Skip to main content

Cisco

5526 CVEs vendor

Monthly

CVE-2020-3145 HIGH This Week

Multiple vulnerabilities in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE Rv110W Firmware Rv130 Firmware +2
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-3144 CRITICAL Act Now

A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router could. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Rv110W Firmware Rv130 Firmware Rv130W Firmware +1
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-3140 CRITICAL Act Now

A vulnerability in the web management interface of Cisco Prime License Manager (PLM) Software could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Prime License Manager
NVD
CVSS 3.1
9.8
EPSS
3.1%
CVE-2020-3282 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Unified Communications Manager Unified Communications Manager Im And Presence Service Unity Connection
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-3402 HIGH This Week

A vulnerability in the Java Remote Method Invocation (RMI) interface of Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to access sensitive information on an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Cisco Authentication Bypass Unified Customer Voice Portal
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-3391 MEDIUM This Month

A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to view sensitive information in clear text. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Digital Network Architecture Center
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2020-3340 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative credentials to conduct a. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Identity Services Engine
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-3297 CRITICAL Act Now

A vulnerability in session management for the web-based interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to defeat authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Sg250X 24 Firmware Sg250X 24P Firmware Sg250X 48 Firmware +115
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2020-3368 MEDIUM This Month

A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Asyncos
NVD
CVSS 3.1
5.8
EPSS
1.4%
CVE-2020-3364 MEDIUM This Month

A vulnerability in the access control list (ACL) functionality of the standby route processor management interface of Cisco IOS XR Software could allow an unauthenticated, remote attacker to reach. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Apple Ios Xr
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-3362 MEDIUM This Month

A vulnerability in the CLI of Cisco Network Services Orchestrator (NSO) could allow an authenticated, local attacker to access confidential information on an affected device. Rated medium severity (CVSS 4.7). No vendor patch available.

Cisco Information Disclosure Network Services Orchestrator
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2020-3361 CRITICAL Act Now

A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to gain unauthorized access to a vulnerable Webex site. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Webex Meetings Webex Meetings Server
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2020-3360 MEDIUM This Month

A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Unified Ip Phone 6901 Firmware Unified Ip Phone 6961 Firmware Unified Ip Phone 6945 Firmware +34
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2020-3356 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Data Center Network Manager
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-3355 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Data Center Network Manager
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-3354 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Data Center Network Manager
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-3350 MEDIUM This Month

A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the. Rated medium severity (CVSS 6.3). No vendor patch available.

Race Condition Cisco Information Disclosure Advanced Malware Protection For Endpoints Clam Antivirus +3
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2020-3347 MEDIUM This Month

A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Cisco Microsoft Information Disclosure Webex Meetings
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-3342 HIGH This Week

A vulnerability in the software update feature of Cisco Webex Meetings Desktop App for Mac could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco RCE Webex Meetings
NVD
CVSS 3.1
8.8
EPSS
3.8%
CVE-2020-3337 MEDIUM This Month

A vulnerability in the web server of Cisco Umbrella could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Open Redirect Umbrella
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-3336 HIGH This Week

A vulnerability in the software upgrade process of Cisco TelePresence Collaboration Endpoint Software and Cisco RoomOS Software could allow an authenticated, remote attacker to modify the filesystem. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Command Injection Roomos Telepresence Collaboration Endpoint
NVD
CVSS 3.1
7.2
EPSS
2.1%
CVE-2020-3296 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE Rv016 Firmware Rv042 Firmware +4
NVD
CVSS 3.1
7.2
EPSS
3.2%
CVE-2020-3295 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE Rv016 Firmware Rv042 Firmware +4
NVD
CVSS 3.1
7.2
EPSS
3.2%
CVE-2020-3294 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE Rv016 Firmware Rv042 Firmware +4
NVD
CVSS 3.1
7.2
EPSS
3.2%
CVE-2020-3293 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE Rv016 Firmware Rv042 Firmware +4
NVD
CVSS 3.1
7.2
EPSS
3.2%
CVE-2020-3292 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE Rv016 Firmware Rv042 Firmware +4
NVD
CVSS 3.1
7.2
EPSS
3.2%
CVE-2020-3291 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE Rv016 Firmware Rv042 Firmware +4
NVD
CVSS 3.1
7.2
EPSS
3.2%
CVE-2020-3290 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE Rv016 Firmware Rv042 Firmware +4
NVD
CVSS 3.1
7.2
EPSS
3.2%
CVE-2020-3289 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE Rv016 Firmware Rv042 Firmware +4
NVD
CVSS 3.1
7.2
EPSS
3.2%
CVE-2020-3288 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE Rv016 Firmware Rv042 Firmware +4
NVD
CVSS 3.1
7.2
EPSS
3.2%
CVE-2020-3287 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE Rv016 Firmware Rv042 Firmware +4
NVD
CVSS 3.1
7.2
EPSS
3.2%
CVE-2020-3286 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE Rv016 Firmware Rv042 Firmware +4
NVD
CVSS 3.1
7.2
EPSS
3.2%
CVE-2020-3279 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Rv016 Firmware Rv042 Firmware Rv042G Firmware +3
NVD
CVSS 3.1
7.2
EPSS
2.8%
CVE-2020-3278 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Rv016 Firmware Rv042 Firmware Rv042G Firmware +3
NVD
CVSS 3.1
7.2
EPSS
2.8%
CVE-2020-3277 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Rv016 Firmware Rv042 Firmware Rv042G Firmware +3
NVD
CVSS 3.1
7.2
EPSS
2.8%
CVE-2020-3276 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Rv016 Firmware Rv042 Firmware Rv042G Firmware +3
NVD
CVSS 3.1
7.2
EPSS
2.8%
CVE-2020-3275 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Rv016 Firmware Rv042 Firmware Rv042G Firmware +3
NVD
CVSS 3.1
7.2
EPSS
2.8%
CVE-2020-3274 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Rv016 Firmware Rv042 Firmware Rv042G Firmware +3
NVD
CVSS 3.1
7.2
EPSS
2.8%
CVE-2020-3269 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker with administrative privileges. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Rv110W Firmware Rv130 Firmware Rv130W Firmware +1
NVD
CVSS 3.1
7.2
EPSS
2.6%
CVE-2020-3268 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker with administrative privileges. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Rv110W Firmware Rv130 Firmware Rv130W Firmware +1
NVD
CVSS 3.1
7.2
EPSS
2.6%
CVE-2020-3263 HIGH This Week

A vulnerability in Cisco Webex Meetings Desktop App could allow an unauthenticated, remote attacker to execute programs on an affected end-user system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Cisco RCE Webex Meetings
NVD
CVSS 3.1
7.5
EPSS
4.1%
CVE-2020-3245 MEDIUM This Month

A vulnerability in the web application of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to create arbitrary user accounts. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Smart Software Manager On Prem
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2020-3244 MEDIUM This Month

A vulnerability in the Enhanced Charging Service (ECS) functionality of Cisco ASR 5000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass the traffic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Staros
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2020-3242 MEDIUM This Month

A vulnerability in the REST API of Cisco UCS Director could allow an authenticated, remote attacker with administrative privileges to obtain confidential information from an affected device. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Ucs Director
NVD
CVSS 3.1
4.9
EPSS
1.1%
CVE-2020-3241 MEDIUM This Month

A vulnerability in the orchestration tasks of Cisco UCS Director could allow an authenticated, remote attacker to perform a path traversal attack on an affected device. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Path Traversal Ucs Director
NVD
CVSS 3.1
6.5
EPSS
2.0%
CVE-2020-3236 MEDIUM This Month

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to gain root shell access to the underlying operating system and. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Path Traversal Enterprise Network Function Virtualization Infrastructure
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2020-3353 MEDIUM This Month

A vulnerability in the syslog processing engine of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Cisco Denial Of Service Identity Services Engine
NVD
CVSS 3.1
5.9
EPSS
0.8%
CVE-2020-3339 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Prime Infrastructure
NVD
CVSS 3.1
5.4
EPSS
1.1%
CVE-2020-3335 MEDIUM PATCH This Month

A vulnerability in the key store of Cisco Application Services Engine Software could allow an authenticated, local attacker to read sensitive information of other users on an affected device. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Cisco Authentication Bypass Application Policy Infrastructure Controller Application Services Engine
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-3333 MEDIUM PATCH This Month

A vulnerability in the API of Cisco Application Services Engine Software could allow an unauthenticated, remote attacker to update event policies on an affected device. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Cisco Authentication Bypass Application Policy Infrastructure Controller Application Services Engine
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2020-3281 HIGH PATCH This Week

A vulnerability in the audit logging component of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to view sensitive information in clear text. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Cisco Information Disclosure Digital Network Architecture Center
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-3267 HIGH This Week

A vulnerability in the API subsystem of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to change the availability state of any agent. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Authentication Bypass Unified Contact Center Express
NVD
CVSS 3.1
7.1
EPSS
0.8%
CVE-2020-3258 CRITICAL PATCH Act Now

Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Cisco RCE Apple iOS
NVD
CVSS 3.1
9.8
EPSS
4.6%
CVE-2020-3257 HIGH PATCH This Week

Multiple vulnerabilities in the Cisco IOx application environment of Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000). Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity.

Cisco RCE Denial Of Service Apple iOS
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2020-3238 HIGH This Week

A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, remote attacker to write or modify arbitrary files in the virtual. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Iox
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2020-3237 MEDIUM This Month

A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, local attacker to overwrite arbitrary files in the virtual instance. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Iox
NVD
CVSS 3.1
6.3
EPSS
0.4%
CVE-2020-3235 HIGH PATCH This Week

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and Cisco IOS XE Software on Catalyst 4500 Series Switches could allow an authenticated, remote. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity.

Cisco Denial Of Service Apple iOS Ios Xe +1
NVD
CVSS 3.1
7.7
EPSS
1.6%
CVE-2020-3234 HIGH PATCH This Week

A vulnerability in the virtual console authentication of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Cisco Authentication Bypass Apple iOS
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2020-3233 MEDIUM This Month

A vulnerability in the web-based Local Manager interface of the Cisco IOx Application Framework could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Iox
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-3232 HIGH PATCH This Week

A vulnerability in the Simple Network Management Protocol (SNMP) implementation in Cisco ASR 920 Series Aggregation Services Router model ASR920-12SZ-IM could allow an authenticated, remote attacker. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity.

Cisco Denial Of Service Ios Xe
NVD
CVSS 3.1
7.7
EPSS
1.0%
CVE-2020-3231 MEDIUM PATCH This Month

A vulnerability in the 802.1X feature of Cisco Catalyst 2960-L Series Switches and Cisco Catalyst CDB-8P Switches could allow an unauthenticated, adjacent attacker to forward broadcast traffic before. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required, low attack complexity.

Cisco Authentication Bypass iOS
NVD
CVSS 3.1
4.7
EPSS
0.5%
CVE-2020-3230 HIGH This Week

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) implementation in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to prevent IKEv2 from. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cisco Microsoft Apple iOS +1
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-3229 HIGH PATCH This Week

A vulnerability in Role Based Access Control (RBAC) functionality of Cisco IOS XE Web Management Software could allow a Read-Only authenticated, remote attacker to execute commands or configuration. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Cisco Privilege Escalation Apple Ios Xe
NVD
CVSS 3.1
8.8
EPSS
5.3%
CVE-2020-3228 HIGH PATCH This Week

A vulnerability in Security Group Tag Exchange Protocol (SXP) in Cisco IOS Software, Cisco IOS XE Software, and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Cisco Denial Of Service Microsoft Apple iOS +2
NVD
CVSS 3.1
8.6
EPSS
1.8%
CVE-2020-3227 CRITICAL Act Now

A vulnerability in the authorization controls for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute Cisco IOx API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Apple Ios Xe
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2020-3226 HIGH This Week

A vulnerability in the Session Initiation Protocol (SIP) library of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Apple iOS Ios Xe
NVD
CVSS 3.1
8.6
EPSS
1.6%
CVE-2020-3225 HIGH PATCH This Week

Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Cisco Denial Of Service Apple iOS Ios Xe
NVD
CVSS 3.1
8.6
EPSS
2.1%
CVE-2020-3224 HIGH PATCH This Week

A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to inject IOS commands to an affected device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Cisco Denial Of Service Command Injection Apple Ios Xe
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-3223 MEDIUM PATCH This Month

A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker with administrative privileges to read arbitrary files on the. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Cisco Apple Ios Xe
NVD
CVSS 3.1
4.9
EPSS
1.9%
CVE-2020-3222 MEDIUM PATCH This Month

A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to bypass access control restrictions on an affected device. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity.

Cisco Authentication Bypass Apple Ios Xe
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2020-3221 HIGH PATCH This Week

A vulnerability in the Flexible NetFlow Version 9 packet processor of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Cisco Denial Of Service Apple Ios Xe
NVD
CVSS 3.1
8.6
EPSS
1.5%
CVE-2020-3220 MEDIUM PATCH This Month

A vulnerability in the hardware crypto driver of Cisco IOS XE Software for Cisco 4300 Series Integrated Services Routers and Cisco Catalyst 9800-L Wireless Controllers could allow an unauthenticated,. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Cisco Apple Ios Xe
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2020-3219 HIGH PATCH This Week

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to inject and execute arbitrary commands with administrative privileges on the underlying. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Cisco Command Injection Apple Ios Xe
NVD
CVSS 3.1
8.8
EPSS
3.3%
CVE-2020-3218 HIGH PATCH This Week

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code with root privileges on the underlying. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Cisco RCE Apple Ios Xe
NVD
CVSS 3.1
7.2
EPSS
4.9%
CVE-2020-3217 HIGH PATCH This Week

A vulnerability in the Topology Discovery Service of Cisco One Platform Kit (onePK) in Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Cisco RCE Denial Of Service Apple iOS +3
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-3216 MEDIUM This Month

A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, physical attacker to bypass authentication and gain unrestricted access to the root shell of an affected device. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Apple Ios Xe Sd Wan
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2020-3215 MEDIUM This Month

A vulnerability in the Virtual Services Container of Cisco IOS XE Software could allow an authenticated, local attacker to gain root-level privileges on an affected device. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Apple Ios Xe
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-3214 MEDIUM This Month

A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to escalate their privileges to a user with root-level privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Apple Ios Xe
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-3213 MEDIUM PATCH This Month

A vulnerability in the ROMMON of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to those of the root user of the underlying operating system. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Cisco Privilege Escalation Apple Ios Xe
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2020-3212 HIGH PATCH This Week

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges on the underlying operating system of an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Cisco Command Injection Apple Ios Xe
NVD
CVSS 3.1
7.2
EPSS
2.6%
CVE-2020-3211 HIGH PATCH This Week

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges on the underlying operating system of an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Cisco Command Injection Apple Ios Xe
NVD
CVSS 3.1
7.2
EPSS
3.5%
CVE-2020-3210 MEDIUM PATCH This Month

A vulnerability in the CLI parsers of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Cisco Command Injection Apple iOS
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2020-3209 MEDIUM PATCH This Month

A vulnerability in software image verification in Cisco IOS XE Software could allow an unauthenticated, physical attacker to install and boot a malicious software image or execute unsigned binaries. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Cisco Jwt Attack Apple Ios Xe
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2020-3208 MEDIUM PATCH This Month

A vulnerability in the image verification feature of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) could allow an authenticated, local attacker to. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Cisco Privilege Escalation Apple iOS
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-3207 MEDIUM This Month

A vulnerability in the processing of boot options of specific Cisco IOS XE Software switches could allow an authenticated, local attacker with root shell access to the underlying operating system. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Apple Ios Xe
NVD
CVSS 3.1
6.7
EPSS
0.6%
CVE-2020-3206 MEDIUM PATCH This Month

A vulnerability in the handling of IEEE 802.11w Protected Management Frames (PMFs) of Cisco Catalyst 9800 Series Wireless Controllers that are running Cisco IOS XE Software could allow an. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Cisco Apple Ios Xe
NVD
CVSS 3.1
4.7
EPSS
0.5%
CVE-2020-3205 HIGH PATCH This Week

A vulnerability in the implementation of the inter-VM channel of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Cisco Apple iOS
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2020-3204 MEDIUM PATCH This Month

A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker with privileged EXEC credentials to execute. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Buffer Overflow Cisco RCE Apple iOS +1
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2020-3203 HIGH PATCH This Week

A vulnerability in the locally significant certificate (LSC) provisioning feature of Cisco Catalyst 9800 Series Wireless Controllers that are running Cisco IOS XE Software could allow an. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Cisco Denial Of Service Apple Ios Xe
NVD
CVSS 3.1
8.6
EPSS
0.8%
CVE-2020-3201 MEDIUM PATCH This Month

A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker with privileged EXEC credentials to cause a. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Cisco Denial Of Service Apple iOS Ios Xe
NVD
CVSS 3.1
6.0
EPSS
0.3%
EPSS 2% CVSS 8.8
HIGH This Week

Multiple vulnerabilities in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE +4
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router could. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Rv110W Firmware +3
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

A vulnerability in the web management interface of Cisco Prime License Manager (PLM) Software could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Prime License Manager
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Unified Communications Manager +2
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A vulnerability in the Java Remote Method Invocation (RMI) interface of Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to access sensitive information on an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Cisco Authentication Bypass +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to view sensitive information in clear text. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Digital Network Architecture Center
NVD
EPSS 1% CVSS 4.8
MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative credentials to conduct a. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Identity Services Engine
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

A vulnerability in session management for the web-based interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to defeat authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Sg250X 24 Firmware +117
NVD
EPSS 1% CVSS 5.8
MEDIUM This Month

A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Asyncos
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

A vulnerability in the access control list (ACL) functionality of the standby route processor management interface of Cisco IOS XR Software could allow an unauthenticated, remote attacker to reach. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Apple +1
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

A vulnerability in the CLI of Cisco Network Services Orchestrator (NSO) could allow an authenticated, local attacker to access confidential information on an affected device. Rated medium severity (CVSS 4.7). No vendor patch available.

Cisco Information Disclosure Network Services Orchestrator
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to gain unauthorized access to a vulnerable Webex site. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Webex Meetings +1
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Unified Ip Phone 6901 Firmware +36
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Data Center Network Manager
NVD
EPSS 1% CVSS 4.8
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Data Center Network Manager
NVD
EPSS 1% CVSS 4.8
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Data Center Network Manager
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the. Rated medium severity (CVSS 6.3). No vendor patch available.

Race Condition Cisco Information Disclosure +5
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Cisco Microsoft Information Disclosure +1
NVD
EPSS 4% CVSS 8.8
HIGH This Week

A vulnerability in the software update feature of Cisco Webex Meetings Desktop App for Mac could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco RCE Webex Meetings
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

A vulnerability in the web server of Cisco Umbrella could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Open Redirect Umbrella
NVD
EPSS 2% CVSS 7.2
HIGH This Week

A vulnerability in the software upgrade process of Cisco TelePresence Collaboration Endpoint Software and Cisco RoomOS Software could allow an authenticated, remote attacker to modify the filesystem. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Command Injection +2
NVD
EPSS 3% CVSS 7.2
HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE +6
NVD
EPSS 3% CVSS 7.2
HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE +6
NVD
EPSS 3% CVSS 7.2
HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE +6
NVD
EPSS 3% CVSS 7.2
HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE +6
NVD
EPSS 3% CVSS 7.2
HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE +6
NVD
EPSS 3% CVSS 7.2
HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE +6
NVD
EPSS 3% CVSS 7.2
HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE +6
NVD
EPSS 3% CVSS 7.2
HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE +6
NVD
EPSS 3% CVSS 7.2
HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE +6
NVD
EPSS 3% CVSS 7.2
HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE +6
NVD
EPSS 3% CVSS 7.2
HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE +6
NVD
EPSS 3% CVSS 7.2
HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Rv016 Firmware +5
NVD
EPSS 3% CVSS 7.2
HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Rv016 Firmware +5
NVD
EPSS 3% CVSS 7.2
HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Rv016 Firmware +5
NVD
EPSS 3% CVSS 7.2
HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Rv016 Firmware +5
NVD
EPSS 3% CVSS 7.2
HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Rv016 Firmware +5
NVD
EPSS 3% CVSS 7.2
HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Rv016 Firmware +5
NVD
EPSS 3% CVSS 7.2
HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker with administrative privileges. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Rv110W Firmware +3
NVD
EPSS 3% CVSS 7.2
HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker with administrative privileges. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Rv110W Firmware +3
NVD
EPSS 4% CVSS 7.5
HIGH This Week

A vulnerability in Cisco Webex Meetings Desktop App could allow an unauthenticated, remote attacker to execute programs on an affected end-user system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Cisco RCE Webex Meetings
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

A vulnerability in the web application of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to create arbitrary user accounts. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Smart Software Manager On Prem
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

A vulnerability in the Enhanced Charging Service (ECS) functionality of Cisco ASR 5000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass the traffic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Staros
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

A vulnerability in the REST API of Cisco UCS Director could allow an authenticated, remote attacker with administrative privileges to obtain confidential information from an affected device. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Ucs Director
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

A vulnerability in the orchestration tasks of Cisco UCS Director could allow an authenticated, remote attacker to perform a path traversal attack on an affected device. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Path Traversal Ucs Director
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to gain root shell access to the underlying operating system and. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Path Traversal Enterprise Network Function Virtualization Infrastructure
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

A vulnerability in the syslog processing engine of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Cisco Denial Of Service +1
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Prime Infrastructure
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A vulnerability in the key store of Cisco Application Services Engine Software could allow an authenticated, local attacker to read sensitive information of other users on an affected device. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Cisco Authentication Bypass Application Policy Infrastructure Controller +1
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

A vulnerability in the API of Cisco Application Services Engine Software could allow an unauthenticated, remote attacker to update event policies on an affected device. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Cisco Authentication Bypass Application Policy Infrastructure Controller +1
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

A vulnerability in the audit logging component of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to view sensitive information in clear text. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Cisco Information Disclosure Digital Network Architecture Center
NVD
EPSS 1% CVSS 7.1
HIGH This Week

A vulnerability in the API subsystem of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to change the availability state of any agent. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Authentication Bypass +1
NVD
EPSS 5% CVSS 9.8
CRITICAL PATCH Act Now

Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Cisco RCE +2
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

Multiple vulnerabilities in the Cisco IOx application environment of Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000). Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity.

Cisco RCE Denial Of Service +2
NVD
EPSS 1% CVSS 8.1
HIGH This Week

A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, remote attacker to write or modify arbitrary files in the virtual. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Iox
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, local attacker to overwrite arbitrary files in the virtual instance. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Iox
NVD
EPSS 2% CVSS 7.7
HIGH PATCH This Week

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and Cisco IOS XE Software on Catalyst 4500 Series Switches could allow an authenticated, remote. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity.

Cisco Denial Of Service Apple +3
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

A vulnerability in the virtual console authentication of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Cisco Authentication Bypass Apple +1
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

A vulnerability in the web-based Local Manager interface of the Cisco IOx Application Framework could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Iox
NVD
EPSS 1% CVSS 7.7
HIGH PATCH This Week

A vulnerability in the Simple Network Management Protocol (SNMP) implementation in Cisco ASR 920 Series Aggregation Services Router model ASR920-12SZ-IM could allow an authenticated, remote attacker. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity.

Cisco Denial Of Service Ios Xe
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

A vulnerability in the 802.1X feature of Cisco Catalyst 2960-L Series Switches and Cisco Catalyst CDB-8P Switches could allow an unauthenticated, adjacent attacker to forward broadcast traffic before. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required, low attack complexity.

Cisco Authentication Bypass iOS
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) implementation in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to prevent IKEv2 from. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cisco Microsoft +3
NVD
EPSS 5% CVSS 8.8
HIGH PATCH This Week

A vulnerability in Role Based Access Control (RBAC) functionality of Cisco IOS XE Web Management Software could allow a Read-Only authenticated, remote attacker to execute commands or configuration. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Cisco Privilege Escalation Apple +1
NVD
EPSS 2% CVSS 8.6
HIGH PATCH This Week

A vulnerability in Security Group Tag Exchange Protocol (SXP) in Cisco IOS Software, Cisco IOS XE Software, and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Cisco Denial Of Service Microsoft +4
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

A vulnerability in the authorization controls for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute Cisco IOx API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Apple +1
NVD
EPSS 2% CVSS 8.6
HIGH This Week

A vulnerability in the Session Initiation Protocol (SIP) library of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Apple +2
NVD
EPSS 2% CVSS 8.6
HIGH PATCH This Week

Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Cisco Denial Of Service Apple +2
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to inject IOS commands to an affected device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Cisco Denial Of Service Command Injection +2
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker with administrative privileges to read arbitrary files on the. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Cisco Apple +1
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to bypass access control restrictions on an affected device. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity.

Cisco Authentication Bypass Apple +1
NVD
EPSS 2% CVSS 8.6
HIGH PATCH This Week

A vulnerability in the Flexible NetFlow Version 9 packet processor of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Cisco Denial Of Service Apple +1
NVD
EPSS 1% CVSS 6.8
MEDIUM PATCH This Month

A vulnerability in the hardware crypto driver of Cisco IOS XE Software for Cisco 4300 Series Integrated Services Routers and Cisco Catalyst 9800-L Wireless Controllers could allow an unauthenticated,. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Cisco Apple +1
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to inject and execute arbitrary commands with administrative privileges on the underlying. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Cisco Command Injection Apple +1
NVD
EPSS 5% CVSS 7.2
HIGH PATCH This Week

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code with root privileges on the underlying. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Cisco RCE Apple +1
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

A vulnerability in the Topology Discovery Service of Cisco One Platform Kit (onePK) in Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Cisco RCE Denial Of Service +5
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, physical attacker to bypass authentication and gain unrestricted access to the root shell of an affected device. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Apple +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A vulnerability in the Virtual Services Container of Cisco IOS XE Software could allow an authenticated, local attacker to gain root-level privileges on an affected device. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Apple +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to escalate their privileges to a user with root-level privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Apple +1
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

A vulnerability in the ROMMON of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to those of the root user of the underlying operating system. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Cisco Privilege Escalation Apple +1
NVD
EPSS 3% CVSS 7.2
HIGH PATCH This Week

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges on the underlying operating system of an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Cisco Command Injection Apple +1
NVD
EPSS 4% CVSS 7.2
HIGH PATCH This Week

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges on the underlying operating system of an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Cisco Command Injection Apple +1
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

A vulnerability in the CLI parsers of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Cisco Command Injection Apple +1
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

A vulnerability in software image verification in Cisco IOS XE Software could allow an unauthenticated, physical attacker to install and boot a malicious software image or execute unsigned binaries. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Cisco Jwt Attack +2
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

A vulnerability in the image verification feature of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) could allow an authenticated, local attacker to. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Cisco Privilege Escalation Apple +1
NVD
EPSS 1% CVSS 6.7
MEDIUM This Month

A vulnerability in the processing of boot options of specific Cisco IOS XE Software switches could allow an authenticated, local attacker with root shell access to the underlying operating system. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Apple +1
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

A vulnerability in the handling of IEEE 802.11w Protected Management Frames (PMFs) of Cisco Catalyst 9800 Series Wireless Controllers that are running Cisco IOS XE Software could allow an. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Cisco Apple +1
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

A vulnerability in the implementation of the inter-VM channel of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Cisco Apple +1
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker with privileged EXEC credentials to execute. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Buffer Overflow Cisco RCE +3
NVD
EPSS 1% CVSS 8.6
HIGH PATCH This Week

A vulnerability in the locally significant certificate (LSC) provisioning feature of Cisco Catalyst 9800 Series Wireless Controllers that are running Cisco IOS XE Software could allow an. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Cisco Denial Of Service Apple +1
NVD
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker with privileged EXEC credentials to cause a. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Cisco Denial Of Service Apple +2
NVD
Prev Page 24 of 62 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy