Filtered by vendor Cisco
Subscribe
Total
5838 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-1000 | 1 Cisco | 1 Cache Engine | 2022-08-17 | 5.0 MEDIUM | N/A |
| The web administration interface for Cisco Cache Engine allows remote attackers to view performance statistics. | |||||
| CVE-1999-0162 | 1 Cisco | 1 Ios | 2022-08-17 | 5.0 MEDIUM | N/A |
| The "established" keyword in some Cisco IOS software allowed an attacker to bypass filtering. | |||||
| CVE-1999-0998 | 1 Cisco | 1 Cache Engine | 2022-08-17 | 5.0 MEDIUM | N/A |
| Cisco Cache Engine allows an attacker to replace content in the cache. | |||||
| CVE-1999-1001 | 1 Cisco | 1 Cache Engine | 2022-08-17 | 2.6 LOW | N/A |
| Cisco Cache Engine allows a remote attacker to gain access via a null username and password. | |||||
| CVE-1999-0843 | 1 Cisco | 1 Router | 2022-08-17 | 5.0 MEDIUM | N/A |
| Denial of service in Cisco routers running NAT via a PORT command from an FTP client to a Telnet port. | |||||
| CVE-1999-0453 | 1 Cisco | 1 Router | 2022-08-17 | 5.0 MEDIUM | N/A |
| An attacker can identify a CISCO device by sending a SYN packet to port 1999, which is for the Cisco Discovery Protocol (CDP). | |||||
| CVE-1999-0293 | 1 Cisco | 1 Ios | 2022-08-17 | 7.5 HIGH | N/A |
| AAA authentication on Cisco systems allows attackers to execute commands without authorization. | |||||
| CVE-1999-0775 | 1 Cisco | 1 Ios | 2022-08-17 | 10.0 HIGH | N/A |
| Cisco Gigabit Switch routers running IOS allow remote attackers to forward unauthorized packets due to improper handling of the "established" keyword in an access list. | |||||
| CVE-1999-0063 | 1 Cisco | 1 Ios | 2022-08-17 | 5.0 MEDIUM | N/A |
| Cisco IOS 12.0 and other versions can be crashed by malicious UDP packets to the syslog port. | |||||
| CVE-1999-0159 | 1 Cisco | 1 Ios | 2022-08-17 | 5.0 MEDIUM | N/A |
| Attackers can crash a Cisco IOS router or device, provided they can get to an interactive prompt (such as a login). This applies to some IOS 9.x, 10.x, and 11.x releases. | |||||
| CVE-1999-0222 | 1 Cisco | 1 Router | 2022-08-16 | 5.0 MEDIUM | N/A |
| Denial of service in Cisco IOS web server allows attackers to reboot the router using a long URL. | |||||
| CVE-2022-20866 | 1 Cisco | 34 Adaptive Security Appliance Software, Asa 5506-x, Asa 5506h-x and 31 more | 2022-08-15 | N/A | 7.5 HIGH |
| A vulnerability in the handling of RSA keys on devices running Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve an RSA private key. This vulnerability is due to a logic error when the RSA key is stored in memory on a hardware platform that performs hardware-based cryptography. An attacker could exploit this vulnerability by using a Lenstra side-channel attack against the targeted device. A successful exploit could allow the attacker to retrieve the RSA private key. The following conditions may be observed on an affected device: This vulnerability will apply to approximately 5 percent of the RSA keys on a device that is running a vulnerable release of Cisco ASA Software or Cisco FTD Software; not all RSA keys are expected to be affected due to mathematical calculations applied to the RSA key. The RSA key could be valid but have specific characteristics that make it vulnerable to the potential leak of the RSA private key. If an attacker obtains the RSA private key, they could use the key to impersonate a device that is running Cisco ASA Software or Cisco FTD Software or to decrypt the device traffic. See the Indicators of Compromise section for more information on the detection of this type of RSA key. The RSA key could be malformed and invalid. A malformed RSA key is not functional, and a TLS client connection to a device that is running Cisco ASA Software or Cisco FTD Software that uses the malformed RSA key will result in a TLS signature failure, which means a vulnerable software release created an invalid RSA signature that failed verification. If an attacker obtains the RSA private key, they could use the key to impersonate a device that is running Cisco ASA Software or Cisco FTD Software or to decrypt the device traffic. | |||||
| CVE-2022-20841 | 1 Cisco | 18 Rv160, Rv160 Firmware, Rv160w and 15 more | 2022-08-15 | N/A | 9.0 CRITICAL |
| Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2022-20713 | 1 Cisco | 1 Adaptive Security Appliance Software | 2022-08-12 | N/A | 6.1 MEDIUM |
| A vulnerability in the Clientless SSL VPN (WebVPN) component of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct browser-based attacks. This vulnerability is due to improper validation of input that is passed to the Clientless SSL VPN component. An attacker could exploit this vulnerability by convincing a targeted user to visit a website that can pass malicious requests to an ASA device that has the Clientless SSL VPN feature enabled. A successful exploit could allow the attacker to conduct browser-based attacks, including cross-site scripting attacks, against the targeted user. | |||||
| CVE-2022-20914 | 1 Cisco | 1 Identity Services Engine | 2022-08-12 | N/A | 4.9 MEDIUM |
| A vulnerability in the External RESTful Services (ERS) API of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to obtain sensitive information. This vulnerability is due to excessive verbosity in a specific REST API output. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to obtain sensitive information, including administrative credentials for an external authentication server. Note: To successfully exploit this vulnerability, the attacker must have valid ERS administrative credentials. | |||||
| CVE-2022-20852 | 1 Cisco | 1 Webex Meetings | 2022-08-12 | N/A | 6.5 MEDIUM |
| Multiple vulnerabilities in the web interface of Cisco Webex Meetings could allow a remote attacker to conduct a cross-site scripting (XSS) attack or a frame hijacking attack against a user of the web interface. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2022-20869 | 1 Cisco | 1 Broadworks | 2022-08-12 | N/A | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. | |||||
| CVE-2022-20842 | 1 Cisco | 8 Rv340, Rv340 Firmware, Rv340w and 5 more | 2022-08-12 | N/A | 9.8 CRITICAL |
| Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2022-20827 | 1 Cisco | 18 Rv160, Rv160 Firmware, Rv160w and 15 more | 2022-08-12 | N/A | 10.0 CRITICAL |
| Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2022-20820 | 1 Cisco | 1 Webex Meetings | 2022-08-12 | N/A | 5.4 MEDIUM |
| Multiple vulnerabilities in the web interface of Cisco Webex Meetings could allow a remote attacker to conduct a cross-site scripting (XSS) attack or a frame hijacking attack against a user of the web interface. For more information about these vulnerabilities, see the Details section of this advisory. | |||||