Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2011-2738

Summary
Assigner-dell
Assigner Org ID-c550e75a-17ff-4988-97f0-544cde3820fe
Published At-17 Sep, 2011 | 10:00
Updated At-06 Aug, 2024 | 23:08
Rejected At-
Credits

Multiple unspecified vulnerabilities in Cisco Unified Service Monitor before 8.6, as used in Unified Operations Manager before 8.6 and CiscoWorks LAN Management Solution 3.x and 4.x before 4.1; and multiple EMC Ionix products including Application Connectivity Monitor (Ionix ACM) 2.3 and earlier, Adapter for Alcatel-Lucent 5620 SAM EMS (Ionix ASAM) 3.2.0.2 and earlier, IP Management Suite (Ionix IP) 8.1.1.1 and earlier, and other Ionix products; allow remote attackers to execute arbitrary code via crafted packets to TCP port 9002, aka Bug IDs CSCtn42961 and CSCtn64922, related to a buffer overflow.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:dell
Assigner Org ID:c550e75a-17ff-4988-97f0-544cde3820fe
Published At:17 Sep, 2011 | 10:00
Updated At:06 Aug, 2024 | 23:08
Rejected At:
▼CVE Numbering Authority (CNA)

Multiple unspecified vulnerabilities in Cisco Unified Service Monitor before 8.6, as used in Unified Operations Manager before 8.6 and CiscoWorks LAN Management Solution 3.x and 4.x before 4.1; and multiple EMC Ionix products including Application Connectivity Monitor (Ionix ACM) 2.3 and earlier, Adapter for Alcatel-Lucent 5620 SAM EMS (Ionix ASAM) 3.2.0.2 and earlier, IP Management Suite (Ionix IP) 8.1.1.1 and earlier, and other Ionix products; allow remote attackers to execute arbitrary code via crafted packets to TCP port 9002, aka Bug IDs CSCtn42961 and CSCtn64922, related to a buffer overflow.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://secunia.com/advisories/46052
third-party-advisory
x_refsource_SECUNIA
http://www.securitytracker.com/id?1026048
vdb-entry
x_refsource_SECTRACK
http://secunia.com/advisories/46053
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/45979
third-party-advisory
x_refsource_SECUNIA
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351f.shtml
vendor-advisory
x_refsource_CISCO
http://www.osvdb.org/75442
vdb-entry
x_refsource_OSVDB
https://exchange.xforce.ibmcloud.com/vulnerabilities/69828
vdb-entry
x_refsource_XF
http://secunia.com/advisories/46016
third-party-advisory
x_refsource_SECUNIA
http://www.securityfocus.com/bid/49627
vdb-entry
x_refsource_BID
http://www.securityfocus.com/bid/49644
vdb-entry
x_refsource_BID
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351e.shtml
vendor-advisory
x_refsource_CISCO
http://www.securitytracker.com/id?1026059
vdb-entry
x_refsource_SECTRACK
http://www.securitytracker.com/id?1026047
vdb-entry
x_refsource_SECTRACK
http://www.securitytracker.com/id?1026046
vdb-entry
x_refsource_SECTRACK
http://www.securityfocus.com/archive/1/519646/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://secunia.com/advisories/46052
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securitytracker.com/id?1026048
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://secunia.com/advisories/46053
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/45979
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351f.shtml
Resource:
vendor-advisory
x_refsource_CISCO
Hyperlink: http://www.osvdb.org/75442
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/69828
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://secunia.com/advisories/46016
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securityfocus.com/bid/49627
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.securityfocus.com/bid/49644
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351e.shtml
Resource:
vendor-advisory
x_refsource_CISCO
Hyperlink: http://www.securitytracker.com/id?1026059
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.securitytracker.com/id?1026047
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.securitytracker.com/id?1026046
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.securityfocus.com/archive/1/519646/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://secunia.com/advisories/46052
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securitytracker.com/id?1026048
vdb-entry
x_refsource_SECTRACK
x_transferred
http://secunia.com/advisories/46053
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/45979
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351f.shtml
vendor-advisory
x_refsource_CISCO
x_transferred
http://www.osvdb.org/75442
vdb-entry
x_refsource_OSVDB
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/69828
vdb-entry
x_refsource_XF
x_transferred
http://secunia.com/advisories/46016
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securityfocus.com/bid/49627
vdb-entry
x_refsource_BID
x_transferred
http://www.securityfocus.com/bid/49644
vdb-entry
x_refsource_BID
x_transferred
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351e.shtml
vendor-advisory
x_refsource_CISCO
x_transferred
http://www.securitytracker.com/id?1026059
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.securitytracker.com/id?1026047
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.securitytracker.com/id?1026046
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.securityfocus.com/archive/1/519646/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://secunia.com/advisories/46052
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securitytracker.com/id?1026048
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://secunia.com/advisories/46053
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/45979
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351f.shtml
Resource:
vendor-advisory
x_refsource_CISCO
x_transferred
Hyperlink: http://www.osvdb.org/75442
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/69828
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://secunia.com/advisories/46016
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securityfocus.com/bid/49627
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.securityfocus.com/bid/49644
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351e.shtml
Resource:
vendor-advisory
x_refsource_CISCO
x_transferred
Hyperlink: http://www.securitytracker.com/id?1026059
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.securitytracker.com/id?1026047
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.securitytracker.com/id?1026046
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/519646/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security_alert@emc.com
Published At:19 Sep, 2011 | 12:02
Updated At:11 Apr, 2025 | 00:51

Multiple unspecified vulnerabilities in Cisco Unified Service Monitor before 8.6, as used in Unified Operations Manager before 8.6 and CiscoWorks LAN Management Solution 3.x and 4.x before 4.1; and multiple EMC Ionix products including Application Connectivity Monitor (Ionix ACM) 2.3 and earlier, Adapter for Alcatel-Lucent 5620 SAM EMS (Ionix ASAM) 3.2.0.2 and earlier, IP Management Suite (Ionix IP) 8.1.1.1 and earlier, and other Ionix products; allow remote attackers to execute arbitrary code via crafted packets to TCP port 9002, aka Bug IDs CSCtn42961 and CSCtn64922, related to a buffer overflow.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.010.0HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 10.0
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
Cisco Systems, Inc.
cisco
>>unified_service_monitor>>Versions up to 8.5(inclusive)
cpe:2.3:a:cisco:unified_service_monitor:*:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_service_monitor>>1.1
cpe:2.3:a:cisco:unified_service_monitor:1.1:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_service_monitor>>2.0
cpe:2.3:a:cisco:unified_service_monitor:2.0:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_service_monitor>>2.0.1
cpe:2.3:a:cisco:unified_service_monitor:2.0.1:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_service_monitor>>2.1
cpe:2.3:a:cisco:unified_service_monitor:2.1:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_service_monitor>>2.2
cpe:2.3:a:cisco:unified_service_monitor:2.2:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_service_monitor>>2.3
cpe:2.3:a:cisco:unified_service_monitor:2.3:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_service_monitor>>8.0
cpe:2.3:a:cisco:unified_service_monitor:8.0:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ciscoworks_lan_management_solution>>3.0
cpe:2.3:a:cisco:ciscoworks_lan_management_solution:3.0:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ciscoworks_lan_management_solution>>3.0
cpe:2.3:a:cisco:ciscoworks_lan_management_solution:3.0:december_2007:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ciscoworks_lan_management_solution>>3.1
cpe:2.3:a:cisco:ciscoworks_lan_management_solution:3.1:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ciscoworks_lan_management_solution>>3.2
cpe:2.3:a:cisco:ciscoworks_lan_management_solution:3.2:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ciscoworks_lan_management_solution>>4.0
cpe:2.3:a:cisco:ciscoworks_lan_management_solution:4.0:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ciscoworks_lan_management_solution>>4.0.1
cpe:2.3:a:cisco:ciscoworks_lan_management_solution:4.0.1:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_operations_manager>>Versions up to 8.5(inclusive)
cpe:2.3:a:cisco:unified_operations_manager:*:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_operations_manager>>1.0
cpe:2.3:a:cisco:unified_operations_manager:1.0:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_operations_manager>>1.1
cpe:2.3:a:cisco:unified_operations_manager:1.1:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_operations_manager>>2.0
cpe:2.3:a:cisco:unified_operations_manager:2.0:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_operations_manager>>2.0.1
cpe:2.3:a:cisco:unified_operations_manager:2.0.1:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_operations_manager>>2.0.2
cpe:2.3:a:cisco:unified_operations_manager:2.0.2:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_operations_manager>>2.0.3
cpe:2.3:a:cisco:unified_operations_manager:2.0.3:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_operations_manager>>2.1
cpe:2.3:a:cisco:unified_operations_manager:2.1:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_operations_manager>>2.2
cpe:2.3:a:cisco:unified_operations_manager:2.2:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_operations_manager>>2.3
cpe:2.3:a:cisco:unified_operations_manager:2.3:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_operations_manager>>8.0
cpe:2.3:a:cisco:unified_operations_manager:8.0:*:*:*:*:*:*:*
ELAN Microelectronics Corporation
emc
>>ionix_acm>>Versions up to 2.3(inclusive)
cpe:2.3:a:emc:ionix_acm:*:*:*:*:*:*:*:*
ELAN Microelectronics Corporation
emc
>>ionix_asam>>Versions up to 3.2.0.2(inclusive)
cpe:2.3:a:emc:ionix_asam:*:*:*:*:*:*:*:*
ELAN Microelectronics Corporation
emc
>>ionix_ip>>Versions up to 8.1.1.1(inclusive)
cpe:2.3:a:emc:ionix_ip:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://secunia.com/advisories/45979security_alert@emc.com
Vendor Advisory
http://secunia.com/advisories/46016security_alert@emc.com
Vendor Advisory
http://secunia.com/advisories/46052security_alert@emc.com
Vendor Advisory
http://secunia.com/advisories/46053security_alert@emc.com
Vendor Advisory
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351e.shtmlsecurity_alert@emc.com
Vendor Advisory
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351f.shtmlsecurity_alert@emc.com
Vendor Advisory
http://www.osvdb.org/75442security_alert@emc.com
N/A
http://www.securityfocus.com/archive/1/519646/100/0/threadedsecurity_alert@emc.com
N/A
http://www.securityfocus.com/bid/49627security_alert@emc.com
N/A
http://www.securityfocus.com/bid/49644security_alert@emc.com
N/A
http://www.securitytracker.com/id?1026046security_alert@emc.com
N/A
http://www.securitytracker.com/id?1026047security_alert@emc.com
N/A
http://www.securitytracker.com/id?1026048security_alert@emc.com
N/A
http://www.securitytracker.com/id?1026059security_alert@emc.com
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/69828security_alert@emc.com
N/A
http://secunia.com/advisories/45979af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/46016af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/46052af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/46053af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351e.shtmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351f.shtmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.osvdb.org/75442af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/519646/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/49627af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/49644af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id?1026046af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id?1026047af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id?1026048af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id?1026059af854a3a-2127-422b-91ae-364da2661108
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/69828af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://secunia.com/advisories/45979
Source: security_alert@emc.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/46016
Source: security_alert@emc.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/46052
Source: security_alert@emc.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/46053
Source: security_alert@emc.com
Resource:
Vendor Advisory
Hyperlink: http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351e.shtml
Source: security_alert@emc.com
Resource:
Vendor Advisory
Hyperlink: http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351f.shtml
Source: security_alert@emc.com
Resource:
Vendor Advisory
Hyperlink: http://www.osvdb.org/75442
Source: security_alert@emc.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/519646/100/0/threaded
Source: security_alert@emc.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/49627
Source: security_alert@emc.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/49644
Source: security_alert@emc.com
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1026046
Source: security_alert@emc.com
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1026047
Source: security_alert@emc.com
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1026048
Source: security_alert@emc.com
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1026059
Source: security_alert@emc.com
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/69828
Source: security_alert@emc.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/45979
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/46016
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/46052
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/46053
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351e.shtml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351f.shtml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.osvdb.org/75442
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/519646/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/49627
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/49644
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1026046
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1026047
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1026048
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1026059
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/69828
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

251Records found
CVE-2010-2977
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.40% / 60.04%
||
7 Day CHG~0.00%
Published-09 Aug, 2010 | 19:23
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 does not properly implement TLS and SSL, which has unspecified impact and remote attack vectors, aka Bug ID CSCtd01611.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_wireless_network_solution_softwaren/a
CVE-2011-3290
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-10||HIGH
EPSS-1.50% / 80.34%
||
7 Day CHG~0.00%
Published-21 Sep, 2011 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco Identity Services Engine (ISE) before 1.0.4.MR2 has default Oracle database credentials, which allows remote attackers to modify settings or perform unspecified other administrative actions via unknown vectors, aka Bug ID CSCts59135.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-identity_services_engine_softwareidentity_services_enginen/a
CVE-2010-3038
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-10||HIGH
EPSS-1.73% / 81.70%
||
7 Day CHG~0.00%
Published-22 Nov, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the Linux operating system is used, has a default password for the (1) root, (2) cs, and (3) develop accounts, which makes it easier for remote attackers to obtain access via the (a) FTP or (b) SSH daemon, aka Bug ID CSCti54008.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncCisco Systems, Inc.
Product-linux_kernelunified_videoconferencing_system_5115_firmwareunified_videoconferencing_system_5110unified_videoconferencing_system_5110_firmwareunified_videoconferencing_system_5115n/a
CVE-2010-2984
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.50% / 64.96%
||
7 Day CHG~0.00%
Published-09 Aug, 2010 | 19:23
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on 4404 series controllers does not properly implement the WEBAUTH_REQD state, which allows remote attackers to bypass intended access restrictions via WLAN traffic, aka Bug ID CSCtb75305.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-4404_wireless_lan_controllerunified_wireless_network_solution_softwaren/a
CVE-2010-3036
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-10||HIGH
EPSS-28.40% / 96.34%
||
7 Day CHG~0.00%
Published-29 Oct, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Common Services before 4.0 allow remote attackers to execute arbitrary code via a session on TCP port (1) 443 or (2) 1741, aka Bug ID CSCti41352.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-telepresence_readiness_assessment_managerciscoworks_lan_management_solutionciscoworks_common_servicessecurity_managerqos_policy_managerunified_operations_managerunified_service_monitorn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1453
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-26.08% / 96.08%
||
7 Day CHG~0.00%
Published-06 Oct, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the Overlay Transport Virtualization (OTV) GRE feature in Cisco NX-OS 5.0 through 7.3 on Nexus 7000 and 7700 devices allows remote attackers to execute arbitrary code via long parameters in a packet header, aka Bug ID CSCuy95701.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-nx-osn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-1741
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-10||HIGH
EPSS-24.61% / 95.91%
||
7 Day CHG~0.00%
Published-19 Jul, 2011 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in ftserver.exe in the OpenText Hummingbird Client Connector, as used in the Indexing Server in EMC Documentum eRoom 7.x before 7.4.3.f and other products, allows remote attackers to execute arbitrary code by sending a crafted message over TCP.

Action-Not Available
Vendor-n/aELAN Microelectronics Corporation
Product-documentum_eroomn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-1574
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-10||HIGH
EPSS-3.10% / 86.27%
||
7 Day CHG~0.00%
Published-08 Jul, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IOS 12.2(52)SE and 12.2(52)SE1 on Cisco Industrial Ethernet (IE) 3000 series switches has (1) a community name of public for RO access and (2) a community name of private for RW access, which makes it easier for remote attackers to modify the configuration or obtain potentially sensitive information via SNMP requests, aka Bug ID CSCtf25589.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-industrial_ethernet_3000iosn/a
CVE-2011-0647
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-10||HIGH
EPSS-72.63% / 98.72%
||
7 Day CHG~0.00%
Published-10 Feb, 2011 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The irccd.exe service in EMC Replication Manager Client before 5.3 and NetWorker Module for Microsoft Applications 2.1.x and 2.2.x allows remote attackers to execute arbitrary commands via the RunProgram function to TCP port 6542.

Action-Not Available
Vendor-n/aELAN Microelectronics Corporation
Product-replication_managernetworker_modulen/a
CWE ID-CWE-20
Improper Input Validation
CVE-1999-0775
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-1.10% / 77.19%
||
7 Day CHG~0.00%
Published-18 Jan, 2000 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco Gigabit Switch routers running IOS allow remote attackers to forward unauthorized packets due to improper handling of the "established" keyword in an access list.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-iosn/a
CVE-2011-0382
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-10||HIGH
EPSS-5.30% / 89.64%
||
7 Day CHG~0.00%
Published-25 Feb, 2011 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The CGI subsystem on Cisco TelePresence Recording Server devices with software 1.6.x before 1.6.2 allows remote attackers to execute arbitrary commands via a request to TCP port 443, related to a "command injection vulnerability," aka Bug ID CSCtf97221.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-telepresence_recording_server_softwaretelepresence_recording_servern/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2011-0372
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-10||HIGH
EPSS-4.01% / 87.98%
||
7 Day CHG~0.00%
Published-25 Feb, 2011 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote attackers to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCtb31640.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-telepresence_system_1100telepresence_system_softwaretelepresence_system_1300_seriestelepresence_system_3000telepresence_system_1000telepresence_system_3200_seriestelepresence_system_500_seriesn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2010-0595
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-10||HIGH
EPSS-2.44% / 84.55%
||
7 Day CHG-1.71%
Published-27 May, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 has a default password for the administrative user account and unspecified other accounts, which makes it easier for remote attackers to obtain privileged access, aka Bug ID CSCtb83495.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-network_building_mediator_nbm-2400network_building_mediator_nbm-4800mediator_frameworkrichards-zeta_mediator_2500n/a
CVE-2011-0935
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-10||HIGH
EPSS-1.59% / 80.88%
||
7 Day CHG~0.00%
Published-14 Apr, 2011 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The PKI functionality in Cisco IOS 15.0 and 15.1 does not prevent permanent caching of certain public keys, which allows remote attackers to bypass authentication and have unspecified other impact by leveraging an IKE peer relationship in which a key was previously valid but later revoked, aka Bug ID CSCth82164, a different vulnerability than CVE-2010-4685.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-iosn/a
CVE-2011-0354
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-10||HIGH
EPSS-8.73% / 92.12%
||
7 Day CHG~0.00%
Published-03 Feb, 2011 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The default configuration of Cisco Tandberg C Series Endpoints, and Tandberg E and EX Personal Video units, with software before TC4.0.0 has a blank password for the root account, which makes it easier for remote attackers to obtain access via an unspecified login method.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-tandberg_personal_video_unit_softwaretandberg_personal_video_unittandberg_endpointn/a
CVE-2011-0376
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-10||HIGH
EPSS-1.20% / 78.06%
||
7 Day CHG~0.00%
Published-25 Feb, 2011 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The TFTP implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x, 1.6.0, and 1.6.1 allows remote attackers to obtain sensitive information via a GET request, aka Bug ID CSCte43876.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-telepresence_system_1100telepresence_system_softwaretelepresence_system_1300_seriestelepresence_system_3000telepresence_system_1000telepresence_system_3200_seriestelepresence_system_500_seriesn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2010-0145
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-10||HIGH
EPSS-1.36% / 79.33%
||
7 Day CHG~0.00%
Published-11 Feb, 2010 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the embedded HTTPS server on the Cisco IronPort Encryption Appliance 6.2.x before 6.2.9.1 and 6.5.x before 6.5.2, and the IronPort PostX MAP before 6.2.9.1, allows remote attackers to execute arbitrary code via unknown vectors, aka IronPort Bug 65923.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-ironport_postxironport_encryption_appliancen/a
CVE-2011-0383
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-10||HIGH
EPSS-3.66% / 87.42%
||
7 Day CHG~0.00%
Published-25 Feb, 2011 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Java Servlet framework on Cisco TelePresence Recording Server devices with software 1.6.x before 1.6.2 and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative authentication for unspecified actions, which allows remote attackers to execute arbitrary code via a crafted request, aka Bug IDs CSCtf42005 and CSCtf42008.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-telepresence_recording_server_softwaretelepresence_recording_servertelepresence_multipoint_switchtelepresence_multipoint_switch_softwaren/a
CWE ID-CWE-287
Improper Authentication
CVE-2011-0381
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-10||HIGH
EPSS-2.49% / 84.71%
||
7 Day CHG~0.00%
Published-25 Feb, 2011 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco TelePresence Manager 1.2.x through 1.6.x allows remote attackers to perform unspecified actions and consequently execute arbitrary code via a crafted request to the Java RMI interface, related to a "command injection vulnerability," aka Bug ID CSCtf97085.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-telepresence_managern/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2010-0140
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-10||HIGH
EPSS-0.64% / 69.69%
||
7 Day CHG~0.00%
Published-28 Jan, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the web server in Cisco Unified MeetingPlace 7 before 7.0(2.3) hotfix 5F, 6 before 6.0.639.3, and possibly 5 allow remote attackers to create (1) user or (2) administrator accounts via a crafted URL in a request to the internal interface, aka Bug IDs CSCtc59231 and CSCtd40661.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_meetingplacen/a
CVE-2009-4912
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.66% / 70.29%
||
7 Day CHG~0.00%
Published-29 Jun, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) complete an SSL handshake with an HTTPS client even if this client is unauthorized, which might allow remote attackers to bypass intended access restrictions via an HTTPS session, aka Bug ID CSCso10876.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-asa_5580n/a
CVE-2010-0138
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-10||HIGH
EPSS-10.86% / 93.10%
||
7 Day CHG~0.00%
Published-21 Jan, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6 and earlier on Windows, as distributed in CiscoWorks LAN Management Solution (LMS), allows remote attackers to execute arbitrary code via a malformed getProcessName CORBA General Inter-ORB Protocol (GIOP) request, related to a "third-party component," aka Bug ID CSCsv62350.

Action-Not Available
Vendor-n/aCisco Systems, Inc.Microsoft Corporation
Product-windowsciscoworks_internetwork_performance_monitorn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1473
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-3.11% / 86.28%
||
7 Day CHG~0.00%
Published-02 Sep, 2016 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco Small Business 220 devices with firmware before 1.0.1.1 have a hardcoded SNMP community, which allows remote attackers to read or modify SNMP objects by leveraging knowledge of this community, aka Bug ID CSCuz76216.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-small_business_220_series_smart_plus_switchesn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-1289
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-6.31% / 90.58%
||
7 Day CHG~0.00%
Published-02 Jul, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The API in Cisco Prime Infrastructure 1.2 through 3.0 and Evolved Programmable Network Manager (EPNM) 1.2 allows remote attackers to execute arbitrary code or obtain sensitive management information via a crafted HTTP request, as demonstrated by discovering managed-device credentials, aka Bug ID CSCuy10231.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-prime_infrastructureevolved_programmable_network_managern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1329
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-2.07% / 83.20%
||
7 Day CHG~0.00%
Published-03 Mar, 2016 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco NX-OS 6.0(2)U6(1) through 6.0(2)U6(5) on Nexus 3000 devices and 6.0(2)A6(1) through 6.0(2)A6(5) and 6.0(2)A7(1) on Nexus 3500 devices has hardcoded credentials, which allows remote attackers to obtain root privileges via a (1) TELNET or (2) SSH session, aka Bug ID CSCuy25800.

Action-Not Available
Vendor-zzincn/aSamsungCisco Systems, Inc.Zyxel Networks CorporationSun Microsystems (Oracle Corporation)
Product-gs1900-10hp_firmwarenexus_3064xkeymouse_firmwarenexus_3548x14j_firmwareopensolarisnexus_3064nexus_3048nexus_3524nexus_3064tn/a
CWE ID-CWE-287
Improper Authentication
CVE-2016-1395
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.21% / 78.12%
||
7 Day CHG-0.36%
Published-19 Jun, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote attackers to execute arbitrary code as root via a crafted HTTP request, aka Bug ID CSCux82428.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-rv130w_wireless-n_multifunction_vpn_router_firmwarerv215w_wireless-n_vpn_router_firmwarerv215w_wireless-n_vpn_routerrv110w_wireless-n_vpn_firewall_firmwarerv130w_wireless-n_multifunction_vpn_routerrv110w_wireless-n_vpn_firewalln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-1363
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-11.61% / 93.38%
||
7 Day CHG~0.00%
Published-21 Apr, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the redirection functionality in Cisco Wireless LAN Controller (WLC) Software 7.2 through 7.4 before 7.4.140.0(MD) and 7.5 through 8.0 before 8.0.115.0(ED) allows remote attackers to execute arbitrary code via a crafted HTTP request, aka Bug ID CSCus25617.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-wireless_lan_controller_softwaren/a
CVE-2016-1287
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-89.78% / 99.54%
||
7 Day CHG~0.00%
Published-11 Feb, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the IKEv1 and IKEv2 implementations in Cisco ASA Software before 8.4(7.30), 8.7 before 8.7(1.18), 9.0 before 9.0(4.38), 9.1 before 9.1(7), 9.2 before 9.2(4.5), 9.3 before 9.3(3.7), 9.4 before 9.4(2.4), and 9.5 before 9.5(2.2) on ASA 5500 devices, ASA 5500-X devices, ASA Services Module for Cisco Catalyst 6500 and Cisco 7600 devices, ASA 1000V devices, Adaptive Security Virtual Appliance (aka ASAv), Firepower 9300 ASA Security Module, and ISA 3000 devices allows remote attackers to execute arbitrary code or cause a denial of service (device reload) via crafted UDP packets, aka Bug IDs CSCux29978 and CSCux42019.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-adaptive_security_appliance_softwaren/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1416
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-5.30% / 89.64%
||
7 Day CHG~0.00%
Published-02 Jul, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco Prime Collaboration Provisioning 10.6 SP2 (aka 10.6.0.10602) mishandles LDAP authentication, which allows remote attackers to obtain administrator privileges via a crafted login attempt, aka Bug ID CSCuv37513.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-prime_collaboration_provisioningn/a
CVE-2016-1313
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.49% / 80.23%
||
7 Day CHG~0.00%
Published-06 Apr, 2016 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco UCS Invicta C3124SA Appliance 4.3.1 through 5.0.1, UCS Invicta Scaling System and Appliance, and Whiptail Racerunner improperly store a default SSH private key, which allows remote attackers to obtain root access via unspecified vectors, aka Bug ID CSCun71294.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-ucs_invicta_c3124sa_appliancen/a
CVE-2016-1327
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-3.57% / 87.28%
||
7 Day CHG~0.00%
Published-09 Mar, 2016 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the web server on Cisco DPC2203 and EPC2203 devices with firmware r1_customer_image allows remote attackers to execute arbitrary code via a crafted HTTP request, aka Bug ID CSCuv05935.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-dpc2203_cable_modem_firmwaredpc2203epc2203epc2203_cable_modem_firmwaren/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-2976
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-2.26% / 83.95%
||
7 Day CHG~0.00%
Published-09 Aug, 2010 | 19:23
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The controller in Cisco Unified Wireless Network (UWN) Solution 7.x through 7.0.98.0 has (1) a default SNMP read-only community of public, (2) a default SNMP read-write community of private, and a value of "default" for the (3) SNMP v3 username, (4) SNMP v3 authentication password, and (5) SNMP v3 privacy password, which makes it easier for remote attackers to obtain access.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_wireless_network_solution_softwaren/a
CVE-2010-2978
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.27% / 50.16%
||
7 Day CHG~0.00%
Published-09 Aug, 2010 | 19:23
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 does not use an adequate message-digest algorithm for a self-signed certificate, which allows remote attackers to bypass intended access restrictions via vectors involving collisions, aka Bug ID CSCtd67660.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_wireless_network_solution_softwaren/a
CVE-2016-0916
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-9.8||CRITICAL
EPSS-5.33% / 89.66%
||
7 Day CHG~0.00%
Published-10 Jun, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EMC NetWorker 8.2.1.x and 8.2.2.x before 8.2.2.6 and 9.x before 9.0.0.6 mishandles authentication, which allows remote attackers to execute arbitrary commands by leveraging access to a different NetWorker instance.

Action-Not Available
Vendor-n/aELAN Microelectronics Corporation
Product-networkern/a
CWE ID-CWE-287
Improper Authentication
CVE-2010-0570
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-10||HIGH
EPSS-2.93% / 85.87%
||
7 Day CHG~0.00%
Published-05 Mar, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco Digital Media Manager (DMM) 5.0.x and 5.1.x has a default password for the Tomcat administration account, which makes it easier for remote attackers to execute arbitrary code via a crafted web application, aka Bug ID CSCta03378.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-digital_media_managern/a
CVE-2009-2754
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-30.96% / 96.58%
||
7 Day CHG~0.00%
Published-05 Mar, 2010 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer signedness error in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3 and EMC Legato NetWorker, allows remote attackers to execute arbitrary code via a crafted parameter size that triggers a stack-based buffer overflow.

Action-Not Available
Vendor-n/aIBM CorporationELAN Microelectronics Corporation
Product-legato_networkerinformix_dynamic_servern/a
CVE-2010-0580
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-10||HIGH
EPSS-3.86% / 87.74%
||
7 Day CHG~0.00%
Published-25 Mar, 2010 | 20:31
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to execute arbitrary code via a malformed SIP message, aka Bug ID CSCsz48680, the "SIP Message Processing Arbitrary Code Execution Vulnerability."

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-iosn/a
CVE-2010-0600
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-10||HIGH
EPSS-1.80% / 82.01%
||
7 Day CHG-1.28%
Published-27 May, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 does not properly restrict network access to an unspecified configuration file, which allows remote attackers to read passwords and unspecified other account details via a (1) XML RPC or (2) XML RPC over HTTPS session, aka Bug ID CSCtb83512.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-network_building_mediator_nbm-2400network_building_mediator_nbm-4800mediator_frameworkrichards-zeta_mediator_2500n/a
CVE-2009-0620
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-10||HIGH
EPSS-0.46% / 63.07%
||
7 Day CHG~0.00%
Published-26 Feb, 2009 | 16:00
Updated-16 Sep, 2024 | 19:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.1) uses default (1) usernames and (2) passwords for (a) the administrator and (b) web management, which makes it easier for remote attackers to perform configuration changes or obtain operating-system access.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-catalystapplication_control_engine_modulen/a
CWE ID-CWE-255
Not Available
CVE-2009-0621
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-10||HIGH
EPSS-0.46% / 63.07%
||
7 Day CHG~0.00%
Published-26 Feb, 2009 | 16:00
Updated-17 Sep, 2024 | 01:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco ACE 4710 Application Control Engine Appliance before A1(8a) uses default (1) usernames and (2) passwords for (a) the administrator, (b) web management, and (c) device management, which makes it easier for remote attackers to perform configuration changes to the Device Manager and other components, or obtain operating-system access.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-ace_4710n/a
CWE ID-CWE-16
Not Available
CVE-2010-3040
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-10||HIGH
EPSS-25.56% / 96.01%
||
7 Day CHG~0.00%
Published-09 Nov, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack-based buffer overflows in agent.exe in Setup Manager in Cisco Intelligent Contact Manager (ICM) before 7.0 allow remote attackers to execute arbitrary code via a long parameter in a (1) HandleUpgradeAll, (2) AgentUpgrade, (3) HandleQueryNodeInfoReq, or (4) HandleUpgradeTrace TCP packet, aka Bug IDs CSCti45698, CSCti45715, CSCti45726, and CSCti46164.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-intelligent_contact_managern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-1161
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-10||HIGH
EPSS-1.62% / 81.03%
||
7 Day CHG~0.00%
Published-21 May, 2009 | 14:00
Updated-07 Aug, 2024 | 05:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0.x through 3.2.x on Windows, as used in Cisco Unified Service Monitor, Security Manager, TelePresence Readiness Assessment Manager, Unified Operations Manager, Unified Provisioning Manager, and other products, allows remote attackers to access arbitrary files via unspecified vectors.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-ciscoworks_lan_management_solutionunified_operations_managerciscoworks_qos_policy_managertelepresence_readiness_assessment_managerciscoworks_common_servicesciscoworks_voice_managerunified_provisioning_managersecurity_managerunified_service_monitorciscoworks_health_and_utilization_monitorn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2009-0617
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-10||HIGH
EPSS-0.66% / 70.21%
||
7 Day CHG~0.00%
Published-26 Feb, 2009 | 16:00
Updated-17 Sep, 2024 | 00:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco Application Networking Manager (ANM) before 2.0 uses a default MySQL root password, which makes it easier for remote attackers to execute arbitrary operating-system commands or change system files.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-application_networking_managern/a
CWE ID-CWE-255
Not Available
CVE-2009-1119
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-10||HIGH
EPSS-13.07% / 93.83%
||
7 Day CHG~0.00%
Published-15 Apr, 2009 | 19:00
Updated-07 Aug, 2024 | 05:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple heap-based buffer overflows in EMC RepliStor 6.2 before SP5 and 6.3 before SP2 allow remote attackers to execute arbitrary code via a crafted message to (1) ctrlservice.exe or (2) rep_srv.exe, possibly related to an integer overflow.

Action-Not Available
Vendor-n/aELAN Microelectronics Corporation
Product-replistorn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-0311
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-10.29% / 92.87%
||
7 Day CHG~0.00%
Published-27 Jan, 2009 | 22:00
Updated-07 Aug, 2024 | 04:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Backbone service (ftbackbone.exe) in EMC AutoStart before 5.3 SP2 allows remote attackers to execute arbitrary code via a packet with a crafted value that is dereferenced as a function pointer.

Action-Not Available
Vendor-n/aELAN Microelectronics Corporation
Product-autostartn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2009-0616
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-10||HIGH
EPSS-0.50% / 65.10%
||
7 Day CHG~0.00%
Published-26 Feb, 2009 | 16:00
Updated-16 Sep, 2024 | 20:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco Application Networking Manager (ANM) before 2.0 uses default usernames and passwords, which makes it easier for remote attackers to access the application, or cause a denial of service via configuration changes, related to "default user credentials during installation."

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-application_networking_managern/a
CWE ID-CWE-255
Not Available
CVE-2009-1167
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-10||HIGH
EPSS-0.57% / 67.48%
||
7 Day CHG~0.00%
Published-29 Jul, 2009 | 17:00
Updated-07 Aug, 2024 | 05:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability on the Cisco Wireless LAN Controller (WLC) platform 4.x before 4.2.205.0 and 5.x before 5.2.191.0, as used in Cisco 1500 Series, 2000 Series, 2100 Series, 4100 Series, 4200 Series, and 4400 Series Wireless Services Modules (WiSM), WLC Modules for Integrated Services Routers, and Catalyst 3750G Integrated Wireless LAN Controllers, allows remote attackers to modify the configuration via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCsy44672.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-cisco_4100_wireless_lan_controllercisco_4400_wireless_lan_controllercisco_1500_wireless_lan_controllercisco_4200_wireless_lan_controllercisco_2100_wireless_lan_controllercisco_2000_wireless_lan_controllercatalyst_3750gn/a
CVE-2009-4919
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-1.66% / 81.32%
||
7 Day CHG~0.00%
Published-29 Jun, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to have an unspecified impact via long IKE attributes, aka Bug ID CSCsu43121.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-asa_5580n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-6314
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.07% / 76.78%
||
7 Day CHG~0.00%
Published-15 Jan, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco Wireless LAN Controller (WLC) devices with software 7.6.x, 8.0 before 8.0.121.0, and 8.1 before 8.1.131.0 allow remote attackers to change configuration settings via unspecified vectors, aka Bug ID CSCuw06153.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-wireless_lan_controller_softwaren/a
CWE ID-CWE-287
Improper Authentication
CVE-2020-3531
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-4.84% / 89.11%
||
7 Day CHG~0.00%
Published-18 Nov, 2020 | 17:41
Updated-13 Nov, 2024 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IoT Field Network Director Unauthenticated REST API Vulnerability

A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to access the back-end database of an affected system. The vulnerability exists because the affected software does not properly authenticate REST API calls. An attacker could exploit this vulnerability by obtaining a cross-site request forgery (CSRF) token and then using the token with REST API requests. A successful exploit could allow the attacker to access the back-end database of the affected device and read, alter, or drop information.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-iot_field_network_directorCisco IoT Field Network Director (IoT-FND)
CWE ID-CWE-306
Missing Authentication for Critical Function
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found