Lucene search

K

Cisco Security Vulnerabilities

cve
cve

CVE-2022-20677

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being...

6.7CVSS

6.4AI Score

0.0004EPSS

2022-04-15 03:15 PM
76
cve
cve

CVE-2020-3475

Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to gain unauthorized read access to sensitive data or cause the web management software to hang or crash, resulting in a denial of service (DoS)....

8.1CVSS

8AI Score

0.002EPSS

2020-09-24 06:15 PM
32
3
cve
cve

CVE-2020-3474

Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to gain unauthorized read access to sensitive data or cause the web management software to hang or crash, resulting in a denial of service (DoS)....

8.1CVSS

8AI Score

0.002EPSS

2020-09-24 06:15 PM
26
cve
cve

CVE-2021-1367

A vulnerability in the Protocol Independent Multicast (PIM) feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit...

4.3CVSS

4.6AI Score

0.001EPSS

2021-02-24 08:15 PM
34
4
cve
cve

CVE-2022-20829

A vulnerability in the packaging of Cisco Adaptive Security Device Manager (ASDM) images and the validation of those images by Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker with administrative privileges to upload an ASDM image that contains...

9.1CVSS

7.8AI Score

0.007EPSS

2022-06-24 04:15 PM
115
4
cve
cve

CVE-2022-20678

A vulnerability in the AppNav-XE feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of certain TCP segments. An attacker could.....

8.6CVSS

7.5AI Score

0.001EPSS

2022-04-15 03:15 PM
73
cve
cve

CVE-2021-1230

A vulnerability with the Border Gateway Protocol (BGP) for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, remote attacker to cause a routing process to crash, which could lead to a denial of service (DoS) condition. This...

8.6CVSS

7.5AI Score

0.002EPSS

2021-02-24 08:15 PM
41
4
cve
cve

CVE-2022-20855

A vulnerability in the self-healing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst Access Points could allow an authenticated, local attacker to escape the restricted controller shell and execute arbitrary commands on the underlying operating system of the...

7.9CVSS

6.8AI Score

0.0004EPSS

2022-09-30 07:15 PM
34
4
cve
cve

CVE-2021-34696

A vulnerability in the access control list (ACL) programming of Cisco ASR 900 and ASR 920 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incorrect programming of hardware when an ACL is configured using a....

5.8CVSS

5.7AI Score

0.001EPSS

2021-09-23 03:15 AM
24
cve
cve

CVE-2020-3480

Multiple vulnerabilities in the Zone-Based Firewall feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload or stop forwarding traffic through the firewall. The vulnerabilities are due to incomplete handling of Layer 4 packets through the...

8.6CVSS

8.5AI Score

0.002EPSS

2020-09-24 06:15 PM
47
cve
cve

CVE-2021-34757

Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account. For more information about these vulnerabilities, see the Details section of...

5.5CVSS

5.5AI Score

0.0004EPSS

2021-10-06 08:15 PM
21
cve
cve

CVE-2021-34744

Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account. For more information about these vulnerabilities, see the Details section of...

4.9CVSS

5.2AI Score

0.001EPSS

2021-10-06 08:15 PM
23
cve
cve

CVE-2021-1229

A vulnerability in ICMP Version 6 (ICMPv6) processing in Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a slow system memory leak, which over time could lead to a denial of service (DoS) condition. This vulnerability is due to improper error handling when an...

5.8CVSS

5.3AI Score

0.002EPSS

2021-02-24 08:15 PM
119
3
cve
cve

CVE-2021-34736

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to cause the web-based management interface to unexpectedly restart. The vulnerability is due to insufficient input validation on the...

7.5CVSS

7.4AI Score

0.001EPSS

2021-10-21 03:15 AM
30
cve
cve

CVE-2022-20944

A vulnerability in the software image verification functionality of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches could allow an unauthenticated, physical attacker to execute unsigned code at system boot time. This vulnerability is due to an improper check in the code function that....

6.8CVSS

6.7AI Score

0.001EPSS

2022-10-10 09:15 PM
47
2
cve
cve

CVE-2020-3530

A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to execute that command, even though administrative privileges should be required. The attacker must have valid credentials on the affected device. The...

8.4CVSS

8.2AI Score

0.0004EPSS

2020-09-04 03:15 AM
28
cve
cve

CVE-2021-1309

Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would....

8.8CVSS

8.8AI Score

0.001EPSS

2021-04-08 04:15 AM
44
3
cve
cve

CVE-2021-1308

Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would....

7.4CVSS

7.7AI Score

0.001EPSS

2021-04-08 04:15 AM
49
3
cve
cve

CVE-2023-20003

A vulnerability in the social login configuration option for the guest users of Cisco Business Wireless Access Points (APs) could allow an unauthenticated, adjacent attacker to bypass social login authentication. This vulnerability is due to a logic error with the social login implementation. An...

8.8CVSS

8.5AI Score

0.001EPSS

2023-05-18 03:15 AM
34
cve
cve

CVE-2021-34790

Multiple vulnerabilities in the Application Level Gateway (ALG) for the Network Address Translation (NAT) feature of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the ALG and open unauthorized.....

5.3CVSS

5.6AI Score

0.001EPSS

2021-10-27 07:15 PM
32
cve
cve

CVE-2021-34793

A vulnerability in the TCP Normalizer of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software operating in transparent mode could allow an unauthenticated, remote attacker to poison MAC address tables, resulting in a denial of service (DoS) vulnerability....

8.6CVSS

8.3AI Score

0.001EPSS

2021-10-27 07:15 PM
51
cve
cve

CVE-2021-1624

A vulnerability in the Rate Limiting Network Address Translation (NAT) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause high CPU utilization in the Cisco QuantumFlow Processor of an affected device, resulting in a denial of service (DoS) condition. This...

8.6CVSS

8.3AI Score

0.002EPSS

2021-09-23 03:15 AM
45
cve
cve

CVE-2022-20703

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned...

10CVSS

8.7AI Score

0.01EPSS

2022-02-10 06:15 PM
960
In Wild
cve
cve

CVE-2023-20076

A vulnerability in the Cisco IOx application hosting environment could allow an authenticated, remote attacker to execute arbitrary commands as root on the underlying host operating system. This vulnerability is due to incomplete sanitization of parameters that are passed in for activation of an...

8.8CVSS

8.8AI Score

0.002EPSS

2023-02-12 04:15 AM
347
cve
cve

CVE-2021-34794

A vulnerability in the Simple Network Management Protocol version 3 (SNMPv3) access control functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to query SNMP data. This vulnerability is.....

5.3CVSS

5.2AI Score

0.001EPSS

2021-10-27 07:15 PM
27
cve
cve

CVE-2021-34783

A vulnerability in the software-based SSL/TLS message handler of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition....

8.6CVSS

7.5AI Score

0.001EPSS

2021-10-27 07:15 PM
35
cve
cve

CVE-2022-20817

A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user's phone if the Cisco Unified Communications Manager (CUCM) is in secure mode. This vulnerability is due to improper key generation during the manufacturing process that could...

7.4CVSS

7.2AI Score

0.002EPSS

2022-06-15 06:15 PM
32
2
cve
cve

CVE-2021-34708

Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for Cisco 8000 Series Routers could allow an authenticated, local attacker to execute arbitrary code....

6.7CVSS

6.8AI Score

0.0004EPSS

2021-09-09 05:15 AM
38
cve
cve

CVE-2020-3423

A vulnerability in the implementation of the Lua interpreter that is integrated in Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary code with root privileges on the underlying Linux operating system (OS) of an affected device. The vulnerability is due to...

6.7CVSS

6.9AI Score

0.0004EPSS

2020-09-24 06:15 PM
32
2
cve
cve

CVE-2022-20624

A vulnerability in the Cisco Fabric Services over IP (CFSoIP) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of incoming CFSoIP packets. An...

8.6CVSS

7.5AI Score

0.001EPSS

2022-02-23 06:15 PM
136
cve
cve

CVE-2020-3465

A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a device to reload. The vulnerability is due to incorrect handling of certain valid, but not typical, Ethernet frames. An attacker could exploit this vulnerability by sending the Ethernet frames...

7.4CVSS

6.4AI Score

0.001EPSS

2020-09-24 06:15 PM
30
3
cve
cve

CVE-2021-1472

Multiple vulnerabilities exist in the web-based management interface of Cisco Small Business RV Series Routers. A remote attacker could execute arbitrary commands or bypass authentication and upload files on an affected device. For more information about these vulnerabilities, see the Details...

9.8CVSS

9.9AI Score

0.972EPSS

2021-04-08 04:15 AM
124
13
cve
cve

CVE-2021-34721

Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section....

6.7CVSS

7AI Score

0.0004EPSS

2021-09-09 05:15 AM
35
cve
cve

CVE-2021-34722

Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section....

6.7CVSS

7AI Score

0.0004EPSS

2021-09-09 05:15 AM
29
cve
cve

CVE-2022-20725

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being...

5.5CVSS

6AI Score

0.001EPSS

2022-04-15 03:15 PM
70
4
cve
cve

CVE-2023-20081

A vulnerability in the IPv6 DHCP (DHCPv6) client module of Cisco Adaptive Security Appliance (ASA) Software, Cisco Firepower Threat Defense (FTD) Software, Cisco IOS Software, and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on.....

6.8CVSS

5.9AI Score

0.002EPSS

2023-03-23 05:15 PM
74
cve
cve

CVE-2021-34740

A vulnerability in the WLAN Control Protocol (WCP) implementation for Cisco Aironet Access Point (AP) software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due to incorrect error...

7.4CVSS

7.4AI Score

0.001EPSS

2021-09-23 03:15 AM
26
cve
cve

CVE-2020-3396

A vulnerability in the file system on the pluggable USB 3.0 Solid State Drive (SSD) for Cisco IOS XE Software could allow an authenticated, physical attacker to remove the USB 3.0 SSD and modify sensitive areas of the file system, including the namespace container protections. The vulnerability...

7.2CVSS

6.8AI Score

0.0004EPSS

2020-09-24 06:15 PM
25
cve
cve

CVE-2021-1371

A vulnerability in the role-based access control of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker with read-only privileges to obtain administrative privileges by using the console port when the device is in the default SD-WAN configuration. This vulnerability occurs...

6.6CVSS

6.5AI Score

0.0004EPSS

2021-03-24 09:15 PM
42
2
cve
cve

CVE-2023-20015

A vulnerability in the CLI of Cisco Firepower 4100 Series, Cisco Firepower 9300 Security Appliances, and Cisco UCS 6200, 6300, 6400, and 6500 Series Fabric Interconnects could allow an authenticated, local attacker to inject unauthorized commands. This vulnerability is due to insufficient input...

6.7CVSS

6.7AI Score

0.0004EPSS

2023-02-23 08:15 PM
45
cve
cve

CVE-2023-20016

A vulnerability in the backup configuration feature of Cisco UCS Manager Software and in the configuration export feature of Cisco FXOS Software could allow an unauthenticated attacker with access to a backup file to decrypt sensitive information stored in the full state and configuration backup...

6.5CVSS

6.4AI Score

0.0004EPSS

2023-02-23 08:15 PM
24
cve
cve

CVE-2021-1583

A vulnerability in the fabric infrastructure file system access control of Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to read arbitrary files on an affected system. This vulnerability is due to improper...

4.4CVSS

4.7AI Score

0.0004EPSS

2021-08-25 08:15 PM
28
cve
cve

CVE-2021-1546

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information. This vulnerability is due to improper protections on file access through the CLI. An attacker could exploit this vulnerability by running a CLI command that targets an.....

5.5CVSS

5.5AI Score

0.0004EPSS

2021-09-23 03:15 AM
25
cve
cve

CVE-2021-1521

A vulnerability in the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause an affected IP camera to reload. This vulnerability is due to missing checks when processing Cisco Discovery Protocol...

6.5CVSS

6.4AI Score

0.001EPSS

2021-05-06 01:15 PM
21
2
cve
cve

CVE-2022-20704

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned...

10CVSS

7.7AI Score

0.001EPSS

2022-02-10 06:15 PM
87
cve
cve

CVE-2021-1509

Multiple vulnerabilities in Cisco SD-WAN vEdge Software could allow an attacker to execute arbitrary code as the root user or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this...

7.5CVSS

7.9AI Score

0.001EPSS

2021-05-06 01:15 PM
31
2
cve
cve

CVE-2021-40125

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to trigger a denial of service (DoS) condition on an affected device....

6.5CVSS

6.4AI Score

0.001EPSS

2021-10-27 07:15 PM
27
cve
cve

CVE-2021-34792

A vulnerability in the memory management of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper...

8.6CVSS

7.5AI Score

0.001EPSS

2021-10-27 07:15 PM
45
cve
cve

CVE-2020-3505

A vulnerability in the Cisco Discovery Protocol of Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect...

6.5CVSS

6.5AI Score

0.001EPSS

2020-08-26 05:15 PM
30
cve
cve

CVE-2020-3506

Multiple vulnerabilities in the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP camera. These vulnerabilities are due to missing checks when...

8.8CVSS

8.7AI Score

0.001EPSS

2020-08-26 05:15 PM
30
Total number of security vulnerabilities6154