Skip to main content

Cisco

5526 CVEs vendor

Monthly

CVE-2019-15241 HIGH This Week

Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE Spa112 Firmware Spa122 Firmware
NVD
CVSS 3.1
8.0
EPSS
0.6%
CVE-2019-15240 HIGH This Week

Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE Spa112 Firmware Spa122 Firmware
NVD
CVSS 3.1
8.0
EPSS
0.6%
CVE-2019-12718 MEDIUM This Month

A vulnerability in the web-based interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Sf250 24 Firmware Sf250 24P Firmware Sf250 48 Firmware +105
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-12708 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to access sensitive information on an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Spa112 Firmware Spa122 Firmware
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2019-12705 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Telepresence Video Communication Server
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-12704 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to view the contents of arbitrary files on. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Spa112 Firmware Spa122 Firmware
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2019-12703 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco SPA122 ATA with Router Devices could allow an unauthenticated, adjacent attacker to conduct cross-site scripting attacks. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Spa122 Firmware
NVD
CVSS 3.1
5.2
EPSS
0.4%
CVE-2019-12702 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to conduct cross-site scripting attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Spa112 Firmware Spa122 Firmware
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2019-12638 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Identity Services Engine
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2019-12637 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Identity Services Engine
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2019-12636 HIGH This Week

A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco CSRF Sf250 24 Firmware Sf250 24P Firmware +106
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2019-17042 CRITICAL PATCH Act Now

An issue was discovered in Rsyslog v8.1908.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Cisco Rsyslog Fedora Debian Linux +1
NVD GitHub
CVSS 3.1
9.8
EPSS
3.1%
CVE-2019-1915 MEDIUM This Month

A vulnerability in the web-based interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition (SME), Cisco Unified Communications Manager IM and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco CSRF Unified Communications Manager Unity Connection Unified Communications Manager Im And Presence Service
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2019-15272 MEDIUM This Month

A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Cisco Unified Communications Manager
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2019-15259 MEDIUM This Month

A vulnerability in Cisco Unified Contact Center Express (UCCX) Software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Unified Contact Center Express
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2019-15256 HIGH This Week

A vulnerability in the Internet Key Exchange version 1 (IKEv1) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Cisco Adaptive Security Appliance Software Firepower Threat Defense +11
NVD
CVSS 3.1
8.6
EPSS
2.0%
CVE-2019-12716 MEDIUM This Month

A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Unified Communications Manager
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2019-12715 MEDIUM This Month

A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Unified Communications Manager
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2019-12714 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco IC3000 Industrial Compute Gateway could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Ic3000 Industrial Compute Gateway Firmware
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2019-12713 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Prime Infrastructure
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2019-12712 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Prime Infrastructure
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2019-12711 MEDIUM This Month

A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Denial Of Service Cisco Unified Communications Manager
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2019-12710 MEDIUM This Month

A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an authenticated, remote. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cisco Unified Communications Manager
NVD
CVSS 3.1
4.9
EPSS
1.5%
CVE-2019-12707 MEDIUM This Month

A vulnerability in the web-based interface of multiple Cisco Unified Communications products could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Unified Communications Manager Unified Communications Manager Im And Presence Service Unity Connection
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2019-12706 HIGH This Week

A vulnerability in the Sender Policy Framework (SPF) functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Email Security Appliance Firmware
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-12701 MEDIUM This Month

A vulnerability in the file and malware inspection feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass the file and malware. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Secure Firewall Management Center Vdb Fingerprint Database
NVD
CVSS 3.1
5.8
EPSS
1.5%
CVE-2019-12700 MEDIUM This Month

A vulnerability in the configuration of the Pluggable Authentication Module (PAM) used in Cisco Firepower Threat Defense (FTD) Software, Cisco Firepower Management Center (FMC) Software, and Cisco. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Firepower 9300 Firmware Firepower Extensible Operating System Firepower Threat Defense +1
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2019-12699 HIGH This Week

Multiple vulnerabilities in the CLI of Cisco FXOS Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute commands on the underlying. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Firepower 9300 Firmware Firepower Threat Defense Firepower Extensible Operating System
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-12698 HIGH This Week

A vulnerability in the WebVPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Adaptive Security Appliance Software Firepower Threat Defense
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2019-12697 HIGH This Week

Multiple vulnerabilities in the Cisco Firepower System Software Detection Engine could allow an unauthenticated, remote attacker to bypass configured Malware and File Policies for RTF and RAR file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Firepower
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2019-12696 HIGH This Week

Multiple vulnerabilities in the Cisco Firepower System Software Detection Engine could allow an unauthenticated, remote attacker to bypass configured Malware and File Policies for RTF and RAR file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Firepower
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2019-12695 MEDIUM This Month

A vulnerability in the Clientless SSL VPN (WebVPN) portal of Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Adaptive Security Appliance Adaptive Security Appliance Software Firepower Threat Defense
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2019-12694 MEDIUM This Month

A vulnerability in the command line interface (CLI) of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker with administrative privileges to execute commands on. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Firepower Threat Defense
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2019-12693 MEDIUM This Month

A vulnerability in the Secure Copy (SCP) feature of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Adaptive Security Appliance Software
NVD
CVSS 3.1
4.9
EPSS
1.5%
CVE-2019-12691 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to perform a directory traversal attack on an. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Cisco Secure Firewall Management Center
NVD
CVSS 3.1
4.9
EPSS
3.9%
CVE-2019-12690 HIGH This Week

A vulnerability in the web UI of the Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to inject arbitrary commands that are executed with the privileges of the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Secure Firewall Management Center
NVD
CVSS 3.1
7.2
EPSS
3.5%
CVE-2019-12689 HIGH This Week

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary code on the underlying. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco RCE Secure Firewall Management Center
NVD
CVSS 3.1
8.8
EPSS
3.1%
CVE-2019-12688 HIGH This Week

A vulnerability in the web UI of the Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Secure Firewall Management Center
NVD
CVSS 3.1
8.8
EPSS
3.4%
CVE-2019-12687 HIGH This Week

A vulnerability in the web UI of the Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Secure Firewall Management Center
NVD
CVSS 3.1
8.8
EPSS
3.4%
CVE-2019-12686 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cisco Secure Firewall Management Center
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2019-12685 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cisco Secure Firewall Management Center
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2019-12684 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cisco Secure Firewall Management Center
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2019-12683 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cisco Secure Firewall Management Center
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2019-12682 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cisco Secure Firewall Management Center
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2019-12681 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cisco Secure Firewall Management Center
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2019-12680 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cisco Secure Firewall Management Center
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2019-12679 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cisco Secure Firewall Management Center
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2019-12678 HIGH This Week

A vulnerability in the Session Initiation Protocol (SIP) inspection module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Integer Overflow Cisco Adaptive Security Appliance Adaptive Security Appliance Software +1
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2019-12677 MEDIUM This Month

A vulnerability in the Secure Sockets Layer (SSL) VPN feature of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to cause a denial of service (DoS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2019-12676 HIGH This Week

A vulnerability in the Open Shortest Path First (OSPF) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Adaptive Security Appliance Software Firepower Threat Defense
NVD
CVSS 3.1
7.4
EPSS
0.5%
CVE-2019-12675 HIGH This Week

Multiple vulnerabilities in the multi-instance feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to escape the container for their FTD instance and. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Firepower Threat Defense Firepower 9300 Firmware Firepower 4115 Firmware +6
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2019-12674 HIGH This Week

Multiple vulnerabilities in the multi-instance feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to escape the container for their FTD instance and. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Firepower Threat Defense Firepower 9300 Firmware Firepower 4115 Firmware +6
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2019-12673 HIGH This Week

A vulnerability in the FTP inspection engine of Cisco Adaptive Security (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Cisco Adaptive Security Appliance Adaptive Security Appliance Software +1
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2019-12631 MEDIUM This Month

A vulnerability in the web-based guest portal of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Identity Services Engine
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2019-12630 CRITICAL Act Now

A vulnerability in the Java deserialization function used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Cisco Deserialization Security Manager
NVD
CVSS 3.1
9.8
EPSS
65.8%
CVE-2019-12717 HIGH This Week

A vulnerability in a CLI command related to the virtualization manager (VMAN) in Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Nx Os
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-12709 MEDIUM This Month

A vulnerability in a CLI command related to the virtualization manager (VMAN) in Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an authenticated, local. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Apple Command Injection Ios Xr
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2019-12672 MEDIUM This Month

A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker with physical access to an affected device to execute arbitrary code on the underlying. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Apple RCE iOS
NVD
CVSS 3.1
6.8
EPSS
0.6%
CVE-2019-12671 HIGH This Week

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to gain shell access on an affected device and execute commands on the underlying operating system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Cisco Apple Ios Xe
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-12670 MEDIUM This Month

A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker within the IOx Guest Shell to modify the namespace container protections on an affected device. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Cisco Apple iOS
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2019-12669 HIGH This Week

A vulnerability in the RADIUS Change of Authorization (CoA) code of Cisco TrustSec, a feature within Cisco IOS XE Software, could allow an unauthenticated, remote attacker to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Apple iOS
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2019-12668 MEDIUM This Month

A vulnerability in the web framework code of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Apple iOS Ios Xe
NVD
CVSS 3.1
4.8
EPSS
0.8%
CVE-2019-12667 MEDIUM This Month

A vulnerability in the web framework code of Cisco IOS XE Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Apple Ios Xe
NVD
CVSS 3.1
4.8
EPSS
0.8%
CVE-2019-12666 MEDIUM This Month

A vulnerability in the Guest Shell of Cisco IOS XE Software could allow an authenticated, local attacker to perform directory traversal on the base Linux operating system of Cisco IOS XE Software. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Cisco Apple RCE Ios Xe
NVD
CVSS 3.1
6.7
EPSS
1.1%
CVE-2019-12665 HIGH This Week

A vulnerability in the HTTP client feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to read and modify data that should normally have been sent via an. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Cisco Apple Information Disclosure iOS
NVD
CVSS 3.1
7.4
EPSS
1.1%
CVE-2019-12664 HIGH This Week

A vulnerability in the Dialer interface feature for ISDN connections in Cisco IOS XE Software for Cisco 4000 Series Integrated Services Routers (ISRs) could allow an unauthenticated, adjacent. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Apple Information Disclosure Ios Xe
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2019-12663 HIGH This Week

A vulnerability in the Cisco TrustSec (CTS) Protected Access Credential (PAC) provisioning module of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Apple Ios Xe
NVD
CVSS 3.1
8.6
EPSS
1.8%
CVE-2019-12662 MEDIUM This Month

A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Jwt Attack Cisco Apple RCE Ios Xe +51
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2019-12661 MEDIUM This Month

A vulnerability in a Virtualization Manager (VMAN) related CLI command of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Apple Command Injection Ios Xe
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2019-12660 MEDIUM This Month

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to write values to the underlying memory of an affected device. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Cisco Apple Information Disclosure Ios Xe
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-12659 HIGH This Week

A vulnerability in the HTTP server code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the HTTP server to crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Apple Ios Xe
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2019-12658 HIGH This Week

A vulnerability in the filesystem resource management code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to exhaust filesystem resources on an affected device and cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Apple Ios Xe
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2019-12657 HIGH This Week

A vulnerability in Unified Threat Defense (UTD) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Apple Ios Xe
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2019-12656 HIGH This Week

A vulnerability in the IOx application environment of multiple Cisco platforms could allow an unauthenticated, remote attacker to cause the IOx web server to stop processing HTTPS requests, resulting. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco iOS Industrial Ethernet 2000 Series Firmware Ic3000 Firmware +3
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2019-12655 HIGH This Week

A vulnerability in the FTP application layer gateway (ALG) functionality used by Network Address Translation (NAT), NAT IPv6 to IPv4 (NAT64), and the Zone-Based Policy Firewall (ZBFW) in Cisco IOS XE. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Apple iOS
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2019-12654 HIGH This Week

A vulnerability in the common Session Initiation Protocol (SIP) library of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Cisco Apple Ios Xe
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2019-12653 HIGH This Week

A vulnerability in the Raw Socket Transport feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Apple Ios Xe
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2019-12652 HIGH This Week

A vulnerability in the ingress packet processing function of Cisco IOS Software for Cisco Catalyst 4000 Series Switches could allow an unauthenticated, remote attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Apple iOS
NVD
CVSS 3.1
7.5
EPSS
2.7%
CVE-2019-12651 HIGH This Week

Multiple vulnerabilities in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands with elevated privileges on the affected. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Apple Command Injection iOS Cloud Services Router 1000V Firmware +1
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2019-12650 HIGH This Week

Multiple vulnerabilities in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands with elevated privileges on the affected. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Apple Command Injection iOS Ios Xe
NVD
CVSS 3.1
8.8
EPSS
28.9%
CVE-2019-12649 MEDIUM This Month

A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install and boot a malicious software image or execute unsigned binaries on. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Jwt Attack Cisco Apple Information Disclosure Ios Xe +1
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2019-12648 HIGH This Week

A vulnerability in the IOx application environment for Cisco IOS Software could allow an authenticated, remote attacker to gain unauthorized access to the Guest Operating System (Guest OS) running on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Apple iOS
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2019-12647 HIGH This Week

A vulnerability in the Ident protocol handler of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Cisco Apple Ios Xe
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2019-12646 HIGH This Week

A vulnerability in the Network Address Translation (NAT) Session Initiation Protocol (SIP) Application Layer Gateway (ALG) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Apple Ios Xe
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2019-1975 MEDIUM This Month

A vulnerability in the web-based interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack on an affected device. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Hyperflex Hx220C M5 Firmware Hyperflex Hx240C M5 Firmware Hyperflex Hx220C Af M5 Firmware +2
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2019-12620 MEDIUM This Month

A vulnerability in the statistics collection service of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to inject arbitrary values on an affected device. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Cisco Hyperflex Hx220C M5 Firmware Hyperflex Hx240C M5 Firmware Hyperflex Hx220C Af M5 Firmware +2
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2019-1976 CRITICAL Act Now

A vulnerability in the “plug-and-play” services component of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to access sensitive information on an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Industrial Network Director Network Level Service
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2019-1939 HIGH This Week

A vulnerability in the Cisco Webex Teams client for Windows could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Cisco Webex Teams
NVD
CVSS 3.1
8.8
EPSS
4.7%
CVE-2019-12645 HIGH This Week

A vulnerability in Cisco Jabber Client Framework (JCF) for Mac Software, installed as part of the Cisco Jabber for Mac client, could allow an authenticated, local attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco RCE Jabber
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-12644 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Identity Services Engine
NVD
CVSS 3.0
6.1
EPSS
1.1%
EPSS 1% CVSS 8.0
HIGH This Week

Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE +2
NVD
EPSS 1% CVSS 8.0
HIGH This Week

Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE +2
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

A vulnerability in the web-based interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Sf250 24 Firmware +107
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to access sensitive information on an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Spa112 Firmware +1
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Telepresence Video Communication Server
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to view the contents of arbitrary files on. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Spa112 Firmware +1
NVD
EPSS 0% CVSS 5.2
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco SPA122 ATA with Router Devices could allow an unauthenticated, adjacent attacker to conduct cross-site scripting attacks. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Spa122 Firmware
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to conduct cross-site scripting attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Spa112 Firmware +1
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Identity Services Engine
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Identity Services Engine
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco CSRF +108
NVD
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in Rsyslog v8.1908.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Cisco Rsyslog +3
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM This Month

A vulnerability in the web-based interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition (SME), Cisco Unified Communications Manager IM and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco CSRF Unified Communications Manager +2
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Cisco +1
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

A vulnerability in Cisco Unified Contact Center Express (UCCX) Software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Unified Contact Center Express
NVD
EPSS 2% CVSS 8.6
HIGH This Week

A vulnerability in the Internet Key Exchange version 1 (IKEv1) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Cisco +13
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Unified Communications Manager
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Unified Communications Manager
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco IC3000 Industrial Compute Gateway could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Ic3000 Industrial Compute Gateway Firmware
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Prime Infrastructure
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Prime Infrastructure
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Denial Of Service Cisco +1
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an authenticated, remote. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cisco Unified Communications Manager
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

A vulnerability in the web-based interface of multiple Cisco Unified Communications products could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Unified Communications Manager +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A vulnerability in the Sender Policy Framework (SPF) functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Email Security Appliance Firmware
NVD
EPSS 1% CVSS 5.8
MEDIUM This Month

A vulnerability in the file and malware inspection feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass the file and malware. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Secure Firewall Management Center +1
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

A vulnerability in the configuration of the Pluggable Authentication Module (PAM) used in Cisco Firepower Threat Defense (FTD) Software, Cisco Firepower Management Center (FMC) Software, and Cisco. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Firepower 9300 Firmware +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Multiple vulnerabilities in the CLI of Cisco FXOS Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute commands on the underlying. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Firepower 9300 Firmware +2
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A vulnerability in the WebVPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Multiple vulnerabilities in the Cisco Firepower System Software Detection Engine could allow an unauthenticated, remote attacker to bypass configured Malware and File Policies for RTF and RAR file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Firepower
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Multiple vulnerabilities in the Cisco Firepower System Software Detection Engine could allow an unauthenticated, remote attacker to bypass configured Malware and File Policies for RTF and RAR file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Firepower
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

A vulnerability in the Clientless SSL VPN (WebVPN) portal of Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Adaptive Security Appliance +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A vulnerability in the command line interface (CLI) of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker with administrative privileges to execute commands on. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Firepower Threat Defense
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

A vulnerability in the Secure Copy (SCP) feature of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance +1
NVD
EPSS 4% CVSS 4.9
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to perform a directory traversal attack on an. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Cisco Secure Firewall Management Center
NVD
EPSS 4% CVSS 7.2
HIGH This Week

A vulnerability in the web UI of the Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to inject arbitrary commands that are executed with the privileges of the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Secure Firewall Management Center
NVD
EPSS 3% CVSS 8.8
HIGH This Week

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary code on the underlying. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco RCE Secure Firewall Management Center
NVD
EPSS 3% CVSS 8.8
HIGH This Week

A vulnerability in the web UI of the Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Secure Firewall Management Center
NVD
EPSS 3% CVSS 8.8
HIGH This Week

A vulnerability in the web UI of the Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Secure Firewall Management Center
NVD
EPSS 3% CVSS 8.8
HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cisco Secure Firewall Management Center
NVD
EPSS 3% CVSS 8.8
HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cisco Secure Firewall Management Center
NVD
EPSS 3% CVSS 8.8
HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cisco Secure Firewall Management Center
NVD
EPSS 3% CVSS 8.8
HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cisco Secure Firewall Management Center
NVD
EPSS 3% CVSS 8.8
HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cisco Secure Firewall Management Center
NVD
EPSS 3% CVSS 8.8
HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cisco Secure Firewall Management Center
NVD
EPSS 3% CVSS 8.8
HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cisco Secure Firewall Management Center
NVD
EPSS 3% CVSS 8.8
HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cisco Secure Firewall Management Center
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A vulnerability in the Session Initiation Protocol (SIP) inspection module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Integer Overflow Cisco +3
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

A vulnerability in the Secure Sockets Layer (SSL) VPN feature of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to cause a denial of service (DoS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software
NVD
EPSS 1% CVSS 7.4
HIGH This Week

A vulnerability in the Open Shortest Path First (OSPF) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance +2
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Multiple vulnerabilities in the multi-instance feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to escape the container for their FTD instance and. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Firepower Threat Defense +8
NVD
EPSS 0% CVSS 8.2
HIGH This Week

Multiple vulnerabilities in the multi-instance feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to escape the container for their FTD instance and. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Firepower Threat Defense +8
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A vulnerability in the FTP inspection engine of Cisco Adaptive Security (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Cisco +3
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

A vulnerability in the web-based guest portal of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Identity Services Engine
NVD
EPSS 66% CVSS 9.8
CRITICAL Act Now

A vulnerability in the Java deserialization function used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Cisco Deserialization +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A vulnerability in a CLI command related to the virtualization manager (VMAN) in Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Nx Os
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A vulnerability in a CLI command related to the virtualization manager (VMAN) in Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an authenticated, local. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Apple Command Injection +1
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker with physical access to an affected device to execute arbitrary code on the underlying. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Apple RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to gain shell access on an affected device and execute commands on the underlying operating system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Cisco Apple +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker within the IOx Guest Shell to modify the namespace container protections on an affected device. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Cisco Apple +1
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A vulnerability in the RADIUS Change of Authorization (CoA) code of Cisco TrustSec, a feature within Cisco IOS XE Software, could allow an unauthenticated, remote attacker to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Apple +1
NVD
EPSS 1% CVSS 4.8
MEDIUM This Month

A vulnerability in the web framework code of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Apple +2
NVD
EPSS 1% CVSS 4.8
MEDIUM This Month

A vulnerability in the web framework code of Cisco IOS XE Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Apple +1
NVD
EPSS 1% CVSS 6.7
MEDIUM This Month

A vulnerability in the Guest Shell of Cisco IOS XE Software could allow an authenticated, local attacker to perform directory traversal on the base Linux operating system of Cisco IOS XE Software. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Cisco Apple +2
NVD
EPSS 1% CVSS 7.4
HIGH This Week

A vulnerability in the HTTP client feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to read and modify data that should normally have been sent via an. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Cisco Apple Information Disclosure +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A vulnerability in the Dialer interface feature for ISDN connections in Cisco IOS XE Software for Cisco 4000 Series Integrated Services Routers (ISRs) could allow an unauthenticated, adjacent. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Apple Information Disclosure +1
NVD
EPSS 2% CVSS 8.6
HIGH This Week

A vulnerability in the Cisco TrustSec (CTS) Protected Access Credential (PAC) provisioning module of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Apple +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Jwt Attack Cisco Apple +53
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A vulnerability in a Virtualization Manager (VMAN) related CLI command of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Apple Command Injection +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to write values to the underlying memory of an affected device. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Cisco Apple Information Disclosure +1
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A vulnerability in the HTTP server code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the HTTP server to crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Apple +1
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A vulnerability in the filesystem resource management code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to exhaust filesystem resources on an affected device and cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Apple +1
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A vulnerability in Unified Threat Defense (UTD) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Apple +1
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A vulnerability in the IOx application environment of multiple Cisco platforms could allow an unauthenticated, remote attacker to cause the IOx web server to stop processing HTTPS requests, resulting. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco iOS +5
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A vulnerability in the FTP application layer gateway (ALG) functionality used by Network Address Translation (NAT), NAT IPv6 to IPv4 (NAT64), and the Zone-Based Policy Firewall (ZBFW) in Cisco IOS XE. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Apple +1
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A vulnerability in the common Session Initiation Protocol (SIP) library of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Cisco +2
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A vulnerability in the Raw Socket Transport feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Apple +1
NVD
EPSS 3% CVSS 7.5
HIGH This Week

A vulnerability in the ingress packet processing function of Cisco IOS Software for Cisco Catalyst 4000 Series Switches could allow an unauthenticated, remote attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Apple +1
NVD
EPSS 3% CVSS 8.8
HIGH This Week

Multiple vulnerabilities in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands with elevated privileges on the affected. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Apple Command Injection +3
NVD
EPSS 29% CVSS 8.8
HIGH This Week

Multiple vulnerabilities in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands with elevated privileges on the affected. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Apple Command Injection +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install and boot a malicious software image or execute unsigned binaries on. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Jwt Attack Cisco Apple +3
NVD
EPSS 2% CVSS 8.8
HIGH This Week

A vulnerability in the IOx application environment for Cisco IOS Software could allow an authenticated, remote attacker to gain unauthorized access to the Guest Operating System (Guest OS) running on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Apple +1
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A vulnerability in the Ident protocol handler of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Cisco +2
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A vulnerability in the Network Address Translation (NAT) Session Initiation Protocol (SIP) Application Layer Gateway (ALG) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Apple +1
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

A vulnerability in the web-based interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack on an affected device. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Hyperflex Hx220C M5 Firmware +4
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

A vulnerability in the statistics collection service of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to inject arbitrary values on an affected device. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Cisco Hyperflex Hx220C M5 Firmware +4
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

A vulnerability in the “plug-and-play” services component of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to access sensitive information on an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Industrial Network Director +1
NVD
EPSS 5% CVSS 8.8
HIGH This Week

A vulnerability in the Cisco Webex Teams client for Windows could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Cisco +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A vulnerability in Cisco Jabber Client Framework (JCF) for Mac Software, installed as part of the Cisco Jabber for Mac client, could allow an authenticated, local attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco RCE Jabber
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Identity Services Engine
NVD
Prev Page 27 of 62 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy