Vendor CVEs
Cisco Systems, Inc.
All CVEs
7,106 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-20221 | Med | 0.34 | 5.3 | 0.00 | May 7, 2025 | A vulnerability in the packet filtering features of Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to bypass Layer 3 and Layer 4 traffic filters. This vulnerability is due to improper traffic filtering conditions on an affected device. An… | ||
| CVE-2025-20196 | Med | 0.34 | 5.3 | 0.00 | May 7, 2025 | A vulnerability in the Cisco IOx application hosting environment of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the Cisco IOx application hosting environment to stop responding, resulting in a denial of service (DoS)… | ||
| CVE-2025-20150 | Med | 0.34 | 5.3 | 0.00 | Apr 16, 2025 | A vulnerability in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to enumerate LDAP user accounts. This vulnerability is due to the improper handling of LDAP authentication requests. An attacker could exploit this vulnerability by sending authentication… | ||
| CVE-2020-3122 | Med | 0.34 | 5.3 | 0.00 | Mar 4, 2025 | A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to obtain sensitive network information. | ||
| CVE-2019-1815 | Med | 0.34 | 5.3 | 0.00 | Mar 4, 2025 | A security vulnerability was discovered in the local status page functionality of Cisco Meraki’s MX67 and MX68 security appliance models that may allow unauthenticated individuals to access and download logs containing sensitive, privileged device information. The… | ||
| CVE-2024-20397 | Med | 0.34 | 5.2 | 0.00 | Dec 4, 2024 | A vulnerability in the bootloader of Cisco NX-OS Software could allow an unauthenticated attacker with physical access to an affected device, or an authenticated, local attacker with administrative credentials, to bypass NX-OS image signature verification. This… | ||
| CVE-2024-20373 | Med | 0.34 | 5.3 | 0.01 | Nov 15, 2024 | A vulnerability in the implementation of the Simple Network Management Protocol (SNMP) IPv4 access control list (ACL) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform SNMP polling of an affected device, even if it… | ||
| CVE-2024-20445 | Med | 0.34 | 5.3 | 0.00 | Nov 6, 2024 | A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to improper storage… | ||
| CVE-2024-20371 | Med | 0.34 | 5.3 | 0.00 | Nov 6, 2024 | A vulnerability in the access control list (ACL) programming of Cisco Nexus 3550-F Switches could allow an unauthenticated, remote attacker to send traffic that should be blocked to the management interface of an affected device. This vulnerability exists because ACL… | ||
| CVE-2024-20526 | Med | 0.34 | 5.3 | 0.00 | Oct 23, 2024 | A vulnerability in the SSH server of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition for the SSH server of an affected device. This vulnerability is due to a logic error when an SSH… | ||
| CVE-2024-20493 | Med | 0.34 | 5.3 | 0.01 | Oct 23, 2024 | A vulnerability in the login authentication functionality of the Remote Access SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to deny further VPN user… | ||
| CVE-2024-20388 | Med | 0.34 | 5.3 | 0.00 | Oct 23, 2024 | A vulnerability in the password change feature of Cisco Firepower Management Center (FMC) software could allow an unauthenticated, remote attacker to determine valid user names on an affected device. This vulnerability is due to improper authentication of password update… | ||
| CVE-2024-20390 | Med | 0.34 | 5.3 | 0.00 | Sep 11, 2024 | A vulnerability in the Dedicated XML Agent feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) on XML TCP listen port 38751. This vulnerability is due to a lack of proper error validation of ingress XML packets.… | ||
| CVE-2024-20286 | Med | 0.34 | 5.3 | 0.00 | Aug 28, 2024 | A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient… | ||
| CVE-2024-20285 | Med | 0.34 | 5.3 | 0.00 | Aug 28, 2024 | A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient… | ||
| CVE-2024-20284 | Med | 0.34 | 5.3 | 0.00 | Aug 28, 2024 | A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient… | ||
| CVE-2024-20396 | Med | 0.34 | 5.3 | 0.00 | Jul 17, 2024 | A vulnerability in the protocol handlers of Cisco Webex App could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability exists because the affected application does not safely handle file protocol handlers. An attacker could… | ||
| CVE-2024-20328 | Med | 0.34 | 5.3 | 0.85 | Mar 1, 2024 | A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application service account.The vulnerability is due to unsafe handling of file names. A local attacker could exploit this vulnerability by… | ||
| CVE-2023-20232 | Med | 0.34 | 5.3 | 0.00 | Aug 16, 2023 | A vulnerability in the Tomcat implementation for Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to cause a web cache poisoning attack on an affected device. This vulnerability is due to improper input validation of HTTP… | ||
| CVE-2023-20012 | Med | 0.34 | 5.3 | 0.00 | Feb 23, 2023 | A vulnerability in the CLI console login authentication of Cisco Nexus 9300-FX3 Series Fabric Extender (FEX) when used in UCS Fabric Interconnect deployments could allow an unauthenticated attacker with physical access to bypass authentication. This vulnerability is due to the… | ||
| CVE-2022-20804 | Med | 0.34 | 5.3 | 0.00 | Apr 21, 2022 | A vulnerability in the Cisco Discovery Protocol of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, adjacent attacker to cause a kernel panic on an affected… | ||
| CVE-2021-1527 | Med | 0.34 | 5.3 | 0.01 | Jun 4, 2021 | A vulnerability in Cisco Webex Player for Windows and MacOS could allow an attacker to cause the affected software to terminate or to gain access to memory state information that is related to the vulnerable application. The vulnerability is due to insufficient validation of… | ||
| CVE-2019-15253 | Med | 0.34 | 4.8 | 0.03 | Feb 5, 2020 | A vulnerability in the web-based management interface of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected… | ||
| CVE-2019-16001 | Med | 0.34 | 5.3 | 0.00 | Nov 26, 2019 | A vulnerability in the loading mechanism of specific dynamic link libraries in Cisco Webex Teams for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need to have valid credentials on the… | ||
| CVE-2019-12703 | Med | 0.34 | 5.2 | 0.00 | Oct 16, 2019 | A vulnerability in the web-based management interface of Cisco SPA122 ATA with Router Devices could allow an unauthenticated, adjacent attacker to conduct cross-site scripting attacks. The vulnerability is due to insufficient validation of user-supplied input by the web-based… | ||
| CVE-2019-1943 | Med | 0.34 | 4.7 | 0.11 | Jul 17, 2019 | A vulnerability in the web interface of Cisco Small Business 200, 300, and 500 Series Switches software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP… | ||
| CVE-2019-1911 | Med | 0.34 | 5.3 | 0.00 | Jul 6, 2019 | A vulnerability in the CLI of Cisco Unified Communications Domain Manager (Cisco Unified CDM) Software could allow an authenticated, local attacker to escape the restricted shell. The vulnerability is due to insufficient input validation of shell commands. An attacker could… | ||
| CVE-2019-1656 | Med | 0.34 | 5.3 | 0.00 | Jan 24, 2019 | A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to access the shell of the underlying Linux operating system on the affected device. The vulnerability is due to improper input validation in the… | ||
| CVE-2018-0412 | Med | 0.34 | 5.3 | 0.00 | Aug 15, 2018 | A vulnerability in the implementation of Extensible Authentication Protocol over LAN (EAPOL) functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an unauthenticated, adjacent attacker to… | ||
| CVE-2017-6781 | Med | 0.34 | 5.3 | 0.00 | Aug 17, 2017 | A vulnerability in the management of shell user accounts for Cisco Policy Suite (CPS) Software for CPS appliances could allow an authenticated, local attacker to gain elevated privileges on an affected system. The affected privilege level is not at the root level. The… | ||
| CVE-2017-3806 | Med | 0.34 | 5.3 | 0.00 | Feb 3, 2017 | A vulnerability in CLI command processing in the Cisco Firepower 4100 Series Next-Generation Firewall and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to inject arbitrary shell commands that are executed by the device. More Information:… | ||
| CVE-2016-6375 | Med | 0.34 | 5.3 | 0.01 | Sep 12, 2016 | Cisco Wireless LAN Controller (WLC) devices before 8.0.140.0, 8.1.x and 8.2.x before 8.2.121.0, and 8.3.x before 8.3.102.0 allow remote attackers to cause a denial of service (device reload) by sending crafted Inter-Access Point Protocol (IAPP) packets and then sending a traffic… | ||
| CVE-2007-4786 | Med | 0.34 | 5.3 | 0.01 | Sep 10, 2007 | Cisco Adaptive Security Appliance (ASA) running PIX 7.0 before 7.0.7.1, 7.1 before 7.1.2.61, 7.2 before 7.2.2.34, and 8.0 before 8.0.2.11, when AAA is enabled, composes %ASA-5-111008 messages from the "test aaa" command with cleartext passwords and sends them over the network to… | ||
| CVE-2025-20262 | Med | 0.33 | 5.0 | 0.00 | Aug 27, 2025 | A vulnerability in the Protocol Independent Multicast Version 6 (PIM6) feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, low-privileged, remote attacker to trigger a crash of the PIM6 process,… | ||
| CVE-2025-20112 | Med | 0.33 | 5.1 | 0.00 | May 21, 2025 | A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to excessive permissions that have been assigned to… | ||
| CVE-2025-20161 | Med | 0.33 | 5.1 | 0.00 | Feb 26, 2025 | A vulnerability in the software upgrade process of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker with valid Administrator credentials to execute a command injection attack on the… | ||
| CVE-2025-20117 | Med | 0.33 | 5.1 | 0.00 | Feb 26, 2025 | A vulnerability in the CLI of Cisco APIC could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. … | ||
| CVE-2021-1464 | Med | 0.33 | 5.0 | 0.01 | Nov 15, 2024 | A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization checking and gain restricted access to the configuration information of an affected system. This vulnerability exists because the affected software has… | ||
| CVE-2023-20091 | Med | 0.33 | 5.1 | 0.00 | Nov 15, 2024 | A vulnerability in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. This vulnerability is due to improper access controls on files that are on the local file… | ||
| CVE-2024-20355 | Med | 0.33 | 5.0 | 0.00 | May 22, 2024 | A vulnerability in the implementation of SAML 2.0 single sign-on (SSO) for remote access VPN services in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to successfully establish a… | ||
| CVE-2024-20325 | Med | 0.33 | 5.1 | 0.00 | Feb 21, 2024 | A vulnerability in the Live Data server of Cisco Unified Intelligence Center could allow an unauthenticated, local attacker to read and modify data in a repository that belongs to an internal service on an affected device. This vulnerability is due to insufficient access… | ||
| CVE-2023-20084 | Med | 0.33 | 5.0 | 0.00 | Nov 22, 2023 | A vulnerability in the endpoint software of Cisco Secure Endpoint for Windows could allow an authenticated, local attacker to evade endpoint protection within a limited time window. This vulnerability is due to a timing issue that occurs between various software components. An… | ||
| CVE-2023-20247 | Med | 0.33 | 5.0 | 0.00 | Nov 1, 2023 | A vulnerability in the remote access SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to bypass a configured multiple certificate authentication policy and connect… | ||
| CVE-2023-20256 | Med | 0.33 | 5.0 | 0.01 | Nov 1, 2023 | Multiple vulnerabilities in the per-user-override feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access control list (ACL) and allow traffic that… | ||
| CVE-2022-20676 | Med | 0.33 | 5.1 | 0.00 | Apr 15, 2022 | A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root-level privileges. This vulnerability is due to insufficient input validation of data that is passed… | ||
| CVE-2021-1517 | Med | 0.33 | 5.0 | 0.01 | Jun 4, 2021 | A vulnerability in the multimedia viewer feature of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an authenticated, remote attacker to bypass security protections. This vulnerability is due to unsafe handling of shared content within the multimedia viewer… | ||
| CVE-2021-1281 | Med | 0.33 | 5.1 | 0.00 | Mar 24, 2021 | A vulnerability in CLI management in Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system as the root user. This vulnerability is due to the way the software handles concurrent CLI sessions. An attacker could exploit… | ||
| CVE-2021-1391 | Med | 0.33 | 5.1 | 0.00 | Mar 24, 2021 | A vulnerability in the dragonite debugger of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root privilege. The vulnerability is due to the presence of development testing and verification scripts that remained on the… | ||
| CVE-2021-1390 | Med | 0.33 | 5.1 | 0.00 | Mar 24, 2021 | A vulnerability in one of the diagnostic test CLI commands of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary code on an affected device. To exploit this vulnerability, the attacker would need to have valid user credentials at privilege… | ||
| CVE-2020-3423 | Med | 0.33 | 5.1 | 0.00 | Sep 24, 2020 | A vulnerability in the implementation of the Lua interpreter that is integrated in Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary code with root privileges on the underlying Linux operating system (OS) of an affected device. The… |
- risk 0.34cvss 5.3epss 0.00
A vulnerability in the packet filtering features of Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to bypass Layer 3 and Layer 4 traffic filters. This vulnerability is due to improper traffic filtering conditions on an affected device. An…
- risk 0.34cvss 5.3epss 0.00
A vulnerability in the Cisco IOx application hosting environment of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the Cisco IOx application hosting environment to stop responding, resulting in a denial of service (DoS)…
- risk 0.34cvss 5.3epss 0.00
A vulnerability in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to enumerate LDAP user accounts. This vulnerability is due to the improper handling of LDAP authentication requests. An attacker could exploit this vulnerability by sending authentication…
- risk 0.34cvss 5.3epss 0.00
A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to obtain sensitive network information.
- risk 0.34cvss 5.3epss 0.00
A security vulnerability was discovered in the local status page functionality of Cisco Meraki’s MX67 and MX68 security appliance models that may allow unauthenticated individuals to access and download logs containing sensitive, privileged device information. The…
- risk 0.34cvss 5.2epss 0.00
A vulnerability in the bootloader of Cisco NX-OS Software could allow an unauthenticated attacker with physical access to an affected device, or an authenticated, local attacker with administrative credentials, to bypass NX-OS image signature verification. This…
- risk 0.34cvss 5.3epss 0.01
A vulnerability in the implementation of the Simple Network Management Protocol (SNMP) IPv4 access control list (ACL) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform SNMP polling of an affected device, even if it…
- risk 0.34cvss 5.3epss 0.00
A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to improper storage…
- risk 0.34cvss 5.3epss 0.00
A vulnerability in the access control list (ACL) programming of Cisco Nexus 3550-F Switches could allow an unauthenticated, remote attacker to send traffic that should be blocked to the management interface of an affected device. This vulnerability exists because ACL…
- risk 0.34cvss 5.3epss 0.00
A vulnerability in the SSH server of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition for the SSH server of an affected device. This vulnerability is due to a logic error when an SSH…
- risk 0.34cvss 5.3epss 0.01
A vulnerability in the login authentication functionality of the Remote Access SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to deny further VPN user…
- risk 0.34cvss 5.3epss 0.00
A vulnerability in the password change feature of Cisco Firepower Management Center (FMC) software could allow an unauthenticated, remote attacker to determine valid user names on an affected device. This vulnerability is due to improper authentication of password update…
- risk 0.34cvss 5.3epss 0.00
A vulnerability in the Dedicated XML Agent feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) on XML TCP listen port 38751. This vulnerability is due to a lack of proper error validation of ingress XML packets.…
- risk 0.34cvss 5.3epss 0.00
A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient…
- risk 0.34cvss 5.3epss 0.00
A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient…
- risk 0.34cvss 5.3epss 0.00
A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient…
- risk 0.34cvss 5.3epss 0.00
A vulnerability in the protocol handlers of Cisco Webex App could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability exists because the affected application does not safely handle file protocol handlers. An attacker could…
- risk 0.34cvss 5.3epss 0.85
A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application service account.The vulnerability is due to unsafe handling of file names. A local attacker could exploit this vulnerability by…
- risk 0.34cvss 5.3epss 0.00
A vulnerability in the Tomcat implementation for Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to cause a web cache poisoning attack on an affected device. This vulnerability is due to improper input validation of HTTP…
- risk 0.34cvss 5.3epss 0.00
A vulnerability in the CLI console login authentication of Cisco Nexus 9300-FX3 Series Fabric Extender (FEX) when used in UCS Fabric Interconnect deployments could allow an unauthenticated attacker with physical access to bypass authentication. This vulnerability is due to the…
- risk 0.34cvss 5.3epss 0.00
A vulnerability in the Cisco Discovery Protocol of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, adjacent attacker to cause a kernel panic on an affected…
- risk 0.34cvss 5.3epss 0.01
A vulnerability in Cisco Webex Player for Windows and MacOS could allow an attacker to cause the affected software to terminate or to gain access to memory state information that is related to the vulnerable application. The vulnerability is due to insufficient validation of…
- risk 0.34cvss 4.8epss 0.03
A vulnerability in the web-based management interface of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected…
- risk 0.34cvss 5.3epss 0.00
A vulnerability in the loading mechanism of specific dynamic link libraries in Cisco Webex Teams for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need to have valid credentials on the…
- risk 0.34cvss 5.2epss 0.00
A vulnerability in the web-based management interface of Cisco SPA122 ATA with Router Devices could allow an unauthenticated, adjacent attacker to conduct cross-site scripting attacks. The vulnerability is due to insufficient validation of user-supplied input by the web-based…
- risk 0.34cvss 4.7epss 0.11
A vulnerability in the web interface of Cisco Small Business 200, 300, and 500 Series Switches software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP…
- risk 0.34cvss 5.3epss 0.00
A vulnerability in the CLI of Cisco Unified Communications Domain Manager (Cisco Unified CDM) Software could allow an authenticated, local attacker to escape the restricted shell. The vulnerability is due to insufficient input validation of shell commands. An attacker could…
- risk 0.34cvss 5.3epss 0.00
A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to access the shell of the underlying Linux operating system on the affected device. The vulnerability is due to improper input validation in the…
- risk 0.34cvss 5.3epss 0.00
A vulnerability in the implementation of Extensible Authentication Protocol over LAN (EAPOL) functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an unauthenticated, adjacent attacker to…
- risk 0.34cvss 5.3epss 0.00
A vulnerability in the management of shell user accounts for Cisco Policy Suite (CPS) Software for CPS appliances could allow an authenticated, local attacker to gain elevated privileges on an affected system. The affected privilege level is not at the root level. The…
- risk 0.34cvss 5.3epss 0.00
A vulnerability in CLI command processing in the Cisco Firepower 4100 Series Next-Generation Firewall and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to inject arbitrary shell commands that are executed by the device. More Information:…
- risk 0.34cvss 5.3epss 0.01
Cisco Wireless LAN Controller (WLC) devices before 8.0.140.0, 8.1.x and 8.2.x before 8.2.121.0, and 8.3.x before 8.3.102.0 allow remote attackers to cause a denial of service (device reload) by sending crafted Inter-Access Point Protocol (IAPP) packets and then sending a traffic…
- risk 0.34cvss 5.3epss 0.01
Cisco Adaptive Security Appliance (ASA) running PIX 7.0 before 7.0.7.1, 7.1 before 7.1.2.61, 7.2 before 7.2.2.34, and 8.0 before 8.0.2.11, when AAA is enabled, composes %ASA-5-111008 messages from the "test aaa" command with cleartext passwords and sends them over the network to…
- risk 0.33cvss 5.0epss 0.00
A vulnerability in the Protocol Independent Multicast Version 6 (PIM6) feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, low-privileged, remote attacker to trigger a crash of the PIM6 process,…
- risk 0.33cvss 5.1epss 0.00
A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to excessive permissions that have been assigned to…
- risk 0.33cvss 5.1epss 0.00
A vulnerability in the software upgrade process of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker with valid Administrator credentials to execute a command injection attack on the…
- risk 0.33cvss 5.1epss 0.00
A vulnerability in the CLI of Cisco APIC could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. …
- risk 0.33cvss 5.0epss 0.01
A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization checking and gain restricted access to the configuration information of an affected system. This vulnerability exists because the affected software has…
- risk 0.33cvss 5.1epss 0.00
A vulnerability in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. This vulnerability is due to improper access controls on files that are on the local file…
- risk 0.33cvss 5.0epss 0.00
A vulnerability in the implementation of SAML 2.0 single sign-on (SSO) for remote access VPN services in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to successfully establish a…
- risk 0.33cvss 5.1epss 0.00
A vulnerability in the Live Data server of Cisco Unified Intelligence Center could allow an unauthenticated, local attacker to read and modify data in a repository that belongs to an internal service on an affected device. This vulnerability is due to insufficient access…
- risk 0.33cvss 5.0epss 0.00
A vulnerability in the endpoint software of Cisco Secure Endpoint for Windows could allow an authenticated, local attacker to evade endpoint protection within a limited time window. This vulnerability is due to a timing issue that occurs between various software components. An…
- risk 0.33cvss 5.0epss 0.00
A vulnerability in the remote access SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to bypass a configured multiple certificate authentication policy and connect…
- risk 0.33cvss 5.0epss 0.01
Multiple vulnerabilities in the per-user-override feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access control list (ACL) and allow traffic that…
- risk 0.33cvss 5.1epss 0.00
A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root-level privileges. This vulnerability is due to insufficient input validation of data that is passed…
- risk 0.33cvss 5.0epss 0.01
A vulnerability in the multimedia viewer feature of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an authenticated, remote attacker to bypass security protections. This vulnerability is due to unsafe handling of shared content within the multimedia viewer…
- risk 0.33cvss 5.1epss 0.00
A vulnerability in CLI management in Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system as the root user. This vulnerability is due to the way the software handles concurrent CLI sessions. An attacker could exploit…
- risk 0.33cvss 5.1epss 0.00
A vulnerability in the dragonite debugger of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root privilege. The vulnerability is due to the presence of development testing and verification scripts that remained on the…
- risk 0.33cvss 5.1epss 0.00
A vulnerability in one of the diagnostic test CLI commands of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary code on an affected device. To exploit this vulnerability, the attacker would need to have valid user credentials at privilege…
- risk 0.33cvss 5.1epss 0.00
A vulnerability in the implementation of the Lua interpreter that is integrated in Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary code with root privileges on the underlying Linux operating system (OS) of an affected device. The…
Page 78 of 143