VYPR

Vendor CVEs

Cisco Systems, Inc.

All CVEs

7,106 total · sorted by risk
  • CVE-2025-20221MedMay 7, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability in the packet filtering features of Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to bypass Layer 3 and Layer 4 traffic filters. This vulnerability is due to improper traffic filtering conditions on an affected device. An…

  • CVE-2025-20196MedMay 7, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability in the Cisco IOx application hosting environment of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the Cisco IOx application hosting environment to stop responding, resulting in a denial of service (DoS)…

  • CVE-2025-20150MedApr 16, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to enumerate LDAP user accounts. This vulnerability is due to the improper handling of LDAP authentication requests. An attacker could exploit this vulnerability by sending authentication…

  • CVE-2020-3122MedMar 4, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to obtain sensitive network information.

  • CVE-2019-1815MedMar 4, 2025
    risk 0.34cvss 5.3epss 0.00

    A security vulnerability was discovered in the local status page functionality of Cisco Meraki’s MX67 and MX68 security appliance models that may allow unauthenticated individuals to access and download logs containing sensitive, privileged device information. The…

  • CVE-2024-20397MedDec 4, 2024
    risk 0.34cvss 5.2epss 0.00

    A vulnerability in the bootloader of Cisco NX-OS Software could allow an unauthenticated attacker with physical access to an affected device, or an authenticated, local attacker with administrative credentials, to bypass NX-OS image signature verification. This…

  • CVE-2024-20373MedNov 15, 2024
    risk 0.34cvss 5.3epss 0.01

    A vulnerability in the implementation of the Simple Network Management Protocol (SNMP) IPv4 access control list (ACL) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform SNMP polling of an affected device, even if it…

  • CVE-2024-20445MedNov 6, 2024
    risk 0.34cvss 5.3epss 0.00

    A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to improper storage…

  • CVE-2024-20371MedNov 6, 2024
    risk 0.34cvss 5.3epss 0.00

    A vulnerability in the access control list (ACL) programming of Cisco Nexus 3550-F Switches could allow an unauthenticated, remote attacker to send traffic that should be blocked to the management interface of an affected device. This vulnerability exists because ACL…

  • CVE-2024-20526MedOct 23, 2024
    risk 0.34cvss 5.3epss 0.00

    A vulnerability in the SSH server of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition for the SSH server of an affected device. This vulnerability is due to a logic error when an SSH…

  • CVE-2024-20493MedOct 23, 2024
    risk 0.34cvss 5.3epss 0.01

    A vulnerability in the login authentication functionality of the Remote Access SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to deny further VPN user…

  • CVE-2024-20388MedOct 23, 2024
    risk 0.34cvss 5.3epss 0.00

    A vulnerability in the password change feature of Cisco Firepower Management Center (FMC) software could allow an unauthenticated, remote attacker to determine valid user names on an affected device. This vulnerability is due to improper authentication of password update…

  • CVE-2024-20390MedSep 11, 2024
    risk 0.34cvss 5.3epss 0.00

    A vulnerability in the Dedicated XML Agent feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) on XML TCP listen port 38751. This vulnerability is due to a lack of proper error validation of ingress XML packets.…

  • CVE-2024-20286MedAug 28, 2024
    risk 0.34cvss 5.3epss 0.00

    A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient…

  • CVE-2024-20285MedAug 28, 2024
    risk 0.34cvss 5.3epss 0.00

    A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient…

  • CVE-2024-20284MedAug 28, 2024
    risk 0.34cvss 5.3epss 0.00

    A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient…

  • CVE-2024-20396MedJul 17, 2024
    risk 0.34cvss 5.3epss 0.00

    A vulnerability in the protocol handlers of Cisco Webex App could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability exists because the affected application does not safely handle file protocol handlers. An attacker could…

  • CVE-2024-20328MedMar 1, 2024
    risk 0.34cvss 5.3epss 0.85

    A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application service account.The vulnerability is due to unsafe handling of file names. A local attacker could exploit this vulnerability by…

  • CVE-2023-20232MedAug 16, 2023
    risk 0.34cvss 5.3epss 0.00

    A vulnerability in the Tomcat implementation for Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to cause a web cache poisoning attack on an affected device. This vulnerability is due to improper input validation of HTTP…

  • CVE-2023-20012MedFeb 23, 2023
    risk 0.34cvss 5.3epss 0.00

    A vulnerability in the CLI console login authentication of Cisco Nexus 9300-FX3 Series Fabric Extender (FEX) when used in UCS Fabric Interconnect deployments could allow an unauthenticated attacker with physical access to bypass authentication. This vulnerability is due to the…

  • CVE-2022-20804MedApr 21, 2022
    risk 0.34cvss 5.3epss 0.00

    A vulnerability in the Cisco Discovery Protocol of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, adjacent attacker to cause a kernel panic on an affected…

  • CVE-2021-1527MedJun 4, 2021
    risk 0.34cvss 5.3epss 0.01

    A vulnerability in Cisco Webex Player for Windows and MacOS could allow an attacker to cause the affected software to terminate or to gain access to memory state information that is related to the vulnerable application. The vulnerability is due to insufficient validation of…

  • CVE-2019-15253MedFeb 5, 2020
    risk 0.34cvss 4.8epss 0.03

    A vulnerability in the web-based management interface of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected…

  • CVE-2019-16001MedNov 26, 2019
    risk 0.34cvss 5.3epss 0.00

    A vulnerability in the loading mechanism of specific dynamic link libraries in Cisco Webex Teams for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need to have valid credentials on the…

  • CVE-2019-12703MedOct 16, 2019
    risk 0.34cvss 5.2epss 0.00

    A vulnerability in the web-based management interface of Cisco SPA122 ATA with Router Devices could allow an unauthenticated, adjacent attacker to conduct cross-site scripting attacks. The vulnerability is due to insufficient validation of user-supplied input by the web-based…

  • CVE-2019-1943MedJul 17, 2019
    risk 0.34cvss 4.7epss 0.11

    A vulnerability in the web interface of Cisco Small Business 200, 300, and 500 Series Switches software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP…

  • CVE-2019-1911MedJul 6, 2019
    risk 0.34cvss 5.3epss 0.00

    A vulnerability in the CLI of Cisco Unified Communications Domain Manager (Cisco Unified CDM) Software could allow an authenticated, local attacker to escape the restricted shell. The vulnerability is due to insufficient input validation of shell commands. An attacker could…

  • CVE-2019-1656MedJan 24, 2019
    risk 0.34cvss 5.3epss 0.00

    A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to access the shell of the underlying Linux operating system on the affected device. The vulnerability is due to improper input validation in the…

  • CVE-2018-0412MedAug 15, 2018
    risk 0.34cvss 5.3epss 0.00

    A vulnerability in the implementation of Extensible Authentication Protocol over LAN (EAPOL) functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an unauthenticated, adjacent attacker to…

  • CVE-2017-6781MedAug 17, 2017
    risk 0.34cvss 5.3epss 0.00

    A vulnerability in the management of shell user accounts for Cisco Policy Suite (CPS) Software for CPS appliances could allow an authenticated, local attacker to gain elevated privileges on an affected system. The affected privilege level is not at the root level. The…

  • CVE-2017-3806MedFeb 3, 2017
    risk 0.34cvss 5.3epss 0.00

    A vulnerability in CLI command processing in the Cisco Firepower 4100 Series Next-Generation Firewall and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to inject arbitrary shell commands that are executed by the device. More Information:…

  • CVE-2016-6375MedSep 12, 2016
    risk 0.34cvss 5.3epss 0.01

    Cisco Wireless LAN Controller (WLC) devices before 8.0.140.0, 8.1.x and 8.2.x before 8.2.121.0, and 8.3.x before 8.3.102.0 allow remote attackers to cause a denial of service (device reload) by sending crafted Inter-Access Point Protocol (IAPP) packets and then sending a traffic…

  • CVE-2007-4786MedSep 10, 2007
    risk 0.34cvss 5.3epss 0.01

    Cisco Adaptive Security Appliance (ASA) running PIX 7.0 before 7.0.7.1, 7.1 before 7.1.2.61, 7.2 before 7.2.2.34, and 8.0 before 8.0.2.11, when AAA is enabled, composes %ASA-5-111008 messages from the "test aaa" command with cleartext passwords and sends them over the network to…

  • CVE-2025-20262MedAug 27, 2025
    risk 0.33cvss 5.0epss 0.00

    A vulnerability in the Protocol Independent Multicast Version 6 (PIM6) feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, low-privileged, remote attacker to trigger a crash of the PIM6 process,…

  • CVE-2025-20112MedMay 21, 2025
    risk 0.33cvss 5.1epss 0.00

    A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to excessive permissions that have been assigned to…

  • CVE-2025-20161MedFeb 26, 2025
    risk 0.33cvss 5.1epss 0.00

    A vulnerability in the software upgrade process of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker with valid Administrator credentials to execute a command injection attack on the…

  • CVE-2025-20117MedFeb 26, 2025
    risk 0.33cvss 5.1epss 0.00

    A vulnerability in the CLI of Cisco APIC could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. …

  • CVE-2021-1464MedNov 15, 2024
    risk 0.33cvss 5.0epss 0.01

    A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization checking and gain restricted access to the configuration information of an affected system. This vulnerability exists because the affected software has…

  • CVE-2023-20091MedNov 15, 2024
    risk 0.33cvss 5.1epss 0.00

    A vulnerability in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. This vulnerability is due to improper access controls on files that are on the local file…

  • CVE-2024-20355MedMay 22, 2024
    risk 0.33cvss 5.0epss 0.00

    A vulnerability in the implementation of SAML 2.0 single sign-on (SSO) for remote access VPN services in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to successfully establish a…

  • CVE-2024-20325MedFeb 21, 2024
    risk 0.33cvss 5.1epss 0.00

    A vulnerability in the Live Data server of Cisco Unified Intelligence Center could allow an unauthenticated, local attacker to read and modify data in a repository that belongs to an internal service on an affected device. This vulnerability is due to insufficient access…

  • CVE-2023-20084MedNov 22, 2023
    risk 0.33cvss 5.0epss 0.00

    A vulnerability in the endpoint software of Cisco Secure Endpoint for Windows could allow an authenticated, local attacker to evade endpoint protection within a limited time window. This vulnerability is due to a timing issue that occurs between various software components. An…

  • CVE-2023-20247MedNov 1, 2023
    risk 0.33cvss 5.0epss 0.00

    A vulnerability in the remote access SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to bypass a configured multiple certificate authentication policy and connect…

  • CVE-2023-20256MedNov 1, 2023
    risk 0.33cvss 5.0epss 0.01

    Multiple vulnerabilities in the per-user-override feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access control list (ACL) and allow traffic that…

  • CVE-2022-20676MedApr 15, 2022
    risk 0.33cvss 5.1epss 0.00

    A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root-level privileges. This vulnerability is due to insufficient input validation of data that is passed…

  • CVE-2021-1517MedJun 4, 2021
    risk 0.33cvss 5.0epss 0.01

    A vulnerability in the multimedia viewer feature of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an authenticated, remote attacker to bypass security protections. This vulnerability is due to unsafe handling of shared content within the multimedia viewer…

  • CVE-2021-1281MedMar 24, 2021
    risk 0.33cvss 5.1epss 0.00

    A vulnerability in CLI management in Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system as the root user. This vulnerability is due to the way the software handles concurrent CLI sessions. An attacker could exploit…

  • CVE-2021-1391MedMar 24, 2021
    risk 0.33cvss 5.1epss 0.00

    A vulnerability in the dragonite debugger of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root privilege. The vulnerability is due to the presence of development testing and verification scripts that remained on the…

  • CVE-2021-1390MedMar 24, 2021
    risk 0.33cvss 5.1epss 0.00

    A vulnerability in one of the diagnostic test CLI commands of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary code on an affected device. To exploit this vulnerability, the attacker would need to have valid user credentials at privilege…

  • CVE-2020-3423MedSep 24, 2020
    risk 0.33cvss 5.1epss 0.00

    A vulnerability in the implementation of the Lua interpreter that is integrated in Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary code with root privileges on the underlying Linux operating system (OS) of an affected device. The…

Page 78 of 143