Filtered by vendor Cisco
Subscriptions
Total
6638 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-6750 | 1 Cisco | 2 Web Security Appliance, Web Security Virtual Appliance | 2025-04-20 | N/A |
| A vulnerability in AsyncOS for the Cisco Web Security Appliance (WSA) could allow an unauthenticated, local attacker to log in to the device with the privileges of a limited user or an unauthenticated, remote attacker to authenticate to certain areas of the web GUI, aka a Static Credentials Vulnerability. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCve06124. Known Affected Releases: 10.1.0-204. Known Fixed Releases: 10.5.1-270. | ||||
| CVE-2017-6755 | 1 Cisco | 1 Prime Collaboration Provisioning | 2025-04-20 | N/A |
| A vulnerability in the web portal of the Cisco Prime Collaboration Provisioning (PCP) Tool could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCvc90312. Known Affected Releases: 12.1. | ||||
| CVE-2017-3872 | 1 Cisco | 1 Unified Communications Manager | 2025-04-20 | N/A |
| A cross-site scripting (XSS) filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct XSS attacks against a user of an affected device. More Information: CSCvc21620. Known Affected Releases: 10.5(2.14076.1). Known Fixed Releases: 12.0(0.98000.641) 12.0(0.98000.500) 12.0(0.98000.219). | ||||
| CVE-2017-6674 | 1 Cisco | 1 Firesight System | 2025-04-20 | N/A |
| A vulnerability in the feature-license management functionality of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass URL filters that have been configured for an affected device. More Information: CSCvb16413. Known Affected Releases: 6.0.1 6.1.0 6.2.0 6.2.1. Known Fixed Releases: 6.2.1 6.2.0.1 6.1.0.2. | ||||
| CVE-2017-6784 | 1 Cisco | 6 Small Business Rv340, Small Business Rv340 Firmware, Small Business Rv345 and 3 more | 2025-04-20 | N/A |
| A vulnerability in the web interface of the Cisco RV340, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to Cisco WebEx Meetings not sufficiently protecting sensitive data when responding to an HTTP request to the web interface. An attacker could exploit the vulnerability by attempting to use the HTTP protocol and looking at the data in the HTTP responses from the Cisco WebEx Meetings Server. An exploit could allow the attacker to find sensitive information about the application. Cisco Bug IDs: CSCve37988. Known Affected Releases: firmware 1.0.0.30, 1.0.0.33, 1.0.1.9, 1.0.1.16. | ||||
| CVE-2017-6788 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2025-04-20 | N/A |
| The WebLaunch functionality of Cisco AnyConnect Secure Mobility Client Software contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected software. The vulnerability is due to insufficient input validation of some parameters that are passed to the WebLaunch function of the affected software. An attacker could exploit this vulnerability by convincing a user to access a malicious link or by intercepting a user request and injecting malicious code into the request. Cisco Bug IDs: CSCvf12055. Known Affected Releases: 98.89(40). | ||||
| CVE-2017-6675 | 1 Cisco | 1 Industrial Network Director | 2025-04-20 | N/A |
| A vulnerability in the web interface of Cisco Industrial Network Director could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against an affected system. More Information: CSCvd25405. Known Affected Releases: 1.1(0.176). | ||||
| CVE-2017-6795 | 1 Cisco | 10 Asr-920-10sz-pd, Asr-920-12cz-a, Asr-920-12sz-im and 7 more | 2025-04-20 | N/A |
| A vulnerability in the USB-modem code of Cisco IOS XE Software running on Cisco ASR 920 Series Aggregation Services Routers could allow an authenticated, local attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the platform usb modem command in the CLI of the affected software. An attacker could exploit this vulnerability by modifying the platform usb modem command in the CLI of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the underlying operating system of an affected device. Cisco Bug IDs: CSCvf10783. | ||||
| CVE-2017-3853 | 1 Cisco | 1 Iox | 2025-04-20 | N/A |
| A vulnerability in the Data-in-Motion (DMo) process installed with the Cisco IOx application environment could allow an unauthenticated, remote attacker to cause a stack overflow that could allow remote code execution with root privileges in the virtual instance running on an affected device. The vulnerability is due to insufficient bounds checking in the DMo process. An attacker could exploit this vulnerability by sending crafted packets that are forwarded to the DMo process for evaluation. The impacts of a successful exploit are limited to the scope of the virtual instance and do not impact the router that is hosting Cisco IOx. This vulnerability affects the following Cisco 800 Series Industrial Integrated Services Routers: Cisco IR809 and Cisco IR829. Cisco IOx Releases 1.0.0.0 and 1.1.0.0 are vulnerable. Cisco Bug IDs: CSCuy52330. | ||||
| CVE-2017-9477 | 1 Cisco | 2 Dpc3939, Dpc3939 Firmware | 2025-04-20 | N/A |
| The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST) and DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to discover the CM MAC address by connecting to the device's xfinitywifi hotspot. | ||||
| CVE-2017-6672 | 1 Cisco | 1 Asr 5000 Series Software | 2025-04-20 | N/A |
| A vulnerability in certain filtering mechanisms of access control lists (ACLs) for Cisco ASR 5000 Series Aggregation Services Routers through 21.x could allow an unauthenticated, remote attacker to bypass ACL rules that have been configured for an affected device. More Information: CSCvb99022 CSCvc16964 CSCvc37351 CSCvc54843 CSCvc63444 CSCvc77815 CSCvc88658 CSCve08955 CSCve14141 CSCve33870. | ||||
| CVE-2017-6670 | 1 Cisco | 1 Unified Communications Domain Manager | 2025-04-20 | N/A |
| A vulnerability in the web-based GUI of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect issue. More Information: CSCvc54813. Known Affected Releases: 8.1(7)ER1. | ||||
| CVE-2017-6673 | 1 Cisco | 1 Secure Firewall Management Center | 2025-04-20 | N/A |
| A vulnerability in Cisco Firepower Management Center could allow an authenticated, remote attacker to obtain user information. An attacker could use this information to perform reconnaissance. More Information: CSCvc10894. Known Affected Releases: 6.1.0.2 6.2.0. Known Fixed Releases: 6.2.0. | ||||
| CVE-2017-6680 | 1 Cisco | 1 Ultra Services Framework | 2025-04-20 | N/A |
| A vulnerability in the AutoVNF logging function of Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to create arbitrary directories on the affected system. More Information: CSCvc76652. Known Affected Releases: 21.0.0. | ||||
| CVE-2017-6706 | 1 Cisco | 1 Prime Collaboration Provisioning | 2025-04-20 | N/A |
| A vulnerability in the logging subsystem of the Cisco Prime Collaboration Provisioning tool could allow an unauthenticated, local attacker to acquire sensitive information. More Information: CSCvd07260. Known Affected Releases: 12.1. | ||||
| CVE-2017-6661 | 1 Cisco | 2 Content Security Management Appliance, Email Security Appliance | 2025-04-20 | N/A |
| A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device, aka Message Tracking XSS. More Information: CSCvd30805 CSCvd34861. Known Affected Releases: 10.0.0-203 10.1.0-049. | ||||
| CVE-2017-6659 | 1 Cisco | 1 Prime Collaboration Assurance | 2025-04-20 | N/A |
| A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. More Information: CSCvc91800. Known Affected Releases: 11.5(0) 11.6. | ||||
| CVE-2017-6685 | 1 Cisco | 1 Ultra Services Framework Staging Server | 2025-04-20 | N/A |
| A vulnerability in Cisco Ultra Services Framework Staging Server could allow an authenticated, remote attacker with access to the management network to log in as an admin user of the affected device, aka an Insecure Default Credentials Vulnerability. More Information: CSCvc76681. Known Affected Releases: 21.0.0. | ||||
| CVE-2017-6668 | 1 Cisco | 1 Unified Communications Domain Manager | 2025-04-20 | N/A |
| Vulnerabilities in the web-based GUI of Cisco Unified Communications Domain Manager (CUCDM) could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. More Information: CSCvc52784 CSCvc97648. Known Affected Releases: 8.1(7)ER1. | ||||
| CVE-2017-6653 | 1 Cisco | 1 Identity Services Engine | 2025-04-20 | N/A |
| A vulnerability in the TCP throttling process for the GUI of the Cisco Identity Services Engine (ISE) 2.1(0.474) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device where the ISE GUI may fail to respond to new or established connection requests. The vulnerability is due to insufficient TCP rate limiting protection on the GUI. An attacker could exploit this vulnerability by sending the affected device a high rate of TCP connections to the GUI. An exploit could allow the attacker to cause the GUI to stop responding while the high rate of connections is in progress. Cisco Bug IDs: CSCvc81803. | ||||