VYPR

Vendor CVEs

Cisco Systems, Inc.

All CVEs

7,106 total · sorted by risk
  • CVE-2023-31441MedJul 18, 2023
    risk 0.36cvss 5.5epss 0.00

    In NATO Communications and Information Agency anet (aka Advisor Network) through 3.3.0, an attacker can provide a crafted JSON file to sanitizeJson and cause an exception. This is related to the U+FFFD Unicode replacement character. A for loop does not consider that a data…

  • CVE-2023-20040MedJan 20, 2023
    risk 0.36cvss 5.5epss 0.01

    A vulnerability in the NETCONF service of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to cause a denial of service (DoS) on an affected system that is running as the root user. To exploit this vulnerability, the attacker must be a…

  • CVE-2022-20955MedOct 26, 2022
    risk 0.36cvss 5.5epss 0.00

    Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these…

  • CVE-2022-20954MedOct 26, 2022
    risk 0.36cvss 5.5epss 0.00

    Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these…

  • CVE-2022-20953MedOct 26, 2022
    risk 0.36cvss 5.5epss 0.00

    Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these…

  • CVE-2022-20811MedOct 26, 2022
    risk 0.36cvss 5.5epss 0.01

    Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these…

  • CVE-2022-20776MedOct 26, 2022
    risk 0.36cvss 5.5epss 0.00

    Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these…

  • CVE-2022-20851MedSep 30, 2022
    risk 0.36cvss 5.5epss 0.01

    A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by…

  • CVE-2022-20850MedSep 30, 2022
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN Software and Cisco SD-WAN Software could allow an authenticated, local attacker to delete arbitrary files from the file system of an affected device. This vulnerability is due to insufficient input validation. An…

  • CVE-2022-20651MedJun 22, 2022
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in the logging component of Cisco Adaptive Security Device Manager (ASDM) could allow an authenticated, local attacker to view sensitive information in clear text on an affected system. Cisco ADSM must be deployed in a shared workstation environment for this…

  • CVE-2022-20797MedMay 27, 2022
    risk 0.36cvss 5.5epss 0.01

    A vulnerability in the web-based management interface of Cisco Secure Network Analytics, formerly Cisco Stealthwatch Enterprise, could allow an authenticated, remote attacker to execute arbitrary commands as an administrator on the underlying operating system. This vulnerability…

  • CVE-2022-20727MedApr 15, 2022
    risk 0.36cvss 5.5epss 0.01

    Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install…

  • CVE-2022-20726MedApr 15, 2022
    risk 0.36cvss 5.5epss 0.01

    Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install…

  • CVE-2022-20725MedApr 15, 2022
    risk 0.36cvss 5.5epss 0.01

    Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install…

  • CVE-2022-20724MedApr 15, 2022
    risk 0.36cvss 5.5epss 0.01

    Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install…

  • CVE-2022-20723MedApr 15, 2022
    risk 0.36cvss 5.5epss 0.02

    Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install…

  • CVE-2022-20722MedApr 15, 2022
    risk 0.36cvss 5.5epss 0.01

    Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install…

  • CVE-2022-20721MedApr 15, 2022
    risk 0.36cvss 5.5epss 0.01

    Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install…

  • CVE-2022-20720MedApr 15, 2022
    risk 0.36cvss 5.5epss 0.01

    Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install…

  • CVE-2022-20719MedApr 15, 2022
    risk 0.36cvss 5.5epss 0.03

    Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install…

  • CVE-2022-20718MedApr 15, 2022
    risk 0.36cvss 5.5epss 0.02

    Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install…

  • CVE-2022-20717MedApr 15, 2022
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in the NETCONF process of Cisco SD-WAN vEdge Routers could allow an authenticated, local attacker to cause an affected device to run out of memory, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient memory management when…

  • CVE-2022-20677MedApr 15, 2022
    risk 0.36cvss 5.5epss 0.01

    Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install…

  • CVE-2021-40131MedNov 19, 2021
    risk 0.36cvss 5.5epss 0.01

    A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient…

  • CVE-2021-34711MedOct 6, 2021
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in the debug shell of Cisco IP Phone software could allow an authenticated, local attacker to read any file on the device file system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by providing crafted…

  • CVE-2021-1612MedSep 23, 2021
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an authenticated, local attacker to overwrite arbitrary files on the local system. This vulnerability is due to improper access controls on files within the local file system. An attacker could exploit this…

  • CVE-2021-1546MedSep 23, 2021
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information. This vulnerability is due to improper protections on file access through the CLI. An attacker could exploit this vulnerability by running a CLI…

  • CVE-2021-34771MedSep 9, 2021
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in the Cisco IOS XR Software CLI could allow an authenticated, local attacker to view more information than their privileges allow. This vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker could…

  • CVE-2021-34733MedSep 2, 2021
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in the CLI of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, local attacker to access sensitive information stored on the underlying file system of an affected system. This vulnerability exists…

  • CVE-2021-34700MedJul 22, 2021
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in the CLI interface of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to read arbitrary files on the underlying file system of an affected system. This vulnerability exists because access to sensitive information on an affected system…

  • CVE-2021-1568MedJun 16, 2021
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. This vulnerability is due to uncontrolled memory allocation. An attacker could exploit this…

  • CVE-2021-1544MedJun 4, 2021
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in logging mechanisms of Cisco Webex Meetings client software could allow an authenticated, local attacker to gain access to sensitive information. This vulnerability is due to unsafe logging of application actions. An attacker could exploit this vulnerability by…

  • CVE-2021-1438MedMay 6, 2021
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in Cisco Wide Area Application Services (WAAS) Software could allow an authenticated, local attacker to gain access to sensitive information on an affected device. The vulnerability is due to improper input validation and authorization of specific commands that a…

  • CVE-2021-1443MedMar 24, 2021
    risk 0.36cvss 5.5epss 0.02

    A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary code with root privileges on the underlying operating system of an affected device. The vulnerability exists because the affected software improperly…

  • CVE-2021-1450MedFeb 24, 2021
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. To exploit this vulnerability, the attacker would need to…

  • CVE-2021-1372MedFeb 17, 2021
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in Cisco Webex Meetings Desktop App and Webex Productivity Tools for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system. This vulnerability is due to the unsafe usage of shared memory by the affected…

  • CVE-2021-1128MedFeb 4, 2021
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in the CLI parser of Cisco IOS XR Software could allow an authenticated, local attacker to view more information than their privileges allow. The vulnerability is due to insufficient application of restrictions during the execution of a specific command. An…

  • CVE-2021-1235MedJan 20, 2021
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to read sensitive database files on an affected system. The vulnerability is due to insufficient user authorization. An attacker could exploit this vulnerability by accessing…

  • CVE-2021-1283MedJan 20, 2021
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in the logging subsystem of Cisco Data Center Network Manager (DCNM) could allow an authenticated, local attacker to view sensitive information in a system log file that should be restricted. The vulnerability exists because sensitive information is not properly…

  • CVE-2021-1258MedJan 13, 2021
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in the upgrade component of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker with low privileges to read arbitrary files on the underlying operating system (OS) of an affected device. The vulnerability is due to insufficient…

  • CVE-2021-1126MedJan 13, 2021
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in the storage of proxy server credentials of Cisco Firepower Management Center (FMC) could allow an authenticated, local attacker to view credentials for a configured proxy server. The vulnerability is due to clear-text storage and weak permissions of related…

  • CVE-2020-26068MedNov 18, 2020
    risk 0.36cvss 5.5epss 0.01

    A vulnerability in the xAPI service of Cisco Telepresence CE Software and Cisco RoomOS Software could allow an authenticated, remote attacker to generate an access token for an affected device. The vulnerability is due to insufficient access authorization. An attacker could…

  • CVE-2020-27123MedNov 6, 2020
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to read arbitrary files on the underlying operating system of an affected device. The vulnerability is due to an…

  • CVE-2020-3352MedOct 21, 2020
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to access hidden commands. The vulnerability is due to the presence of undocumented configuration commands. An attacker could exploit this vulnerability by…

  • CVE-2020-3477MedSep 24, 2020
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in the CLI parser of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker to access files from the flash: filesystem. The vulnerability is due to insufficient application of restrictions during the execution of a specific…

  • CVE-2020-3116MedSep 23, 2020
    risk 0.36cvss 5.5epss 0.01

    A vulnerability in the way Cisco Webex applications process Universal Communications Format (UCF) files could allow an attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of UCF media files. An attacker could exploit this…

  • CVE-2020-3520MedAug 26, 2020
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, local attacker to obtain confidential information from an affected device. The vulnerability is due to insufficient protection of confidential information on an affected device. An…

  • CVE-2020-3491MedAug 26, 2020
    risk 0.36cvss 5.5epss 0.01

    A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker with administrative privileges to conduct a cross-site scripting (XSS) attack against a user of the interface on an affected device. The…

  • CVE-2020-3447MedAug 17, 2020
    risk 0.36cvss 5.5epss 0.01

    A vulnerability in the CLI of Cisco AsyncOS for Cisco Email Security Appliance (ESA) and Cisco AsyncOS for Cisco Content Security Management Appliance (SMA) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is…

  • CVE-2020-3435MedAug 17, 2020
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to overwrite VPN profiles on an affected device. To exploit this vulnerability, the attacker would need to have…

Page 69 of 143