bug ID CSCtj10975.

  • CVE-2025-46305MedFeb 11, 2026
    risk 0.37cvss 5.7epss 0.00

    The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. A malicious HID device may cause an unexpected…

  • CVE-2025-46304MedFeb 11, 2026
    risk 0.37cvss 5.7epss 0.00

    The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. A malicious HID device may cause an unexpected…

  • CVE-2025-46303MedFeb 11, 2026
    risk 0.37cvss 5.7epss 0.00

    The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. A malicious HID device may cause an unexpected…

  • CVE-2025-46302MedFeb 11, 2026
    risk 0.37cvss 5.7epss 0.00

    The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. A malicious HID device may cause an unexpected…

  • CVE-2025-46301MedFeb 11, 2026
    risk 0.37cvss 5.7epss 0.00

    The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. A malicious HID device may cause an unexpected…

  • CVE-2025-46300MedFeb 11, 2026
    risk 0.37cvss 5.7epss 0.00

    The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. A malicious HID device may cause an unexpected…

  • CVE-2024-20441MedOct 2, 2024
    risk 0.37cvss 5.7epss 0.00

    A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to learn sensitive information on an affected device. This vulnerability is due to insufficient authorization controls on the affected REST API…

  • CVE-2023-20135MedSep 13, 2023
    risk 0.37cvss 5.7epss 0.00

    A vulnerability in Cisco IOS XR Software image verification checks could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system. This vulnerability is due to a time-of-check, time-of-use (TOCTOU) race condition when an install…

  • CVE-2022-20966MedJan 20, 2023
    risk 0.37cvss 5.4epss 0.28

    A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to conduct cross-site scripting attacks against other users of the application web-based management interface. This vulnerability is due to…

  • CVE-2022-20787MedApr 21, 2022
    risk 0.37cvss 5.7epss 0.00

    A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) Software and Cisco Unified CM Session Management Edition (SME) Software could allow an authenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack…

  • CVE-2020-3537MedSep 4, 2020
    risk 0.37cvss 5.7epss 0.01

    A vulnerability in Cisco Jabber for Windows software could allow an authenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of message contents. An attacker could exploit this vulnerability by sending specially…

  • CVE-2020-10136MedJun 2, 2020
    risk 0.37cvss 5.3epss 0.26

    IP-in-IP protocol specifies IP Encapsulation within IP standard (RFC 2003, STD 1) that decapsulate and route IP-in-IP traffic is vulnerable to spoofing, access-control bypass and other unexpected behavior due to the lack of validation to verify network packets before…

  • CVE-2018-0414MedOct 5, 2018
    risk 0.37cvss 5.7epss 0.02

    A vulnerability in the web-based UI of Cisco Secure Access Control Server could allow an authenticated, remote attacker to gain read access to certain information in an affected system. The vulnerability is due to improper handling of XML External Entities (XXEs) when parsing an…

  • CVE-2018-0087MedMar 8, 2018
    risk 0.37cvss 5.6epss 0.02

    A vulnerability in the FTP server of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to log in to the FTP server of the device without a valid password. The attacker does need to have a valid username. The vulnerability is due to incorrect…

  • CVE-2017-12351MedNov 30, 2017
    risk 0.37cvss 5.7epss 0.00

    A vulnerability in the guest shell feature of Cisco NX-OS System Software could allow an authenticated, local attacker to read and send packets outside the scope of the guest shell container. An attacker would need valid administrator credentials to perform this attack. The…

  • CVE-2017-12339MedNov 30, 2017
    risk 0.37cvss 5.7epss 0.01

    A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments to the CLI parser. An attacker could exploit this…

  • CVE-2017-12285MedOct 19, 2017
    risk 0.37cvss 5.3epss 0.37

    A vulnerability in the web interface of Cisco Network Analysis Module Software could allow an unauthenticated, remote attacker to delete arbitrary files from an affected system, aka Directory Traversal. The vulnerability exists because the affected software does not perform…

  • CVE-2017-6775MedAug 17, 2017
    risk 0.37cvss 5.7epss 0.00

    A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to elevate their privileges to admin-level privileges. The vulnerability is due to incorrect permissions that…

  • CVE-2026-28993MedMay 11, 2026
    risk 0.36cvss 5.5epss 0.00

    This issue was addressed by adding an additional prompt for user consent. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, visionOS 26.5. An app may be able to access user-sensitive data.

  • CVE-2026-20161MedApr 15, 2026
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent could allow an authenticated, local attacker with low privileges to overwrite arbitrary files on the local system of an affected device. This vulnerability is due to improper access controls on files that are…

  • CVE-2026-28877MedMar 25, 2026
    risk 0.36cvss 5.5epss 0.00

    An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, visionOS 26.4, watchOS 26.4. An app may be able to access sensitive…

  • CVE-2026-28870MedMar 25, 2026
    risk 0.36cvss 5.5epss 0.00

    An information leakage was addressed with additional validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to access sensitive user data.

  • CVE-2026-20107MedFeb 25, 2026
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in the Object Model CLI component of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, local attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. To exploit this…

  • CVE-2026-20678MedFeb 11, 2026
    risk 0.36cvss 5.5epss 0.00

    An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3. An app may be able to access sensitive user data.

  • CVE-2026-20675MedFeb 11, 2026
    risk 0.36cvss 5.5epss 0.00

    The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. Processing a maliciously crafted image may…

  • CVE-2026-20655MedFeb 11, 2026
    risk 0.36cvss 5.5epss 0.00

    An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3. An attacker with physical access to a locked device may be able to view sensitive user information.

  • CVE-2026-20654MedFeb 11, 2026
    risk 0.36cvss 5.5epss 0.00

    The issue was addressed with improved memory handling. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An app may be able to cause unexpected system termination.

  • CVE-2026-20653MedFeb 11, 2026
    risk 0.36cvss 5.5epss 0.00

    A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, visionOS 26.3. An app may be able to access…

Page 67 of 143