VYPR

Vendor CVEs

Cisco Systems, Inc.

All CVEs

7,231 total · sorted by risk
  • CVE-2025-20251HigAug 14, 2025
    risk 0.55cvss 8.5epss 0.00

    A vulnerability in the Remote Access SSL VPN service for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker to create or delete arbitrary files on the underlying…

  • CVE-2018-0141HigMar 8, 2018
    risk 0.55cvss 8.4epss 0.00

    A vulnerability in Cisco Prime Collaboration Provisioning (PCP) Software 11.6 could allow an unauthenticated, local attacker to log in to the underlying Linux operating system. The vulnerability is due to a hard-coded account password on the system. An attacker could exploit…

  • CVE-2016-1340HigApr 16, 2016
    risk 0.55cvss 8.4epss 0.00

    Heap-based buffer overflow in Cisco Unified Computing System (UCS) Platform Emulator 2.5(2)TS4, 3.0(2c)A, and 3.0(2c)TS9 allows local users to gain privileges via crafted libclimeta.so filename arguments, aka Bug ID CSCux68837.

  • CVE-2026-20262MedKEVJun 15, 2026
    risk 0.54cvss 6.5epss 0.08

    A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system. This vulnerability exists because the affected software does…

  • CVE-2026-20133MedKEVFeb 25, 2026
    risk 0.54cvss 6.5epss 0.10

    A vulnerability in Cisco Catalyst SD-WAN Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system restrictions. An authenticated attacker with netadmin privileges could…

  • CVE-2025-20164HigMay 7, 2025
    risk 0.54cvss 8.3epss 0.00

    A vulnerability in the Cisco Industrial Ethernet Switch Device Manager (DM) of Cisco IOS Software could allow an authenticated, remote attacker to elevate privileges. This vulnerability is due to insufficient validation of authorizations for authenticated users. An attacker…

  • CVE-2022-20649HigNov 15, 2024
    risk 0.54cvss 8.1epss 0.12

    A vulnerability in Cisco RCM for Cisco StarOS Software could allow an unauthenticated, remote attacker to perform remote code execution on the application with root-level privileges in the context of the configured container. This vulnerability exists because…

  • CVE-2018-0438HigOct 5, 2018
    risk 0.54cvss 7.8epss 0.01

    A vulnerability in the Cisco Umbrella Enterprise Roaming Client (ERC) could allow an authenticated, local attacker to elevate privileges to Administrator. To exploit the vulnerability, the attacker must authenticate with valid local user credentials. This vulnerability is due to…

  • CVE-2018-0437HigOct 5, 2018
    risk 0.54cvss 7.8epss 0.02

    A vulnerability in the Cisco Umbrella Enterprise Roaming Client (ERC) could allow an authenticated, local attacker to elevate privileges to Administrator. To exploit the vulnerability, the attacker must authenticate with valid local user credentials. This vulnerability is due to…

  • CVE-2017-12238MedKEVSep 29, 2017
    risk 0.54cvss 6.5epss 0.02

    A vulnerability in the Virtual Private LAN Service (VPLS) code of Cisco IOS 15.0 through 15.4 for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, adjacent attacker to cause a C6800-16P10G or C6800-16P10G-XL type line card to crash, resulting in a denial of…

  • CVE-2017-12232MedKEVSep 29, 2017
    risk 0.54cvss 6.5epss 0.02

    A vulnerability in the implementation of a protocol in Cisco Integrated Services Routers Generation 2 (ISR G2) Routers running Cisco IOS 15.0 through 15.6 could allow an unauthenticated, adjacent attacker to cause an affected device to reload, resulting in a denial of service…

  • CVE-2017-6663MedKEVAug 7, 2017
    risk 0.54cvss 6.5epss 0.02

    A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause autonomic nodes of an affected system to reload, resulting in a denial of service (DoS) condition. More Information:…

  • CVE-2017-3813HigFeb 9, 2017
    risk 0.54cvss 7.8epss 0.02

    A vulnerability in the Start Before Logon (SBL) module of Cisco AnyConnect Secure Mobility Client Software for Windows could allow an unauthenticated, local attacker to open Internet Explorer with the privileges of the SYSTEM user. The vulnerability is due to insufficient…

  • CVE-2016-6434HigOct 6, 2016
    risk 0.54cvss 7.8epss 0.01

    Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users to obtain sensitive information by leveraging CLI access, aka Bug ID CSCva30370.

  • CVE-2016-1464HigSep 3, 2016
    risk 0.54cvss 7.8epss 0.10

    Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to execute arbitrary code via a crafted file, aka Bug ID CSCva09375.

  • CVE-2015-6396HigAug 8, 2016
    risk 0.54cvss 7.8epss 0.02

    The CLI command parser on Cisco RV110W, RV130W, and RV215W devices allows local users to execute arbitrary shell commands as an administrator via crafted parameters, aka Bug IDs CSCuv90134, CSCux58161, and CSCux73567.

  • CVE-2026-5944HigApr 28, 2026
    risk 0.53cvss 8.2epss 0.01

    An improper access control vulnerability exists in the Cisco Intersight Device Connector for Nutanix Prism Central. The service exposes an API passthrough endpoint on TCP port 7373 that is accessible within the network scope of the deployment environment without authentication. …

  • CVE-2025-43480HigNov 4, 2025
    risk 0.53cvss 8.1epss 0.00

    The issue was addressed with improved checks. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A malicious website may exfiltrate data cross-origin.

  • CVE-2025-43323HigNov 4, 2025
    risk 0.53cvss 8.1epss 0.00

    This issue was addressed with additional entitlement checks. This issue is fixed in iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. An app may be able to fingerprint the user.

  • CVE-2025-20160HigSep 24, 2025
    risk 0.53cvss 8.1epss 0.00

    A vulnerability in the implementation of the TACACS+ protocol in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to view sensitive data or bypass authentication. This vulnerability exists because the system does not properly check…

  • CVE-2025-31234HigMay 12, 2025
    risk 0.53cvss 8.2epss 0.00

    The issue was addressed with improved input sanitization. This issue is fixed in iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5. An attacker may be able to cause unexpected system termination or corrupt kernel memory.

  • CVE-2025-24180HigMar 31, 2025
    risk 0.53cvss 8.1epss 0.01

    The issue was addressed with improved input validation. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4, watchOS 11.4. A malicious website may be able to claim WebAuthn credentials from another website that shares a registrable…

  • CVE-2018-0464HigOct 5, 2018
    risk 0.53cvss 8.1epss 0.05

    A vulnerability in Cisco Data Center Network Manager software could allow an authenticated, remote attacker to conduct directory traversal attacks and gain access to sensitive files on the targeted system. The vulnerability is due to improper validation of user requests within…

  • CVE-2018-15372HigOct 5, 2018
    risk 0.53cvss 8.1epss 0.01

    A vulnerability in the MACsec Key Agreement (MKA) using Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) functionality of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to bypass authentication and pass traffic through a Layer 3…

  • CVE-2018-0453HigOct 5, 2018
    risk 0.53cvss 8.2epss 0.00

    A vulnerability in the Sourcefire tunnel control channel protocol in Cisco Firepower System Software running on Cisco Firepower Threat Defense (FTD) sensors could allow an authenticated, local attacker to execute specific CLI commands with root privileges on the Cisco Firepower…

  • CVE-2018-0423HigOct 5, 2018
    risk 0.53cvss 8.1epss 0.07

    A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to cause a denial of service condition or…

  • CVE-2018-0262HigMay 2, 2018
    risk 0.53cvss 8.1epss 0.04

    A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain unauthorized access to components of, or sensitive information in, an affected system, leading to Remote Code Execution. The vulnerability is due to incorrect default configuration of…

  • CVE-2018-0161MedKEVMar 28, 2018
    risk 0.53cvss 6.3epss 0.05

    A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software running on certain models of Cisco Catalyst Switches could allow an authenticated, remote attacker to cause a denial of service (DoS) condition, aka a GET MIB Object ID Denial of…

  • CVE-2017-5828HigFeb 15, 2018
    risk 0.53cvss 8.1epss 0.02

    An arbitrary command execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.

  • CVE-2018-0110HigJan 18, 2018
    risk 0.53cvss 8.1epss 0.01

    A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to access the remote support account even after it has been disabled via the web application. The vulnerability is due to a design flaw in Cisco WebEx Meetings Server, which would not…

  • CVE-2017-12350HigNov 16, 2017
    risk 0.53cvss 8.2epss 0.00

    A vulnerability in Cisco Umbrella Insights Virtual Appliances 2.1.0 and earlier could allow an authenticated, local attacker to log in to an affected virtual appliance with root privileges. The vulnerability is due to the presence of default, static user credentials for an…

  • CVE-2017-12276HigNov 2, 2017
    risk 0.53cvss 8.1epss 0.01

    A vulnerability in the web framework code for the SQL database interface of the Cisco Prime Collaboration Provisioning application could allow an authenticated, remote attacker to impact the confidentiality and integrity of the application by executing arbitrary SQL queries, aka…

  • CVE-2017-6710HigAug 17, 2017
    risk 0.53cvss 8.1epss 0.02

    A vulnerability in the Cisco Virtual Network Function (VNF) Element Manager could allow an authenticated, remote attacker to elevate privileges and run commands in the context of the root user on the server. The vulnerability is due to command settings that allow Cisco VNF…

  • CVE-2017-6707HigJul 6, 2017
    risk 0.53cvss 8.2epss 0.01

    A vulnerability in the CLI command-parsing code of the Cisco StarOS operating system for Cisco ASR 5000 Series 11.0 through 21.0, 5500 Series, and 5700 Series devices and Cisco Virtualized Packet Core (VPC) Software could allow an authenticated, local attacker to break from the…

  • CVE-2012-5010HigJun 27, 2017
    risk 0.53cvss 8.1epss 0.01

    ASA 5515-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.4.x before 9.4.1 Interim, 9.2.x before 9.2.4 Interim, ASA 5510 Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 8.4.x before 8.4.7 Interim, 8.2.x before 8.2.5 Interim, 9.1.x…

  • CVE-2017-3852HigMar 22, 2017
    risk 0.53cvss 8.1epss 0.03

    A vulnerability in the Cisco application-hosting framework (CAF) component of the Cisco IOx application environment could allow an authenticated, remote attacker to write or modify arbitrary files in the virtual instance running on the affected device. The vulnerability is due…

  • CVE-2017-3837HigFeb 22, 2017
    risk 0.53cvss 8.1epss 0.02

    An HTTP Packet Processing vulnerability in the Web Bridge interface of the Cisco Meeting Server (CMS), formerly Acano Conferencing Server, could allow an authenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information.…

  • CVE-2016-6432HigOct 27, 2016
    risk 0.53cvss 8.1epss 0.07

    A vulnerability in the Identity Firewall feature of Cisco ASA Software before 9.6(2.1) could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. The vulnerability is due to a buffer overflow in the affected code area.…

  • CVE-2016-6380HigOct 5, 2016
    risk 0.53cvss 8.1epss 0.03

    The DNS forwarder in Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.15 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (data corruption or device reload) via a crafted DNS response, aka Bug ID…

  • CVE-2016-1482HigSep 17, 2016
    risk 0.53cvss 8.1epss 0.04

    Cisco WebEx Meetings Server 2.6 allows remote attackers to execute arbitrary commands by injecting these commands into an application script, aka Bug ID CSCuy83130.

  • CVE-2016-6377HigSep 3, 2016
    risk 0.53cvss 8.1epss 0.01

    Media Origination System Suite Software 2.6 and earlier in Cisco Virtual Media Packager (VMP) allows remote attackers to bypass authentication and make arbitrary Platform and Applications Manager (PAM) API calls via unspecified vectors, aka Bug ID CSCuz52110.

  • CVE-2016-1443HigJul 7, 2016
    risk 0.53cvss 8.1epss 0.01

    The virtual network stack on Cisco AMP Threat Grid Appliance devices before 2.1.1 allows remote attackers to bypass a sandbox protection mechanism, and consequently obtain sensitive interprocess information or modify interprocess data, via a crafted malware sample.

  • CVE-2016-1441HigJul 3, 2016
    risk 0.53cvss 8.2epss 0.01

    Cisco Cloud Network Automation Provisioner (CNAP) 1.0(0) in Cisco Configuration Assistant (CCA) allows remote attackers to bypass intended filesystem and administrative-endpoint restrictions via GET API calls, aka Bug ID CSCuy77145.

  • CVE-2016-1419HigJun 10, 2016
    risk 0.53cvss 8.1epss 0.01

    Cisco Access Point devices with software 8.2(102.43) allow remote attackers to cause a denial of service (device reload) via crafted ARP packets, aka Bug ID CSCuy55803.

  • CVE-2016-1290HigApr 6, 2016
    risk 0.53cvss 8.1epss 0.01

    The web API in Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allows remote authenticated users to bypass intended RBAC restrictions and gain privileges via an HTTP request that is inconsistent with a pattern filter, aka…

  • CVE-2014-2120MedKEVMar 19, 2014
    risk 0.53cvss 6.1epss 0.14

    Cross-site scripting (XSS) vulnerability in the WebVPN login page in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun19025.

  • CVE-2026-20155HigApr 1, 2026
    risk 0.52cvss 8.0epss 0.00

    A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker with low privileges to access sensitive information that they are not authorized to access. This vulnerability is due to…

  • CVE-2025-24223HigMay 12, 2025
    risk 0.52cvss 8.0epss 0.00

    The issue was addressed with improved memory handling. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to memory corruption.

  • CVE-2017-6662HigJun 26, 2017
    risk 0.52cvss 8.0epss 0.02

    A vulnerability in the web-based user interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker read and write access to information stored in the affected system as well as perform remote code…

  • CVE-2015-0721HigOct 6, 2016
    risk 0.52cvss 8.0epss 0.02

    Cisco NX-OS 4.0 through 7.3 on Multilayer Director and Nexus 1000V, 2000, 3000, 3500, 4000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote authenticated users to bypass intended AAA restrictions and obtain privileged CLI access via crafted parameters in an…

Page 9 of 145