VYPR

Vendor CVEs

Cisco Systems, Inc.

All CVEs

7,241 total · sorted by risk
  • CVE-2024-20465Sep 25, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in the access control list (ACL) programming of Cisco IOS Software running on Cisco Industrial Ethernet 4000, 4010, and 5000 Series Switches could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to the incorrect…

  • CVE-2024-20510Sep 25, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in the Central Web Authentication (CWA) feature of Cisco IOS XE Software for Wireless Controllers could allow an unauthenticated, adjacent attacker to bypass the pre-authentication access control list (ACL), which could allow access to network resources before…

  • CVE-2024-20464Sep 25, 2024
    risk 0.00cvss epss 0.01

    A vulnerability in the Protocol Independent Multicast (PIM) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of received…

  • CVE-2024-20480Sep 25, 2024
    risk 0.00cvss epss 0.01

    A vulnerability in the DHCP Snooping feature of Cisco IOS XE Software on Software-Defined Access (SD-Access) fabric edge nodes could allow an unauthenticated, remote attacker to cause high CPU utilization on an affected device, resulting in a denial of service (DoS) condition…

  • CVE-2024-20437Sep 25, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a cross-site request forgery (CSRF) attack and execute commands on the CLI of an affected device. This vulnerability is due to…

  • CVE-2024-20436Sep 25, 2024
    risk 0.00cvss epss 0.01

    A vulnerability in the HTTP Server feature of Cisco IOS XE Software when the Telephony Service feature is enabled could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a null pointer…

  • CVE-2024-20433Sep 25, 2024
    risk 0.00cvss epss 0.01

    A vulnerability in the Resource Reservation Protocol (RSVP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This…

  • CVE-2024-20475Sep 25, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists…

  • CVE-2024-20508Sep 25, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in Cisco Unified Threat Defense (UTD) Snort Intrusion Prevention System (IPS) Engine for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured security policies or cause a denial of service (DoS) condition on an affected…

  • CVE-2024-20350Sep 25, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in the SSH server of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to impersonate a Cisco Catalyst Center appliance. This vulnerability is due to the presence of a static SSH host key. An attacker could…

  • CVE-2024-20455Sep 25, 2024
    risk 0.00cvss epss 0.01

    A vulnerability in the process that classifies traffic that is going to the Unified Threat Defense (UTD) component of Cisco IOS XE Software in controller mode could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. …

  • CVE-2024-20430Sep 12, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in Cisco Meraki Systems Manager (SM) Agent for Windows could allow an authenticated, local attacker to execute arbitrary code with elevated privileges. This vulnerability is due to incorrect handling of directory search paths at runtime. A low-privileged…

  • CVE-2024-20304Sep 11, 2024
    risk 0.00cvss epss 0.01

    A vulnerability in the multicast traceroute version 2 (Mtrace2) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust the UDP packet memory of an affected device. This vulnerability exists because the Mtrace2 code does not properly handle…

  • CVE-2024-20489Sep 11, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in the storage method of the PON Controller configuration file could allow an authenticated, local attacker with low privileges to obtain the MongoDB credentials. This vulnerability is due to improper storage of the unencrypted database credentials on the…

  • CVE-2024-20483Sep 11, 2024
    risk 0.00cvss epss 0.01

    Multiple vulnerabilities in Cisco Routed PON Controller Software, which runs as a docker container on hardware that is supported by Cisco IOS XR Software, could allow an authenticated, remote attacker with Administrator-level privileges on the PON Manager or direct access to the…

  • CVE-2024-20406Sep 11, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in the segment routing feature for the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability…

  • CVE-2024-20381Sep 11, 2024
    risk 0.00cvss epss 0.01

    A vulnerability in the JSON-RPC API feature in Cisco Crosswork Network Services Orchestrator (NSO) and ConfD that is used by the web-based management interfaces of Cisco Optical Site Manager and Cisco RV340 Dual WAN Gigabit VPN Routers could allow an authenticated, remote…

  • CVE-2024-20317Sep 11, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in the handling of specific Ethernet frames by Cisco IOS XR Software for various Cisco Network Convergence System (NCS) platforms could allow an unauthenticated, adjacent attacker to cause critical priority packets to be dropped, resulting in a denial of service…

  • CVE-2024-20398Sep 11, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to obtain read/write file system access on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are…

  • CVE-2024-20390Sep 11, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in the Dedicated XML Agent feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) on XML TCP listen port 38751. This vulnerability is due to a lack of proper error validation of ingress XML packets.…

  • CVE-2024-20343Sep 11, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to read any file in the file system of the underlying Linux operating system. The attacker must have valid credentials on the affected device. This vulnerability is due to…

  • CVE-2024-20506Sep 4, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in the ClamD service module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an authenticated, local…

  • CVE-2024-20505Sep 4, 2024
    risk 0.00cvss epss 0.01

    A vulnerability in the PDF parsing module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an unauthenticated, remote…

  • CVE-2024-20497Sep 4, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in Cisco Expressway Edge (Expressway-E) could allow an authenticated, remote attacker to masquerade as another user on an affected system. This vulnerability is due to inadequate authorization checks for Mobile and Remote Access (MRA) users. An attacker could…

  • CVE-2024-20503Sep 4, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in Cisco Duo Epic for Hyperdrive could allow an authenticated, local attacker to view sensitive information in cleartext on an affected system. This vulnerability is due to improper storage of an unencrypted registry key. A low-privileged attacker could…

  • CVE-2024-20469Sep 4, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in specific CLI commands in Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must…

  • CVE-2024-20284Aug 28, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient…

  • CVE-2024-20285Aug 28, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient…

  • CVE-2024-20286Aug 28, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient…

  • CVE-2024-20478Aug 28, 2024
    risk 0.00cvss epss 0.01

    A vulnerability in the software upgrade component of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an authenticated, remote attacker with Administrator-level privileges to install a…

  • CVE-2024-20279Aug 28, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to modify the behavior of default system policies, such as quality of service (QoS) policies, on an…

  • CVE-2024-20417Aug 21, 2024
    risk 0.00cvss epss 0.01

    Multiple vulnerabilities in the REST API of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct blind SQL injection attacks. These vulnerabilities are due to insufficient validation of user-supplied input in REST API calls. An…

  • CVE-2024-20466Aug 21, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability is due to improper enforcement of administrative privilege…

  • CVE-2024-20486Aug 21, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. This vulnerability is due…

  • CVE-2024-20488Aug 21, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS)…

  • CVE-2024-20375Aug 21, 2024
    risk 0.00cvss epss 0.01

    A vulnerability in the SIP call processing function of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to cause a denial of service (DoS)…

  • CVE-2024-20451Aug 7, 2024
    risk 0.00cvss epss 0.01

    Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly. These…

  • CVE-2024-20479Aug 7, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management…

  • CVE-2024-20443Aug 7, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management…

  • CVE-2024-20396Jul 17, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in the protocol handlers of Cisco Webex App could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability exists because the affected application does not safely handle file protocol handlers. An attacker could…

  • CVE-2024-20395Jul 17, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in the media retrieval functionality of Cisco Webex App could allow an unauthenticated, adjacent attacker to gain access to sensitive session information. This vulnerability is due to insecure transmission of requests to backend services when the app accesses…

  • CVE-2024-20400Jul 17, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in the web-based management interface of Cisco Expressway Series could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP request parameters. An attacker could…

  • CVE-2024-20429Jul 17, 2024
    risk 0.00cvss epss 0.01

    A vulnerability in the web-based management interface of Cisco AsyncOS for Secure Email Gateway could allow an authenticated, remote attacker to execute arbitrary system commands on an affected device. This vulnerability is due to insufficient input validation in certain…

  • CVE-2024-20323Jul 17, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in Cisco Intelligent Node (iNode) Software could allow an unauthenticated, remote attacker to hijack the TLS connection between Cisco iNode Manager and associated intelligent nodes and send arbitrary traffic to an affected device. This vulnerability is due to…

  • CVE-2024-20296Jul 17, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to upload arbitrary files to an affected device. To exploit this vulnerability, an attacker would need at least valid Policy Admin…

  • CVE-2024-20435Jul 17, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in the CLI of Cisco AsyncOS for Secure Web Appliance could allow an authenticated, local attacker to execute arbitrary commands and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied input for the CLI. An attacker…

  • CVE-2024-20456Jul 10, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker with high privileges to bypass the Cisco Secure Boot functionality and load unverified software on an affected device. To exploit this successfully, the attacker must have…

  • CVE-2024-20405Jun 5, 2024
    risk 0.00cvss epss 0.01

    A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a stored XSS attack by exploiting an RFI vulnerability. This vulnerability is due to insufficient validation of user-supplied input for specific…

  • CVE-2024-20360May 22, 2024
    risk 0.00cvss epss 0.01

    A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface…

  • CVE-2024-20293May 22, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in the activation of an access control list (ACL) on Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the protection that is offered by a configured ACL on…

Page 98 of 145