Skip to main content

Cisco

5526 CVEs vendor

Monthly

CVE-2017-12225 MEDIUM This Month

A vulnerability in the web functionality of the Cisco Prime LAN Management Solution could allow an authenticated, remote attacker to hijack another user's administrative session, aka a Session. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Prime Lan Management Solution
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-12224 MEDIUM This Month

A vulnerability in the ability for guest users to join meetings via a hyperlink with Cisco Meeting Server could allow an authenticated, remote attacker to enter a meeting with a hyperlink URL, even. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Meeting Server
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-12223 MEDIUM This Month

A vulnerability in the ROM Monitor (ROMMON) code of Cisco IR800 Integrated Services Router Software could allow an unauthenticated, local attacker to boot an unsigned Hypervisor on an affected device. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. No vendor patch available.

RCE Cisco Ir800 Integrated Services Router Firmware
NVD
CVSS 3.0
6.4
EPSS
0.1%
CVE-2017-12221 MEDIUM This Month

A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS RCE Cisco Secure Firewall Management Center
NVD
CVSS 3.0
5.4
EPSS
0.4%
CVE-2017-12220 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Secure Firewall Management Center
NVD
CVSS 3.0
6.1
EPSS
0.1%
CVE-2017-12218 MEDIUM This Month

A vulnerability in the malware detection functionality within Advanced Malware Protection (AMP) of Cisco AsyncOS Software for Cisco Email Security Appliances (ESAs) could allow an unauthenticated,. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Asyncos
NVD
CVSS 3.0
5.8
EPSS
0.4%
CVE-2017-12217 MEDIUM This Month

A vulnerability in the General Packet Radio Service (GPRS) Tunneling Protocol ingress packet handler of Cisco ASR 5500 System Architecture Evolution (SAE) Gateways could allow an unauthenticated,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Asr 5500 Firmware
NVD
CVSS 3.0
5.3
EPSS
0.6%
CVE-2017-12216 HIGH This Week

A vulnerability in the web-based user interface of Cisco SocialMiner could allow an unauthenticated, remote attacker to have read and write access to information stored in the affected system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Cisco Information Disclosure Socialminer
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2017-12213 MEDIUM This Month

A vulnerability in the dynamic access control list (ACL) feature of Cisco IOS XE Software running on Cisco Catalyst 4000 Series Switches could allow an unauthenticated, adjacent attacker to cause. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Cisco Ios Xe
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2017-12212 MEDIUM This Month

A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Unity Connection
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-12211 MEDIUM This Month

A vulnerability in the IPv6 Simple Network Management Protocol (SNMP) code of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to cause high CPU usage or a reload of. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Cisco Information Disclosure iOS Ios Xe
NVD
CVSS 3.0
5.3
EPSS
1.1%
CVE-2017-6790 MEDIUM This Month

A vulnerability in the Session Initiation Protocol (SIP) on the Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Cisco Telepresence Video Communication Server
NVD
CVSS 3.0
6.8
EPSS
1.8%
CVE-2017-6788 MEDIUM This Month

The WebLaunch functionality of Cisco AnyConnect Secure Mobility Client Software contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Anyconnect Secure Mobility Client
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-6786 MEDIUM This Month

A vulnerability in Cisco Elastic Services Controller could allow an authenticated, local, unprivileged attacker to access sensitive information, including credentials for system accounts, on an. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.

Cisco Elastic Information Disclosure Elastic Services Controller
NVD
CVSS 3.0
6.3
EPSS
0.1%
CVE-2017-6785 MEDIUM This Month

A vulnerability in configuration modification permissions validation for Cisco Unified Communications Manager could allow an authenticated, remote attacker to perform a horizontal privilege. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Unified Communications Manager
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2017-6784 MEDIUM This Month

A vulnerability in the web interface of the Cisco RV340, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to access sensitive data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Small Business Rv340 Firmware Small Business Rv345 Firmware Small Business Rv345P Firmware
NVD
CVSS 3.0
5.3
EPSS
0.4%
CVE-2017-6783 MEDIUM This Month

A vulnerability in SNMP polling for the Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA) could allow an authenticated, remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Content Security Management Appliance Email Security Appliance Web Security Appliance
NVD
CVSS 3.0
4.3
EPSS
0.3%
CVE-2017-6782 MEDIUM This Month

A vulnerability in the administrative web interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to modify a page in the web interface of the affected application. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cisco Code Injection Prime Infrastructure
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-6781 MEDIUM This Month

A vulnerability in the management of shell user accounts for Cisco Policy Suite (CPS) Software for CPS appliances could allow an authenticated, local attacker to gain elevated privileges on an. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Cisco Authentication Bypass Policy Suite
NVD
CVSS 3.0
5.3
EPSS
0.1%
CVE-2017-6778 MEDIUM This Month

A vulnerability in the Elastic Services Controller (ESC) web interface of the Cisco Ultra Services Platform could allow an authenticated, remote attacker to acquire sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Elastic Information Disclosure Ultra Services Platform
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-6777 MEDIUM This Month

A vulnerability in the ConfD server of the Cisco Elastic Services Controller (ESC) could allow an authenticated, remote attacker to acquire sensitive system information. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Elastic Information Disclosure Elastic Services Controller
NVD
CVSS 3.0
4.9
EPSS
0.2%
CVE-2017-6776 MEDIUM This Month

A vulnerability in the web framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Elastic Elastic Services Controller
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-6775 MEDIUM This Month

A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to elevate their privileges to. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Asr 5000 Software
NVD
CVSS 3.0
5.7
EPSS
0.1%
CVE-2017-6774 MEDIUM This Month

A vulnerability in Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify sensitive system. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Cisco Information Disclosure Asr 5000 Software
NVD
CVSS 3.0
5.0
EPSS
0.2%
CVE-2017-6773 MEDIUM This Month

A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to bypass the CLI restrictions. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Authentication Bypass Asr 5000 Software
NVD
CVSS 3.0
6.7
EPSS
0.1%
CVE-2017-6772 MEDIUM This Month

A vulnerability in Cisco Elastic Services Controller (ESC) could allow an authenticated, remote attacker to view sensitive information. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Elastic Information Disclosure Elastic Services Controller
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2017-6771 HIGH This Week

A vulnerability in the AutoVNF automation tool of the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to acquire sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Ultra Services Framework
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-6768 HIGH This Week

A vulnerability in the build procedure for certain executable system files installed at boot time on Cisco Application Policy Infrastructure Controller (APIC) devices could allow an authenticated,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Application Policy Infrastructure Controller
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-6767 HIGH This Week

A vulnerability in Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to gain higher privileges than the account is assigned. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Privilege Escalation Application Policy Infrastructure Controller
NVD
CVSS 3.0
7.1
EPSS
0.9%
CVE-2017-6710 HIGH This Week

A vulnerability in the Cisco Virtual Network Function (VNF) Element Manager could allow an authenticated, remote attacker to elevate privileges and run commands in the context of the root user on the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Virtual Network Function Element Manager
NVD
CVSS 3.0
8.1
EPSS
1.3%
CVE-2017-6770 MEDIUM This Month

Cisco IOS 12.0 through 15.6, Adaptive Security Appliance (ASA) Software 7.0.1 through 9.7.1.2, NX-OS 4.0 through 12.0, and IOS XE 3.6 through 3.18 are affected by a vulnerability involving the Open. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Code Injection Cisco Nx Os Nx Os For Nexus 5500 Platform Switches +5
NVD
CVSS 3.1
4.2
EPSS
0.6%
CVE-2017-6769 MEDIUM This Month

A vulnerability in the web-based management interface of the Cisco Secure Access Control System (ACS) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Secure Access Control System
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-6766 HIGH This Week

A vulnerability in the Secure Sockets Layer (SSL) Decryption and Inspection feature of Cisco Firepower System Software 5.4.0, 5.4.1, 6.0.0, 6.1.0, 6.2.0, 6.2.1, and 6.2.2 could allow an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Firesight System Software
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2017-6765 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) 9.1(6.11) and 9.4(1.2) could allow an unauthenticated, remote attacker to conduct a cross-site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Adaptive Security Appliance Software
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-6764 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) 9.5(1) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Adaptive Security Appliance Software
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-6763 HIGH This Week

A vulnerability in the implementation of the H.264 protocol in Cisco Meeting Server (CMS) 2.1.4 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Meeting Server
NVD
CVSS 3.0
7.5
EPSS
2.2%
CVE-2017-6762 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Jabber Guest Server 10.6(9), 11.0(0), and 11.0(1) could allow an unauthenticated, remote attacker to conduct a cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Jabber Guest
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-6761 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Finesse 10.6(1) and 11.5(1) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Finesse
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-6759 MEDIUM This Month

A vulnerability in the UpgradeManager of the Cisco Prime Collaboration Provisioning Tool 12.1 could allow an authenticated, remote attacker to write arbitrary files as root on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Prime Collaboration Provisioning
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-6758 MEDIUM This Month

A vulnerability in the web framework of Cisco Unified Communications Manager 11.5(1.10000.6) could allow an authenticated, remote attacker to access arbitrary files in the context of the web root. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Cisco Unified Communications Manager
NVD
CVSS 3.0
6.5
EPSS
1.2%
CVE-2017-6757 HIGH This Week

A vulnerability in Cisco Unified Communications Manager 10.5(2.10000.5), 11.0(1.10000.10), and 11.5(1.10000.6) could allow an authenticated, remote attacker to conduct a blind SQL injection attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Unified Communications Manager
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2017-6756 HIGH This Week

A vulnerability in the Web UI Application of the Cisco Prime Collaboration Provisioning Tool through 12.2 could allow an unauthenticated, remote attacker to execute unwanted actions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco CSRF Prime Collaboration Provisioning
NVD
CVSS 3.0
8.8
EPSS
0.3%
CVE-2017-6754 MEDIUM This Month

A vulnerability in the web-based management interface of the Cisco Smart Net Total Care (SNTC) Software Collector Appliance 3.11 could allow an authenticated, remote attacker to perform a read-only,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Smart Net Total Care Collector Appliance
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-6752 HIGH This Week

A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) 9.3(3) and 9.6(2) could allow an unauthenticated, remote attacker to determine valid usernames. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Adaptive Security Appliance Software
NVD
CVSS 3.0
7.5
EPSS
0.9%
CVE-2017-6747 CRITICAL Act Now

A vulnerability in the authentication module of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to bypass local authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Identity Services Engine
NVD
CVSS 3.0
9.8
EPSS
2.2%
CVE-2017-6745 HIGH This Week

A vulnerability in the cache server within Cisco Videoscape Distribution Suite (VDS) for Television 3.2(5)ES1 could allow an unauthenticated, remote attacker to cause a denial of service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Cisco Videoscape Distribution Suite For Television
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2017-6665 MEDIUM This Month

A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to reset the Autonomic Control Plane (ACP) of an. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Information Disclosure iOS Ios Xe
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2017-6664 HIGH This Week

A vulnerability in the Autonomic Networking feature of Cisco IOS XE Software could allow an unauthenticated, remote, autonomic node to access the Autonomic Networking infrastructure of an affected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Information Disclosure Ios Xe
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-6663 MEDIUM KEV THREAT This Month

A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause autonomic nodes of an affected system to. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and no vendor patch available.

Cisco Denial Of Service Apple
NVD
CVSS 3.1
6.5
EPSS
2.3%
CVE-2012-5030 MEDIUM PATCH This Month

Cisco IOS before 15.2(4)S6 does not initialize an unspecified variable, which might allow remote authenticated users to cause a denial of service (CPU consumption, watchdog timeout, crash) by walking. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Apple Cisco iOS
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-9521 CRITICAL POC Act Now

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Cisco Dpc3939 Firmware Dpc3939B Firmware Dpc3941T Firmware +1
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2017-9492 HIGH This Week

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Dpc3939 Firmware Dpc3939B Firmware Dpc3941T Firmware +1
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2017-9491 MEDIUM This Month

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Dpc3939 Firmware Dpc3939B Firmware Dpc3941T Firmware +1
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2017-9489 HIGH POC This Week

The Comcast firmware on Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST) devices allows configuration changes via CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Cisco CSRF Dpc3939B Firmware Arris Tg1682G Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2017-9488 HIGH POC This Week

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) and DPC3941T (firmware version DPC3941_2.5s3_PROD_sey) devices allows remote attackers to access. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Cisco Authentication Bypass Dpc3939 Firmware Dpc3941T Firmware
NVD GitHub
CVSS 3.0
8.8
EPSS
0.3%
CVE-2017-9487 MEDIUM POC This Month

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) and DPC3941T (firmware version DPC3941_2.5s3_PROD_sey) devices allows remote attackers to discover. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Cisco Information Disclosure Dpc3939 Firmware Dpc3941T Firmware
NVD GitHub
CVSS 3.0
5.9
EPSS
0.3%
CVE-2017-9486 HIGH POC This Week

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to compute password-of-the-day values via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Cisco Information Disclosure Dpc3939 Firmware
NVD GitHub
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-9485 HIGH POC This Week

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to write arbitrary data to a known /var/tmp/sess_* pathname by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Cisco Information Disclosure Dpc3939 Firmware
NVD GitHub
CVSS 3.0
7.5
EPSS
0.2%
CVE-2017-9484 HIGH POC This Week

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST) and DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Cisco Information Disclosure Dpc3939 Firmware
NVD GitHub
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-9483 CRITICAL POC Act Now

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows Network Processor (NP) Linux users to obtain root access to the Application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Cisco Command Injection Dpc3939 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
0.7%
CVE-2017-9482 CRITICAL POC Act Now

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to obtain root access to the Network Processor (NP) Linux system by. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Cisco Information Disclosure Dpc3939 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
2.1%
CVE-2017-9481 HIGH POC This Week

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to obtain unintended access to the Network Processor (NP). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Cisco Information Disclosure Dpc3939 Firmware
NVD GitHub
CVSS 3.0
7.5
EPSS
0.2%
CVE-2017-9480 MEDIUM POC This Month

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows local users (e.g., users who have command access as a consequence of CVE-2017-9479. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Cisco Information Disclosure Dpc3939 Firmware
NVD GitHub
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-9479 CRITICAL POC Act Now

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to execute arbitrary commands as root by leveraging local network. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Cisco Information Disclosure Dpc3939 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
2.3%
CVE-2017-9478 HIGH POC This Week

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST) and DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices sets the CM MAC. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Cisco Information Disclosure Dpc3939 Firmware
NVD GitHub
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-9477 MEDIUM POC This Month

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST) and DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Cisco Information Disclosure Dpc3939 Firmware
NVD GitHub
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-9476 MEDIUM POC THREAT This Month

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); and Arris TG1682G. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 16.1%.

Cisco Information Disclosure Dpc3939 Firmware Arris Tg1682G Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
16.1%
CVE-2017-6755 MEDIUM This Month

A vulnerability in the web portal of the Cisco Prime Collaboration Provisioning (PCP) Tool could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Prime Collaboration Provisioning
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-6753 HIGH Act Now

A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 14.0% and no vendor patch available.

Buffer Overflow RCE Microsoft Google Cisco +22
NVD
CVSS 3.0
8.8
EPSS
14.0%
CVE-2017-6751 HIGH This Week

A vulnerability in the web proxy functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to forward traffic from the web proxy interface of an affected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Web Security Appliance Web Security Virtual Appliance
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2017-6750 HIGH This Week

A vulnerability in AsyncOS for the Cisco Web Security Appliance (WSA) could allow an unauthenticated, local attacker to log in to the device with the privileges of a limited user or an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Web Security Appliance Web Security Virtual Appliance
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2017-6749 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Web Security Appliance Web Security Virtual Appliance
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-6748 MEDIUM This Month

A vulnerability in the CLI parser of the Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Web Security Appliance Web Security Virtual Appliance
NVD
CVSS 3.0
6.7
EPSS
0.3%
CVE-2017-6746 HIGH This Week

A vulnerability in the web interface of the Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Web Security Appliance
NVD
CVSS 3.0
7.2
EPSS
2.5%
CVE-2017-6672 HIGH This Week

A vulnerability in certain filtering mechanisms of access control lists (ACLs) for Cisco ASR 5000 Series Aggregation Services Routers through 21.x could allow an unauthenticated, remote attacker to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Asr 5000 Series Software
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-6612 HIGH This Week

A vulnerability in the gateway GPRS support node (GGSN) of Cisco ASR 5000 Series Aggregation Services Routers 17.3.9.62033 through 21.1.2 could allow an unauthenticated, remote attacker to redirect. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Asr 5000 Series Software
NVD
CVSS 3.0
8.6
EPSS
0.7%
CVE-2015-0674 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Alert Service of Cisco Cloud Web Security base revision allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Cloud Web Security
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-11589 CRITICAL Act Now

On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is no access control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Cisco Residential Gateway Firmware
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2017-11588 CRITICAL Act Now

On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is remote command. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Command Injection Residential Gateway Firmware
NVD
CVSS 3.0
9.8
EPSS
6.3%
CVE-2017-11587 HIGH This Week

On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Cisco Residential Gateway Firmware
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2017-6744 HIGH KEV THREAT Act Now

The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and no vendor patch available.

Cisco Buffer Overflow RCE Apple
NVD
CVSS 3.1
8.8
EPSS
7.1%
CVE-2017-6743 HIGH KEV THREAT Act Now

The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 14.1%.

Cisco Buffer Overflow RCE Apple
NVD
CVSS 3.1
8.8
EPSS
14.1%
CVE-2017-6740 HIGH KEV THREAT Act Now

The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 10.0%.

Cisco Buffer Overflow RCE Apple
NVD
CVSS 3.1
8.8
EPSS
10.0%
CVE-2017-6738 HIGH KEV THREAT Act Now

The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 14.1%.

Cisco Buffer Overflow RCE Apple
NVD
CVSS 3.1
8.8
EPSS
14.1%
CVE-2017-6736 HIGH POC KEV THREAT Act Now

The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Cisco Buffer Overflow RCE Apple
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
89.0%
Threat
7.4
CVE-2017-2345 CRITICAL Act Now

On Junos OS devices with SNMP enabled, a network based attacker with unfiltered access to the RE can cause the Junos OS snmpd daemon to crash and restart by sending a crafted SNMP packet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Cisco Juniper Junos
NVD
CVSS 3.0
9.8
EPSS
3.2%
CVE-2017-6735 MEDIUM This Month

A vulnerability in the backup and restore functionality of Cisco FireSIGHT System Software could allow an authenticated, local attacker to execute arbitrary code on a targeted system. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Cisco Firesight System Software
NVD
CVSS 3.0
6.7
EPSS
0.1%
CVE-2017-6734 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Identity Services Engine
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-6733 MEDIUM This Month

A vulnerability in the web-based application interface of the Cisco Identity Services Engine (ISE) portal could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Identity Services Engine
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-6732 MEDIUM This Month

A vulnerability in the installation procedure for Cisco Prime Network Software could allow an authenticated, local attacker to elevate their privileges to root privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Prime Network
NVD
CVSS 3.0
6.7
EPSS
0.0%
EPSS 0% CVSS 6.5
MEDIUM This Month

A vulnerability in the web functionality of the Cisco Prime LAN Management Solution could allow an authenticated, remote attacker to hijack another user's administrative session, aka a Session. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Prime Lan Management Solution
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A vulnerability in the ability for guest users to join meetings via a hyperlink with Cisco Meeting Server could allow an authenticated, remote attacker to enter a meeting with a hyperlink URL, even. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Meeting Server
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

A vulnerability in the ROM Monitor (ROMMON) code of Cisco IR800 Integrated Services Router Software could allow an unauthenticated, local attacker to boot an unsigned Hypervisor on an affected device. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. No vendor patch available.

RCE Cisco Ir800 Integrated Services Router Firmware
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS RCE Cisco +1
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Secure Firewall Management Center
NVD
EPSS 0% CVSS 5.8
MEDIUM This Month

A vulnerability in the malware detection functionality within Advanced Malware Protection (AMP) of Cisco AsyncOS Software for Cisco Email Security Appliances (ESAs) could allow an unauthenticated,. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Asyncos
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

A vulnerability in the General Packet Radio Service (GPRS) Tunneling Protocol ingress packet handler of Cisco ASR 5500 System Architecture Evolution (SAE) Gateways could allow an unauthenticated,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Asr 5500 Firmware
NVD
EPSS 2% CVSS 8.8
HIGH This Week

A vulnerability in the web-based user interface of Cisco SocialMiner could allow an unauthenticated, remote attacker to have read and write access to information stored in the affected system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Cisco Information Disclosure +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

A vulnerability in the dynamic access control list (ACL) feature of Cisco IOS XE Software running on Cisco Catalyst 4000 Series Switches could allow an unauthenticated, adjacent attacker to cause. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Cisco +1
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Unity Connection
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

A vulnerability in the IPv6 Simple Network Management Protocol (SNMP) code of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to cause high CPU usage or a reload of. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Cisco Information Disclosure +2
NVD
EPSS 2% CVSS 6.8
MEDIUM This Month

A vulnerability in the Session Initiation Protocol (SIP) on the Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Cisco Telepresence Video Communication Server
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

The WebLaunch functionality of Cisco AnyConnect Secure Mobility Client Software contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Anyconnect Secure Mobility Client
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

A vulnerability in Cisco Elastic Services Controller could allow an authenticated, local, unprivileged attacker to access sensitive information, including credentials for system accounts, on an. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.

Cisco Elastic Information Disclosure +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

A vulnerability in configuration modification permissions validation for Cisco Unified Communications Manager could allow an authenticated, remote attacker to perform a horizontal privilege. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Unified Communications Manager
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability in the web interface of the Cisco RV340, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to access sensitive data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Small Business Rv340 Firmware +2
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

A vulnerability in SNMP polling for the Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA) could allow an authenticated, remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Content Security Management Appliance +2
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

A vulnerability in the administrative web interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to modify a page in the web interface of the affected application. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cisco Code Injection +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability in the management of shell user accounts for Cisco Policy Suite (CPS) Software for CPS appliances could allow an authenticated, local attacker to gain elevated privileges on an. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Cisco Authentication Bypass Policy Suite
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A vulnerability in the Elastic Services Controller (ESC) web interface of the Cisco Ultra Services Platform could allow an authenticated, remote attacker to acquire sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Elastic Information Disclosure +1
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

A vulnerability in the ConfD server of the Cisco Elastic Services Controller (ESC) could allow an authenticated, remote attacker to acquire sensitive system information. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Elastic Information Disclosure +1
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

A vulnerability in the web framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Elastic +1
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to elevate their privileges to. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Asr 5000 Software
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

A vulnerability in Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify sensitive system. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Cisco Information Disclosure +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to bypass the CLI restrictions. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Authentication Bypass Asr 5000 Software
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

A vulnerability in Cisco Elastic Services Controller (ESC) could allow an authenticated, remote attacker to view sensitive information. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Elastic Information Disclosure +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

A vulnerability in the AutoVNF automation tool of the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to acquire sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Ultra Services Framework
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A vulnerability in the build procedure for certain executable system files installed at boot time on Cisco Application Policy Infrastructure Controller (APIC) devices could allow an authenticated,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Application Policy Infrastructure Controller
NVD
EPSS 1% CVSS 7.1
HIGH This Week

A vulnerability in Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to gain higher privileges than the account is assigned. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Privilege Escalation Application Policy Infrastructure Controller
NVD
EPSS 1% CVSS 8.1
HIGH This Week

A vulnerability in the Cisco Virtual Network Function (VNF) Element Manager could allow an authenticated, remote attacker to elevate privileges and run commands in the context of the root user on the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Virtual Network Function Element Manager
NVD
EPSS 1% CVSS 4.2
MEDIUM This Month

Cisco IOS 12.0 through 15.6, Adaptive Security Appliance (ASA) Software 7.0.1 through 9.7.1.2, NX-OS 4.0 through 12.0, and IOS XE 3.6 through 3.18 are affected by a vulnerability involving the Open. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Code Injection Cisco +7
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

A vulnerability in the web-based management interface of the Cisco Secure Access Control System (ACS) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Secure Access Control System
NVD
EPSS 0% CVSS 7.5
HIGH This Week

A vulnerability in the Secure Sockets Layer (SSL) Decryption and Inspection feature of Cisco Firepower System Software 5.4.0, 5.4.1, 6.0.0, 6.1.0, 6.2.0, 6.2.1, and 6.2.2 could allow an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Firesight System Software
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) 9.1(6.11) and 9.4(1.2) could allow an unauthenticated, remote attacker to conduct a cross-site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Adaptive Security Appliance Software
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) 9.5(1) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Adaptive Security Appliance Software
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A vulnerability in the implementation of the H.264 protocol in Cisco Meeting Server (CMS) 2.1.4 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Meeting Server
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Jabber Guest Server 10.6(9), 11.0(0), and 11.0(1) could allow an unauthenticated, remote attacker to conduct a cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Jabber Guest
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Finesse 10.6(1) and 11.5(1) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Finesse
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A vulnerability in the UpgradeManager of the Cisco Prime Collaboration Provisioning Tool 12.1 could allow an authenticated, remote attacker to write arbitrary files as root on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Prime Collaboration Provisioning
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A vulnerability in the web framework of Cisco Unified Communications Manager 11.5(1.10000.6) could allow an authenticated, remote attacker to access arbitrary files in the context of the web root. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Cisco Unified Communications Manager
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability in Cisco Unified Communications Manager 10.5(2.10000.5), 11.0(1.10000.10), and 11.5(1.10000.6) could allow an authenticated, remote attacker to conduct a blind SQL injection attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Unified Communications Manager
NVD
EPSS 0% CVSS 8.8
HIGH This Week

A vulnerability in the Web UI Application of the Cisco Prime Collaboration Provisioning Tool through 12.2 could allow an unauthenticated, remote attacker to execute unwanted actions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco CSRF Prime Collaboration Provisioning
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A vulnerability in the web-based management interface of the Cisco Smart Net Total Care (SNTC) Software Collector Appliance 3.11 could allow an authenticated, remote attacker to perform a read-only,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Smart Net Total Care Collector Appliance
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) 9.3(3) and 9.6(2) could allow an unauthenticated, remote attacker to determine valid usernames. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Adaptive Security Appliance Software
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

A vulnerability in the authentication module of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to bypass local authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Identity Services Engine
NVD
EPSS 0% CVSS 7.5
HIGH This Week

A vulnerability in the cache server within Cisco Videoscape Distribution Suite (VDS) for Television 3.2(5)ES1 could allow an unauthenticated, remote attacker to cause a denial of service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Cisco +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to reset the Autonomic Control Plane (ACP) of an. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Information Disclosure +2
NVD
EPSS 0% CVSS 7.5
HIGH This Week

A vulnerability in the Autonomic Networking feature of Cisco IOS XE Software could allow an unauthenticated, remote, autonomic node to access the Autonomic Networking infrastructure of an affected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Information Disclosure +1
NVD
EPSS 2% CVSS 6.5
MEDIUM KEV THREAT This Month

A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause autonomic nodes of an affected system to. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and no vendor patch available.

Cisco Denial Of Service Apple
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Cisco IOS before 15.2(4)S6 does not initialize an unspecified variable, which might allow remote authenticated users to cause a denial of service (CPU consumption, watchdog timeout, crash) by walking. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Apple Cisco +1
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Cisco Dpc3939 Firmware +3
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Dpc3939 Firmware +3
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Dpc3939 Firmware +3
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC This Week

The Comcast firmware on Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST) devices allows configuration changes via CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Cisco CSRF Dpc3939B Firmware +1
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC This Week

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) and DPC3941T (firmware version DPC3941_2.5s3_PROD_sey) devices allows remote attackers to access. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Cisco Authentication Bypass Dpc3939 Firmware +1
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM POC This Month

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) and DPC3941T (firmware version DPC3941_2.5s3_PROD_sey) devices allows remote attackers to discover. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Cisco Information Disclosure Dpc3939 Firmware +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Week

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to compute password-of-the-day values via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Cisco Information Disclosure Dpc3939 Firmware
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Week

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to write arbitrary data to a known /var/tmp/sess_* pathname by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Cisco Information Disclosure Dpc3939 Firmware
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Week

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST) and DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Cisco Information Disclosure Dpc3939 Firmware
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows Network Processor (NP) Linux users to obtain root access to the Application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Cisco Command Injection Dpc3939 Firmware
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to obtain root access to the Network Processor (NP) Linux system by. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Cisco Information Disclosure Dpc3939 Firmware
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Week

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to obtain unintended access to the Network Processor (NP). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Cisco Information Disclosure Dpc3939 Firmware
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows local users (e.g., users who have command access as a consequence of CVE-2017-9479. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Cisco Information Disclosure Dpc3939 Firmware
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to execute arbitrary commands as root by leveraging local network. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Cisco Information Disclosure Dpc3939 Firmware
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Week

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST) and DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices sets the CM MAC. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Cisco Information Disclosure Dpc3939 Firmware
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC This Month

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST) and DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Cisco Information Disclosure Dpc3939 Firmware
NVD GitHub
EPSS 16% CVSS 6.5
MEDIUM POC THREAT This Month

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); and Arris TG1682G. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 16.1%.

Cisco Information Disclosure Dpc3939 Firmware +1
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM This Month

A vulnerability in the web portal of the Cisco Prime Collaboration Provisioning (PCP) Tool could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Prime Collaboration Provisioning
NVD
EPSS 14% CVSS 8.8
HIGH Act Now

A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 14.0% and no vendor patch available.

Buffer Overflow RCE Microsoft +24
NVD
EPSS 0% CVSS 7.5
HIGH This Week

A vulnerability in the web proxy functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to forward traffic from the web proxy interface of an affected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Web Security Appliance +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A vulnerability in AsyncOS for the Cisco Web Security Appliance (WSA) could allow an unauthenticated, local attacker to log in to the device with the privileges of a limited user or an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Web Security Appliance +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Web Security Appliance +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A vulnerability in the CLI parser of the Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Web Security Appliance +1
NVD
EPSS 3% CVSS 7.2
HIGH This Week

A vulnerability in the web interface of the Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Web Security Appliance
NVD
EPSS 0% CVSS 7.5
HIGH This Week

A vulnerability in certain filtering mechanisms of access control lists (ACLs) for Cisco ASR 5000 Series Aggregation Services Routers through 21.x could allow an unauthenticated, remote attacker to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Asr 5000 Series Software
NVD
EPSS 1% CVSS 8.6
HIGH This Week

A vulnerability in the gateway GPRS support node (GGSN) of Cisco ASR 5000 Series Aggregation Services Routers 17.3.9.62033 through 21.1.2 could allow an unauthenticated, remote attacker to redirect. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Asr 5000 Series Software
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Alert Service of Cisco Cloud Web Security base revision allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Cloud Web Security
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is no access control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Cisco Residential Gateway Firmware
NVD
EPSS 6% CVSS 9.8
CRITICAL Act Now

On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is remote command. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Command Injection Residential Gateway Firmware
NVD
EPSS 1% CVSS 7.5
HIGH This Week

On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Cisco Residential Gateway Firmware
NVD
EPSS 7% CVSS 8.8
HIGH KEV THREAT Act Now

The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and no vendor patch available.

Cisco Buffer Overflow RCE +1
NVD
EPSS 14% CVSS 8.8
HIGH KEV THREAT Act Now

The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 14.1%.

Cisco Buffer Overflow RCE +1
NVD
EPSS 10% CVSS 8.8
HIGH KEV THREAT Act Now

The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 10.0%.

Cisco Buffer Overflow RCE +1
NVD
EPSS 14% CVSS 8.8
HIGH KEV THREAT Act Now

The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 14.1%.

Cisco Buffer Overflow RCE +1
NVD
EPSS 89% 7.4 CVSS 8.8
HIGH POC KEV THREAT Act Now

The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Cisco Buffer Overflow RCE +1
NVD GitHub Exploit-DB
EPSS 3% CVSS 9.8
CRITICAL Act Now

On Junos OS devices with SNMP enabled, a network based attacker with unfiltered access to the RE can cause the Junos OS snmpd daemon to crash and restart by sending a crafted SNMP packet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Cisco +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A vulnerability in the backup and restore functionality of Cisco FireSIGHT System Software could allow an authenticated, local attacker to execute arbitrary code on a targeted system. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Cisco Firesight System Software
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Identity Services Engine
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

A vulnerability in the web-based application interface of the Cisco Identity Services Engine (ISE) portal could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Identity Services Engine
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A vulnerability in the installation procedure for Cisco Prime Network Software could allow an authenticated, local attacker to elevate their privileges to root privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Prime Network
NVD
Prev Page 39 of 62 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy