Filtered by vendor Cisco
Subscribe
Total
6480 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-15974 | 1 Cisco | 1 Managed Services Accelerator | 2021-10-29 | 5.8 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web interface of Cisco Managed Services Accelerator (MSX) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by intercepting a user's HTTP request and modifying it into a request that causes the web interface to redirect the user to a specific malicious URL. A successful exploit could allow the attacker to redirect a user to a malicious web page. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites. | |||||
| CVE-2019-15963 | 1 Cisco | 1 Unified Communications Manager | 2021-10-29 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive information in the web-based management interface of the affected software. The vulnerability is due to insufficient protection of user-supplied input by the web-based management interface of the affected service. An attacker could exploit this vulnerability by accessing the interface and viewing restricted portions of the software configuration. A successful exploit could allow the attacker to gain access to sensitive information or conduct further attacks. | |||||
| CVE-2019-15957 | 1 Cisco | 11 Rv016 Multi-wan Vpn, Rv016 Multi-wan Vpn Firmware, Rv042 Dual Wan Vpn and 8 more | 2021-10-29 | 9.0 HIGH | 7.2 HIGH |
| A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker with administrative privileges to inject arbitrary commands into the underlying operating system. When processed, the commands will be executed with root privileges. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by providing malicious input to a specific field in the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system as the root user. | |||||
| CVE-2019-1586 | 1 Cisco | 1 Application Policy Infrastructure Controller | 2021-10-29 | 2.1 LOW | 4.6 MEDIUM |
| A vulnerability in Cisco Application Policy Infrastructure Controller (APIC) Software could allow an unauthenticated, local attacker with physical access to obtain sensitive information from an affected device. The vulnerability is due to insecure removal of cleartext encryption keys stored on local partitions in the hard drive of an affected device. An attacker could exploit this vulnerability by retrieving data from the physical disk on the affected partition(s). A successful exploit could allow the attacker to retrieve encryption keys, possibly allowing the attacker to further decrypt other data and sensitive information on the device, which could lead to the disclosure of confidential information. | |||||
| CVE-2019-12621 | 1 Cisco | 10 Hyperflex Hx220c Af M5, Hyperflex Hx220c Af M5 Firmware, Hyperflex Hx220c Edge M5 and 7 more | 2021-10-28 | 5.8 MEDIUM | 7.4 HIGH |
| A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack. The vulnerability is due to insufficient key management. An attacker could exploit this vulnerability by obtaining a specific encryption key for the cluster. A successful exploit could allow the attacker to perform a man-in-the-middle attack against other nodes in the cluster. | |||||
| CVE-2019-1667 | 1 Cisco | 1 Hyperflex Hx Data Platform | 2021-10-28 | 2.1 LOW | 3.3 LOW |
| A vulnerability in the Graphite interface of Cisco HyperFlex software could allow an authenticated, local attacker to write arbitrary data to the Graphite interface. The vulnerability is due to insufficient authorization controls. An attacker could exploit this vulnerability by connecting to the Graphite service and sending arbitrary data. A successful exploit could allow the attacker to write arbitrary data to Graphite, which could result in invalid statistics being presented in the interface. Versions prior to 3.5(2a) are affected. | |||||
| CVE-2020-3199 | 1 Cisco | 5 1120, 1240, 809 and 2 more | 2021-10-26 | 8.3 HIGH | 8.8 HIGH |
| Multiple vulnerabilities in the Cisco IOx application environment of Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) that are running Cisco IOS Software could allow an attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2020-3258 | 1 Cisco | 16 1120, 1240, Ios and 13 more | 2021-10-26 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker or an authenticated, local attacker to execute arbitrary code on an affected system or cause an affected system to crash and reload. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2020-3329 | 1 Cisco | 3 Integrated Management Controller Supervisor, Ucs Director, Ucs Director Express For Big Data | 2021-10-26 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability in role-based access control of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow a read-only authenticated, remote attacker to disable user accounts on an affected system. The vulnerability is due to incorrect allocation of the enable/disable action button under the role-based access control code on an affected system. An attacker could exploit this vulnerability by authenticating as a read-only user and then updating the roles of other users to disable them. A successful exploit could allow the attacker to disable users, including administrative users. | |||||
| CVE-2020-3208 | 1 Cisco | 5 1120, 1240, 809 and 2 more | 2021-10-26 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the image verification feature of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) could allow an authenticated, local attacker to boot a malicious software image on an affected device. The vulnerability is due to insufficient access restrictions on the area of code that manages the image verification feature. An attacker could exploit this vulnerability by first authenticating to the targeted device and then logging in to the Virtual Device Server (VDS) of an affected device. The attacker could then, from the VDS shell, disable Cisco IOS Software integrity (image) verification. A successful exploit could allow the attacker to boot a malicious Cisco IOS Software image on the targeted device. To exploit this vulnerability, the attacker must have valid user credentials at privilege level 15. | |||||
| CVE-2021-34760 | 1 Cisco | 1 Telepresence Management Suite | 2021-10-26 | 3.5 LOW | 4.8 MEDIUM |
| A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious data in a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | |||||
| CVE-2020-3232 | 1 Cisco | 2 Asr 920-12sz-im, Ios Xe | 2021-10-19 | 6.8 MEDIUM | 7.7 HIGH |
| A vulnerability in the Simple Network Management Protocol (SNMP) implementation in Cisco ASR 920 Series Aggregation Services Router model ASR920-12SZ-IM could allow an authenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect handling of data that is returned for Cisco Discovery Protocol queries to SNMP. An attacker could exploit this vulnerability by sending a request for Cisco Discovery Protocol information by using SNMP. An exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. | |||||
| CVE-2020-3215 | 1 Cisco | 1 Ios Xe | 2021-10-19 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the Virtual Services Container of Cisco IOS XE Software could allow an authenticated, local attacker to gain root-level privileges on an affected device. The vulnerability is due to insufficient validation of a user-supplied open virtual appliance (OVA). An attacker could exploit this vulnerability by installing a malicious OVA on an affected device. | |||||
| CVE-2020-3213 | 1 Cisco | 1 Ios Xe | 2021-10-19 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the ROMMON of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to those of the root user of the underlying operating system. The vulnerability is due to the ROMMON allowing for special parameters to be passed to the device at initial boot up. An attacker could exploit this vulnerability by sending parameters to the device at initial boot up. An exploit could allow the attacker to elevate from a Priv15 user to the root user and execute arbitrary commands with the privileges of the root user. | |||||
| CVE-2020-3205 | 1 Cisco | 5 1120, 1240, 809 and 2 more | 2021-10-19 | 8.3 HIGH | 8.8 HIGH |
| A vulnerability in the implementation of the inter-VM channel of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, adjacent attacker to execute arbitrary shell commands on the Virtual Device Server (VDS) of an affected device. The vulnerability is due to insufficient validation of signaling packets that are destined to VDS. An attacker could exploit this vulnerability by sending malicious packets to an affected device. A successful exploit could allow the attacker to execute arbitrary commands in the context of the Linux shell of VDS with the privileges of the root user. Because the device is designed on a hypervisor architecture, exploitation of a vulnerability that affects the inter-VM channel may lead to a complete system compromise. For more information about this vulnerability, see the Details section of this advisory. | |||||
| CVE-2020-3203 | 1 Cisco | 7 Catalyst 9800-40, Catalyst 9800-80, Catalyst 9800-cl and 4 more | 2021-10-19 | 7.8 HIGH | 8.6 HIGH |
| A vulnerability in the locally significant certificate (LSC) provisioning feature of Cisco Catalyst 9800 Series Wireless Controllers that are running Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak that could lead to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain public key infrastructure (PKI) packets. An attacker could exploit this vulnerability by sending crafted Secure Sockets Layer (SSL) packets to an affected device. A successful exploit could cause an affected device to continuously consume memory, which could result in a memory allocation failure that leads to a crash and causes a DoS condition. | |||||
| CVE-2020-3321 | 1 Cisco | 2 Webex Network Recording Player, Webex Player | 2021-10-19 | 4.3 MEDIUM | 3.3 LOW |
| A vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows could allow an attacker to cause a process crash resulting in a Denial of service (DoS) condition for the player application on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to cause the Webex player application to crash when trying to view the malicious file. | |||||
| CVE-2020-3198 | 1 Cisco | 5 1120, 1240, 809 and 2 more | 2021-10-19 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker or an authenticated, local attacker to execute arbitrary code on an affected system or cause an affected system to crash and reload. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2020-3322 | 1 Cisco | 2 Webex Network Recording Player, Webex Player | 2021-10-19 | 4.3 MEDIUM | 3.3 LOW |
| A vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows could allow an attacker to cause a process crash resulting in a Denial of service (DoS) condition for the player application on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to cause the Webex player application to crash when trying to view the malicious file. | |||||
| CVE-2020-3310 | 1 Cisco | 1 Firepower Device Manager On-box | 2021-10-19 | 6.8 MEDIUM | 4.9 MEDIUM |
| A vulnerability in the XML parser code of Cisco Firepower Device Manager On-Box software could allow an authenticated, remote attacker to cause an affected system to become unstable or reload. The vulnerability is due to insufficient hardening of the XML parser configuration. An attacker could exploit this vulnerability in multiple ways using a malicious file: An attacker with administrative privileges could upload a malicious XML file on the system and cause the XML code to parse the malicious file. An attacker with Clientless Secure Sockets Layer (SSL) VPN access could exploit this vulnerability by sending a crafted XML file. A successful exploit would allow the attacker to crash the XML parser process, which could cause system instability, memory exhaustion, and in some cases lead to a reload of the affected system. | |||||