Filtered by vendor Cisco
Subscribe
Total
5838 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-3156 | 1 Cisco | 1 Identity Services Engine | 2020-02-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the logging component of Cisco Identity Services Engine could allow an unauthenticated remote attacker to conduct cross-site scripting attacks. The vulnerability is due to the improper validation of endpoint data stored in logs used by the web-based interface. An attacker could exploit this vulnerability by sending malicious endpoint data to the targeted system. An exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information. | |||||
| CVE-2020-3160 | 1 Cisco | 1 Meeting Server | 2020-02-24 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) feature of Cisco Meeting Server software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition for users of XMPP conferencing applications. Other applications and processes are unaffected. The vulnerability is due to improper input validation of XMPP packets. An attacker could exploit this vulnerability by sending crafted XMPP packets to an affected device. An exploit could allow the attacker to cause process crashes and a DoS condition for XMPP conferencing applications. | |||||
| CVE-2020-3163 | 1 Cisco | 1 Unified Contact Center Enterprise | 2020-02-24 | 7.1 HIGH | 5.9 MEDIUM |
| A vulnerability in the Live Data server of Cisco Unified Contact Center Enterprise could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists because the affected software improperly manages resources when processing inbound Live Data traffic. An attacker could exploit this vulnerability by sending multiple crafted Live Data packets to an affected device. A successful exploit could cause the affected device to run out of buffer resources, which could result in a stack overflow and cause the affected device to reload, resulting in a DoS condition. Note: The Live Data port in Cisco Unified Contact Center Enterprise devices allows only a single TCP connection. To exploit this vulnerability, an attacker would have to send crafted packets to an affected device before a legitimate Live Data client establishes a connection. | |||||
| CVE-2020-3159 | 1 Cisco | 1 Finesse | 2020-02-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | |||||
| CVE-2015-0749 | 1 Cisco | 1 Unified Communications Manager | 2020-02-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on the affected software. The vulnerabilities is due to improper input validation of certain parameters passed to the affected software. An attacker could exploit this vulnerability by convincing a user to follow a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information. | |||||
| CVE-2013-3568 | 1 Cisco | 2 Linksys Wrt110, Linksys Wrt110 Firmware | 2020-02-12 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Cisco Linksys WRT110 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors. | |||||
| CVE-2020-3119 | 1 Cisco | 83 Nexus 3016, Nexus 3048, Nexus 3064 and 80 more | 2020-02-12 | 8.3 HIGH | 8.8 HIGH |
| A vulnerability in the Cisco Discovery Protocol implementation for Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability exists because the Cisco Discovery Protocol parser does not properly validate input for certain fields in a Cisco Discovery Protocol message. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. An successful exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges on an affected device. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). | |||||
| CVE-2013-1202 | 1 Cisco | 1 Ace Application Control Engine Module A2 | 2020-02-11 | 5.0 MEDIUM | 7.5 HIGH |
| Cisco ACE A2(3.6) allows log retention DoS. | |||||
| CVE-2020-3120 | 1 Cisco | 143 Asr 9000v, Asr 9001, Asr 9006 and 140 more | 2020-02-11 | 6.1 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the Cisco Discovery Protocol implementation for Cisco FXOS Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to a missing check when the affected software processes Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to exhaust system memory, causing the device to reload. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). | |||||
| CVE-2020-3149 | 1 Cisco | 1 Identity Services Engine | 2020-02-07 | 3.5 LOW | 4.8 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack on an affected device. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by providing malicious data to a specific field within the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco ISE Software releases 2.7.0 and later contains the fix for this vulnerability. | |||||
| CVE-2020-3111 | 1 Cisco | 54 Ip Conference Phone 7832, Ip Conference Phone 7832 Firmware, Ip Conference Phone 7832 With Multiplatform Firmware and 51 more | 2020-02-07 | 8.3 HIGH | 8.8 HIGH |
| A vulnerability in the Cisco Discovery Protocol implementation for the Cisco IP Phone could allow an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload of an affected IP phone. The vulnerability is due to missing checks when processing Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to the targeted IP phone. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). | |||||
| CVE-2020-3110 | 1 Cisco | 16 Video Surveillance 8000p Ip Camera, Video Surveillance 8000p Ip Camera Firmware, Video Surveillance 8020 Ip Camera and 13 more | 2020-02-07 | 8.3 HIGH | 8.8 HIGH |
| A vulnerability in the Cisco Discovery Protocol implementation for the Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP Camera. The vulnerability is due to missing checks when processing Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to the targeted IP Camera. A successful exploit could allow the attacker to expose the affected IP Camera for remote code execution or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). This vulnerability is fixed in Video Surveillance 8000 Series IP Camera Firmware Release 1.0.7 and later. | |||||
| CVE-2013-2681 | 1 Cisco | 2 Linksys E4200, Linksys E4200 Firmware | 2020-02-07 | 4.3 MEDIUM | 9.8 CRITICAL |
| Cisco Linksys E4200 1.0.05 Build 7 devices contain a Security Bypass Vulnerability which could allow remote attackers to gain unauthorized access. | |||||
| CVE-2013-2682 | 1 Cisco | 2 Linksys E4200, Linksys E4200 Firmware | 2020-02-07 | 4.3 MEDIUM | 4.3 MEDIUM |
| Cisco Linksys E4200 1.0.05 Build 7 devices contain a Clickjacking Vulnerability which allows remote attackers to obtain sensitive information. | |||||
| CVE-2013-2678 | 1 Cisco | 2 Linksys E4200, Linksys E4200 Firmware | 2020-02-07 | 6.8 MEDIUM | 8.1 HIGH |
| Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Include Vulnerability which could allow remote attackers to obtain sensitive information or execute arbitrary code by sending a crafted URL request to the apply.cgi script using the submit_type parameter. | |||||
| CVE-2013-2683 | 1 Cisco | 2 Linksys E4200, Linksys E4200 Firmware | 2020-02-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| Cisco Linksys E4200 1.0.05 Build 7 devices contain an Information Disclosure Vulnerability which allows remote attackers to obtain private IP addresses and other sensitive information. | |||||
| CVE-2013-2684 | 1 Cisco | 2 Linksys E4200, Linksys E4200 Firmware | 2020-02-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) in Cisco Linksys E4200 1.0.05 Build 7 devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-2680 | 1 Cisco | 2 Linksys E4200, Linksys E4200 Firmware | 2020-02-07 | 5.0 MEDIUM | 7.5 HIGH |
| Cisco Linksys E4200 1.0.05 Build 7 devices store passwords in cleartext allowing remote attackers to obtain sensitive information. | |||||
| CVE-2019-16018 | 1 Cisco | 28 Asr 9000v, Asr 9001, Asr 9006 and 25 more | 2020-02-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of a BGP update message that contains crafted EVPN attributes. An attacker could indirectly exploit the vulnerability by sending BGP EVPN update messages with a specific, malformed attribute to an affected system and waiting for a user on the device to display the EVPN operational routes’ status. If successful, the attacker could cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer. | |||||
| CVE-2020-3147 | 1 Cisco | 114 Sf300-08, Sf300-08 Firmware, Sf300-24 and 111 more | 2020-01-31 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability in the web UI of Cisco Small Business Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of requests sent to the web interface. An attacker could exploit this vulnerability by sending a malicious request to the web interface of an affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition. This vulnerability affects firmware releases prior than 1.3.7.18 | |||||