VYPR

Vendor CVEs

Cisco Systems, Inc.

All CVEs

7,106 total · sorted by risk
  • CVE-2020-3472MedAug 17, 2020
    risk 0.33cvss 5.0epss 0.01

    A vulnerability in the contacts feature of Cisco Webex Meetings could allow an authenticated, remote attacker with a legitimate user account to access sensitive information. The vulnerability is due to improper access restrictions on users who are added within user contacts. An…

  • CVE-2019-1794MedApr 18, 2019
    risk 0.33cvss 5.1epss 0.00

    A vulnerability in the search path processing of Cisco Directory Connector could allow an authenticated, local attacker to load a binary of their choosing. The vulnerability is due to uncontrolled search path elements. An attacker could exploit this vulnerability by placing a…

  • CVE-2019-1679MedFeb 7, 2019
    risk 0.33cvss 5.0epss 0.02

    A vulnerability in the web interface of Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server (VCS) Software could allow an authenticated, remote attacker to trigger an HTTP request from an affected server to an arbitrary host.…

  • CVE-2017-12297MedNov 30, 2017
    risk 0.33cvss 5.0epss 0.01

    A vulnerability in Cisco WebEx Meeting Center could allow an authenticated, remote attacker to initiate connections to arbitrary hosts, aka a "URL Redirection Vulnerability." The vulnerability is due to insufficient access control for HTTP traffic directed to the Cisco WebEx…

  • CVE-2017-6774MedAug 17, 2017
    risk 0.33cvss 5.0epss 0.01

    A vulnerability in Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify sensitive system files. The vulnerability is due to the inclusion of sensitive system files within…

  • CVE-2017-6706MedJul 4, 2017
    risk 0.33cvss 5.1epss 0.00

    A vulnerability in the logging subsystem of the Cisco Prime Collaboration Provisioning tool could allow an unauthenticated, local attacker to acquire sensitive information. More Information: CSCvd07260. Known Affected Releases: 12.1.

  • CVE-2026-28967MedMay 11, 2026
    risk 0.32cvss 4.9epss 0.00

    A denial-of-service issue was addressed with improved input validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4. An attacker in a privileged network position may be able to cause a denial-of-service.

  • CVE-2026-20148MedApr 15, 2026
    risk 0.32cvss 4.9epss 0.09

    A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to perform path traversal attacks on the underlying operating system and read arbitrary files. To exploit this vulnerability, the attacker must have valid administrative credentials. …

  • CVE-2026-20174MedApr 1, 2026
    risk 0.32cvss 4.9epss 0.00

    A vulnerability in the Metadata update feature of Cisco Nexus Dashboard Insights could allow an authenticated, remote attacker to write arbitrary files to an affected system. This vulnerability is due to insufficient validation of the metadata update file. An attacker could…

  • CVE-2026-20029MedJan 7, 2026
    risk 0.32cvss 4.9epss 0.06

    A vulnerability in the licensing features of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker with administrative privileges to gain access to sensitive information. This…

  • CVE-2025-20345MedAug 20, 2025
    risk 0.32cvss 4.9epss 0.00

    A vulnerability in the debug logging function of Cisco Duo Authentication Proxy could allow an authenticated, high-privileged, remote attacker to view sensitive information in a system log file. This vulnerability is due to insufficient masking of sensitive information before…

  • CVE-2025-20131MedAug 20, 2025
    risk 0.32cvss 4.9epss 0.00

    A vulnerability in the GUI of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative privileges to upload files to an affected device. This vulnerability is due to improper validation of the file copy function. An attacker could…

  • CVE-2025-20130MedJun 4, 2025
    risk 0.32cvss 4.9epss 0.00

    A vulnerability in the API of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker with administrative privileges to upload files to an affected device. This vulnerability is due to improper…

  • CVE-2021-1461MedNov 18, 2024
    risk 0.32cvss 4.9epss 0.00

    A vulnerability in the Image Signature Verification feature of Cisco SD-WAN Software could allow an authenticated, remote attacker with Administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper…

  • CVE-2021-1470MedNov 15, 2024
    risk 0.32cvss 4.9epss 0.01

    A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to improper input validation of SQL queries to an affected…

  • CVE-2024-20352MedApr 3, 2024
    risk 0.32cvss 4.9epss 0.01

    A vulnerability in Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a directory traversal attack, which could allow the attacker to perform arbitrary actions on an affected device. This vulnerability is due to insufficient protections for the…

  • CVE-2023-20194MedSep 7, 2023
    risk 0.32cvss 4.9epss 0.01

    A vulnerability in the ERS API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. To exploit this vulnerability, an attacker must have valid Administrator-level privileges on the affected…

  • CVE-2023-20207MedJul 12, 2023
    risk 0.32cvss 4.9epss 0.00

    A vulnerability in the logging component of Cisco Duo Authentication Proxy could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability exists because certain unencrypted credentials are stored. An…

  • CVE-2023-20174MedMay 18, 2023
    risk 0.32cvss 4.9epss 0.01

    Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to read arbitrary files or conduct a server-side request forgery (SSRF) attack through an affected device. To exploit these…

  • CVE-2023-20173MedMay 18, 2023
    risk 0.32cvss 4.9epss 0.01

    Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to read arbitrary files or conduct a server-side request forgery (SSRF) attack through an affected device. To exploit these…

  • CVE-2023-20087MedMay 18, 2023
    risk 0.32cvss 4.9epss 0.01

    Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to download arbitrary files from the filesystem of an affected device. These vulnerabilities are due to insufficient input…

  • CVE-2023-20077MedMay 18, 2023
    risk 0.32cvss 4.9epss 0.01

    Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to download arbitrary files from the filesystem of an affected device. These vulnerabilities are due to insufficient input…

  • CVE-2023-20103MedApr 5, 2023
    risk 0.32cvss 4.9epss 0.01

    A vulnerability in Cisco Secure Network Analytics could allow an authenticated, remote attacker to execute arbitrary code as a root user on an affected device. This vulnerability is due to insufficient validation of user input to the web interface. An attacker could exploit this…

  • CVE-2023-20045MedJan 20, 2023
    risk 0.32cvss 4.9epss 0.01

    A vulnerability in the web-based management interface of Cisco Small Business RV160 and RV260 Series VPN Routers could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to…

  • CVE-2022-20914MedAug 10, 2022
    risk 0.32cvss 4.9epss 0.01

    A vulnerability in the External RESTful Services (ERS) API of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to obtain sensitive information. This vulnerability is due to excessive verbosity in a specific REST API output. An attacker…

  • CVE-2022-20913MedJul 22, 2022
    risk 0.32cvss 4.9epss 0.01

    A vulnerability in Cisco Nexus Dashboard could allow an authenticated, remote attacker to write arbitrary files on an affected device. This vulnerability is due to insufficient input validation in the web-based management interface of Cisco Nexus Dashboard. An attacker with…

  • CVE-2022-20768MedJul 6, 2022
    risk 0.32cvss 4.9epss 0.01

    A vulnerability in the logging component of Cisco TelePresence Collaboration Endpoint (CE) and RoomOS Software could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability is due to the storage of certain…

  • CVE-2022-20789MedApr 21, 2022
    risk 0.32cvss 4.9epss 0.01

    A vulnerability in the software upgrade process of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to write arbitrary files on the affected…

  • CVE-2021-40130MedNov 19, 2021
    risk 0.32cvss 4.9epss 0.01

    A vulnerability in the web application of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to specify non-log files as sources for syslog reporting. This vulnerability is due to improper restriction of the syslog configuration. An…

  • CVE-2021-40129MedNov 19, 2021
    risk 0.32cvss 4.9epss 0.01

    A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to submit a SQL query through the CSPC configuration dashboard. This vulnerability is due to insufficient input validation of uploaded…

  • CVE-2021-34774MedNov 4, 2021
    risk 0.32cvss 4.9epss 0.01

    A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to access sensitive data on an affected system. This vulnerability exists because the application does not sufficiently protect…

  • CVE-2021-34757MedOct 6, 2021
    risk 0.32cvss 4.9epss 0.01

    Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account. For more information about these vulnerabilities, see the…

  • CVE-2021-34744MedOct 6, 2021
    risk 0.32cvss 4.9epss 0.01

    Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account. For more information about these vulnerabilities, see the…

  • CVE-2021-1406MedApr 8, 2021
    risk 0.32cvss 4.9epss 0.01

    A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due…

  • CVE-2020-26079MedNov 18, 2020
    risk 0.32cvss 4.9epss 0.01

    A vulnerability in the web UI of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to obtain hashes of user passwords on an affected device. The vulnerability is due to insufficient protection of user credentials. An attacker could exploit this…

  • CVE-2020-3490MedAug 26, 2020
    risk 0.32cvss 4.9epss 0.03

    A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker with administrative privileges to conduct directory traversal attacks and obtain read access to sensitive files on an affected system. The…

  • CVE-2020-3450MedJul 16, 2020
    risk 0.32cvss 4.9epss 0.01

    A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker with administrative credentials to conduct SQL injection attacks on an affected system. The vulnerability is due to improper validation of…

  • CVE-2020-3242MedJun 18, 2020
    risk 0.32cvss 4.9epss 0.01

    A vulnerability in the REST API of Cisco UCS Director could allow an authenticated, remote attacker with administrative privileges to obtain confidential information from an affected device. The vulnerability exists because confidential information is returned as part of an API…

  • CVE-2020-3223MedJun 3, 2020
    risk 0.32cvss 4.9epss 0.02

    A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker with administrative privileges to read arbitrary files on the underlying filesystem of the device. The vulnerability is due to insufficient file scope…

  • CVE-2020-3310MedMay 6, 2020
    risk 0.32cvss 4.9epss 0.01

    A vulnerability in the XML parser code of Cisco Firepower Device Manager On-Box software could allow an authenticated, remote attacker to cause an affected system to become unstable or reload. The vulnerability is due to insufficient hardening of the XML parser configuration. An…

  • CVE-2020-3308MedMay 6, 2020
    risk 0.32cvss 4.9epss 0.01

    A vulnerability in the Image Signature Verification feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due…

  • CVE-2020-3256MedMay 6, 2020
    risk 0.32cvss 4.9epss 0.01

    A vulnerability in the web-based management interface of Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) Software could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. To exploit this vulnerability, an…

  • CVE-2020-3154MedFeb 19, 2020
    risk 0.32cvss 4.9epss 0.01

    A vulnerability in the web UI of Cisco Cloud Web Security (CWS) could allow an authenticated, remote attacker to execute arbitrary SQL queries. The vulnerability exists because the web-based management interface improperly validates SQL values. An authenticated attacker could…

  • CVE-2019-15983MedJan 6, 2020
    risk 0.32cvss 4.9epss 0.01

    A vulnerability in the SOAP API of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. To exploit this vulnerability, an attacker would need administrative privileges on…

  • CVE-2019-12710MedOct 2, 2019
    risk 0.32cvss 4.9epss 0.01

    A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an authenticated, remote attacker to impact the confidentiality of an affected system by executing arbitrary…

  • CVE-2019-12693MedOct 2, 2019
    risk 0.32cvss 4.9epss 0.01

    A vulnerability in the Secure Copy (SCP) feature of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to the use of an incorrect data type for a length variable.…

  • CVE-2019-12691MedOct 2, 2019
    risk 0.32cvss 4.9epss 0.04

    A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to perform a directory traversal attack on an affected device. The vulnerability is due to insufficient input validation by the…

  • CVE-2019-1961MedAug 8, 2019
    risk 0.32cvss 4.9epss 0.02

    A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system (OS) of an affected device. The vulnerability is due to the improper input validation of tar packages…

  • CVE-2019-1830MedApr 18, 2019
    risk 0.32cvss 4.9epss 0.01

    A vulnerability in Locally Significant Certificate (LSC) management for the Cisco Wireless LAN Controller (WLC) could allow an authenticated, remote attacker to cause the device to unexpectedly restart, which causes a denial of service (DoS) condition. The attacker would need to…

  • CVE-2019-1698MedFeb 21, 2019
    risk 0.32cvss 4.9epss 0.03

    A vulnerability in the web-based user interface of Cisco Internet of Things Field Network Director (IoT-FND) Software could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The vulnerability is due to improper…

Page 79 of 143