Skip to main content

Cisco

5526 CVEs vendor

Monthly

CVE-2024-20473 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cisco Secure Firewall Management Center
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-20472 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cisco Secure Firewall Management Center
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-20471 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cisco Secure Firewall Management Center
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-20431 MEDIUM This Month

A vulnerability in the geolocation access control feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass an access control policy. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Firepower Threat Defense
NVD
CVSS 3.1
5.8
EPSS
0.4%
CVE-2024-20426 HIGH This Week

A vulnerability in the Internet Key Exchange version 2 (IKEv2) protocol for VPN termination of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Cisco Denial Of Service Microsoft Adaptive Security Appliance Software +1
NVD
CVSS 3.1
8.6
EPSS
0.5%
CVE-2024-20424 CRITICAL Act Now

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Secure Firewall Management Center
NVD
CVSS 3.1
9.9
EPSS
0.9%
CVE-2024-20415 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Firepower Management Center Secure Firewall Management Center
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-20412 HIGH This Week

A vulnerability in Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000, 2100, 3100, and 4200 Series could allow an unauthenticated, local attacker to access an affected system. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Firepower Threat Defense
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2024-20410 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Firepower Management Center Secure Firewall Management Center
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-20409 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Firepower Management Center Secure Firewall Management Center
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-20408 HIGH This Week

A vulnerability in the Dynamic Access Policies (DAP) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance Software Firepower Threat Defense
NVD
CVSS 3.1
7.7
EPSS
0.4%
CVE-2024-20407 MEDIUM This Month

A vulnerability in the interaction between the TCP Intercept feature and the Snort 3 detection engine on Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Firepower Threat Defense
NVD
CVSS 3.1
5.8
EPSS
0.4%
CVE-2024-20403 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Firepower Management Center Secure Firewall Management Center
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-20402 HIGH This Week

A vulnerability in the SSL VPN feature for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance Software Firepower Threat Defense
NVD
CVSS 3.1
8.6
EPSS
0.5%
CVE-2024-20388 MEDIUM This Month

A vulnerability in the password change feature of Cisco Firepower Management Center (FMC) software could allow an unauthenticated, remote attacker to determine valid user names on an affected device. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Firepower Management Center Secure Firewall Management Center Firepower Threat Defense
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-20387 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco FMC Software could allow an authenticated, remote attacker to store malicious content for use in XSS attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Firepower Management Center Secure Firewall Management Center
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-20386 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Firepower Management Center Secure Firewall Management Center
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-20384 MEDIUM This Month

A vulnerability in the Network Service Group (NSG) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Adaptive Security Appliance Software Firepower Threat Defense
NVD
CVSS 3.1
5.8
EPSS
0.4%
CVE-2024-20382 MEDIUM This Month

A vulnerability in the VPN web client services feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Adaptive Security Appliance Software Firepower Threat Defense
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-20379 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Firepower Management Center Secure Firewall Management Center
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-20377 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Secure Firewall Management Center
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-20374 HIGH This Week

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Secure Firewall Management Center
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2024-20372 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Firepower Management Center Secure Firewall Management Center
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-20370 MEDIUM This Month

A vulnerability in the Cisco FXOS CLI feature on specific hardware platforms for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cisco
NVD
CVSS 3.1
6.0
EPSS
0.2%
CVE-2024-20364 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Secure Firewall Management Center
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-20351 HIGH This Week

A vulnerability in the TCP/IP traffic handling function of the Snort Detection Engine of Cisco Firepower Threat Defense (FTD) Software and Cisco FirePOWER Services could allow an unauthenticated,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Firepower Threat Defense Software
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-20342 HIGH This Week

Multiple Cisco products are affected by a vulnerability in the rate filtering feature of the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured rate. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Snort Firepower Threat Defense Software
NVD
CVSS 3.1
8.6
EPSS
0.5%
CVE-2024-20341 MEDIUM This Month

A vulnerability in the VPN web client services feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Adaptive Security Appliance Software Firepower Threat Defense Software
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-20340 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cisco Secure Firewall Management Center
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-20339 HIGH This Week

A vulnerability in the TLS processing feature of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series could allow an unauthenticated, remote attacker to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Cisco Denial Of Service Firepower Threat Defense Software
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-20331 MEDIUM This Month

A vulnerability in the session authentication functionality of the Remote Access SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Cisco Information Disclosure Adaptive Security Appliance Software Firepower Threat Defense Software
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2024-20330 HIGH This Week

A vulnerability in the Snort 2 and Snort 3 TCP and UDP detection engine of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Appliances could allow an unauthenticated,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Denial Of Service Firepower Threat Defense
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-20329 CRITICAL Act Now

A vulnerability in the SSH subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to execute operating system commands as root. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Adaptive Security Appliance Software
NVD
CVSS 3.1
9.9
EPSS
1.2%
CVE-2024-20300 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Secure Firewall Management Center
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-20299 MEDIUM This Month

A vulnerability in the AnyConnect firewall for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Adaptive Security Appliance Software Firepower Threat Defense
NVD
CVSS 3.1
5.8
EPSS
0.5%
CVE-2024-20298 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Secure Firewall Management Center
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-20297 MEDIUM This Month

A vulnerability in the AnyConnect firewall for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Adaptive Security Appliance Software Firepower Threat Defense
NVD
CVSS 3.1
5.8
EPSS
0.5%
CVE-2024-20275 MEDIUM This Month

A vulnerability in the cluster backup feature of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Secure Firewall Management Center
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-20274 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Cisco Secure Firewall Management Center
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-20273 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Secure Firewall Management Center
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-20269 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Secure Firewall Management Center
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-20268 HIGH This Week

A vulnerability in the Simple Network Management Protocol (SNMP) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance Software Firepower Threat Defense
NVD
CVSS 3.1
7.7
EPSS
0.6%
CVE-2024-20264 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Secure Firewall Management Center
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-20260 HIGH This Week

A vulnerability in the VPN and management web servers of the Cisco Adaptive Security Virtual Appliance (ASAv) and Cisco Secure Firewall Threat Defense Virtual (FTDv), formerly Cisco Firepower Threat. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service
NVD
CVSS 3.1
8.6
EPSS
0.6%
CVE-2024-20512 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) could allow an unauthenticated, remote attacker to conduct a reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Unified Contact Center Management Portal
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-20463 HIGH This Week

A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to modify the configuration or reboot. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Ata 191 Firmware Ata 192 Firmware
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-20462 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco ATA 190 Series Multiplatform Analog Telephone Adapter firmware could allow an authenticated, local attacker with low privileges to view. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Ata 191 Firmware Ata 192 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-20461 MEDIUM This Month

A vulnerability in the CLI of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an authenticated, local attacker with high privileges to execute arbitrary commands as the root. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Ata 191 Firmware Ata 192 Firmware
NVD
CVSS 3.1
6.0
EPSS
0.2%
CVE-2024-20460 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to conduct a reflected cross-site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Ata 191 Firmware Ata 192 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-20459 HIGH This Week

A vulnerability in the web-based management interface of Cisco ATA 190 Multiplatform Series Analog Telephone Adapter firmware could allow an authenticated, remote attacker with high privileges to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Ata 191 Firmware Ata 192 Firmware
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-20458 HIGH This Week

A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to view or delete the configuration or. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Command Injection Ata 191 Firmware Ata 192 Firmware
NVD
CVSS 3.1
8.2
EPSS
0.7%
CVE-2024-20421 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco CSRF Ata 191 Firmware Ata 192 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-20420 HIGH This Week

A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an authenticated, remote attacker with low privileges to run commands as an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Ata 191 Firmware Ata 192 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-20280 MEDIUM This Month

A vulnerability in the backup feature of Cisco UCS Central Software could allow an attacker with access to a backup file to learn sensitive information that is stored in the full state and. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Ucs Central Software
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-20513 MEDIUM This Month

A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition for. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Meraki Mx65 Firmware Meraki Mx64 Firmware Meraki Z4C Firmware +22
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-20509 MEDIUM This Month

A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to hijack an AnyConnect VPN. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Cisco Denial Of Service Meraki Mx65 Firmware Meraki Mx64 Firmware +23
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2024-20502 HIGH This Week

A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition on. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Meraki Mx65 Firmware Meraki Mx64 Firmware Meraki Z4C Firmware +22
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-20501 HIGH This Week

Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Memory Corruption Meraki Mx65 Firmware Meraki Mx64 Firmware +23
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-20500 HIGH This Week

A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Meraki Z4C Firmware Meraki Z4 Firmware Meraki Z3C Firmware +22
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-20499 HIGH This Week

Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Memory Corruption Meraki Z4C Firmware Meraki Z4 Firmware +23
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-20498 HIGH This Week

Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Meraki Mx65 Firmware Meraki Mx64 Firmware Meraki Z4C Firmware +22
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-20524 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Stack Overflow Denial Of Service Rv042 Firmware +3
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2024-20523 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Stack Overflow Denial Of Service Rv042 Firmware +3
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2024-20522 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Cisco Denial Of Service Rv042 Firmware +3
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2024-20521 CRITICAL Act Now

A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Stack Overflow RCE Rv042 Firmware +3
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2024-20520 CRITICAL Act Now

A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Stack Overflow RCE Rv042 Firmware +3
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-20519 CRITICAL Act Now

A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Stack Overflow RCE Rv042 Firmware +3
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-20518 CRITICAL Act Now

A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Stack Overflow RCE Rv042 Firmware +3
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-20517 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Cisco Denial Of Service Rv042 Firmware +3
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2024-20516 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Cisco Denial Of Service Rv042 Firmware +3
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2024-20515 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Identity Services Engine
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-20492 MEDIUM This Month

A vulnerability in the restricted shell of Cisco Expressway Series could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Telepresence Video Communication Server
NVD
CVSS 3.1
6.7
EPSS
0.6%
CVE-2024-20491 HIGH This Week

A vulnerability in a logging function of Cisco Nexus Dashboard Insights could allow an attacker with access to a tech support file to view sensitive information. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Nexus Dashboard Fabric Controller Nexus Dashboard Insights Nexus Dashboard Orchestrator
NVD
CVSS 3.1
8.6
EPSS
0.3%
CVE-2024-20490 HIGH This Week

A vulnerability in a logging function of Cisco Nexus Dashboard Fabric Controller (NDFC) and Cisco Nexus Dashboard Orchestrator (NDO) could allow an attacker with access to a tech support file to view. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Nexus Dashboard Fabric Controller Nexus Dashboard Insights Nexus Dashboard Orchestrator
NVD
CVSS 3.1
8.6
EPSS
0.3%
CVE-2024-20477 MEDIUM This Month

A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to upload or delete files on an affected device. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Nexus Dashboard Nexus Dashboard Fabric Controller
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-20470 HIGH This Week

A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cisco Rv340 Dual Wan Gigabit Vpn Router Firmware Rv340W Dual Wan Gigabit Wireless Ac Vpn Router Firmware Rv345 Dual Wan Gigabit Vpn Router Firmware +1
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-20449 HIGH This Week

A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, remote attacker with low privileges to execute arbitrary code on an affected device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cisco Path Traversal Nexus Dashboard Fabric Controller
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-20448 HIGH This Week

A vulnerability in the Cisco Nexus Dashboard Fabric Controller (NDFC) software, formerly Cisco Data Center Network Manager (DCNM), could allow an attacker with access to a backup file to view. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Nexus Dashboard Fabric Controller
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2024-20444 MEDIUM This Month

A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC), formerly Cisco Data Center Network Manager (DCNM), could allow an authenticated, remote attacker with network-admin privileges to. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Denial Of Service Nexus Dashboard Fabric Controller
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2024-20442 MEDIUM This Month

A vulnerability in the REST API endpoints of Cisco Nexus Dashboard could allow an authenticated, low-privileged, remote attacker to perform limited Administrator actions on an affected device. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Nexus Dashboard Nexus Dashboard Fabric Controller
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-20441 MEDIUM This Month

A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to learn sensitive information on an affected device. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Nexus Dashboard Nexus Dashboard Fabric Controller
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-20438 MEDIUM This Month

A vulnerability in the REST API endpoints of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to read or write files on an affected device. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Nexus Dashboard Nexus Dashboard Fabric Controller
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-20432 HIGH This Week

A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to perform a command injection attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Nexus Dashboard Fabric Controller
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-20393 HIGH This Week

A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to elevate. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Rv340 Dual Wan Gigabit Vpn Router Firmware Rv340W Dual Wan Gigabit Wireless Ac Vpn Router Firmware Rv345 Dual Wan Gigabit Vpn Router Firmware +1
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-20385 MEDIUM This Month

A vulnerability in the SSL/TLS implementation of Cisco Nexus Dashboard Orchestrator (NDO) could allow an unauthenticated, remote attacker to intercept sensitive information from an affected. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Cisco Information Disclosure Nexus Dashboard Orchestrator
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-20365 HIGH This Week

A vulnerability in the Redfish API of Cisco UCS B-Series, Cisco UCS Managed C-Series, and Cisco UCS X-Series Servers could allow an authenticated, remote attacker with administrative privileges to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Unified Computing System
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2024-20510 CRITICAL Act Now

A vulnerability in the Central Web Authentication (CWA) feature of Cisco IOS XE Software for Wireless Controllers could allow an unauthenticated, adjacent attacker to bypass the pre-authentication. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Cisco Ios Xe
NVD
CVSS 3.1
9.3
EPSS
0.3%
CVE-2024-20508 MEDIUM This Month

A vulnerability in Cisco Unified Threat Defense (UTD) Snort Intrusion Prevention System (IPS) Engine for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Cisco Denial Of Service Apple +1
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-20496 MEDIUM This Month

A vulnerability in the UDP packet validation code of Cisco SD-WAN vEdge Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected system. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow Cisco Denial Of Service Memory Corruption
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-20480 HIGH This Week

A vulnerability in the DHCP Snooping feature of Cisco IOS XE Software on Software-Defined Access (SD-Access) fabric edge nodes could allow an unauthenticated, remote attacker to cause high CPU. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service Ios Xe
NVD
CVSS 3.1
8.6
EPSS
0.6%
EPSS 0% CVSS 6.5
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cisco Secure Firewall Management Center
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cisco Secure Firewall Management Center
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cisco Secure Firewall Management Center
NVD
EPSS 0% CVSS 5.8
MEDIUM This Month

A vulnerability in the geolocation access control feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass an access control policy. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Firepower Threat Defense
NVD
EPSS 1% CVSS 8.6
HIGH This Week

A vulnerability in the Internet Key Exchange version 2 (IKEv2) protocol for VPN termination of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Cisco Denial Of Service +3
NVD
EPSS 1% CVSS 9.9
CRITICAL Act Now

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Secure Firewall Management Center
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Firepower Management Center +1
NVD
EPSS 0% CVSS 8.4
HIGH This Week

A vulnerability in Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000, 2100, 3100, and 4200 Series could allow an unauthenticated, local attacker to access an affected system. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Firepower Threat Defense
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Firepower Management Center +1
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Firepower Management Center +1
NVD
EPSS 0% CVSS 7.7
HIGH This Week

A vulnerability in the Dynamic Access Policies (DAP) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance Software +1
NVD
EPSS 0% CVSS 5.8
MEDIUM This Month

A vulnerability in the interaction between the TCP Intercept feature and the Snort 3 detection engine on Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Firepower Threat Defense
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Firepower Management Center +1
NVD
EPSS 1% CVSS 8.6
HIGH This Week

A vulnerability in the SSL VPN feature for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance Software +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability in the password change feature of Cisco Firepower Management Center (FMC) software could allow an unauthenticated, remote attacker to determine valid user names on an affected device. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Firepower Management Center +2
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco FMC Software could allow an authenticated, remote attacker to store malicious content for use in XSS attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Firepower Management Center +1
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Firepower Management Center +1
NVD
EPSS 0% CVSS 5.8
MEDIUM This Month

A vulnerability in the Network Service Group (NSG) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Adaptive Security Appliance Software +1
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

A vulnerability in the VPN web client services feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Adaptive Security Appliance Software +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Firepower Management Center +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Secure Firewall Management Center
NVD
EPSS 1% CVSS 7.2
HIGH This Week

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Secure Firewall Management Center
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Firepower Management Center +1
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

A vulnerability in the Cisco FXOS CLI feature on specific hardware platforms for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cisco
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Secure Firewall Management Center
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A vulnerability in the TCP/IP traffic handling function of the Snort Detection Engine of Cisco Firepower Threat Defense (FTD) Software and Cisco FirePOWER Services could allow an unauthenticated,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Firepower Threat Defense Software
NVD
EPSS 1% CVSS 8.6
HIGH This Week

Multiple Cisco products are affected by a vulnerability in the rate filtering feature of the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured rate. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Snort +1
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

A vulnerability in the VPN web client services feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Adaptive Security Appliance Software +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cisco Secure Firewall Management Center
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A vulnerability in the TLS processing feature of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series could allow an unauthenticated, remote attacker to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Cisco Denial Of Service +1
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

A vulnerability in the session authentication functionality of the Remote Access SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Cisco Information Disclosure Adaptive Security Appliance Software +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A vulnerability in the Snort 2 and Snort 3 TCP and UDP detection engine of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Appliances could allow an unauthenticated,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Denial Of Service +1
NVD
EPSS 1% CVSS 9.9
CRITICAL Act Now

A vulnerability in the SSH subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to execute operating system commands as root. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Adaptive Security Appliance Software
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Secure Firewall Management Center
NVD
EPSS 0% CVSS 5.8
MEDIUM This Month

A vulnerability in the AnyConnect firewall for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Adaptive Security Appliance Software +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Secure Firewall Management Center
NVD
EPSS 0% CVSS 5.8
MEDIUM This Month

A vulnerability in the AnyConnect firewall for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Adaptive Security Appliance Software +1
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

A vulnerability in the cluster backup feature of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Secure Firewall Management Center
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Cisco Secure Firewall Management Center
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Secure Firewall Management Center
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Secure Firewall Management Center
NVD
EPSS 1% CVSS 7.7
HIGH This Week

A vulnerability in the Simple Network Management Protocol (SNMP) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance Software +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Secure Firewall Management Center
NVD
EPSS 1% CVSS 8.6
HIGH This Week

A vulnerability in the VPN and management web servers of the Cisco Adaptive Security Virtual Appliance (ASAv) and Cisco Secure Firewall Threat Defense Virtual (FTDv), formerly Cisco Firepower Threat. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) could allow an unauthenticated, remote attacker to conduct a reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Unified Contact Center Management Portal
NVD
EPSS 0% CVSS 7.1
HIGH This Week

A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to modify the configuration or reboot. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Ata 191 Firmware +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco ATA 190 Series Multiplatform Analog Telephone Adapter firmware could allow an authenticated, local attacker with low privileges to view. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Ata 191 Firmware +1
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

A vulnerability in the CLI of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an authenticated, local attacker with high privileges to execute arbitrary commands as the root. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Ata 191 Firmware +1
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to conduct a reflected cross-site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Ata 191 Firmware +1
NVD
EPSS 1% CVSS 7.2
HIGH This Week

A vulnerability in the web-based management interface of Cisco ATA 190 Multiplatform Series Analog Telephone Adapter firmware could allow an authenticated, remote attacker with high privileges to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Ata 191 Firmware +1
NVD
EPSS 1% CVSS 8.2
HIGH This Week

A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to view or delete the configuration or. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Command Injection Ata 191 Firmware +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco CSRF Ata 191 Firmware +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an authenticated, remote attacker with low privileges to run commands as an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Ata 191 Firmware +1
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

A vulnerability in the backup feature of Cisco UCS Central Software could allow an attacker with access to a backup file to learn sensitive information that is stored in the full state and. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Ucs Central Software
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition for. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Meraki Mx65 Firmware +24
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to hijack an AnyConnect VPN. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Cisco Denial Of Service +25
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition on. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Meraki Mx65 Firmware +24
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Memory Corruption +25
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Meraki Z4C Firmware +24
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Memory Corruption +25
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Meraki Mx65 Firmware +24
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Stack Overflow +5
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Stack Overflow +5
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Cisco +5
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Stack Overflow +5
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Stack Overflow +5
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Stack Overflow +5
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Stack Overflow +5
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Cisco +5
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Cisco +5
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Identity Services Engine
NVD
EPSS 1% CVSS 6.7
MEDIUM This Month

A vulnerability in the restricted shell of Cisco Expressway Series could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Telepresence Video Communication Server
NVD
EPSS 0% CVSS 8.6
HIGH This Week

A vulnerability in a logging function of Cisco Nexus Dashboard Insights could allow an attacker with access to a tech support file to view sensitive information. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Nexus Dashboard Fabric Controller +2
NVD
EPSS 0% CVSS 8.6
HIGH This Week

A vulnerability in a logging function of Cisco Nexus Dashboard Fabric Controller (NDFC) and Cisco Nexus Dashboard Orchestrator (NDO) could allow an attacker with access to a tech support file to view. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Nexus Dashboard Fabric Controller +2
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to upload or delete files on an affected device. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Nexus Dashboard +1
NVD
EPSS 1% CVSS 7.2
HIGH This Week

A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cisco Rv340 Dual Wan Gigabit Vpn Router Firmware +3
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, remote attacker with low privileges to execute arbitrary code on an affected device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cisco Path Traversal +1
NVD
EPSS 0% CVSS 8.6
HIGH This Week

A vulnerability in the Cisco Nexus Dashboard Fabric Controller (NDFC) software, formerly Cisco Data Center Network Manager (DCNM), could allow an attacker with access to a backup file to view. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Nexus Dashboard Fabric Controller
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC), formerly Cisco Data Center Network Manager (DCNM), could allow an authenticated, remote attacker with network-admin privileges to. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Denial Of Service +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

A vulnerability in the REST API endpoints of Cisco Nexus Dashboard could allow an authenticated, low-privileged, remote attacker to perform limited Administrator actions on an affected device. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Nexus Dashboard +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to learn sensitive information on an affected device. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Nexus Dashboard +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

A vulnerability in the REST API endpoints of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to read or write files on an affected device. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Nexus Dashboard +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to perform a command injection attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Nexus Dashboard Fabric Controller
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to elevate. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Rv340 Dual Wan Gigabit Vpn Router Firmware +3
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

A vulnerability in the SSL/TLS implementation of Cisco Nexus Dashboard Orchestrator (NDO) could allow an unauthenticated, remote attacker to intercept sensitive information from an affected. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Cisco Information Disclosure Nexus Dashboard Orchestrator
NVD
EPSS 1% CVSS 7.2
HIGH This Week

A vulnerability in the Redfish API of Cisco UCS B-Series, Cisco UCS Managed C-Series, and Cisco UCS X-Series Servers could allow an authenticated, remote attacker with administrative privileges to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Unified Computing System
NVD
EPSS 0% CVSS 9.3
CRITICAL Act Now

A vulnerability in the Central Web Authentication (CWA) feature of Cisco IOS XE Software for Wireless Controllers could allow an unauthenticated, adjacent attacker to bypass the pre-authentication. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Cisco +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A vulnerability in Cisco Unified Threat Defense (UTD) Snort Intrusion Prevention System (IPS) Engine for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Cisco +3
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

A vulnerability in the UDP packet validation code of Cisco SD-WAN vEdge Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected system. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow Cisco Denial Of Service +1
NVD
EPSS 1% CVSS 8.6
HIGH This Week

A vulnerability in the DHCP Snooping feature of Cisco IOS XE Software on Software-Defined Access (SD-Access) fabric edge nodes could allow an unauthenticated, remote attacker to cause high CPU. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service +1
NVD
Prev Page 6 of 62 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy