VYPR

Vendor CVEs

Cisco Systems, Inc.

All CVEs

7,103 total · sorted by risk
  • CVE-2017-12269MedOct 5, 2017
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the web UI of Cisco Spark Messaging Software could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack. The vulnerability is due to insufficient input validation by the web UI of the affected software. An attacker…

  • CVE-2017-12267MedOct 5, 2017
    risk 0.35cvss 5.3epss 0.02

    A vulnerability in the Independent Computing Architecture (ICA) accelerator feature for the Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause an ICA application optimization-related process to restart, resulting in a partial…

  • CVE-2017-12264MedOct 5, 2017
    risk 0.35cvss 5.3epss 0.02

    A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient bound checks performed by the affected software. An attacker could exploit…

  • CVE-2017-12250MedSep 21, 2017
    risk 0.35cvss 5.3epss 0.03

    A vulnerability in the HTTP web interface for Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause an HTTP Application Optimization (AO) related process to restart, causing a partial denial of service (DoS) condition. The…

  • CVE-2017-12227MedSep 7, 2017
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the SQL database interface for Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a blind SQL injection attack. The vulnerability is due to a failure to validate user-supplied input used in SQL queries that bypass protection…

  • CVE-2017-12221MedSep 7, 2017
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected software. The vulnerability is due to insufficient…

  • CVE-2017-12217MedSep 7, 2017
    risk 0.35cvss 5.3epss 0.02

    A vulnerability in the General Packet Radio Service (GPRS) Tunneling Protocol ingress packet handler of Cisco ASR 5500 System Architecture Evolution (SAE) Gateways could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition on an affected…

  • CVE-2017-12211MedSep 7, 2017
    risk 0.35cvss 5.3epss 0.02

    A vulnerability in the IPv6 Simple Network Management Protocol (SNMP) code of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to cause high CPU usage or a reload of the device. The vulnerability is due to IPv6 sub block corruption. An attacker…

  • CVE-2017-6784MedAug 17, 2017
    risk 0.35cvss 5.3epss 0.02

    A vulnerability in the web interface of the Cisco RV340, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The…

  • CVE-2017-6782MedAug 17, 2017
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the administrative web interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to modify a page in the web interface of the affected application. The vulnerability is due to improper sanitization of parameter values by the…

  • CVE-2017-6769MedAug 7, 2017
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the web-based management interface of the Cisco Secure Access Control System (ACS) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of the affected system. More Information:…

  • CVE-2017-6764MedAug 7, 2017
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) 9.5(1) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The…

  • CVE-2017-9491MedJul 31, 2017
    risk 0.35cvss 5.3epss 0.01

    The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST); Cisco DPC3941T (firmware…

  • CVE-2017-6749MedJul 25, 2017
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. Affected…

  • CVE-2017-6734MedJul 10, 2017
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected device, related to the Guest…

  • CVE-2017-6730MedJul 10, 2017
    risk 0.35cvss 5.3epss 0.02

    A vulnerability in the web-based GUI of Cisco Wide Area Application Services (WAAS) Central Manager could allow an unauthenticated, remote attacker to retrieve completed reports from an affected system, aka Information Disclosure. This vulnerability affects the following…

  • CVE-2017-6727MedJul 10, 2017
    risk 0.35cvss 5.3epss 0.02

    A vulnerability in the Server Message Block (SMB) protocol of Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device due to a process restarting unexpectedly and creating Core…

  • CVE-2017-6721MedJul 4, 2017
    risk 0.35cvss 5.3epss 0.02

    A vulnerability in the ingress processing of fragmented TCP packets by Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause the WAASNET process to restart unexpectedly, causing a denial of service (DoS) condition. More Information:…

  • CVE-2017-6717MedJul 4, 2017
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. More Information: CSCvc38801. Known Affected Releases: 6.0.1.3 6.2.1. Known…

  • CVE-2017-6716MedJul 4, 2017
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the web framework code of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of an affected system. Affected Products: Cisco Firepower…

  • CVE-2017-6715MedJul 4, 2017
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. Affected Products: Cisco Firepower Management Center Releases 5.4.1.x and…

  • CVE-2017-6698MedJul 4, 2017
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) SQL database interface could allow an authenticated, remote attacker to impact the confidentiality and integrity of the application by executing arbitrary SQL queries, aka SQL…

  • CVE-2017-6605MedJul 4, 2017
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a reflective cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More…

  • CVE-2017-6647MedMay 22, 2017
    risk 0.35cvss 5.3epss 0.03

    A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Temporary File information on an affected system. The vulnerability exists because the affected software does not sufficiently…

  • CVE-2017-6646MedMay 22, 2017
    risk 0.35cvss 5.3epss 0.03

    A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Order information on an affected system. The vulnerability exists because the affected software does not sufficiently protect…

  • CVE-2017-6645MedMay 22, 2017
    risk 0.35cvss 5.3epss 0.03

    A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Virtual Temporary Directory information on an affected system. The vulnerability exists because the affected software does not…

  • CVE-2017-6644MedMay 22, 2017
    risk 0.35cvss 5.3epss 0.03

    A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect…

  • CVE-2017-6643MedMay 22, 2017
    risk 0.35cvss 5.3epss 0.03

    A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Virtual Directory information on an affected system. The vulnerability exists because the affected software does not…

  • CVE-2017-6642MedMay 22, 2017
    risk 0.35cvss 5.3epss 0.03

    A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect…

  • CVE-2017-6630MedMay 22, 2017
    risk 0.35cvss 5.3epss 0.02

    A vulnerability in the Session Initiation Protocol (SIP) implementation of Cisco IP Phone 8851 11.0(0.1) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to an abnormal SIP message. An attacker could exploit…

  • CVE-2017-6629MedMay 3, 2017
    risk 0.35cvss 5.3epss 0.03

    A vulnerability in the ImageID parameter of Cisco Unity Connection 10.5(2) could allow an unauthenticated, remote attacker to access files in arbitrary locations on the filesystem of an affected device. The issue is due to improper sanitization of user-supplied input in HTTP…

  • CVE-2017-6626MedMay 3, 2017
    risk 0.35cvss 5.3epss 0.02

    A vulnerability in the Cisco Finesse Notification Service for Cisco Unified Contact Center Enterprise (UCCE) 11.5(1) and 11.6(1) could allow an unauthenticated, remote attacker to retrieve information from agents using the Finesse Desktop. The vulnerability is due to the…

  • CVE-2017-6624MedMay 3, 2017
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in Cisco IOS 15.5(3)M Software for Cisco CallManager Express (CME) could allow an unauthenticated, remote attacker to make unauthorized phone calls. The vulnerability is due to a configuration restriction in the toll-fraud protections component of the affected…

  • CVE-2017-6618MedApr 20, 2017
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack. The vulnerability is due to insufficient validation of user-supplied input by the affected…

  • CVE-2017-6617MedApr 20, 2017
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the session identification management functionality of the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. The vulnerability exists…

  • CVE-2017-6599MedApr 7, 2017
    risk 0.35cvss 5.3epss 0.02

    A vulnerability in Google-defined remote procedure call (gRPC) handling in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon (emsd) to crash due to a system memory leak, resulting in a denial of service (DoS)…

  • CVE-2017-3888MedApr 7, 2017
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This…

  • CVE-2016-9195MedApr 7, 2017
    risk 0.35cvss 5.3epss 0.02

    A vulnerability in RADIUS Change of Authorization (CoA) request processing in the Cisco Wireless LAN Controller (WLC) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition by disconnecting a single connection. This vulnerability affects…

  • CVE-2017-3879MedMar 17, 2017
    risk 0.35cvss 5.3epss 0.02

    A Denial of Service vulnerability in the remote login functionality for Cisco NX-OS Software running on Cisco Nexus 9000 Series Switches could allow an unauthenticated, remote attacker to cause a process used for login to terminate unexpectedly and the login attempt to fail.…

  • CVE-2017-3878MedMar 17, 2017
    risk 0.35cvss 5.3epss 0.02

    A Denial of Service vulnerability in the Telnet remote login functionality of Cisco NX-OS Software running on Cisco Nexus 9000 Series Switches could allow an unauthenticated, remote attacker to cause a Telnet process used for login to terminate unexpectedly and the login attempt…

  • CVE-2017-3875MedMar 17, 2017
    risk 0.35cvss 5.3epss 0.02

    An Access-Control Filtering Mechanisms Bypass vulnerability in certain access-control filtering mechanisms on Cisco Nexus 7000 Series Switches could allow an unauthenticated, remote attacker to bypass defined traffic configured within an access control list (ACL) on the affected…

  • CVE-2017-3874MedMar 17, 2017
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the web framework of Cisco Unified Communications Manager (CallManager) could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack. More Information: CSCvb70033. Known Affected Releases: 11.5(1.11007.2). Known Fixed Releases:…

  • CVE-2017-3869MedMar 17, 2017
    risk 0.35cvss 5.4epss 0.01

    An API Credentials Management vulnerability in the APIs for Cisco Prime Infrastructure could allow an authenticated, remote attacker to access an API that should be restricted to a privileged user. The attacker needs to have valid credentials. More Information: CSCuy36192. Known…

  • CVE-2017-3867MedMar 17, 2017
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the Border Gateway Protocol (BGP) Bidirectional Forwarding Detection (BFD) implementation of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to bypass the access control list (ACL) for specific TCP and UDP…

  • CVE-2017-3815MedMar 17, 2017
    risk 0.35cvss 5.3epss 0.01

    An API Privilege vulnerability in Cisco TelePresence Server Software could allow an unauthenticated, remote attacker to emulate Cisco TelePresence Server endpoints. Affected Products: This vulnerability affects Cisco TelePresence Server MSE 8710 Processors that are running a…

  • CVE-2017-3847MedFeb 22, 2017
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. More Information: CSCvc72741. Known Affected Releases: 6.2.1.

  • CVE-2017-3842MedFeb 22, 2017
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the web-based management interface of the Cisco Intrusion Prevention System Device Manager (IDM) could allow an unauthenticated, remote attacker to view sensitive information stored in certain HTML comments. More Information: CSCuh91455. Known Affected…

  • CVE-2017-3822MedFeb 3, 2017
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the logging subsystem of the Cisco Firepower Threat Defense (FTD) Firepower Device Manager (FDM) could allow an unauthenticated, remote attacker to add arbitrary entries to the audit log. This vulnerability affects Cisco Firepower Threat Defense Software…

  • CVE-2017-3810MedFeb 3, 2017
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the web framework of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a web URL redirect attack against a user who is logged in to an affected system. More Information: CSCvb21745. Known Affected Releases: 10.0_R2_tanggula.

  • CVE-2017-3805MedJan 26, 2017
    risk 0.35cvss 5.3epss 0.02

    A vulnerability in the web-based management interface of Cisco IOS and Cisco IOx Software could allow an unauthenticated, remote attacker to view confidential information that is displayed without authenticating to the device. Affected Products: This vulnerability affects Cisco…

Page 76 of 143