VYPR

Vendor CVEs

Cisco Systems, Inc.

All CVEs

7,231 total · sorted by risk
  • CVE-2017-3858HigMar 22, 2017
    risk 0.57cvss 8.8epss 0.03

    A vulnerability in the web framework of Cisco IOS XE Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation of HTTP parameters supplied by the user. An…

  • CVE-2017-3854HigMar 15, 2017
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in the mesh code of Cisco Wireless LAN Controller (WLC) software could allow an unauthenticated, remote attacker to impersonate a WLC in a meshed topology. The vulnerability is due to insufficient authentication of the parent access point in a mesh configuration.…

  • CVE-2017-3819HigMar 15, 2017
    risk 0.57cvss 8.8epss 0.03

    A privilege escalation vulnerability in the Secure Shell (SSH) subsystem in the StarOS operating system for Cisco ASR 5000 Series, ASR 5500 Series, ASR 5700 Series devices, and Cisco Virtualized Packet Core could allow an authenticated, remote attacker to gain unrestricted, root…

  • CVE-2017-3835HigFeb 22, 2017
    risk 0.57cvss 8.8epss 0.02

    A vulnerability in the sponsor portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access notices owned by other users, because of SQL Injection. More Information: CSCvb15627. Known Affected Releases: 1.4(0.908).

  • CVE-2017-3801HigFeb 15, 2017
    risk 0.57cvss 8.8epss 0.00

    A vulnerability in the web-based GUI of Cisco UCS Director 6.0.0.0 and 6.0.0.1 could allow an authenticated, local attacker to execute arbitrary workflow items with just an end-user profile, a Privilege Escalation Vulnerability. The vulnerability is due to improper role-based…

  • CVE-2017-3794HigJan 26, 2017
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against an administrative user. More Information: CSCuz03317. Known Affected Releases: 2.6. Known Fixed Releases: 2.7.1.12.

  • CVE-2016-9218HigJan 26, 2017
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in Cisco Hybrid Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against the user of the web interface. More Information: CSCvc28662. Known Affected Releases: 1.0.

  • CVE-2016-9217HigDec 26, 2016
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in Cisco Intercloud Fabric for Business and Cisco Intercloud Fabric for Providers could allow an unauthenticated, remote attacker to connect to the database used by these products. More Information: CSCus99394. Known Affected Releases: 7.3(0)ZN(0.99).

  • CVE-2016-6468HigDec 14, 2016
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in the web-based management interface of Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. More Information: CSCvb06663. Known…

  • CVE-2016-6444HigOct 27, 2016
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a Web Bridge user. More Information: CSCvb03308. Known Affected Releases: 1.8, 1.9, 2.0.

  • CVE-2016-6443HigOct 27, 2016
    risk 0.57cvss 8.8epss 0.03

    A vulnerability in the Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL database interface could allow an authenticated, remote attacker to impact system confidentiality by executing a subset of arbitrary SQL queries that can cause product instability.…

  • CVE-2016-6442HigOct 27, 2016
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in Cisco Finesse Agent and Supervisor Desktop Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against the user of the web interface. More Information: CSCvb57213. Known Affected Releases: 11.0(1).

  • CVE-2016-6427HigOct 6, 2016
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuy75036…

  • CVE-2016-6417HigOct 5, 2016
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT System Software 4.10.2 through 6.1.0 and Firepower Management Center allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCva21636.

  • CVE-2016-1470HigSep 2, 2016
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability in the web-based management interface on Cisco Small Business 220 devices with firmware before 1.0.1.1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuz76230.

  • CVE-2016-1458HigAug 18, 2016
    risk 0.57cvss 8.8epss 0.02

    The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.0.3, 5.3.1.x before 5.3.1.2, and 5.4.x before 5.4.0.1 and Cisco Adaptive Security Appliance (ASA) Software on 5500-X devices with FirePOWER Services 4.x and 5.x before 5.3.0.3, 5.3.1.x before 5.3.1.2,…

  • CVE-2016-1457HigAug 18, 2016
    risk 0.57cvss 8.8epss 0.04

    The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 and Cisco Adaptive Security Appliance (ASA) Software on 5500-X devices with FirePOWER Services 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 allows remote…

  • CVE-2016-1365HigAug 18, 2016
    risk 0.57cvss 8.8epss 0.03

    The Grapevine update process in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0 allows remote authenticated users to execute arbitrary commands as root via a crafted upgrade parameter, aka Bug ID CSCux15507.

  • CVE-2016-1468HigAug 8, 2016
    risk 0.57cvss 8.8epss 0.03

    The administrative web interface in Cisco TelePresence Video Communication Server Expressway X8.5.2 allows remote authenticated users to execute arbitrary commands via crafted fields, aka Bug ID CSCuv12531.

  • CVE-2016-1430HigAug 8, 2016
    risk 0.57cvss 8.8epss 0.04

    Cisco RV180 and RV180W devices allow remote authenticated users to execute arbitrary commands as root via a crafted HTTP request, aka Bug ID CSCuz48592.

  • CVE-2015-6397HigAug 8, 2016
    risk 0.57cvss 8.8epss 0.02

    Cisco RV110W, RV130W, and RV215W devices have an incorrect RBAC configuration for the default account, which allows remote authenticated users to obtain root access via a login session with that account, aka Bug IDs CSCuv90139, CSCux58175, and CSCux73557.

  • CVE-2016-1374HigJul 28, 2016
    risk 0.57cvss 8.8epss 0.03

    The web framework in Cisco Unified Computing System (UCS) Performance Manager 2.0.0 and earlier allows remote authenticated users to execute arbitrary commands via crafted parameters in a GET request, aka Bug ID CSCuy07827.

  • CVE-2016-1448HigJul 17, 2016
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 2.7 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuy92706.

  • CVE-2016-1446HigJul 15, 2016
    risk 0.57cvss 8.8epss 0.02

    SQL injection vulnerability in Cisco WebEx Meetings Server 2.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuy83200.

  • CVE-2016-1442HigJul 7, 2016
    risk 0.57cvss 8.8epss 0.03

    The administrative web interface in Cisco Prime Infrastructure (PI) before 3.1.1 allows remote authenticated users to execute arbitrary commands via crafted field values, aka Bug ID CSCuy96280.

  • CVE-2016-1408HigJul 2, 2016
    risk 0.57cvss 8.8epss 0.02

    Cisco Prime Infrastructure 1.2 through 3.1 and Evolved Programmable Network Manager (EPNM) 1.2 and 2.0 allow remote authenticated users to execute arbitrary commands or upload files via a crafted HTTP request, aka Bug ID CSCuz01488.

  • CVE-2016-1391HigJun 4, 2016
    risk 0.57cvss 8.8epss 0.02

    Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(2) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(2) allow remote authenticated users to execute arbitrary OS commands via a…

  • CVE-2016-1406HigMay 25, 2016
    risk 0.57cvss 8.8epss 0.02

    The API web interface in Cisco Prime Infrastructure before 3.1 and Cisco Evolved Programmable Network Manager before 1.2.4 allows remote authenticated users to bypass intended RBAC restrictions and obtain sensitive information, and consequently gain privileges, via crafted JSON…

  • CVE-2016-1359HigMar 3, 2016
    risk 0.57cvss 8.8epss 0.02

    Cisco Prime Infrastructure 3.0 allows remote authenticated users to execute arbitrary code via a crafted HTTP request that is mishandled during viewing of a log file, aka Bug ID CSCuw81494.

  • CVE-2016-1297HigFeb 26, 2016
    risk 0.57cvss 8.8epss 0.03

    The Device Manager GUI in Cisco Application Control Engine (ACE) 4710 A5 before A5(3.1) allows remote authenticated users to bypass intended RBAC restrictions and execute arbitrary CLI commands with admin privileges via an unspecified parameter in a POST request, aka Bug ID…

  • CVE-2016-1302HigFeb 7, 2016
    risk 0.57cvss 8.8epss 0.02

    Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3h) and 1.1 before 1.1(1j) and Nexus 9000 ACI Mode switches with software before 11.0(3h) and 11.1 before 11.1(1j) allow remote authenticated users to bypass intended RBAC restrictions via…

  • CVE-2016-1301HigFeb 7, 2016
    risk 0.57cvss 8.8epss 0.02

    The RBAC implementation in Cisco ASA-CX Content-Aware Security software before 9.3.1.1(112) and Cisco Prime Security Manager (PRSM) software before 9.3.1.1(112) allows remote authenticated users to change arbitrary passwords via a crafted HTTP request, aka Bug ID CSCuo94842.

  • CVE-2026-20224HigMay 14, 2026
    risk 0.56cvss 8.6epss 0.01

    A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to read arbitrary files that are stored in an affected system. The attacker does not need to have valid user credentials. This…

  • CVE-2026-20103HigMar 4, 2026
    risk 0.56cvss 8.6epss 0.00

    A vulnerability in the Remote Access SSL VPN functionality of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust device memory resulting in a denial of…

  • CVE-2026-20101HigMar 4, 2026
    risk 0.56cvss 8.6epss 0.00

    A vulnerability in the SAML 2.0 single sign-on (SSO) feature of Cisco Secure Firewall ASA Software and Secure FTD Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a DoS condition. This vulnerability is due to…

  • CVE-2026-20082HigMar 4, 2026
    risk 0.56cvss 8.6epss 0.00

    A vulnerability in the handling of the embryonic connection limits in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause incoming TCP SYN packets to be dropped incorrectly. This vulnerability is due to…

  • CVE-2026-20039HigMar 4, 2026
    risk 0.56cvss 8.6epss 0.00

    A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. …

  • CVE-2025-20315HigSep 24, 2025
    risk 0.56cvss 8.6epss 0.00

    A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, causing a denial of service (DoS) condition. This vulnerability is due to improper…

  • CVE-2025-20263HigAug 14, 2025
    risk 0.56cvss 8.6epss 0.01

    A vulnerability in the web services interface of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected system. …

  • CVE-2025-20253HigAug 14, 2025
    risk 0.56cvss 8.6epss 0.00

    A vulnerability in the IKEv2 feature of Cisco IOS Software, IOS XE Software, Secure Firewall ASA Software, and Secure FTD Software could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a DoS condition. This vulnerability is due to the…

  • CVE-2025-20243HigAug 14, 2025
    risk 0.56cvss 8.6epss 0.01

    A vulnerability in the management and VPN web servers of Cisco Secure Firewall ASA Software and Secure FTD Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a DoS condition. This vulnerability is due to improper…

  • CVE-2025-20239HigAug 14, 2025
    risk 0.56cvss 8.6epss 0.01

    A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco IOS Software, IOS XE Software, Secure Firewall Adaptive Security Appliance (ASA) Software, and Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger…

  • CVE-2025-20222HigAug 14, 2025
    risk 0.56cvss 8.6epss 0.01

    A vulnerability in the RADIUS proxy feature for the IPsec VPN feature of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS)…

  • CVE-2025-20217HigAug 14, 2025
    risk 0.56cvss 8.6epss 0.01

    A vulnerability in the packet inspection functionality of the Snort 3 Detection Engine of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability…

  • CVE-2025-20136HigAug 14, 2025
    risk 0.56cvss 8.6epss 0.01

    A vulnerability in the function that performs IPv4 and IPv6 Network Address Translation (NAT) DNS inspection for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote…

  • CVE-2025-20134HigAug 14, 2025
    risk 0.56cvss 8.6epss 0.00

    A vulnerability in the certificate processing of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a…

  • CVE-2025-20133HigAug 14, 2025
    risk 0.56cvss 8.6epss 0.01

    A vulnerability in the management and VPN web servers of the Remote Access SSL VPN feature of Cisco Secure Firewall ASA Software and Secure FTD Software could allow an unauthenticated, remote attacker to cause the device to unexpectedly stop responding, resulting in a DoS…

  • CVE-2025-20271HigJun 18, 2025
    risk 0.56cvss 8.6epss 0.00

    A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition in the Cisco AnyConnect service on an affected device. This…

  • CVE-2025-24200MedKEVFeb 10, 2025
    risk 0.56cvss 6.1epss 0.05

    An authorization issue was addressed with improved state management. This issue is fixed in iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iOS 18.3.1 and iPadOS 18.3.1, iPadOS 17.7.5. A physical attack may disable USB Restricted Mode on a locked device. Apple is…

  • CVE-2023-20125HigNov 15, 2024
    risk 0.56cvss 8.6epss 0.01

    A vulnerability in the local interface of Cisco BroadWorks Network Server could allow an unauthenticated, remote attacker to exhaust system resources, causing a denial of service (DoS) condition. This vulnerability exists because rate limiting does not occur for certain…

Page 7 of 145