Cisco
Monthly
A vulnerability in the ConfD server of the Cisco Elastic Services Controller (ESC) could allow an unauthenticated, local attacker to access sensitive information on a targeted system. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the Pong tool of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the Profile Editor of the Cisco AnyConnect Secure Mobility Client could allow an unauthenticated, local attacker to have read and write access to information stored in the affected. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in the web management GUI of the Cisco D9800 Network Transport Receiver could allow an authenticated, remote attacker to perform a command injection attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability in the web-based management interface of Cisco WAP150 Wireless-AC/N Dual Radio Access Point with Power over Ethernet (PoE) and WAP361 Wireless-AC/N Dual Radio Wall Plate Access Point. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the web interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Infrastructure could allow an authenticated, remote attacker to perform a privilege escalation in which one. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.
A vulnerability in the administrative shell of Cisco AsyncOS on Cisco Email Security Appliance (ESA) and Content Security Management Appliance (SMA) could allow an authenticated, local attacker to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in IPv6 ingress packet processing for Cisco UCS Central Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high CPU. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the network-operator user role implementation for Cisco NX-OS System Software could allow an authenticated, local attacker to improperly delete valid user accounts. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a Document Object Model (DOM) cross-site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in management interface access control list (ACL) configuration of Cisco NX-OS System Software could allow an unauthenticated, remote attacker to bypass configured ACLs on the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the Policy and Charging Rules Function (PCRF) of the Cisco Policy Suite (CPS) could allow an unauthenticated, remote attacker to access sensitive data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in one of the diagnostic test CLI commands on Cisco Industrial Ethernet 4010 Series Switches running Cisco IOS Software could allow an authenticated, local attacker to impact the. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in the application server of the Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to perform a cross-site scripting (XSS) attack against a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the Cisco node-jose open source library before 0.11.0 could allow an unauthenticated, remote attacker to re-sign tokens using a key that is embedded within the token. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
A vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a remote attacker to execute arbitrary code on the system of a targeted user. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A Buffer Overflow vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a local attacker to execute arbitrary code on the system of a user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the TLS protocol implementation of legacy Cisco ASA 5500 Series (ASA 5505, 5510, 5520, 5540, and 5550) devices could allow an unauthenticated, remote attacker to access sensitive. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 66.9%.
The Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained an undocumented encrypted remote support tunnel (SSH) which auto initiated from the customer's appliance to Cisco's SSH Hubs in. Rated medium severity (CVSS 6.4). No vendor patch available.
A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A "Cisco WebEx Network Recording Player Out-of-Bounds Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A "Cisco WebEx Network Recording Player Denial of Service Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in Cisco WebEx Event Center could allow an authenticated, remote attacker to view unlisted meeting information. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A SQL Injection vulnerability in the web framework of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to execute unauthorized Structured Query Language (SQL) queries. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in Cisco WebEx Meeting Server could allow an unauthenticated, remote attacker to modify the welcome message of a meeting on an affected system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in Cisco Meeting Server versions prior to 2.2.2 could allow an authenticated, remote attacker to cause the system to reload, resulting in a denial of service (DoS) condition. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability in Cisco Jabber for Windows could allow an unauthenticated, local attacker to access sensitive communications made by the Jabber client. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A vulnerability in Cisco WebEx Network Recording Player for WebEx Recording Format (WRF) files could allow an attacker to cause a denial of service (DoS) condition. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A Buffer Overflow vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (.arf) files could allow an attacker to execute arbitrary code on a system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the web-based management interface of Cisco Jabber for Windows, Mac, Android, and iOS could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability in the web-based management interface of Cisco Jabber for Windows, Mac, Android, and iOS could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the Local Packet Transport Services (LPTS) ingress frame-processing functionality of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause one of the LPTS. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the web-based interface of Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to view sensitive information on an affected system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in certain system script files that are installed at boot time on Cisco Application Policy Infrastructure Controllers could allow an authenticated, local attacker to gain elevated. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in the guest shell feature of Cisco NX-OS System Software could allow an authenticated, local attacker to read and send packets outside the scope of the guest shell container. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.
Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability in the Open Agent Container (OAC) feature of Cisco Nexus Series Switches could allow an unauthenticated, local attacker to read and send packets outside the scope of the OAC. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in Cisco NX-OS System Software running on Cisco MDS Multilayer Director Switches, Cisco Nexus 7000 Series Switches, and Cisco Nexus 7700 Series Switches could allow an authenticated,. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to read the contents of arbitrary files. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in the TCL scripting subsystem of Cisco NX-OS System Software could allow an authenticated, local attacker to escape the interactive TCL shell and gain unauthorized access to the. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software image. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in Cisco NX-OS System Software patch installation could allow an authenticated, local attacker to write a file to arbitrary locations. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software patch. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in the CLI of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in Session Initiation Protocol (SIP) call handling in Cisco IP Phone 8800 Series devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in Cisco WebEx Meeting Center could allow an authenticated, remote attacker to initiate connections to arbitrary hosts, aka a "URL Redirection Vulnerability." The vulnerability is due. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability in Cisco Umbrella Insights Virtual Appliances 2.1.0 and earlier could allow an authenticated, local attacker to log in to an affected virtual appliance with root privileges. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.2% and no vendor patch available.
Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the TCP state machine of Cisco RF Gateway 1 devices could allow an unauthenticated, remote attacker to prevent an affected device from delivering switched digital video (SDV) or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the Guest Portal login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in system logging when replication is being configured with the Cisco HyperFlex System could allow an authenticated, local attacker to view sensitive information that should be. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in the Cisco FindIT Network Discovery Utility could allow an authenticated, local attacker to perform a DLL preloading attack, potentially causing a partial impact to the device. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
An untrusted search path (aka DLL Preload) vulnerability in the Cisco Network Academy Packet Tracer software could allow an authenticated, local attacker to execute arbitrary code via DLL hijacking. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
An untrusted search path (aka DLL Preloading) vulnerability in the Cisco Immunet antimalware installer could allow an authenticated, local attacker to execute arbitrary code via DLL hijacking if a. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in the H.264 decoder function of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a Cisco Meeting Server media process to restart unexpectedly when it. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a HTTP response splitting attack. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the upgrade process of Cisco Spark Board could allow an authenticated, local attacker to install an unverified upgrade package, aka Signature Verification Bypass. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in the debug interface of Cisco IP Phone 8800 series could allow an authenticated, local attacker to execute arbitrary commands, aka Debug Shell Command Injection. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in the IOS daemon (IOSd) web-based management interface of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the Advanced Malware Protection (AMP) file filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the Cisco Unified Communications Manager SQL database interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability in the SNORT detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a file policy that is configured to block the Server Message. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability exists in the process of creating default IP blocks during device initialization for Cisco ASA Next-Generation Firewall Services that could allow an unauthenticated, remote attacker. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the ConfD server of the Cisco Elastic Services Controller (ESC) could allow an unauthenticated, local attacker to access sensitive information on a targeted system. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the Pong tool of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the Profile Editor of the Cisco AnyConnect Secure Mobility Client could allow an unauthenticated, local attacker to have read and write access to information stored in the affected. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in the web management GUI of the Cisco D9800 Network Transport Receiver could allow an authenticated, remote attacker to perform a command injection attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability in the web-based management interface of Cisco WAP150 Wireless-AC/N Dual Radio Access Point with Power over Ethernet (PoE) and WAP361 Wireless-AC/N Dual Radio Wall Plate Access Point. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the web interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Infrastructure could allow an authenticated, remote attacker to perform a privilege escalation in which one. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.
A vulnerability in the administrative shell of Cisco AsyncOS on Cisco Email Security Appliance (ESA) and Content Security Management Appliance (SMA) could allow an authenticated, local attacker to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in IPv6 ingress packet processing for Cisco UCS Central Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high CPU. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the network-operator user role implementation for Cisco NX-OS System Software could allow an authenticated, local attacker to improperly delete valid user accounts. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a Document Object Model (DOM) cross-site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in management interface access control list (ACL) configuration of Cisco NX-OS System Software could allow an unauthenticated, remote attacker to bypass configured ACLs on the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the Policy and Charging Rules Function (PCRF) of the Cisco Policy Suite (CPS) could allow an unauthenticated, remote attacker to access sensitive data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in one of the diagnostic test CLI commands on Cisco Industrial Ethernet 4010 Series Switches running Cisco IOS Software could allow an authenticated, local attacker to impact the. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in the application server of the Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to perform a cross-site scripting (XSS) attack against a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the Cisco node-jose open source library before 0.11.0 could allow an unauthenticated, remote attacker to re-sign tokens using a key that is embedded within the token. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
A vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a remote attacker to execute arbitrary code on the system of a targeted user. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A Buffer Overflow vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a local attacker to execute arbitrary code on the system of a user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the TLS protocol implementation of legacy Cisco ASA 5500 Series (ASA 5505, 5510, 5520, 5540, and 5550) devices could allow an unauthenticated, remote attacker to access sensitive. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 66.9%.
The Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained an undocumented encrypted remote support tunnel (SSH) which auto initiated from the customer's appliance to Cisco's SSH Hubs in. Rated medium severity (CVSS 6.4). No vendor patch available.
A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A "Cisco WebEx Network Recording Player Out-of-Bounds Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A "Cisco WebEx Network Recording Player Denial of Service Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in Cisco WebEx Event Center could allow an authenticated, remote attacker to view unlisted meeting information. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A SQL Injection vulnerability in the web framework of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to execute unauthorized Structured Query Language (SQL) queries. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in Cisco WebEx Meeting Server could allow an unauthenticated, remote attacker to modify the welcome message of a meeting on an affected system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in Cisco Meeting Server versions prior to 2.2.2 could allow an authenticated, remote attacker to cause the system to reload, resulting in a denial of service (DoS) condition. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability in Cisco Jabber for Windows could allow an unauthenticated, local attacker to access sensitive communications made by the Jabber client. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A vulnerability in Cisco WebEx Network Recording Player for WebEx Recording Format (WRF) files could allow an attacker to cause a denial of service (DoS) condition. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A Buffer Overflow vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (.arf) files could allow an attacker to execute arbitrary code on a system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the web-based management interface of Cisco Jabber for Windows, Mac, Android, and iOS could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability in the web-based management interface of Cisco Jabber for Windows, Mac, Android, and iOS could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the Local Packet Transport Services (LPTS) ingress frame-processing functionality of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause one of the LPTS. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the web-based interface of Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to view sensitive information on an affected system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in certain system script files that are installed at boot time on Cisco Application Policy Infrastructure Controllers could allow an authenticated, local attacker to gain elevated. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in the guest shell feature of Cisco NX-OS System Software could allow an authenticated, local attacker to read and send packets outside the scope of the guest shell container. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.
Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability in the Open Agent Container (OAC) feature of Cisco Nexus Series Switches could allow an unauthenticated, local attacker to read and send packets outside the scope of the OAC. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in Cisco NX-OS System Software running on Cisco MDS Multilayer Director Switches, Cisco Nexus 7000 Series Switches, and Cisco Nexus 7700 Series Switches could allow an authenticated,. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to read the contents of arbitrary files. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in the TCL scripting subsystem of Cisco NX-OS System Software could allow an authenticated, local attacker to escape the interactive TCL shell and gain unauthorized access to the. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software image. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in Cisco NX-OS System Software patch installation could allow an authenticated, local attacker to write a file to arbitrary locations. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software patch. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in the CLI of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in Session Initiation Protocol (SIP) call handling in Cisco IP Phone 8800 Series devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in Cisco WebEx Meeting Center could allow an authenticated, remote attacker to initiate connections to arbitrary hosts, aka a "URL Redirection Vulnerability." The vulnerability is due. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability in Cisco Umbrella Insights Virtual Appliances 2.1.0 and earlier could allow an authenticated, local attacker to log in to an affected virtual appliance with root privileges. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.2% and no vendor patch available.
Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the TCP state machine of Cisco RF Gateway 1 devices could allow an unauthenticated, remote attacker to prevent an affected device from delivering switched digital video (SDV) or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the Guest Portal login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in system logging when replication is being configured with the Cisco HyperFlex System could allow an authenticated, local attacker to view sensitive information that should be. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in the Cisco FindIT Network Discovery Utility could allow an authenticated, local attacker to perform a DLL preloading attack, potentially causing a partial impact to the device. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
An untrusted search path (aka DLL Preload) vulnerability in the Cisco Network Academy Packet Tracer software could allow an authenticated, local attacker to execute arbitrary code via DLL hijacking. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
An untrusted search path (aka DLL Preloading) vulnerability in the Cisco Immunet antimalware installer could allow an authenticated, local attacker to execute arbitrary code via DLL hijacking if a. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in the H.264 decoder function of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a Cisco Meeting Server media process to restart unexpectedly when it. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a HTTP response splitting attack. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the upgrade process of Cisco Spark Board could allow an authenticated, local attacker to install an unverified upgrade package, aka Signature Verification Bypass. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in the debug interface of Cisco IP Phone 8800 series could allow an authenticated, local attacker to execute arbitrary commands, aka Debug Shell Command Injection. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in the IOS daemon (IOSd) web-based management interface of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the Advanced Malware Protection (AMP) file filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the Cisco Unified Communications Manager SQL database interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability in the SNORT detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a file policy that is configured to block the Server Message. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability exists in the process of creating default IP blocks during device initialization for Cisco ASA Next-Generation Firewall Services that could allow an unauthenticated, remote attacker. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.