Cisco
Monthly
Stored XSS in Cisco IMC web management interface allows authenticated administrators to inject arbitrary script code executed in users' browsers via insufficient input validation. Affects Cisco Enterprise NFV Infrastructure Software, Cisco Unified Computing System (Standalone), and Cisco UCS E-Series Software. Requires administrative privileges and user interaction (clicking a crafted link), resulting in session hijacking, credential theft, or unauthorized access to sensitive browser-based information. No public exploit code identified at time of analysis.
Stored cross-site scripting (XSS) in Cisco IMC web management interface allows authenticated administrators to inject persistent malicious scripts that execute in other users' browsers via crafted links. Affects Cisco Enterprise NFV Infrastructure Software, Unified Computing System (standalone), and UCS E-Series. No public exploit code or active exploitation confirmed; patch availability not independently verified from provided data.
Stored XSS in Cisco IMC web management interface allows authenticated administrators to inject arbitrary script code via insufficient input validation. Attackers with admin privileges can craft malicious links that execute JavaScript in the browsers of other users accessing the interface, potentially compromising session security, stealing credentials, or accessing sensitive information. No public exploit code or active exploitation has been confirmed; the vulnerability requires administrator privileges and user interaction to trigger.
Stored cross-site scripting (XSS) in Cisco IMC web management interface allows authenticated administrators to inject malicious script code that executes in the browsers of other users accessing the interface. An attacker with administrative credentials can exploit insufficient input validation by crafting a malicious link and tricking a user into clicking it, enabling arbitrary script execution or theft of sensitive browser-based information. No public exploit code or active exploitation has been identified at time of analysis.
Remote code execution in Cisco Smart Software Manager On-Prem allows unauthenticated attackers to execute arbitrary commands with root privileges via an exposed internal service API. The vulnerability stems from unintentional exposure of an internal service that accepts crafted API requests, enabling full system compromise. With a CVSS score of 9.8 and complete attack vector accessibility over the network requiring no authentication or user interaction, this represents a critical security exposure for organizations using SSM On-Prem for Cisco software license management, though no public exploit identified at time of analysis.
Cisco Nexus Dashboard Insights metadata update feature allows authenticated administrators to write arbitrary files to the system with root privileges through path traversal in insufficiently validated metadata files. An attacker with valid administrative credentials can craft and manually upload a malicious metadata file to achieve arbitrary file write access to the underlying operating system. This vulnerability affects Cisco Nexus Dashboard and Nexus Dashboard Insights deployments, particularly those using manual metadata uploads in air-gap environments. CVSS score of 4.9 reflects the requirement for high-privilege authentication, though the integrity impact is rated as high given the ability to write files as root.
Privilege escalation in Cisco Smart Software Manager On-Prem (SSM On-Prem) web interface allows authenticated remote attackers with System User role to gain administrative access by intercepting session credentials from status messages. CVSS 7.3 (High severity) with network attack vector, low complexity, and requires low privileges plus user interaction. No public exploit code or active exploitation confirmed at time of analysis (EPSS data not provided).
Improper authorization in Cisco EPNM's REST API allows authenticated low-privilege attackers to access active user session data, including administrative credentials, enabling full device compromise. The vulnerability (CWE-862: Missing Authorization) affects the web management interface with CVSS 8.0 severity. Authentication is required (PR:L) but exploitation complexity is low once authenticated. No public exploit identified at time of analysis, with EPSS data unavailable for this 2026-dated CVE identifier.
Command injection in Cisco IMC web management interface allows authenticated admin-level attackers to execute arbitrary commands as root through improper input validation. Affects Cisco Enterprise NFV Infrastructure Software, Unified Computing System (standalone), and UCS E-Series platforms. No public exploit code or active exploitation confirmed at time of analysis, but the high-privileged context and root-level impact necessitate swift patching.
Cisco IMC web-based management interface allows authenticated administrators to execute arbitrary code as root through improper input validation in HTTP requests. The vulnerability affects Cisco Unified Computing System (standalone) and requires admin-level credentials and network access; successful exploitation grants attacker root-level code execution on the underlying operating system. No public exploit code or active exploitation has been identified at time of analysis.
Command injection in Cisco Integrated Management Controller (IMC) web interface allows authenticated attackers with read-only privileges to execute arbitrary commands as root. The CVSS:3.1 vector (AV:N/AC:L/PR:L/UI:N) confirms network-accessible exploitation requiring only low-privilege authentication, with no public exploit identified at time of analysis. EPSS data not provided; CVE-2026 prefix suggests future disclosure.
Command injection in Cisco IMC web-based management interface allows authenticated remote attackers with admin-level privileges to execute arbitrary commands as root. The vulnerability stems from improper input validation in the web interface, enabling attackers to inject crafted commands that execute on the underlying operating system with elevated privileges. While the CVSS score is 6.5 (Medium), Cisco assigned a High Security Impact Rating due to the root-level code execution capability and potential for post-compromise lateral movement or system takeover.
Authentication bypass in Cisco Integrated Management Controller (IMC) allows unauthenticated remote attackers to gain administrative access by exploiting improper password change request handling. Affected products include Cisco Enterprise NFV Infrastructure Software, Unified Computing System (Standalone), and UCS E-Series Software. The attacker can alter any user's password, including Admin accounts, and take full control of the management interface. CVSS 9.8 (Critical) with network-accessible attack vector requiring no privileges or user interaction. No public exploit identified at time of analysis, though EPSS data not available for comprehensive risk assessment.
Reflected XSS in Cisco IMC web management interface allows unauthenticated remote attackers to execute arbitrary JavaScript in user browsers via crafted links. Affects Cisco Enterprise NFV Infrastructure Software, Cisco Unified Computing System (standalone), and UCS E-Series Software. Exploitation requires user interaction (clicking a malicious link) but could lead to session hijacking, credential theft, or malware delivery to privileged administrators managing critical infrastructure.
Server-side request forgery in Cisco Nexus Dashboard and Nexus Dashboard Insights allows unauthenticated remote attackers to conduct SSRF attacks by tricking authenticated users into clicking malicious links, enabling arbitrary network requests from the affected device and potential execution of arbitrary script code or access to sensitive browser data. CVSS 6.1 with no public exploit or active exploitation confirmed at time of analysis.
Cisco Nexus Dashboard configuration backup feature allows authenticated administrators to extract sensitive authentication credentials from encrypted backup files, enabling subsequent unauthorized access to internal APIs and arbitrary root-level command execution on the underlying operating system. The vulnerability requires possession of both a valid backup file and its encryption password, limiting exploitation to administrators or attackers with backup file access. CVSS 6.5 reflects the high-privilege requirement (PR:H) despite high confidentiality and integrity impact; no public exploit or active exploitation has been identified.
Cisco Catalyst SD-WAN Manager's web interface contains a reflected cross-site scripting (XSS) vulnerability that requires user interaction and authentication to exploit. An attacker can craft a malicious link to execute arbitrary JavaScript in a victim's browser session, potentially stealing sensitive information or performing unauthorized actions within the management interface. No patch is currently available.
A stored cross-site scripting (XSS) vulnerability exists in the web-based Cisco IOx application hosting environment management interface within Cisco IOS XE Software, allowing authenticated remote attackers with administrative credentials to inject malicious scripts that execute in the context of other users' browser sessions. Successful exploitation enables arbitrary script execution and access to sensitive browser-based information affecting a wide range of Cisco IOS XE versions from 16.6.1 through 17.18.1a. This vulnerability requires valid administrative credentials and user interaction but poses a significant risk in multi-administrator environments where privilege escalation or lateral movement could occur.
A CRLF injection vulnerability exists in the web-based Cisco IOx application hosting environment management interface of Cisco IOS XE Software that allows unauthenticated remote attackers to inject arbitrary log entries and manipulate log file structure. The vulnerability stems from insufficient input validation in the Cisco IOx management interface and affects a broad range of Cisco IOS XE Software versions from 16.6.1 through 17.18.1x. A successful exploit enables attackers to obscure legitimate log events, inject malicious log entries, or corrupt log file integrity without requiring authentication, making it particularly dangerous in environments where log analysis is relied upon for security monitoring and compliance.
Insufficient parameter validation in Cisco IOS XE Software's Lobby Ambassador management API allows authenticated remote attackers to bypass access controls and create unauthorized administrative accounts. An attacker with standard Lobby Ambassador credentials can exploit this flaw to escalate privileges and gain full management API access on affected devices. This impacts Cisco and Apple products and currently has no available patch.
Cisco Meraki devices running vulnerable IOS XE Software transmit configuration data over unencrypted channels, enabling remote attackers to intercept sensitive device information through on-path attacks. The vulnerability requires user interaction and network proximity but carries no patch availability, leaving affected organizations exposed until remediation is implemented. This affects both Cisco and Apple products integrating the vulnerable software.
Improper validation of malformed SCP requests in Cisco IOS XE Software allows authenticated local attackers to trigger unexpected device reloads and cause service disruption. An attacker with low privileges can exploit this vulnerability by sending a crafted SSH command to the SCP server component. No patch is currently available for this denial of service vulnerability.
Insufficient privilege validation on the start maintenance command in Cisco IOS XE Software enables authenticated local attackers to trigger a denial of service by placing devices into maintenance mode, which disables network interfaces. Low-privileged users can exploit this via CLI access without administrative credentials. Device recovery requires administrator intervention using the stop maintenance command.
This vulnerability in Cisco IOS XE Software bootloader affects Catalyst 9200, ESS9300, IE9310/9320, and IE3500/3505 series switches, allowing authenticated local attackers with level-15 privileges or unauthenticated attackers with physical access to execute arbitrary code at boot time and bypass the chain of trust. An attacker can manipulate loaded binaries to circumvent integrity checks during boot, enabling execution of non-Cisco-signed images. While the CVSS score is 6.1 (Medium), Cisco assigned it a High Security Impact Rating due to the critical nature of breaking the secure boot mechanism, a foundational security control.
Memory exhaustion in Cisco IOS XE and Apple devices via improper TLS resource handling allows adjacent attackers to trigger denial of service by repeatedly initiating failed authentication or manipulating TLS connections. An unauthenticated attacker can exploit this by resetting TLS sessions or abusing EAP authentication mechanisms to deplete device memory without requiring network access from the internet. Successful exploitation renders affected devices unresponsive, with no patch currently available.
HTTP Server input validation failures in Cisco IOS and IOS XE Release 3E enable authenticated remote attackers to trigger device reloads via malformed requests, causing denial of service. An attacker with valid credentials can exploit improper input handling to exhaust watchdog timers and force unexpected system restarts. No patch is currently available for this vulnerability affecting Cisco and Apple products.
A denial of service vulnerability in the Internet Key Exchange (CVSS 8.6). High severity vulnerability requiring prompt remediation.
This is a denial of service vulnerability in Cisco IOS XE Wireless Controller Software for the Catalyst CW9800 Family caused by improper handling of malformed CAPWAP (Control and Provisioning of Wireless Access Points) packets. The vulnerability affects multiple versions of Cisco IOS XE Software in the 17.14.x through 17.18.x release trains. An unauthenticated remote attacker can exploit this to cause the wireless controller to reload unexpectedly, resulting in complete network disruption with a high severity CVSS score of 8.6.
Improper BOOTP packet handling in Cisco IOS XE Software on Catalyst 9000 Series Switches allows unauthenticated remote attackers to trigger VLAN leakage and cause device unavailability through resource exhaustion. An attacker can send crafted BOOTP requests to forward packets across VLANs, leading to high CPU utilization that renders the switch unreachable and unable to process traffic. No patch is currently available for this denial-of-service vulnerability.
Network interface denial of service in Cisco IOS XR on NCS 5500/5700 routers allows unauthenticated remote attackers to disable packet processing by sending crafted traffic that triggers EPNI Aligner interrupt corruption during heavy transit conditions. Successful exploitation causes the network processing unit and ASIC to stop functioning, rendering affected interfaces unable to forward traffic. No patch is currently available for this medium-severity vulnerability.
Unauthenticated attackers can inject malicious scripts into Cisco Unified CCX's web management interface due to insufficient input validation, enabling XSS attacks against administrators and users. Successful exploitation allows arbitrary JavaScript execution within the browser context or theft of sensitive session information. No patch is currently available.
Unauthenticated attackers can inject malicious scripts into the web management interfaces of multiple Cisco contact center products (Finesse, Packaged CCE, Unified CCE, Unified CCX, and Unified Intelligence Center) due to insufficient input validation. Successful exploitation allows arbitrary script execution in the victim's browser context, potentially enabling session hijacking or credential theft from administrators. No patch is currently available for this cross-site scripting vulnerability.
Cisco IOS XR Software's IS-IS routing implementation fails to properly validate incoming protocol packets, enabling an adjacent network attacker to trigger repeated process crashes and temporary routing outages. An attacker with Layer 2 adjacency can send malformed IS-IS packets to force denial of service conditions affecting network connectivity. No patch is currently available for this high-severity vulnerability.
Cisco IOS XR Software contains a task group mapping flaw in a specific CLI command that allows authenticated local attackers to bypass privilege checks and gain full administrative access to affected devices. An attacker with low-privileged credentials can exploit this misconfiguration to execute unauthorized administrative actions without proper authorization validation. No patch is currently available.
Insufficient CLI argument validation in Cisco IOS XR Software enables authenticated local attackers to achieve root-level code execution through crafted commands. An attacker with low-privileged account access can exploit this vulnerability to bypass privilege restrictions and execute arbitrary commands on the affected device's underlying operating system. No patch is currently available for this high-severity vulnerability.
Cisco Secure Firewall Threat Defense (FTD) devices can be forcibly rebooted by authenticated local attackers through improper input validation in CLI commands, resulting in denial of service. This vulnerability affects low-privileged accounts and requires no user interaction to exploit. No patch is currently available.
Denial of service in Cisco Secure Firewall ASA and Secure FTD devices results from improper validation of OSPF link-state update packets, allowing authenticated adjacent attackers with the OSPF secret key to trigger heap corruption and forced device reloads. An attacker can exploit this by crafting malicious OSPF packets to crash affected devices, causing service disruption. No patch is currently available for this vulnerability.
OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software is affected by buffer overflow (CVSS 6.8).
Memory corruption in Cisco Secure Firewall ASA and FTD OSPF packet processing allows adjacent, unauthenticated attackers to crash affected devices by sending crafted protocol packets. The vulnerability results in device reboot and denial of service, with no authentication or user interaction required. No patch is currently available.
Device denial of service in Cisco Secure Firewall ASA and Secure FTD Software occurs when an unauthenticated adjacent attacker sends specially crafted OSPF packets to trigger out-of-bounds memory writes during packet canonicalization processing. An attacker can exploit this by sending malicious OSPF LSU packets when debug logging is enabled, forcing the affected device to reload and become unavailable. No patch is currently available for this medium-severity vulnerability.
Memory exhaustion in Cisco ASA and FTD OSPF protocol implementation allows adjacent authenticated attackers to trigger denial of service by sending specially crafted packets that bypass input validation. An attacker with network access to the affected device can exploit improper packet parsing to consume available memory and crash the appliance. No patch is currently available for this vulnerability.
Insufficient input validation in Cisco Secure Firewall ASA and Secure FTD OSPF implementations allows adjacent attackers to trigger denial of service by sending malformed OSPF update packets that cause device reloads. Authentication bypass is possible if OSPF authentication is disabled, though knowing the secret key is required when authentication is enabled. No patch is currently available for this medium-severity vulnerability.
Cisco FXOS Software CLI feature for Cisco Secure Firewall ASA Software and Secure FTD Software contains a vulnerability that allows attackers to execute commands on the underlying operating system with root-level privileges (CVSS 6.0).
Cisco Webex is vulnerable to reflected cross-site scripting (XSS) attacks due to insufficient input validation, allowing unauthenticated attackers to inject malicious scripts by tricking users into clicking crafted links. Successful exploitation could enable attackers to steal session tokens, redirect users, or perform actions on behalf of targeted victims. Although Cisco has released a fix, no patch is currently available for this MEDIUM severity vulnerability.
Cisco Secure Firewall Management Center (FMC) contains a critical unauthenticated Java deserialization vulnerability (CVE-2026-20131, CVSS 10.0) in its web interface that enables remote code execution as root. KEV-listed with public PoC, this vulnerability allows complete compromise of the central management platform that controls all Cisco firewalls in the organization, enabling attackers to modify security policies, disable protections, and access all network traffic.
Unauthenticated remote attackers can trigger memory exhaustion on Cisco ASA and FTD devices by sending specially crafted packets to the SSL VPN service, exploiting insufficient input validation in the Remote Access SSL VPN, HTTP management, and MUS functionality. Successful exploitation causes a denial of service condition that requires manual device reboot. No patch is currently available.
Denial of service in Cisco Secure Firewall ASA and FTD Remote Access SSL VPN functionality allows authenticated attackers to exhaust device memory by sending specially crafted packets, forcing a device reload. The vulnerability stems from insufficient input validation on user-supplied data and requires valid VPN credentials to exploit. No patch is currently available.
Denial of service in Cisco Secure Firewall ASA and FTD Remote Access SSL VPN allows unauthenticated remote attackers to exhaust device memory through malformed packets, causing the VPN service to become unresponsive. The vulnerability stems from insufficient input validation on the SSL VPN server and currently has no available patch. While the management interface remains accessible, new VPN connections cannot be established during an attack.
Reflected XSS in Cisco Secure Firewall ASA and FTD SAML 2.0 authentication allows unauthenticated attackers to steal sensitive browser-based information by tricking users into clicking malicious links. The vulnerability stems from inadequate input validation of HTTP parameters in the SSO feature and requires user interaction to exploit. No patch is currently available.
Cisco Secure Firewall ASA and Secure FTD devices can be remotely rebooted by unauthenticated attackers through malformed SAML 2.0 authentication messages, causing service unavailability due to insufficient input validation. The vulnerability has a high attack surface as it requires no authentication or user interaction and affects the device's core authentication mechanism. No patch is currently available.
Cisco Secure Firewall ASA and FTD devices are vulnerable to a denial of service attack through the Remote Access SSL VPN feature, where authenticated attackers can trigger unvalidated input processing in the Lua interpreter to force device reloads. The vulnerability stems from insufficient input validation in the Lua interpreter and can be exploited by sending specially crafted HTTP packets over an existing VPN connection. No patch is currently available for this HIGH severity issue (CVSS 7.7).
Cisco Secure Firewall ASA devices fail to properly manage embryonic connection limits during TCP SYN flood attacks, allowing unauthenticated remote attackers to block all incoming TCP connections including management access and VPN services. An attacker can exploit this denial-of-service vulnerability by sending crafted traffic streams to management or data interfaces, effectively isolating the device from legitimate network access. No patch is currently available for this HIGH severity vulnerability.
Unauthenticated auth bypass in Cisco FMC web interface. CVSS 10.0.
Unauthenticated remote attackers can bypass firewall access controls on Cisco Secure Firewall ASA and FTD devices by exploiting improper error handling during cluster memory exhaustion when syncing security rules. This allows attackers to send traffic that should be blocked through affected devices to reach protected networks. No patch is currently available.
Cross-site scripting (XSS) in the VPN web services component of Cisco Secure Firewall ASA and FTD allows unauthenticated remote attackers to inject malicious scripts that execute in a user's browser when visiting a crafted link. An attacker can exploit this through improper input validation to execute arbitrary HTML or JavaScript in the context of the VPN web server. No patch is currently available for this medium-severity vulnerability.
Cisco Secure Firewall ASA and FTD devices with VPN web services enabled are vulnerable to cross-site request forgery (CSRF) attacks due to insufficient HTTP request validation. An attacker can trick users into visiting a malicious website that sends crafted requests to the affected appliance, potentially allowing injection of malicious content reflected back to the victim's browser. No patch is currently available for this vulnerability.
Snort 3 detection engine contains a vulnerability that allows attackers to cause a DoS condition when the Snort 3 Detection Engine unexpectedly restarts (CVSS 5.8).
Unauthenticated remote attackers can crash the Snort 3 Detection Engine by sending crafted HTTP packets with malformed Multicast DNS fields, causing a denial of service that interrupts packet inspection across multiple Cisco products. The vulnerability stems from incomplete error checking in HTTP header parsing and requires no authentication or user interaction to trigger. No patch is currently available for this MEDIUM severity issue.
Cisco Snort 3 Detection Engine can be remotely restarted by an unauthenticated attacker through crafted HTTP packets exploiting improper JavaScript normalization in the JSTokenizer logic, causing a denial of service condition that interrupts packet inspection. The vulnerability requires the JSTokenizer feature to be enabled and can be triggered via an established network connection without authentication. No patch is currently available.
Snort 3 Detection Engine in multiple Cisco products can be remotely restarted by unauthenticated attackers through crafted packets sent over established connections, due to improper binder module initialization logic. This denial-of-service vulnerability interrupts packet inspection capabilities and can be triggered without authentication or user interaction. No patch is currently available for this medium-severity flaw.
CLI of Cisco Secure FTD Software contains a vulnerability that allows attackers to execute commands on the underlying operating system as root (CVSS 6.0).
Cisco Secure Firewall ASA in multi-context mode contains an access control bypass in SCP operations that allows authenticated local administrators of one context to read, modify, or create files in other contexts, including sensitive admin and system configuration files. The vulnerability stems from improper validation of cross-context file access when the CiscoSSH stack is enabled. No patch is currently available for this high-severity flaw.
Snort 3 Detection Engine crashes when processing malformed VBA data due to improper decompression error handling, allowing unauthenticated remote attackers to trigger denial-of-service conditions across multiple Cisco products. An attacker can exploit this vulnerability by sending crafted VBA payloads to cause unexpected engine restarts without requiring authentication or user interaction. No patch is currently available for this medium-severity flaw.
Denial of service in Cisco Snort 3's VBA decompression feature allows unauthenticated remote attackers to crash the detection engine by sending maliciously crafted VBA data. The vulnerability stems from insufficient error checking during VBA data processing, enabling attackers to trigger unexpected restarts of the Snort 3 Detection Engine. No patch is currently available for this medium-severity issue affecting multiple Cisco products.
Improper error checking in Cisco Snort 3's VBA decompression feature allows unauthenticated remote attackers to trigger an infinite loop by sending specially crafted VBA data, causing a denial of service condition. The vulnerability affects multiple Cisco products and requires no user interaction or authentication to exploit. No patch is currently available.
Improper range checking in Cisco Snort 3's VBA decompression feature allows unauthenticated remote attackers to trigger a heap buffer overflow by sending crafted VBA data, causing denial of service. The vulnerability affects multiple Cisco products and requires no authentication or user interaction to exploit. No patch is currently available.
Denial of service in Cisco Secure Firewall Threat Defense via crafted SSL packets allows unauthenticated remote attackers to crash the Snort 3 Detection Engine through a memory management logic error during SSL inspection. An attacker can exploit this vulnerability by sending malicious SSL packets through an established connection, forcing the detection engine to unexpectedly restart and interrupt security monitoring. No patch is currently available for this medium-severity issue.
Device reloads in Cisco Secure Firewall Threat Defense can be triggered by unauthenticated remote attackers sending specially crafted TLS 1.2 traffic through the SSL decryption feature, exploiting improper memory management in the Do Not Decrypt exclusion logic. The vulnerability requires specific network conditions and TLS 1.2 traffic to trigger, resulting in denial of service with no authentication required. No patch is currently available for this medium-severity issue affecting Cisco and TLS implementations.
Denial of service in Cisco ASA and FTD devices processing GCM-encrypted IKEv2 IPsec traffic results from inadequate memory allocation, allowing authenticated remote attackers to trigger device reloads by sending specially crafted encrypted packets. An attacker with valid VPN credentials can exploit this vulnerability to render affected firewalls unavailable. No patch is currently available.
Cisco Secure Firewall Management Center lockdown bypass allows authenticated local administrators to execute arbitrary commands as root by sending crafted CLI input that exploits insufficient restrictions on remediation modules. An attacker with valid admin credentials can circumvent lockdown protections to achieve full system compromise. No patch is currently available.
Unauthenticated remote attackers can trigger a denial of service against Cisco Secure Firewall ASA and FTD devices by sending crafted HTTP requests to the VPN web server, exploiting ineffective memory management to force device reloads. The vulnerability requires no authentication or user interaction and affects all network-exposed instances. No patch is currently available.
Unauthenticated remote attackers with admin credentials can exploit insufficient path validation in Cisco Secure Firewall Management Center and Threat Defense sftunnel functionality to write arbitrary files with root privileges on the underlying operating system. By crafting malicious directory paths during file synchronization, an attacker could create or overwrite critical system files. No patch is currently available for this vulnerability.
Insufficient input validation in Cisco Secure FTD Software's CLI allows authenticated local administrators to execute arbitrary commands with root privileges by submitting specially crafted arguments to specific commands. An attacker with valid administrative credentials can exploit this to gain complete control over the underlying operating system. No patch is currently available.
Unauthenticated remote attackers can trigger a denial of service against Cisco Secure Firewall ASA and Secure FTD devices by sending specially crafted IKEv2 packets that trigger a memory leak in the IKEv2 parser. Exploitation exhausts system resources and forces manual device reboot to restore availability. No patch is currently available.
Memory exhaustion in Cisco Secure Firewall ASA and FTD IKEv2 implementations allows authenticated remote attackers with valid VPN credentials to trigger device reloads by sending crafted packets, disrupting firewall availability and downstream network services. The vulnerability stems from improper IKEv2 packet processing that fails to constrain memory allocation. No patch is currently available.
Unauthenticated remote attackers can trigger denial-of-service conditions in Cisco Secure Firewall ASA and Secure FTD Software by sending specially crafted IKEv2 packets that cause memory exhaustion due to improper memory management. A successful attack forces manual device reloads and can degrade network services across connected systems. No patch is currently available for this vulnerability.
Unauthenticated SSH authentication bypass in Cisco Secure Firewall ASA allows remote attackers to log in as arbitrary users by exploiting insufficient input validation during the SSH key authentication phase, requiring only knowledge of a valid username and its associated public key. This vulnerability enables attackers to execute arbitrary commands on affected ASA devices with the privileges of the compromised user account. No patch is currently available.
Insufficient input sanitization in select CLI commands on Cisco Secure Firewall ASA and FTD Software allows authenticated local administrators to execute arbitrary code as root by injecting malicious Lua code. An attacker with valid administrator credentials can craft specially formatted parameters to achieve code execution with elevated privileges. No patch is currently available.
Snort rule bypass in Cisco Secure Firewall Threat Defense allows unauthenticated remote attackers to evade deep packet inspection through crafted traffic that exploits logic errors in inner and outer connection rule evaluation. An attacker can send specially crafted packets that trigger different Snort rules than intended, permitting malicious traffic through the firewall that should be blocked. No patch is currently available for this medium-severity vulnerability.
Cisco Secure Firewall Threat Defense (FTD) Software is vulnerable to denial of service through improper TLS protocol implementation in the Snort 3 Detection Engine, allowing unauthenticated remote attackers to trigger unexpected restarts by sending crafted TLS packets. Successful exploitation causes the affected device to drop network traffic, creating a DoS condition affecting TLS versions prior to 1.3. No patch is currently available.
SQL injection in Cisco Secure FMC REST API allows authenticated users with administrative roles to extract sensitive database contents and read operating system files. The vulnerability stems from insufficient input validation on user-supplied requests, requiring valid credentials but posing significant risk to organizations using affected systems. No patch is currently available.
Unauthenticated SQL injection in Cisco Secure FMC's web management interface allows authenticated attackers to manipulate database queries and extract sensitive data or read operating system files. The vulnerability stems from insufficient input validation on user-supplied requests, requiring valid credentials to exploit. No patch is currently available.
SQL injection in Cisco Secure FMC REST API allows authenticated attackers with administrative privileges to read sensitive database contents and operating system files. The vulnerability stems from insufficient input validation on API endpoints and requires valid credentials (Administrator, Security Approver, Access Admin, or Network Admin roles) to exploit. No patch is currently available.
Snort 3 Detection Engine contains a vulnerability that allows attackers to cause a denial of service (DoS) condition when the Snort 3 Detection Engine rest (CVSS 5.8).
Insufficient filesystem access controls in Cisco Catalyst SD-WAN Manager expose sensitive operating system information to authenticated remote attackers through API access. An attacker with valid credentials can exploit this vulnerability to read confidential data from the underlying system without requiring user interaction. No patch is currently available for this medium-severity information disclosure vulnerability.
Authentication bypass in Cisco Catalyst SD-WAN Manager API allows unauthenticated remote access to the management platform. Separate vulnerability from the peering auth bypass (CVE-2026-20127).
Catalyst Sd-Wan Manager contains a vulnerability that allows attackers to access another affected system and gain DCA user privileges (CVSS 7.5).
Cisco Catalyst SD-WAN Controller and Manager contain a critical authentication bypass (CVE-2026-20127, CVSS 10.0) in the peering authentication mechanism that allows unauthenticated remote attackers to obtain full administrative privileges. The vulnerability exists because peering authentication does not properly validate credentials, enabling any attacker with network access to take over the SD-WAN management plane and control the entire WAN fabric.
Catalyst Sd-Wan Manager contains a vulnerability that allows attackers to an authenticated, local attacker with low privileges to gain root privileges on (CVSS 8.8).
Catalyst Sd-Wan Manager contains a vulnerability that allows attackers to overwrite arbitrary files on the affected system and gain vmanage user priv (CVSS 5.4).
Stored XSS in Cisco IMC web management interface allows authenticated administrators to inject arbitrary script code executed in users' browsers via insufficient input validation. Affects Cisco Enterprise NFV Infrastructure Software, Cisco Unified Computing System (Standalone), and Cisco UCS E-Series Software. Requires administrative privileges and user interaction (clicking a crafted link), resulting in session hijacking, credential theft, or unauthorized access to sensitive browser-based information. No public exploit code identified at time of analysis.
Stored cross-site scripting (XSS) in Cisco IMC web management interface allows authenticated administrators to inject persistent malicious scripts that execute in other users' browsers via crafted links. Affects Cisco Enterprise NFV Infrastructure Software, Unified Computing System (standalone), and UCS E-Series. No public exploit code or active exploitation confirmed; patch availability not independently verified from provided data.
Stored XSS in Cisco IMC web management interface allows authenticated administrators to inject arbitrary script code via insufficient input validation. Attackers with admin privileges can craft malicious links that execute JavaScript in the browsers of other users accessing the interface, potentially compromising session security, stealing credentials, or accessing sensitive information. No public exploit code or active exploitation has been confirmed; the vulnerability requires administrator privileges and user interaction to trigger.
Stored cross-site scripting (XSS) in Cisco IMC web management interface allows authenticated administrators to inject malicious script code that executes in the browsers of other users accessing the interface. An attacker with administrative credentials can exploit insufficient input validation by crafting a malicious link and tricking a user into clicking it, enabling arbitrary script execution or theft of sensitive browser-based information. No public exploit code or active exploitation has been identified at time of analysis.
Remote code execution in Cisco Smart Software Manager On-Prem allows unauthenticated attackers to execute arbitrary commands with root privileges via an exposed internal service API. The vulnerability stems from unintentional exposure of an internal service that accepts crafted API requests, enabling full system compromise. With a CVSS score of 9.8 and complete attack vector accessibility over the network requiring no authentication or user interaction, this represents a critical security exposure for organizations using SSM On-Prem for Cisco software license management, though no public exploit identified at time of analysis.
Cisco Nexus Dashboard Insights metadata update feature allows authenticated administrators to write arbitrary files to the system with root privileges through path traversal in insufficiently validated metadata files. An attacker with valid administrative credentials can craft and manually upload a malicious metadata file to achieve arbitrary file write access to the underlying operating system. This vulnerability affects Cisco Nexus Dashboard and Nexus Dashboard Insights deployments, particularly those using manual metadata uploads in air-gap environments. CVSS score of 4.9 reflects the requirement for high-privilege authentication, though the integrity impact is rated as high given the ability to write files as root.
Privilege escalation in Cisco Smart Software Manager On-Prem (SSM On-Prem) web interface allows authenticated remote attackers with System User role to gain administrative access by intercepting session credentials from status messages. CVSS 7.3 (High severity) with network attack vector, low complexity, and requires low privileges plus user interaction. No public exploit code or active exploitation confirmed at time of analysis (EPSS data not provided).
Improper authorization in Cisco EPNM's REST API allows authenticated low-privilege attackers to access active user session data, including administrative credentials, enabling full device compromise. The vulnerability (CWE-862: Missing Authorization) affects the web management interface with CVSS 8.0 severity. Authentication is required (PR:L) but exploitation complexity is low once authenticated. No public exploit identified at time of analysis, with EPSS data unavailable for this 2026-dated CVE identifier.
Command injection in Cisco IMC web management interface allows authenticated admin-level attackers to execute arbitrary commands as root through improper input validation. Affects Cisco Enterprise NFV Infrastructure Software, Unified Computing System (standalone), and UCS E-Series platforms. No public exploit code or active exploitation confirmed at time of analysis, but the high-privileged context and root-level impact necessitate swift patching.
Cisco IMC web-based management interface allows authenticated administrators to execute arbitrary code as root through improper input validation in HTTP requests. The vulnerability affects Cisco Unified Computing System (standalone) and requires admin-level credentials and network access; successful exploitation grants attacker root-level code execution on the underlying operating system. No public exploit code or active exploitation has been identified at time of analysis.
Command injection in Cisco Integrated Management Controller (IMC) web interface allows authenticated attackers with read-only privileges to execute arbitrary commands as root. The CVSS:3.1 vector (AV:N/AC:L/PR:L/UI:N) confirms network-accessible exploitation requiring only low-privilege authentication, with no public exploit identified at time of analysis. EPSS data not provided; CVE-2026 prefix suggests future disclosure.
Command injection in Cisco IMC web-based management interface allows authenticated remote attackers with admin-level privileges to execute arbitrary commands as root. The vulnerability stems from improper input validation in the web interface, enabling attackers to inject crafted commands that execute on the underlying operating system with elevated privileges. While the CVSS score is 6.5 (Medium), Cisco assigned a High Security Impact Rating due to the root-level code execution capability and potential for post-compromise lateral movement or system takeover.
Authentication bypass in Cisco Integrated Management Controller (IMC) allows unauthenticated remote attackers to gain administrative access by exploiting improper password change request handling. Affected products include Cisco Enterprise NFV Infrastructure Software, Unified Computing System (Standalone), and UCS E-Series Software. The attacker can alter any user's password, including Admin accounts, and take full control of the management interface. CVSS 9.8 (Critical) with network-accessible attack vector requiring no privileges or user interaction. No public exploit identified at time of analysis, though EPSS data not available for comprehensive risk assessment.
Reflected XSS in Cisco IMC web management interface allows unauthenticated remote attackers to execute arbitrary JavaScript in user browsers via crafted links. Affects Cisco Enterprise NFV Infrastructure Software, Cisco Unified Computing System (standalone), and UCS E-Series Software. Exploitation requires user interaction (clicking a malicious link) but could lead to session hijacking, credential theft, or malware delivery to privileged administrators managing critical infrastructure.
Server-side request forgery in Cisco Nexus Dashboard and Nexus Dashboard Insights allows unauthenticated remote attackers to conduct SSRF attacks by tricking authenticated users into clicking malicious links, enabling arbitrary network requests from the affected device and potential execution of arbitrary script code or access to sensitive browser data. CVSS 6.1 with no public exploit or active exploitation confirmed at time of analysis.
Cisco Nexus Dashboard configuration backup feature allows authenticated administrators to extract sensitive authentication credentials from encrypted backup files, enabling subsequent unauthorized access to internal APIs and arbitrary root-level command execution on the underlying operating system. The vulnerability requires possession of both a valid backup file and its encryption password, limiting exploitation to administrators or attackers with backup file access. CVSS 6.5 reflects the high-privilege requirement (PR:H) despite high confidentiality and integrity impact; no public exploit or active exploitation has been identified.
Cisco Catalyst SD-WAN Manager's web interface contains a reflected cross-site scripting (XSS) vulnerability that requires user interaction and authentication to exploit. An attacker can craft a malicious link to execute arbitrary JavaScript in a victim's browser session, potentially stealing sensitive information or performing unauthorized actions within the management interface. No patch is currently available.
A stored cross-site scripting (XSS) vulnerability exists in the web-based Cisco IOx application hosting environment management interface within Cisco IOS XE Software, allowing authenticated remote attackers with administrative credentials to inject malicious scripts that execute in the context of other users' browser sessions. Successful exploitation enables arbitrary script execution and access to sensitive browser-based information affecting a wide range of Cisco IOS XE versions from 16.6.1 through 17.18.1a. This vulnerability requires valid administrative credentials and user interaction but poses a significant risk in multi-administrator environments where privilege escalation or lateral movement could occur.
A CRLF injection vulnerability exists in the web-based Cisco IOx application hosting environment management interface of Cisco IOS XE Software that allows unauthenticated remote attackers to inject arbitrary log entries and manipulate log file structure. The vulnerability stems from insufficient input validation in the Cisco IOx management interface and affects a broad range of Cisco IOS XE Software versions from 16.6.1 through 17.18.1x. A successful exploit enables attackers to obscure legitimate log events, inject malicious log entries, or corrupt log file integrity without requiring authentication, making it particularly dangerous in environments where log analysis is relied upon for security monitoring and compliance.
Insufficient parameter validation in Cisco IOS XE Software's Lobby Ambassador management API allows authenticated remote attackers to bypass access controls and create unauthorized administrative accounts. An attacker with standard Lobby Ambassador credentials can exploit this flaw to escalate privileges and gain full management API access on affected devices. This impacts Cisco and Apple products and currently has no available patch.
Cisco Meraki devices running vulnerable IOS XE Software transmit configuration data over unencrypted channels, enabling remote attackers to intercept sensitive device information through on-path attacks. The vulnerability requires user interaction and network proximity but carries no patch availability, leaving affected organizations exposed until remediation is implemented. This affects both Cisco and Apple products integrating the vulnerable software.
Improper validation of malformed SCP requests in Cisco IOS XE Software allows authenticated local attackers to trigger unexpected device reloads and cause service disruption. An attacker with low privileges can exploit this vulnerability by sending a crafted SSH command to the SCP server component. No patch is currently available for this denial of service vulnerability.
Insufficient privilege validation on the start maintenance command in Cisco IOS XE Software enables authenticated local attackers to trigger a denial of service by placing devices into maintenance mode, which disables network interfaces. Low-privileged users can exploit this via CLI access without administrative credentials. Device recovery requires administrator intervention using the stop maintenance command.
This vulnerability in Cisco IOS XE Software bootloader affects Catalyst 9200, ESS9300, IE9310/9320, and IE3500/3505 series switches, allowing authenticated local attackers with level-15 privileges or unauthenticated attackers with physical access to execute arbitrary code at boot time and bypass the chain of trust. An attacker can manipulate loaded binaries to circumvent integrity checks during boot, enabling execution of non-Cisco-signed images. While the CVSS score is 6.1 (Medium), Cisco assigned it a High Security Impact Rating due to the critical nature of breaking the secure boot mechanism, a foundational security control.
Memory exhaustion in Cisco IOS XE and Apple devices via improper TLS resource handling allows adjacent attackers to trigger denial of service by repeatedly initiating failed authentication or manipulating TLS connections. An unauthenticated attacker can exploit this by resetting TLS sessions or abusing EAP authentication mechanisms to deplete device memory without requiring network access from the internet. Successful exploitation renders affected devices unresponsive, with no patch currently available.
HTTP Server input validation failures in Cisco IOS and IOS XE Release 3E enable authenticated remote attackers to trigger device reloads via malformed requests, causing denial of service. An attacker with valid credentials can exploit improper input handling to exhaust watchdog timers and force unexpected system restarts. No patch is currently available for this vulnerability affecting Cisco and Apple products.
A denial of service vulnerability in the Internet Key Exchange (CVSS 8.6). High severity vulnerability requiring prompt remediation.
This is a denial of service vulnerability in Cisco IOS XE Wireless Controller Software for the Catalyst CW9800 Family caused by improper handling of malformed CAPWAP (Control and Provisioning of Wireless Access Points) packets. The vulnerability affects multiple versions of Cisco IOS XE Software in the 17.14.x through 17.18.x release trains. An unauthenticated remote attacker can exploit this to cause the wireless controller to reload unexpectedly, resulting in complete network disruption with a high severity CVSS score of 8.6.
Improper BOOTP packet handling in Cisco IOS XE Software on Catalyst 9000 Series Switches allows unauthenticated remote attackers to trigger VLAN leakage and cause device unavailability through resource exhaustion. An attacker can send crafted BOOTP requests to forward packets across VLANs, leading to high CPU utilization that renders the switch unreachable and unable to process traffic. No patch is currently available for this denial-of-service vulnerability.
Network interface denial of service in Cisco IOS XR on NCS 5500/5700 routers allows unauthenticated remote attackers to disable packet processing by sending crafted traffic that triggers EPNI Aligner interrupt corruption during heavy transit conditions. Successful exploitation causes the network processing unit and ASIC to stop functioning, rendering affected interfaces unable to forward traffic. No patch is currently available for this medium-severity vulnerability.
Unauthenticated attackers can inject malicious scripts into Cisco Unified CCX's web management interface due to insufficient input validation, enabling XSS attacks against administrators and users. Successful exploitation allows arbitrary JavaScript execution within the browser context or theft of sensitive session information. No patch is currently available.
Unauthenticated attackers can inject malicious scripts into the web management interfaces of multiple Cisco contact center products (Finesse, Packaged CCE, Unified CCE, Unified CCX, and Unified Intelligence Center) due to insufficient input validation. Successful exploitation allows arbitrary script execution in the victim's browser context, potentially enabling session hijacking or credential theft from administrators. No patch is currently available for this cross-site scripting vulnerability.
Cisco IOS XR Software's IS-IS routing implementation fails to properly validate incoming protocol packets, enabling an adjacent network attacker to trigger repeated process crashes and temporary routing outages. An attacker with Layer 2 adjacency can send malformed IS-IS packets to force denial of service conditions affecting network connectivity. No patch is currently available for this high-severity vulnerability.
Cisco IOS XR Software contains a task group mapping flaw in a specific CLI command that allows authenticated local attackers to bypass privilege checks and gain full administrative access to affected devices. An attacker with low-privileged credentials can exploit this misconfiguration to execute unauthorized administrative actions without proper authorization validation. No patch is currently available.
Insufficient CLI argument validation in Cisco IOS XR Software enables authenticated local attackers to achieve root-level code execution through crafted commands. An attacker with low-privileged account access can exploit this vulnerability to bypass privilege restrictions and execute arbitrary commands on the affected device's underlying operating system. No patch is currently available for this high-severity vulnerability.
Cisco Secure Firewall Threat Defense (FTD) devices can be forcibly rebooted by authenticated local attackers through improper input validation in CLI commands, resulting in denial of service. This vulnerability affects low-privileged accounts and requires no user interaction to exploit. No patch is currently available.
Denial of service in Cisco Secure Firewall ASA and Secure FTD devices results from improper validation of OSPF link-state update packets, allowing authenticated adjacent attackers with the OSPF secret key to trigger heap corruption and forced device reloads. An attacker can exploit this by crafting malicious OSPF packets to crash affected devices, causing service disruption. No patch is currently available for this vulnerability.
OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software is affected by buffer overflow (CVSS 6.8).
Memory corruption in Cisco Secure Firewall ASA and FTD OSPF packet processing allows adjacent, unauthenticated attackers to crash affected devices by sending crafted protocol packets. The vulnerability results in device reboot and denial of service, with no authentication or user interaction required. No patch is currently available.
Device denial of service in Cisco Secure Firewall ASA and Secure FTD Software occurs when an unauthenticated adjacent attacker sends specially crafted OSPF packets to trigger out-of-bounds memory writes during packet canonicalization processing. An attacker can exploit this by sending malicious OSPF LSU packets when debug logging is enabled, forcing the affected device to reload and become unavailable. No patch is currently available for this medium-severity vulnerability.
Memory exhaustion in Cisco ASA and FTD OSPF protocol implementation allows adjacent authenticated attackers to trigger denial of service by sending specially crafted packets that bypass input validation. An attacker with network access to the affected device can exploit improper packet parsing to consume available memory and crash the appliance. No patch is currently available for this vulnerability.
Insufficient input validation in Cisco Secure Firewall ASA and Secure FTD OSPF implementations allows adjacent attackers to trigger denial of service by sending malformed OSPF update packets that cause device reloads. Authentication bypass is possible if OSPF authentication is disabled, though knowing the secret key is required when authentication is enabled. No patch is currently available for this medium-severity vulnerability.
Cisco FXOS Software CLI feature for Cisco Secure Firewall ASA Software and Secure FTD Software contains a vulnerability that allows attackers to execute commands on the underlying operating system with root-level privileges (CVSS 6.0).
Cisco Webex is vulnerable to reflected cross-site scripting (XSS) attacks due to insufficient input validation, allowing unauthenticated attackers to inject malicious scripts by tricking users into clicking crafted links. Successful exploitation could enable attackers to steal session tokens, redirect users, or perform actions on behalf of targeted victims. Although Cisco has released a fix, no patch is currently available for this MEDIUM severity vulnerability.
Cisco Secure Firewall Management Center (FMC) contains a critical unauthenticated Java deserialization vulnerability (CVE-2026-20131, CVSS 10.0) in its web interface that enables remote code execution as root. KEV-listed with public PoC, this vulnerability allows complete compromise of the central management platform that controls all Cisco firewalls in the organization, enabling attackers to modify security policies, disable protections, and access all network traffic.
Unauthenticated remote attackers can trigger memory exhaustion on Cisco ASA and FTD devices by sending specially crafted packets to the SSL VPN service, exploiting insufficient input validation in the Remote Access SSL VPN, HTTP management, and MUS functionality. Successful exploitation causes a denial of service condition that requires manual device reboot. No patch is currently available.
Denial of service in Cisco Secure Firewall ASA and FTD Remote Access SSL VPN functionality allows authenticated attackers to exhaust device memory by sending specially crafted packets, forcing a device reload. The vulnerability stems from insufficient input validation on user-supplied data and requires valid VPN credentials to exploit. No patch is currently available.
Denial of service in Cisco Secure Firewall ASA and FTD Remote Access SSL VPN allows unauthenticated remote attackers to exhaust device memory through malformed packets, causing the VPN service to become unresponsive. The vulnerability stems from insufficient input validation on the SSL VPN server and currently has no available patch. While the management interface remains accessible, new VPN connections cannot be established during an attack.
Reflected XSS in Cisco Secure Firewall ASA and FTD SAML 2.0 authentication allows unauthenticated attackers to steal sensitive browser-based information by tricking users into clicking malicious links. The vulnerability stems from inadequate input validation of HTTP parameters in the SSO feature and requires user interaction to exploit. No patch is currently available.
Cisco Secure Firewall ASA and Secure FTD devices can be remotely rebooted by unauthenticated attackers through malformed SAML 2.0 authentication messages, causing service unavailability due to insufficient input validation. The vulnerability has a high attack surface as it requires no authentication or user interaction and affects the device's core authentication mechanism. No patch is currently available.
Cisco Secure Firewall ASA and FTD devices are vulnerable to a denial of service attack through the Remote Access SSL VPN feature, where authenticated attackers can trigger unvalidated input processing in the Lua interpreter to force device reloads. The vulnerability stems from insufficient input validation in the Lua interpreter and can be exploited by sending specially crafted HTTP packets over an existing VPN connection. No patch is currently available for this HIGH severity issue (CVSS 7.7).
Cisco Secure Firewall ASA devices fail to properly manage embryonic connection limits during TCP SYN flood attacks, allowing unauthenticated remote attackers to block all incoming TCP connections including management access and VPN services. An attacker can exploit this denial-of-service vulnerability by sending crafted traffic streams to management or data interfaces, effectively isolating the device from legitimate network access. No patch is currently available for this HIGH severity vulnerability.
Unauthenticated auth bypass in Cisco FMC web interface. CVSS 10.0.
Unauthenticated remote attackers can bypass firewall access controls on Cisco Secure Firewall ASA and FTD devices by exploiting improper error handling during cluster memory exhaustion when syncing security rules. This allows attackers to send traffic that should be blocked through affected devices to reach protected networks. No patch is currently available.
Cross-site scripting (XSS) in the VPN web services component of Cisco Secure Firewall ASA and FTD allows unauthenticated remote attackers to inject malicious scripts that execute in a user's browser when visiting a crafted link. An attacker can exploit this through improper input validation to execute arbitrary HTML or JavaScript in the context of the VPN web server. No patch is currently available for this medium-severity vulnerability.
Cisco Secure Firewall ASA and FTD devices with VPN web services enabled are vulnerable to cross-site request forgery (CSRF) attacks due to insufficient HTTP request validation. An attacker can trick users into visiting a malicious website that sends crafted requests to the affected appliance, potentially allowing injection of malicious content reflected back to the victim's browser. No patch is currently available for this vulnerability.
Snort 3 detection engine contains a vulnerability that allows attackers to cause a DoS condition when the Snort 3 Detection Engine unexpectedly restarts (CVSS 5.8).
Unauthenticated remote attackers can crash the Snort 3 Detection Engine by sending crafted HTTP packets with malformed Multicast DNS fields, causing a denial of service that interrupts packet inspection across multiple Cisco products. The vulnerability stems from incomplete error checking in HTTP header parsing and requires no authentication or user interaction to trigger. No patch is currently available for this MEDIUM severity issue.
Cisco Snort 3 Detection Engine can be remotely restarted by an unauthenticated attacker through crafted HTTP packets exploiting improper JavaScript normalization in the JSTokenizer logic, causing a denial of service condition that interrupts packet inspection. The vulnerability requires the JSTokenizer feature to be enabled and can be triggered via an established network connection without authentication. No patch is currently available.
Snort 3 Detection Engine in multiple Cisco products can be remotely restarted by unauthenticated attackers through crafted packets sent over established connections, due to improper binder module initialization logic. This denial-of-service vulnerability interrupts packet inspection capabilities and can be triggered without authentication or user interaction. No patch is currently available for this medium-severity flaw.
CLI of Cisco Secure FTD Software contains a vulnerability that allows attackers to execute commands on the underlying operating system as root (CVSS 6.0).
Cisco Secure Firewall ASA in multi-context mode contains an access control bypass in SCP operations that allows authenticated local administrators of one context to read, modify, or create files in other contexts, including sensitive admin and system configuration files. The vulnerability stems from improper validation of cross-context file access when the CiscoSSH stack is enabled. No patch is currently available for this high-severity flaw.
Snort 3 Detection Engine crashes when processing malformed VBA data due to improper decompression error handling, allowing unauthenticated remote attackers to trigger denial-of-service conditions across multiple Cisco products. An attacker can exploit this vulnerability by sending crafted VBA payloads to cause unexpected engine restarts without requiring authentication or user interaction. No patch is currently available for this medium-severity flaw.
Denial of service in Cisco Snort 3's VBA decompression feature allows unauthenticated remote attackers to crash the detection engine by sending maliciously crafted VBA data. The vulnerability stems from insufficient error checking during VBA data processing, enabling attackers to trigger unexpected restarts of the Snort 3 Detection Engine. No patch is currently available for this medium-severity issue affecting multiple Cisco products.
Improper error checking in Cisco Snort 3's VBA decompression feature allows unauthenticated remote attackers to trigger an infinite loop by sending specially crafted VBA data, causing a denial of service condition. The vulnerability affects multiple Cisco products and requires no user interaction or authentication to exploit. No patch is currently available.
Improper range checking in Cisco Snort 3's VBA decompression feature allows unauthenticated remote attackers to trigger a heap buffer overflow by sending crafted VBA data, causing denial of service. The vulnerability affects multiple Cisco products and requires no authentication or user interaction to exploit. No patch is currently available.
Denial of service in Cisco Secure Firewall Threat Defense via crafted SSL packets allows unauthenticated remote attackers to crash the Snort 3 Detection Engine through a memory management logic error during SSL inspection. An attacker can exploit this vulnerability by sending malicious SSL packets through an established connection, forcing the detection engine to unexpectedly restart and interrupt security monitoring. No patch is currently available for this medium-severity issue.
Device reloads in Cisco Secure Firewall Threat Defense can be triggered by unauthenticated remote attackers sending specially crafted TLS 1.2 traffic through the SSL decryption feature, exploiting improper memory management in the Do Not Decrypt exclusion logic. The vulnerability requires specific network conditions and TLS 1.2 traffic to trigger, resulting in denial of service with no authentication required. No patch is currently available for this medium-severity issue affecting Cisco and TLS implementations.
Denial of service in Cisco ASA and FTD devices processing GCM-encrypted IKEv2 IPsec traffic results from inadequate memory allocation, allowing authenticated remote attackers to trigger device reloads by sending specially crafted encrypted packets. An attacker with valid VPN credentials can exploit this vulnerability to render affected firewalls unavailable. No patch is currently available.
Cisco Secure Firewall Management Center lockdown bypass allows authenticated local administrators to execute arbitrary commands as root by sending crafted CLI input that exploits insufficient restrictions on remediation modules. An attacker with valid admin credentials can circumvent lockdown protections to achieve full system compromise. No patch is currently available.
Unauthenticated remote attackers can trigger a denial of service against Cisco Secure Firewall ASA and FTD devices by sending crafted HTTP requests to the VPN web server, exploiting ineffective memory management to force device reloads. The vulnerability requires no authentication or user interaction and affects all network-exposed instances. No patch is currently available.
Unauthenticated remote attackers with admin credentials can exploit insufficient path validation in Cisco Secure Firewall Management Center and Threat Defense sftunnel functionality to write arbitrary files with root privileges on the underlying operating system. By crafting malicious directory paths during file synchronization, an attacker could create or overwrite critical system files. No patch is currently available for this vulnerability.
Insufficient input validation in Cisco Secure FTD Software's CLI allows authenticated local administrators to execute arbitrary commands with root privileges by submitting specially crafted arguments to specific commands. An attacker with valid administrative credentials can exploit this to gain complete control over the underlying operating system. No patch is currently available.
Unauthenticated remote attackers can trigger a denial of service against Cisco Secure Firewall ASA and Secure FTD devices by sending specially crafted IKEv2 packets that trigger a memory leak in the IKEv2 parser. Exploitation exhausts system resources and forces manual device reboot to restore availability. No patch is currently available.
Memory exhaustion in Cisco Secure Firewall ASA and FTD IKEv2 implementations allows authenticated remote attackers with valid VPN credentials to trigger device reloads by sending crafted packets, disrupting firewall availability and downstream network services. The vulnerability stems from improper IKEv2 packet processing that fails to constrain memory allocation. No patch is currently available.
Unauthenticated remote attackers can trigger denial-of-service conditions in Cisco Secure Firewall ASA and Secure FTD Software by sending specially crafted IKEv2 packets that cause memory exhaustion due to improper memory management. A successful attack forces manual device reloads and can degrade network services across connected systems. No patch is currently available for this vulnerability.
Unauthenticated SSH authentication bypass in Cisco Secure Firewall ASA allows remote attackers to log in as arbitrary users by exploiting insufficient input validation during the SSH key authentication phase, requiring only knowledge of a valid username and its associated public key. This vulnerability enables attackers to execute arbitrary commands on affected ASA devices with the privileges of the compromised user account. No patch is currently available.
Insufficient input sanitization in select CLI commands on Cisco Secure Firewall ASA and FTD Software allows authenticated local administrators to execute arbitrary code as root by injecting malicious Lua code. An attacker with valid administrator credentials can craft specially formatted parameters to achieve code execution with elevated privileges. No patch is currently available.
Snort rule bypass in Cisco Secure Firewall Threat Defense allows unauthenticated remote attackers to evade deep packet inspection through crafted traffic that exploits logic errors in inner and outer connection rule evaluation. An attacker can send specially crafted packets that trigger different Snort rules than intended, permitting malicious traffic through the firewall that should be blocked. No patch is currently available for this medium-severity vulnerability.
Cisco Secure Firewall Threat Defense (FTD) Software is vulnerable to denial of service through improper TLS protocol implementation in the Snort 3 Detection Engine, allowing unauthenticated remote attackers to trigger unexpected restarts by sending crafted TLS packets. Successful exploitation causes the affected device to drop network traffic, creating a DoS condition affecting TLS versions prior to 1.3. No patch is currently available.
SQL injection in Cisco Secure FMC REST API allows authenticated users with administrative roles to extract sensitive database contents and read operating system files. The vulnerability stems from insufficient input validation on user-supplied requests, requiring valid credentials but posing significant risk to organizations using affected systems. No patch is currently available.
Unauthenticated SQL injection in Cisco Secure FMC's web management interface allows authenticated attackers to manipulate database queries and extract sensitive data or read operating system files. The vulnerability stems from insufficient input validation on user-supplied requests, requiring valid credentials to exploit. No patch is currently available.
SQL injection in Cisco Secure FMC REST API allows authenticated attackers with administrative privileges to read sensitive database contents and operating system files. The vulnerability stems from insufficient input validation on API endpoints and requires valid credentials (Administrator, Security Approver, Access Admin, or Network Admin roles) to exploit. No patch is currently available.
Snort 3 Detection Engine contains a vulnerability that allows attackers to cause a denial of service (DoS) condition when the Snort 3 Detection Engine rest (CVSS 5.8).
Insufficient filesystem access controls in Cisco Catalyst SD-WAN Manager expose sensitive operating system information to authenticated remote attackers through API access. An attacker with valid credentials can exploit this vulnerability to read confidential data from the underlying system without requiring user interaction. No patch is currently available for this medium-severity information disclosure vulnerability.
Authentication bypass in Cisco Catalyst SD-WAN Manager API allows unauthenticated remote access to the management platform. Separate vulnerability from the peering auth bypass (CVE-2026-20127).
Catalyst Sd-Wan Manager contains a vulnerability that allows attackers to access another affected system and gain DCA user privileges (CVSS 7.5).
Cisco Catalyst SD-WAN Controller and Manager contain a critical authentication bypass (CVE-2026-20127, CVSS 10.0) in the peering authentication mechanism that allows unauthenticated remote attackers to obtain full administrative privileges. The vulnerability exists because peering authentication does not properly validate credentials, enabling any attacker with network access to take over the SD-WAN management plane and control the entire WAN fabric.
Catalyst Sd-Wan Manager contains a vulnerability that allows attackers to an authenticated, local attacker with low privileges to gain root privileges on (CVSS 8.8).
Catalyst Sd-Wan Manager contains a vulnerability that allows attackers to overwrite arbitrary files on the affected system and gain vmanage user priv (CVSS 5.4).