Vendor CVEs
Cisco Systems, Inc.
All CVEs
7,103 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-26139 | Med | 0.35 | 5.3 | 0.06 | May 11, 2021 | An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against… | ||
| CVE-2021-1535 | Med | 0.35 | 5.3 | 0.01 | May 6, 2021 | A vulnerability in the cluster management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. To be affected by this vulnerability, the Cisco SD-WAN vManage Software must be in cluster… | ||
| CVE-2021-1530 | Med | 0.35 | 5.4 | 0.01 | May 6, 2021 | A vulnerability in the web-based management interface of Cisco BroadWorks Messaging Server Software could allow an authenticated, remote attacker to access sensitive information or cause a partial denial of service (DoS) condition on an affected system. This vulnerability is due… | ||
| CVE-2021-1486 | Med | 0.35 | 5.3 | 0.01 | May 6, 2021 | A vulnerability in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to enumerate user accounts. This vulnerability is due to the improper handling of HTTP headers. An attacker could exploit this vulnerability by sending authenticated requests to an… | ||
| CVE-2021-1478 | Med | 0.35 | 5.3 | 0.01 | May 6, 2021 | A vulnerability in the Java Management Extensions (JMX) component of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to cause a denial of service… | ||
| CVE-2021-1369 | Med | 0.35 | 5.4 | 0.01 | Apr 29, 2021 | A vulnerability in the REST API of Cisco Firepower Device Manager (FDM) On-Box Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected device. This vulnerability is due to the improper handling of XML… | ||
| CVE-2021-1460 | Med | 0.35 | 5.3 | 0.01 | Mar 24, 2021 | A vulnerability in the Cisco IOx Application Framework of Cisco 809 Industrial Integrated Services Routers (Industrial ISRs), Cisco 829 Industrial ISRs, Cisco CGR 1000 Compute Module, and Cisco IC3000 Industrial Compute Gateway could allow an unauthenticated, remote attacker to… | ||
| CVE-2021-1394 | Med | 0.35 | 5.3 | 0.01 | Mar 24, 2021 | A vulnerability in the ingress traffic manager of Cisco IOS XE Software for Cisco Network Convergence System (NCS) 520 Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition in the web management interface of an affected device. This… | ||
| CVE-2021-1378 | Med | 0.35 | 5.3 | 0.01 | Feb 17, 2021 | A vulnerability in the SSH service of the Cisco StarOS operating system could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service (DoS) condition. The vulnerability is due to a logic error that may… | ||
| CVE-2021-1243 | Med | 0.35 | 5.3 | 0.01 | Feb 4, 2021 | A vulnerability in the Local Packet Transport Services (LPTS) programming of the SNMP with the management plane protection feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to allow connections despite the management plane protection that is… | ||
| CVE-2021-1218 | Med | 0.35 | 5.4 | 0.01 | Jan 20, 2021 | A vulnerability in the web management interface of Cisco Smart Software Manager satellite could allow an authenticated, remote attacker to redirect a user to an undesired web page. The vulnerability is due to improper input validation of the URL parameters in an HTTP request… | ||
| CVE-2021-1350 | Med | 0.35 | 5.3 | 0.01 | Jan 20, 2021 | A vulnerability in the web UI of Cisco Umbrella could allow an unauthenticated, remote attacker to negatively affect the performance of this service. The vulnerability exists due to insufficient rate limiting controls in the web UI. An attacker could exploit this vulnerability… | ||
| CVE-2021-1312 | Med | 0.35 | 5.3 | 0.03 | Jan 20, 2021 | A vulnerability in the system resource management of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) to the health monitor API on an affected device. The vulnerability is due to inadequate provisioning of… | ||
| CVE-2021-1129 | Med | 0.35 | 5.3 | 0.01 | Jan 20, 2021 | A vulnerability in the authentication for the general purpose APIs implementation of Cisco Email Security Appliance (ESA), Cisco Content Security Management Appliance (SMA), and Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to access general… | ||
| CVE-2021-1311 | Med | 0.35 | 5.4 | 0.01 | Jan 13, 2021 | A vulnerability in the reclaim host role feature of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an authenticated, remote attacker to take over the host role during a meeting. This vulnerability is due to a lack of protection against brute forcing of the host… | ||
| CVE-2021-1236 | Med | 0.35 | 5.3 | 0.02 | Jan 13, 2021 | Multiple Cisco products are affected by a vulnerability in the Snort application detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. The vulnerability is due to a flaw in the detection algorithm. An… | ||
| CVE-2021-1127 | Med | 0.35 | 5.4 | 0.01 | Jan 13, 2021 | A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is… | ||
| CVE-2020-3441 | Med | 0.35 | 5.3 | 0.02 | Nov 18, 2020 | A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to view sensitive information from the meeting room lobby. This vulnerability is due to insufficient protection of sensitive participant information. An… | ||
| CVE-2020-3585 | Med | 0.35 | 5.3 | 0.01 | Oct 21, 2020 | A vulnerability in the TLS handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000 Series firewalls could allow an unauthenticated, remote attacker to gain access to sensitive information. The… | ||
| CVE-2020-3578 | Med | 0.35 | 5.3 | 0.01 | Oct 21, 2020 | A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access rule and access parts of the WebVPN portal that are… | ||
| CVE-2020-3564 | Med | 0.35 | 5.3 | 0.01 | Oct 21, 2020 | A vulnerability in the FTP inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass FTP inspection. The vulnerability is due to ineffective flow tracking of… | ||
| CVE-2020-3557 | Med | 0.35 | 5.3 | 0.01 | Oct 21, 2020 | A vulnerability in the host input API daemon of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper certificate validation. An… | ||
| CVE-2020-3597 | Med | 0.35 | 5.4 | 0.01 | Oct 8, 2020 | A vulnerability in the configuration restore feature of Cisco Nexus Data Broker software could allow an unauthenticated, remote attacker to perform a directory traversal attack on an affected device. The vulnerability is due to insufficient validation of configuration backup… | ||
| CVE-2020-3536 | Med | 0.35 | 5.4 | 0.01 | Oct 8, 2020 | A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management… | ||
| CVE-2020-3320 | Med | 0.35 | 5.4 | 0.01 | Oct 8, 2020 | A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability… | ||
| CVE-2019-1983 | Med | 0.35 | 5.3 | 0.02 | Sep 23, 2020 | A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to cause repeated crashes in some internal processes… | ||
| CVE-2020-3546 | Med | 0.35 | 5.3 | 0.01 | Sep 4, 2020 | A vulnerability in the web-based management interface of Cisco AsyncOS software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to insufficient validation of… | ||
| CVE-2020-3542 | Med | 0.35 | 5.3 | 0.01 | Sep 4, 2020 | A vulnerability in Cisco Webex Training could allow an authenticated, remote attacker to join a password-protected meeting without providing the meeting password. The vulnerability is due to improper validation of input to API requests that are a part of meeting join flow. An… | ||
| CVE-2020-3521 | Med | 0.35 | 5.3 | 0.02 | Aug 26, 2020 | A vulnerability in a specific REST API of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of user-supplied input to… | ||
| CVE-2020-3496 | Med | 0.35 | 5.3 | 0.02 | Aug 26, 2020 | A vulnerability in the IPv6 packet processing engine of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of… | ||
| CVE-2020-3484 | Med | 0.35 | 5.3 | 0.01 | Aug 26, 2020 | A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to view potentially sensitive information on an affected device. The vulnerability is due to incorrect permissions within Apache… | ||
| CVE-2020-3461 | Med | 0.35 | 5.3 | 0.01 | Jul 31, 2020 | A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to obtain confidential information from an affected device. The vulnerability is due to missing authentication on a specific part of… | ||
| CVE-2020-3468 | Med | 0.35 | 5.4 | 0.01 | Jul 16, 2020 | A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates… | ||
| CVE-2020-3406 | Med | 0.35 | 5.4 | 0.01 | Jul 16, 2020 | A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management… | ||
| CVE-2020-3197 | Med | 0.35 | 5.3 | 0.01 | Jul 16, 2020 | A vulnerability in the API subsystem of Cisco Meetings App could allow an unauthenticated, remote attacker to retain and reuse the Traversal Using Relay NAT (TURN) server credentials that are configured in an affected system. The vulnerability is due to insufficient protection… | ||
| CVE-2020-3364 | Med | 0.35 | 5.3 | 0.01 | Jun 18, 2020 | A vulnerability in the access control list (ACL) functionality of the standby route processor management interface of Cisco IOS XR Software could allow an unauthenticated, remote attacker to reach the configured IP addresses on the standby route processor management Gigabit… | ||
| CVE-2020-3360 | Med | 0.35 | 5.3 | 0.01 | Jun 18, 2020 | A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management… | ||
| CVE-2020-3245 | Med | 0.35 | 5.3 | 0.01 | Jun 18, 2020 | A vulnerability in the web application of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to create arbitrary user accounts. The vulnerability is due to the lack of authorization controls in the web application. An attacker… | ||
| CVE-2020-3244 | Med | 0.35 | 5.3 | 0.01 | Jun 18, 2020 | A vulnerability in the Enhanced Charging Service (ECS) functionality of Cisco ASR 5000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass the traffic classification rules on an affected device. The vulnerability is due to insufficient… | ||
| CVE-2020-11913 | Med | 0.35 | 5.3 | 0.03 | Jun 17, 2020 | The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read. | ||
| CVE-2020-11911 | Med | 0.35 | 5.3 | 0.03 | Jun 17, 2020 | The Treck TCP/IP stack before 6.0.1.66 has Improper ICMPv4 Access Control. | ||
| CVE-2020-11910 | Med | 0.35 | 5.3 | 0.11 | Jun 17, 2020 | The Treck TCP/IP stack before 6.0.1.66 has an ICMPv4 Out-of-bounds Read. | ||
| CVE-2020-11909 | Med | 0.35 | 5.3 | 0.04 | Jun 17, 2020 | The Treck TCP/IP stack before 6.0.1.66 has an IPv4 Integer Underflow. | ||
| CVE-2020-3339 | Med | 0.35 | 5.4 | 0.01 | Jun 3, 2020 | A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability is due to improper validation of user-submitted parameters. An attacker… | ||
| CVE-2020-3333 | Med | 0.35 | 5.3 | 0.01 | Jun 3, 2020 | A vulnerability in the API of Cisco Application Services Engine Software could allow an unauthenticated, remote attacker to update event policies on an affected device. The vulnerability is due to insufficient authentication of users who modify policies on an affected device. An… | ||
| CVE-2020-3233 | Med | 0.35 | 5.4 | 0.01 | Jun 3, 2020 | A vulnerability in the web-based Local Manager interface of the Cisco IOx Application Framework could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based Local Manager interface of an affected device. The… | ||
| CVE-2020-3315 | Med | 0.35 | 5.3 | 0.02 | May 6, 2020 | Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass the configured file policies on an affected system. The vulnerability is due to errors in how the Snort detection engine handles… | ||
| CVE-2020-3307 | Med | 0.35 | 5.3 | 0.01 | May 6, 2020 | A vulnerability in the web UI of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to write arbitrary entries to the log file on an affected device. The vulnerability is due to insufficient input validation. An attacker could… | ||
| CVE-2020-3188 | Med | 0.35 | 5.3 | 0.02 | May 6, 2020 | A vulnerability in how Cisco Firepower Threat Defense (FTD) Software handles session timeouts for management connections could allow an unauthenticated, remote attacker to cause a buildup of remote management connections to an affected device, which could result in a denial of… | ||
| CVE-2020-3186 | Med | 0.35 | 5.3 | 0.01 | May 6, 2020 | A vulnerability in the management access list configuration of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured management interface access list on an affected system. The vulnerability is due to the… |
- risk 0.35cvss 5.3epss 0.06
An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against…
- risk 0.35cvss 5.3epss 0.01
A vulnerability in the cluster management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. To be affected by this vulnerability, the Cisco SD-WAN vManage Software must be in cluster…
- risk 0.35cvss 5.4epss 0.01
A vulnerability in the web-based management interface of Cisco BroadWorks Messaging Server Software could allow an authenticated, remote attacker to access sensitive information or cause a partial denial of service (DoS) condition on an affected system. This vulnerability is due…
- risk 0.35cvss 5.3epss 0.01
A vulnerability in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to enumerate user accounts. This vulnerability is due to the improper handling of HTTP headers. An attacker could exploit this vulnerability by sending authenticated requests to an…
- risk 0.35cvss 5.3epss 0.01
A vulnerability in the Java Management Extensions (JMX) component of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to cause a denial of service…
- risk 0.35cvss 5.4epss 0.01
A vulnerability in the REST API of Cisco Firepower Device Manager (FDM) On-Box Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected device. This vulnerability is due to the improper handling of XML…
- risk 0.35cvss 5.3epss 0.01
A vulnerability in the Cisco IOx Application Framework of Cisco 809 Industrial Integrated Services Routers (Industrial ISRs), Cisco 829 Industrial ISRs, Cisco CGR 1000 Compute Module, and Cisco IC3000 Industrial Compute Gateway could allow an unauthenticated, remote attacker to…
- risk 0.35cvss 5.3epss 0.01
A vulnerability in the ingress traffic manager of Cisco IOS XE Software for Cisco Network Convergence System (NCS) 520 Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition in the web management interface of an affected device. This…
- risk 0.35cvss 5.3epss 0.01
A vulnerability in the SSH service of the Cisco StarOS operating system could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service (DoS) condition. The vulnerability is due to a logic error that may…
- risk 0.35cvss 5.3epss 0.01
A vulnerability in the Local Packet Transport Services (LPTS) programming of the SNMP with the management plane protection feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to allow connections despite the management plane protection that is…
- risk 0.35cvss 5.4epss 0.01
A vulnerability in the web management interface of Cisco Smart Software Manager satellite could allow an authenticated, remote attacker to redirect a user to an undesired web page. The vulnerability is due to improper input validation of the URL parameters in an HTTP request…
- risk 0.35cvss 5.3epss 0.01
A vulnerability in the web UI of Cisco Umbrella could allow an unauthenticated, remote attacker to negatively affect the performance of this service. The vulnerability exists due to insufficient rate limiting controls in the web UI. An attacker could exploit this vulnerability…
- risk 0.35cvss 5.3epss 0.03
A vulnerability in the system resource management of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) to the health monitor API on an affected device. The vulnerability is due to inadequate provisioning of…
- risk 0.35cvss 5.3epss 0.01
A vulnerability in the authentication for the general purpose APIs implementation of Cisco Email Security Appliance (ESA), Cisco Content Security Management Appliance (SMA), and Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to access general…
- risk 0.35cvss 5.4epss 0.01
A vulnerability in the reclaim host role feature of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an authenticated, remote attacker to take over the host role during a meeting. This vulnerability is due to a lack of protection against brute forcing of the host…
- risk 0.35cvss 5.3epss 0.02
Multiple Cisco products are affected by a vulnerability in the Snort application detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. The vulnerability is due to a flaw in the detection algorithm. An…
- risk 0.35cvss 5.4epss 0.01
A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is…
- risk 0.35cvss 5.3epss 0.02
A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to view sensitive information from the meeting room lobby. This vulnerability is due to insufficient protection of sensitive participant information. An…
- risk 0.35cvss 5.3epss 0.01
A vulnerability in the TLS handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000 Series firewalls could allow an unauthenticated, remote attacker to gain access to sensitive information. The…
- risk 0.35cvss 5.3epss 0.01
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access rule and access parts of the WebVPN portal that are…
- risk 0.35cvss 5.3epss 0.01
A vulnerability in the FTP inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass FTP inspection. The vulnerability is due to ineffective flow tracking of…
- risk 0.35cvss 5.3epss 0.01
A vulnerability in the host input API daemon of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper certificate validation. An…
- risk 0.35cvss 5.4epss 0.01
A vulnerability in the configuration restore feature of Cisco Nexus Data Broker software could allow an unauthenticated, remote attacker to perform a directory traversal attack on an affected device. The vulnerability is due to insufficient validation of configuration backup…
- risk 0.35cvss 5.4epss 0.01
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management…
- risk 0.35cvss 5.4epss 0.01
A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability…
- risk 0.35cvss 5.3epss 0.02
A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to cause repeated crashes in some internal processes…
- risk 0.35cvss 5.3epss 0.01
A vulnerability in the web-based management interface of Cisco AsyncOS software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to insufficient validation of…
- risk 0.35cvss 5.3epss 0.01
A vulnerability in Cisco Webex Training could allow an authenticated, remote attacker to join a password-protected meeting without providing the meeting password. The vulnerability is due to improper validation of input to API requests that are a part of meeting join flow. An…
- risk 0.35cvss 5.3epss 0.02
A vulnerability in a specific REST API of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of user-supplied input to…
- risk 0.35cvss 5.3epss 0.02
A vulnerability in the IPv6 packet processing engine of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of…
- risk 0.35cvss 5.3epss 0.01
A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to view potentially sensitive information on an affected device. The vulnerability is due to incorrect permissions within Apache…
- risk 0.35cvss 5.3epss 0.01
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to obtain confidential information from an affected device. The vulnerability is due to missing authentication on a specific part of…
- risk 0.35cvss 5.4epss 0.01
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates…
- risk 0.35cvss 5.4epss 0.01
A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management…
- risk 0.35cvss 5.3epss 0.01
A vulnerability in the API subsystem of Cisco Meetings App could allow an unauthenticated, remote attacker to retain and reuse the Traversal Using Relay NAT (TURN) server credentials that are configured in an affected system. The vulnerability is due to insufficient protection…
- risk 0.35cvss 5.3epss 0.01
A vulnerability in the access control list (ACL) functionality of the standby route processor management interface of Cisco IOS XR Software could allow an unauthenticated, remote attacker to reach the configured IP addresses on the standby route processor management Gigabit…
- risk 0.35cvss 5.3epss 0.01
A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management…
- risk 0.35cvss 5.3epss 0.01
A vulnerability in the web application of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to create arbitrary user accounts. The vulnerability is due to the lack of authorization controls in the web application. An attacker…
- risk 0.35cvss 5.3epss 0.01
A vulnerability in the Enhanced Charging Service (ECS) functionality of Cisco ASR 5000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass the traffic classification rules on an affected device. The vulnerability is due to insufficient…
- risk 0.35cvss 5.3epss 0.03
The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read.
- risk 0.35cvss 5.3epss 0.03
The Treck TCP/IP stack before 6.0.1.66 has Improper ICMPv4 Access Control.
- risk 0.35cvss 5.3epss 0.11
The Treck TCP/IP stack before 6.0.1.66 has an ICMPv4 Out-of-bounds Read.
- risk 0.35cvss 5.3epss 0.04
The Treck TCP/IP stack before 6.0.1.66 has an IPv4 Integer Underflow.
- risk 0.35cvss 5.4epss 0.01
A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability is due to improper validation of user-submitted parameters. An attacker…
- risk 0.35cvss 5.3epss 0.01
A vulnerability in the API of Cisco Application Services Engine Software could allow an unauthenticated, remote attacker to update event policies on an affected device. The vulnerability is due to insufficient authentication of users who modify policies on an affected device. An…
- risk 0.35cvss 5.4epss 0.01
A vulnerability in the web-based Local Manager interface of the Cisco IOx Application Framework could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based Local Manager interface of an affected device. The…
- risk 0.35cvss 5.3epss 0.02
Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass the configured file policies on an affected system. The vulnerability is due to errors in how the Snort detection engine handles…
- risk 0.35cvss 5.3epss 0.01
A vulnerability in the web UI of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to write arbitrary entries to the log file on an affected device. The vulnerability is due to insufficient input validation. An attacker could…
- risk 0.35cvss 5.3epss 0.02
A vulnerability in how Cisco Firepower Threat Defense (FTD) Software handles session timeouts for management connections could allow an unauthenticated, remote attacker to cause a buildup of remote management connections to an affected device, which could result in a denial of…
- risk 0.35cvss 5.3epss 0.01
A vulnerability in the management access list configuration of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured management interface access list on an affected system. The vulnerability is due to the…
Page 73 of 143