VYPR

Vendor CVEs

Cisco Systems, Inc.

All CVEs

7,106 total · sorted by risk
  • CVE-2025-20167MedJan 8, 2025
    risk 0.35cvss 5.4epss 0.00

    A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient…

  • CVE-2025-20166MedJan 8, 2025
    risk 0.35cvss 5.4epss 0.00

    A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient…

  • CVE-2020-26067MedNov 18, 2024
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the web-based interface of Cisco Webex Teams could allow an authenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to improper validation of usernames. An attacker could exploit this vulnerability by creating an…

  • CVE-2021-1424MedNov 18, 2024
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the ipsecmgr process of Cisco ASR 5000 Series Software (StarOS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to insufficient validation of incoming Internet Key Exchange Version 2…

  • CVE-2021-1234MedNov 18, 2024
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the cluster management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. To be affected by this vulnerability, the vManage software must be in cluster mode. …

  • CVE-2021-1132MedNov 18, 2024
    risk 0.35cvss 5.3epss 0.02

    A vulnerability in the API subsystem and in the web-management interface of Cisco Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to access sensitive data. This vulnerability exists because the web-management interface and certain…

  • CVE-2020-3548MedNov 18, 2024
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the Transport Layer Security (TLS) protocol implementation of Cisco AsyncOS software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause high CPU usage on an affected device, resulting in a denial of…

  • CVE-2020-3420MedNov 18, 2024
    risk 0.35cvss 5.4epss 0.00

    A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS)…

  • CVE-2020-26063MedNov 18, 2024
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the API endpoints of Cisco Integrated Management Controller could allow an authenticated, remote attacker to bypass authorization and take actions on a vulnerable system without authorization. The vulnerability is due to improper authorization checks on…

  • CVE-2020-26062MedNov 18, 2024
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in Cisco Integrated Management Controller could allow an unauthenticated, remote attacker to enumerate valid usernames within the vulnerable application. The vulnerability is due to differences in authentication responses sent back from the application as…

  • CVE-2022-20633MedNov 15, 2024
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to perform a username enumeration attack against an affected device. This vulnerability is due to differences in authentication responses that are sent back…

  • CVE-2021-1466MedNov 15, 2024
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the vDaemon service of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to cause a buffer overflow on an affected system, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete bounds…

  • CVE-2022-20948MedNov 15, 2024
    risk 0.35cvss 5.4epss 0.00

    A vulnerability in the web management interface of Cisco BroadWorks Hosted Thin Receptionist could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient user input…

  • CVE-2022-20766MedNov 15, 2024
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Adaptive Telephone Adapter firmware could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to an out-of-bounds read…

  • CVE-2022-20648MedNov 15, 2024
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in a debug function for Cisco RCM for Cisco StarOS Software could allow an unauthenticated, remote attacker to perform debug actions that could result in the disclosure of confidential information that should be restricted. This vulnerability exists…

  • CVE-2024-20540MedNov 6, 2024
    risk 0.35cvss 5.4epss 0.00

    A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) could allow an authenticated, remote attacker with low privileges to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This…

  • CVE-2024-20514MedNov 6, 2024
    risk 0.35cvss 5.4epss 0.00

    A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an authenticated, low-privileged, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the…

  • CVE-2024-20504MedNov 6, 2024
    risk 0.35cvss 5.4epss 0.00

    A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a…

  • CVE-2024-20410MedOct 23, 2024
    risk 0.35cvss 5.4epss 0.00

    A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is…

  • CVE-2024-20387MedOct 23, 2024
    risk 0.35cvss 5.4epss 0.00

    A vulnerability in the web-based management interface of Cisco FMC Software could allow an authenticated, remote attacker to store malicious content for use in XSS attacks. This vulnerability is due to improper input sanitization in the web-based management interface of Cisco…

  • CVE-2024-20377MedOct 23, 2024
    risk 0.35cvss 5.4epss 0.00

    A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to the web-based…

  • CVE-2024-20463MedOct 16, 2024
    risk 0.35cvss 5.4epss 0.00

    A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to modify the configuration or reboot an affected device. This vulnerability is due to the HTTP server allowing…

  • CVE-2024-20420MedOct 16, 2024
    risk 0.35cvss 5.4epss 0.00

    A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an authenticated, remote attacker with low privileges to run commands as an Admin user. This vulnerability is due to incorrect authorization…

  • CVE-2024-20477MedOct 2, 2024
    risk 0.35cvss 5.4epss 0.00

    A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to upload or delete files on an affected device. This vulnerability exists because of missing authorization controls on the affected REST API endpoint.…

  • CVE-2024-20442MedOct 2, 2024
    risk 0.35cvss 5.4epss 0.00

    A vulnerability in the REST API endpoints of Cisco Nexus Dashboard could allow an authenticated, low-privileged, remote attacker to perform limited Administrator actions on an affected device. This vulnerability is due to insufficient authorization controls on some REST API…

  • CVE-2024-20443MedAug 7, 2024
    risk 0.35cvss 5.4epss 0.00

    A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management…

  • CVE-2023-20249MedApr 24, 2024
    risk 0.35cvss 5.4epss 0.00

    A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient…

  • CVE-2023-20248MedApr 24, 2024
    risk 0.35cvss 5.4epss 0.00

    A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient…

  • CVE-2024-20367MedApr 3, 2024
    risk 0.35cvss 5.4epss 0.00

    A vulnerability in the web UI of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web UI does not properly validate…

  • CVE-2024-20302MedApr 3, 2024
    risk 0.35cvss 5.4epss 0.00

    A vulnerability in the tenant security implementation of Cisco Nexus Dashboard Orchestrator (NDO) could allow an authenticated, remote attacker to modify or delete tenant templates on an affected system. This vulnerability is due to improper access controls within tenant…

  • CVE-2024-20266MedMar 13, 2024
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the DHCP version 4 (DHCPv4) server feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to trigger a crash of the dhcpd process, resulting in a denial of service (DoS) condition. This vulnerability exists because certain DHCPv4…

  • CVE-2024-20346MedMar 6, 2024
    risk 0.35cvss 5.4epss 0.00

    A vulnerability in the web-based management interface of Cisco AppDynamics Controller could allow an authenticated, remote attacker to perform a reflected cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to…

  • CVE-2024-20344MedFeb 29, 2024
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in system resource management in Cisco UCS 6400 and 6500 Series Fabric Interconnects that are in Intersight Managed Mode (IMM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the Device Console UI of an affected…

  • CVE-2023-20255MedNov 1, 2023
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in an API of the Web Bridge feature of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this…

  • CVE-2023-20262MedSep 27, 2023
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the SSH service of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to cause a process crash, resulting in a DoS condition for SSH access only. This vulnerability does not prevent the system from continuing to function, and web UI…

  • CVE-2023-20230MedAug 23, 2023
    risk 0.35cvss 5.4epss 0.00

    A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to read, modify, or delete non-tenant policies (for example, access policies) created by users associated…

  • CVE-2023-20115MedAug 23, 2023
    risk 0.35cvss 5.4epss 0.00

    A vulnerability in the SFTP server implementation for Cisco Nexus 3000 Series Switches and 9000 Series Switches in standalone NX-OS mode could allow an authenticated, remote attacker to download or overwrite files from the underlying operating system of an affected device. …

  • CVE-2023-20205MedAug 16, 2023
    risk 0.35cvss 5.4epss 0.00

    Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface…

  • CVE-2023-20203MedAug 16, 2023
    risk 0.35cvss 5.4epss 0.00

    Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface…

  • CVE-2023-20204MedAug 3, 2023
    risk 0.35cvss 5.4epss 0.00

    A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the…

  • CVE-2023-20133MedJul 7, 2023
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the web interface of Cisco Webex Meetings could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because of insufficient validation of user-supplied…

  • CVE-2023-20120MedJun 28, 2023
    risk 0.35cvss 5.4epss 0.00

    Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Cisco Secure Email Gateway, formerly Cisco Email Security Appliance (ESA); and Cisco Secure Web Appliance, formerly Cisco Web Security Appliance…

  • CVE-2023-20028MedJun 28, 2023
    risk 0.35cvss 5.4epss 0.00

    Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Cisco Secure Email Gateway, formerly Cisco Email Security Appliance (ESA); and Cisco Secure Web Appliance, formerly Cisco Web Security Appliance…

  • CVE-2023-20184MedMay 18, 2023
    risk 0.35cvss 5.4epss 0.00

    Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more…

  • CVE-2023-20183MedMay 18, 2023
    risk 0.35cvss 5.4epss 0.00

    Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more…

  • CVE-2023-20182MedMay 18, 2023
    risk 0.35cvss 5.4epss 0.01

    Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more…

  • CVE-2023-20172MedMay 18, 2023
    risk 0.35cvss 5.4epss 0.00

    Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to delete or read arbitrary files on the underlying operating system. To exploit these vulnerabilities, an attacker must have valid credentials on an affected device. For more…

  • CVE-2023-20171MedMay 18, 2023
    risk 0.35cvss 5.4epss 0.00

    Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to delete or read arbitrary files on the underlying operating system. To exploit these vulnerabilities, an attacker must have valid credentials on an affected device. For more…

  • CVE-2023-20106MedMay 18, 2023
    risk 0.35cvss 5.4epss 0.00

    Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to delete or read arbitrary files on the underlying operating system. To exploit these vulnerabilities, an attacker must have valid credentials on an affected device. For more…

  • CVE-2022-37462MedApr 10, 2023
    risk 0.35cvss 5.4epss 0.01

    A stored Cross-Site Scripting (XSS) vulnerability in the Chat gadget in Upstream Works Agent Desktop for Cisco Finesse through 4.2.12 and 5.0 allows remote attackers to inject arbitrary web script or HTML via AttachmentId in the file-upload details.

Page 71 of 143