VYPR

Vendor CVEs

Cisco Systems, Inc.

All CVEs

7,102 total · sorted by risk
  • CVE-2020-3185MedMar 4, 2020
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to…

  • CVE-2020-3164MedMar 4, 2020
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated remote attacker to cause high CPU usage on an…

  • CVE-2020-3157MedMar 4, 2020
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient…

  • CVE-2020-3170MedFeb 26, 2020
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an NX-API system process to unexpectedly restart. The vulnerability is due to incorrect validation of the HTTP header of a request that is sent to the NX-API.…

  • CVE-2020-3160MedFeb 19, 2020
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) feature of Cisco Meeting Server software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition for users of XMPP conferencing applications. Other applications and…

  • CVE-2020-3113MedFeb 19, 2020
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to…

  • CVE-2020-3139MedJan 26, 2020
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the out of band (OOB) management interface IP table rule programming for Cisco Application Policy Infrastructure Controller (APIC) could allow an unauthenticated, remote attacker to bypass configured deny entries for specific IP ports. These IP ports would be…

  • CVE-2019-16008MedJan 26, 2020
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the web-based GUI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of an affected system. The…

  • CVE-2019-16003MedJan 26, 2020
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the web-based management interface of Cisco UCS Director could allow an unauthenticated, remote attacker to download system log files from an affected device. The vulnerability is due to an issue in the authentication logic of the web-based management…

  • CVE-2019-15998MedNov 26, 2019
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the access-control logic of the NETCONF over Secure Shell (SSH) of Cisco IOS XR Software may allow connections despite an access control list (ACL) that is configured to deny access to the NETCONF over SSH of an affected device. The vulnerability is due to a…

  • CVE-2019-15990MedNov 26, 2019
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an unauthenticated, remote attacker to view information displayed in the web-based management interface. The vulnerability is due to improper authorization of HTTP…

  • CVE-2019-15988MedNov 26, 2019
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. The vulnerability is due to insufficient input…

  • CVE-2019-15987MedNov 26, 2019
    risk 0.35cvss 5.3epss 0.02

    A vulnerability in web interface of the Cisco Webex Event Center, Cisco Webex Meeting Center, Cisco Webex Support Center, and Cisco Webex Training Center could allow an unauthenticated, remote attacker to guess account usernames. The vulnerability is due to missing CAPTCHA…

  • CVE-2019-15968MedNov 26, 2019
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the web-based management interface of Cisco Unified Communications Domain Manager (Unified CDM) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected…

  • CVE-2019-15960MedNov 26, 2019
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the Webex Network Recording Admin page of Cisco Webex Meetings could allow an authenticated, remote attacker to elevate privileges in the context of the affected page. To exploit this vulnerability, the attacker must be logged in as a low-level administrator.…

  • CVE-2019-1982MedNov 5, 2019
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the HTTP traffic filtering component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The…

  • CVE-2019-1980MedNov 5, 2019
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the protocol detection component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The…

  • CVE-2019-15282MedOct 16, 2019
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker read tcpdump files generated on an affected device. The vulnerability is due an issue in the authentication logic of the…

  • CVE-2019-15270MedOct 16, 2019
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to…

  • CVE-2019-12702MedOct 16, 2019
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to insufficient validation of user-supplied input by the…

  • CVE-2019-12638MedOct 16, 2019
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web-based management interface. The vulnerability is due to…

  • CVE-2019-12637MedOct 16, 2019
    risk 0.35cvss 5.4epss 0.01

    Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web-based management interface. The vulnerabilities are due to…

  • CVE-2019-12620MedSep 18, 2019
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the statistics collection service of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to inject arbitrary values on an affected device. The vulnerability is due to insufficient authentication for the statistics collection service. An…

  • CVE-2019-1969MedAug 30, 2019
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the implementation of the Simple Network Management Protocol (SNMP) Access Control List (ACL) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to perform SNMP polling of an affected device, even if it is configured to deny SNMP…

  • CVE-2019-1922MedJul 6, 2019
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in Cisco SIP IP Phone Software for Cisco IP Phone 7800 Series and 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected phone. The vulnerability is due to insufficient validation of input Session…

  • CVE-2019-1899MedJun 20, 2019
    risk 0.35cvss 5.3epss 0.03

    A vulnerability in the web interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to acquire the list of devices that are connected to the guest network. The vulnerability is due to improper authorization of an HTTP request. An…

  • CVE-2019-1897MedJun 20, 2019
    risk 0.35cvss 5.3epss 0.04

    A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to disconnect clients that are connected to the guest network on an affected router. The vulnerability is due to improper…

  • CVE-2019-1631MedJun 20, 2019
    risk 0.35cvss 5.3epss 0.02

    A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to access potentially sensitive system usage information. The vulnerability is due to a lack of proper data protection…

  • CVE-2019-1629MedJun 20, 2019
    risk 0.35cvss 5.3epss 0.02

    A vulnerability in the configuration import utility of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to have write access and upload arbitrary data to the filesystem. The vulnerability is due to a failure to delete temporarily…

  • CVE-2019-1882MedJun 5, 2019
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in Cisco Industrial Network Director could allow an authenticated, remote attacker to conduct stored cross-site scripting (XSS) attacks. The vulnerability is due to improper validation of content submitted to the affected application. An attacker could exploit…

  • CVE-2019-1872MedJun 5, 2019
    risk 0.35cvss 5.3epss 0.02

    A vulnerability in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway Series software could allow an unauthenticated, remote attacker to cause an affected system to send arbitrary network requests. The vulnerability is due to improper restrictions on…

  • CVE-2019-1842MedJun 5, 2019
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the Secure Shell (SSH) authentication function of Cisco IOS XR Software could allow an authenticated, remote attacker to successfully log in to an affected device using two distinct usernames. The vulnerability is due to a logic error that may occur when…

  • CVE-2019-1733MedMay 15, 2019
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the NX API (NX-API) Sandbox interface for Cisco NX-OS Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the NX-API Sandbox interface of an affected device. The vulnerability is due to…

  • CVE-2019-1844MedMay 3, 2019
    risk 0.35cvss 5.3epss 0.02

    A vulnerability in certain attachment detection mechanisms of the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the filtering functionality of an affected device. The vulnerability is due to improper detection of certain content…

  • CVE-2019-1838MedMay 3, 2019
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected…

  • CVE-2019-1715MedMay 3, 2019
    risk 0.35cvss 5.3epss 0.02

    A vulnerability in the Deterministic Random Bit Generator (DRBG), also known as Pseudorandom Number Generator (PRNG), used in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to…

  • CVE-2019-1705MedMay 3, 2019
    risk 0.35cvss 5.3epss 0.02

    A vulnerability in the remote access VPN session manager of Cisco Adaptive Security Appliance (ASA) Software could allow a unauthenticated, remote attacker to cause a denial of service (DoS) condition on the remote access VPN services. The vulnerability is due to an issue with…

  • CVE-2019-1692MedMay 3, 2019
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) Software could allow an unauthenticated, remote attacker to access sensitive system usage information. The vulnerability is due to a lack of proper data protection…

  • CVE-2019-1837MedApr 18, 2019
    risk 0.35cvss 5.3epss 0.02

    A vulnerability in the User Data Services (UDS) API of Cisco Unified Communications Manager (Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the management GUI. The vulnerability is due to improper validation of input…

  • CVE-2019-1777MedApr 18, 2019
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the web-based interface of the Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against another user of the service. The vulnerability is due to insufficient validation of…

  • CVE-2019-1711MedApr 17, 2019
    risk 0.35cvss 5.3epss 0.02

    A vulnerability in the Event Management Service daemon (emsd) of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of gRPC requests. An attacker…

  • CVE-2018-0382MedApr 17, 2019
    risk 0.35cvss 5.3epss 0.02

    A vulnerability in the session identification management functionality of the web-based interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. The vulnerability exists…

  • CVE-2019-1759MedMar 28, 2019
    risk 0.35cvss 5.3epss 0.04

    A vulnerability in access control list (ACL) functionality of the Gigabit Ethernet Management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to reach the configured IP addresses on the Gigabit Ethernet Management interface. The vulnerability…

  • CVE-2019-1742MedMar 28, 2019
    risk 0.35cvss 5.3epss 0.02

    A vulnerability in the web UI of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access sensitive configuration information. The vulnerability is due to improper access control to files within the web UI. An attacker could exploit this vulnerability by…

  • CVE-2019-1707MedMar 11, 2019
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the web-based management interface of Cisco DNA Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to…

  • CVE-2019-1666MedFeb 21, 2019
    risk 0.35cvss 5.3epss 0.02

    A vulnerability in the Graphite service of Cisco HyperFlex software could allow an unauthenticated, remote attacker to retrieve data from the Graphite service. The vulnerability is due to insufficient authentication controls. An attacker could exploit this vulnerability by…

  • CVE-2019-1673MedFeb 8, 2019
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient input…

  • CVE-2019-1660MedFeb 7, 2019
    risk 0.35cvss 5.3epss 0.02

    A vulnerability in the Simple Object Access Protocol (SOAP) of Cisco TelePresence Management Suite (TMS) software could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to a lack of proper access and…

  • CVE-2018-15466MedJan 11, 2019
    risk 0.35cvss 5.3epss 0.02

    A vulnerability in the Graphite web interface of the Policy and Charging Rules Function (PCRF) of Cisco Policy Suite (CPS) could allow an unauthenticated, remote attacker to access the Graphite web interface. The attacker would need to have access to the internal VLAN where CPS…

  • CVE-2018-15458MedJan 10, 2019
    risk 0.35cvss 5.3epss 0.03

    A vulnerability in the Shell Access Filter feature of Cisco Firepower Management Center (FMC), when used in conjunction with remote authentication, could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition.…

Page 74 of 143