VYPR

Vendor CVEs

Cisco Systems, Inc.

All CVEs

7,133 total · sorted by risk
  • CVE-2018-0149MedJun 7, 2018
    risk 0.31cvss 4.8epss 0.01

    A vulnerability in the web-based management interface of Cisco Integrated Management Controller Supervisor Software and Cisco UCS Director Software could allow an authenticated, remote attacker to conduct a Document Object Model-based (DOM-based), stored cross-site scripting…

  • CVE-2018-0247MedMay 2, 2018
    risk 0.31cvss 4.7epss 0.01

    A vulnerability in Web Authentication (WebAuth) clients for the Cisco Wireless LAN Controller (WLC) and Aironet Access Points running Cisco IOS Software could allow an unauthenticated, adjacent attacker to bypass authentication and pass traffic. The vulnerability is due to…

  • CVE-2018-0119MedFeb 8, 2018
    risk 0.31cvss 4.7epss 0.01

    A vulnerability in certain authentication controls in the account services of Cisco Spark could allow an authenticated, remote attacker to interact with and view information on an affected device that would normally be prohibited. The vulnerability is due to the improper display…

  • CVE-2017-12345MedNov 30, 2017
    risk 0.31cvss 4.7epss 0.01

    Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a…

  • CVE-2017-3803MedJan 26, 2017
    risk 0.31cvss 4.7epss 0.01

    A vulnerability in the Cisco IOS Software forwarding queue of Cisco 2960X and 3750X switches could allow an unauthenticated, adjacent attacker to cause a memory leak in the software forwarding queue that would eventually lead to a partial denial of service (DoS) condition. More…

  • CVE-2026-20661MedFeb 11, 2026
    risk 0.30cvss 4.6epss 0.00

    An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3. An attacker with physical access to a locked device may be able to view sensitive user information.

  • CVE-2026-20645MedFeb 11, 2026
    risk 0.30cvss 4.6epss 0.00

    An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3. An attacker with physical access to a locked device may be able to view sensitive user information.

  • CVE-2026-20605MedFeb 11, 2026
    risk 0.30cvss 4.6epss 0.00

    The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3. An app may be able to crash a system process.

  • CVE-2025-20199MedMay 7, 2025
    risk 0.30cvss 4.6epss 0.00

    A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying operating system of an affected device. This vulnerability is due to insufficient input validation when…

  • CVE-2025-20198MedMay 7, 2025
    risk 0.30cvss 4.6epss 0.00

    A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying operating system of an affected device. This vulnerability is due to insufficient input validation when…

  • CVE-2025-20208MedMar 5, 2025
    risk 0.30cvss 4.6epss 0.00

    A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) could allow a low-privileged, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient input…

  • CVE-2020-3538MedNov 18, 2024
    risk 0.30cvss 4.6epss 0.01

    A vulnerability in a certain REST API endpoint of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to perform a path traversal attack on an affected device. The vulnerability is due to insufficient path restriction…

  • CVE-2023-20097MedMar 23, 2023
    risk 0.30cvss 4.6epss 0.00

    A vulnerability in Cisco access points (AP) software could allow an authenticated, local attacker to inject arbitrary commands and execute them with root privileges. This vulnerability is due to improper input validation of commands that are issued from a wireless controller to…

  • CVE-2023-20064MedMar 9, 2023
    risk 0.30cvss 4.6epss 0.00

    A vulnerability in the GRand Unified Bootloader (GRUB) for Cisco IOS XR Software could allow an unauthenticated attacker with physical access to the device to view sensitive files on the console using the GRUB bootloader command line. This vulnerability is due to the inclusion…

  • CVE-2022-20864MedOct 10, 2022
    risk 0.30cvss 4.6epss 0.00

    A vulnerability in the password-recovery disable feature of Cisco IOS XE ROM Monitor (ROMMON) Software for Cisco Catalyst Switches could allow an unauthenticated, local attacker to recover the configuration or reset the enable password. This vulnerability is due to a problem…

  • CVE-2022-20731MedApr 15, 2022
    risk 0.30cvss 4.6epss 0.00

    Multiple vulnerabilities that affect Cisco Catalyst Digital Building Series Switches and Cisco Catalyst Micro Switches could allow an attacker to execute persistent code at boot time or to permanently prevent the device from booting, resulting in a permanent denial of service…

  • CVE-2022-20661MedApr 15, 2022
    risk 0.30cvss 4.6epss 0.00

    Multiple vulnerabilities that affect Cisco Catalyst Digital Building Series Switches and Cisco Catalyst Micro Switches could allow an attacker to execute persistent code at boot time or to permanently prevent the device from booting, resulting in a permanent denial of service…

  • CVE-2022-20660MedJan 14, 2022
    risk 0.30cvss 4.6epss 0.00

    A vulnerability in the information storage architecture of several Cisco IP Phone models could allow an unauthenticated, physical attacker to obtain confidential information from an affected device. This vulnerability is due to unencrypted storage of confidential information on…

  • CVE-2021-1135MedJan 20, 2021
    risk 0.30cvss 4.6epss 0.01

    Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. For more information about these vulnerabilities, see the Details section of…

  • CVE-2021-1255MedJan 20, 2021
    risk 0.30cvss 4.6epss 0.01

    Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. For more information about these vulnerabilities, see the Details section of…

  • CVE-2021-1133MedJan 20, 2021
    risk 0.30cvss 4.6epss 0.01

    Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. For more information about these vulnerabilities, see the Details section of…

  • CVE-2019-1632MedJun 20, 2019
    risk 0.30cvss 4.6epss 0.01

    A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due…

  • CVE-2019-1589MedMay 3, 2019
    risk 0.30cvss 4.6epss 0.00

    A vulnerability in the Trusted Platform Module (TPM) functionality of software for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, local attacker with physical access to view sensitive information on an…

  • CVE-2019-1586MedMay 3, 2019
    risk 0.30cvss 4.6epss 0.00

    A vulnerability in Cisco Application Policy Infrastructure Controller (APIC) Software could allow an unauthenticated, local attacker with physical access to obtain sensitive information from an affected device. The vulnerability is due to insecure removal of cleartext encryption…

  • CVE-2019-1677MedFeb 7, 2019
    risk 0.30cvss 4.6epss 0.00

    A vulnerability in Cisco Webex Meetings for Android could allow an unauthenticated, local attacker to perform a cross-site scripting attack against the application. The vulnerability is due to insufficient validation of the application input parameters. An attacker could exploit…

  • CVE-2018-0483MedJan 10, 2019
    risk 0.30cvss 4.6epss 0.01

    A vulnerability in Cisco Jabber Client Framework (JCF) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. The vulnerability is due to insufficient validation of user-supplied input of an affected…

  • CVE-2026-20037MedFeb 25, 2026
    risk 0.29cvss 4.4epss 0.00

    A vulnerability in the NX-OS CLI privilege levels of Cisco UCS Manager Software could allow an authenticated, local attacker with read-only privileges to modify files and perform unauthorized actions on an affected system. This vulnerability exists because unnecessary…

  • CVE-2026-20609MedFeb 11, 2026
    risk 0.29cvss 4.4epss 0.00

    The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. Processing a maliciously crafted file may…

  • CVE-2025-20292MedAug 27, 2025
    risk 0.29cvss 4.4epss 0.03

    A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute a command injection attack on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid user credentials on the…

  • CVE-2025-20118MedFeb 26, 2025
    risk 0.29cvss 4.4epss 0.00

    A vulnerability in the implementation of the internal system processes of Cisco APIC could allow an authenticated, local attacker to access sensitive information on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. …

  • CVE-2025-20158MedFeb 19, 2025
    risk 0.29cvss 4.4epss 0.00

    A vulnerability in the debug shell of Cisco Video Phone 8875 and Cisco Desk Phone 9800 Series could allow an authenticated, local attacker to access sensitive information on an affected device. To exploit this vulnerability, the attacker must have valid administrative…

  • CVE-2023-20093MedNov 15, 2024
    risk 0.29cvss 4.4epss 0.00

    Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. These vulnerabilities are due to improper access controls on files that are on the…

  • CVE-2023-20092MedNov 15, 2024
    risk 0.29cvss 4.4epss 0.00

    Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. These vulnerabilities are due to improper access controls on files that are on the…

  • CVE-2023-20004MedNov 15, 2024
    risk 0.29cvss 4.4epss 0.00

    Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. These vulnerabilities are due to improper access controls on files that are on the…

  • CVE-2024-20289MedAug 28, 2024
    risk 0.29cvss 4.4epss 0.00

    A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments for…

  • CVE-2024-20292MedMar 6, 2024
    risk 0.29cvss 4.4epss 0.00

    A vulnerability in the logging component of Cisco Duo Authentication for Windows Logon and RDP could allow an authenticated, local attacker to view sensitive information in clear text on an affected system. This vulnerability is due to improper storage of an unencrypted…

  • CVE-2023-20234MedAug 23, 2023
    risk 0.29cvss 4.4epss 0.00

    A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to create a file or overwrite any file on the filesystem of an affected device, including system files. The vulnerability occurs because there is no validation of parameters when a…

  • CVE-2023-20216MedAug 3, 2023
    risk 0.29cvss 4.4epss 0.00

    A vulnerability in the privilege management functionality of all Cisco BroadWorks server types could allow an authenticated, local attacker to elevate privileges to root on an affected system. This vulnerability is due to incorrect implementation of user role permissions. An…

  • CVE-2023-20098MedMay 9, 2023
    risk 0.29cvss 4.4epss 0.01

    A vulnerability in the CLI of Cisco SDWAN vManage Software could allow an authenticated, local attacker to delete arbitrary files. This vulnerability is due to improper filtering of directory traversal character sequences within system commands. An attacker with…

  • CVE-2023-20029MedMar 23, 2023
    risk 0.29cvss 4.4epss 0.00

    A vulnerability in the Meraki onboarding feature of Cisco IOS XE Software could allow an authenticated, local attacker to gain root level privileges on an affected device. This vulnerability is due to insufficient memory protection in the Meraki onboarding feature of an affected…

  • CVE-2023-20050MedFeb 23, 2023
    risk 0.29cvss 4.4epss 0.00

    A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments that are passed to specific…

  • CVE-2023-20008MedJan 20, 2023
    risk 0.29cvss 4.4epss 0.00

    A vulnerability in the CLI of Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to overwrite arbitrary files on the local system of an affected device. This vulnerability is due to improper access controls on files that are in the local…

  • CVE-2023-20002MedJan 20, 2023
    risk 0.29cvss 4.4epss 0.00

    A vulnerability in Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to bypass access controls and conduct an SSRF attack through an affected device. This vulnerability is due to improper validation of user-supplied input. An attacker…

  • CVE-2022-20734MedMay 4, 2022
    risk 0.29cvss 4.4epss 0.00

    A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, local attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system restrictions. An authenticated attacker with netadmin privileges could exploit…

  • CVE-2022-20729MedMay 3, 2022
    risk 0.29cvss 4.4epss 0.00

    A vulnerability in CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to inject XML into the command parser. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including…

  • CVE-2022-20630MedFeb 10, 2022
    risk 0.29cvss 4.4epss 0.00

    A vulnerability in the audit log of Cisco DNA Center could allow an authenticated, local attacker to view sensitive information in clear text. This vulnerability is due to the unsecured logging of sensitive information on an affected system. An attacker with administrative…

  • CVE-2021-34761MedOct 27, 2021
    risk 0.29cvss 4.4epss 0.00

    A vulnerability in Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to overwrite or append arbitrary data to system files using root-level privileges. The attacker must have administrative credentials on the device. This vulnerability is…

  • CVE-2021-34758MedOct 6, 2021
    risk 0.29cvss 4.4epss 0.00

    A vulnerability in the memory management of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an authenticated, local attacker to corrupt a shared memory segment, resulting in a denial of service (DoS) condition. This vulnerability is…

  • CVE-2021-1583MedAug 25, 2021
    risk 0.29cvss 4.4epss 0.00

    A vulnerability in the fabric infrastructure file system access control of Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to read arbitrary files on an affected system. This vulnerability is…

  • CVE-2021-1306MedMay 22, 2021
    risk 0.29cvss 4.4epss 0.00

    A vulnerability in the restricted shell of Cisco Evolved Programmable Network (EPN) Manager, Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure could allow an authenticated, local attacker to identify directories and write arbitrary files to the file system.…

Page 85 of 143