Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2011-4487

Summary
Assigner-cisco
Assigner Org ID-d1c1063e-7a18-46af-9102-31f8928bc633
Published At-01 Mar, 2012 | 01:00
Updated At-17 Sep, 2024 | 00:26
Rejected At-
Credits

SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and 6000 with software before 8.6(2a)su1 allows remote attackers to execute arbitrary SQL commands via a crafted SCCP registration, aka Bug ID CSCtu73538.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:cisco
Assigner Org ID:d1c1063e-7a18-46af-9102-31f8928bc633
Published At:01 Mar, 2012 | 01:00
Updated At:17 Sep, 2024 | 00:26
Rejected At:
▼CVE Numbering Authority (CNA)

SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and 6000 with software before 8.6(2a)su1 allows remote attackers to execute arbitrary SQL commands via a crafted SCCP registration, aka Bug ID CSCtu73538.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-cucm
vendor-advisory
x_refsource_CISCO
Hyperlink: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-cucm
Resource:
vendor-advisory
x_refsource_CISCO
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-cucm
vendor-advisory
x_refsource_CISCO
x_transferred
Hyperlink: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-cucm
Resource:
vendor-advisory
x_refsource_CISCO
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@cisco.com
Published At:01 Mar, 2012 | 01:55
Updated At:11 Apr, 2025 | 00:51

SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and 6000 with software before 8.6(2a)su1 allows remote attackers to execute arbitrary SQL commands via a crafted SCCP registration, aka Bug ID CSCtu73538.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
Cisco Systems, Inc.
cisco
>>unified_communications_manager>>6.0
cpe:2.3:a:cisco:unified_communications_manager:6.0:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_communications_manager>>6.0\(1\)
cpe:2.3:a:cisco:unified_communications_manager:6.0\(1\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_communications_manager>>6.0\(1a\)
cpe:2.3:a:cisco:unified_communications_manager:6.0\(1a\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_communications_manager>>6.0\(1b\)
cpe:2.3:a:cisco:unified_communications_manager:6.0\(1b\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_communications_manager>>6.1\(1\)
cpe:2.3:a:cisco:unified_communications_manager:6.1\(1\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_communications_manager>>6.1\(1a\)
cpe:2.3:a:cisco:unified_communications_manager:6.1\(1a\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_communications_manager>>6.1\(1b\)
cpe:2.3:a:cisco:unified_communications_manager:6.1\(1b\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_communications_manager>>6.1\(2\)
cpe:2.3:a:cisco:unified_communications_manager:6.1\(2\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_communications_manager>>6.1\(2\)su1
cpe:2.3:a:cisco:unified_communications_manager:6.1\(2\)su1:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_communications_manager>>6.1\(2\)su1a
cpe:2.3:a:cisco:unified_communications_manager:6.1\(2\)su1a:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_communications_manager>>6.1\(3\)
cpe:2.3:a:cisco:unified_communications_manager:6.1\(3\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_communications_manager>>6.1\(3a\)
cpe:2.3:a:cisco:unified_communications_manager:6.1\(3a\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_communications_manager>>6.1\(3b\)
cpe:2.3:a:cisco:unified_communications_manager:6.1\(3b\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_communications_manager>>6.1\(3b\)su1
cpe:2.3:a:cisco:unified_communications_manager:6.1\(3b\)su1:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_communications_manager>>6.1\(4\)
cpe:2.3:a:cisco:unified_communications_manager:6.1\(4\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_communications_manager>>6.1\(4\)su1
cpe:2.3:a:cisco:unified_communications_manager:6.1\(4\)su1:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_communications_manager>>6.1\(4a\)
cpe:2.3:a:cisco:unified_communications_manager:6.1\(4a\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_communications_manager>>6.1\(4a\)su2
cpe:2.3:a:cisco:unified_communications_manager:6.1\(4a\)su2:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_communications_manager>>6.1\(5\)
cpe:2.3:a:cisco:unified_communications_manager:6.1\(5\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_communications_manager>>6.1\(5\)su1
cpe:2.3:a:cisco:unified_communications_manager:6.1\(5\)su1:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_communications_manager>>6.1\(5\)su2
cpe:2.3:a:cisco:unified_communications_manager:6.1\(5\)su2:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_communications_manager>>6.1\(5\)su3
cpe:2.3:a:cisco:unified_communications_manager:6.1\(5\)su3:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_communications_manager>>7.0\(1\)su1
cpe:2.3:a:cisco:unified_communications_manager:7.0\(1\)su1:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_communications_manager>>7.0\(1\)su1a
cpe:2.3:a:cisco:unified_communications_manager:7.0\(1\)su1a:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_communications_manager>>7.0\(2\)
cpe:2.3:a:cisco:unified_communications_manager:7.0\(2\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_communications_manager>>7.0\(2a\)
cpe:2.3:a:cisco:unified_communications_manager:7.0\(2a\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_communications_manager>>7.0\(2a\)su1
cpe:2.3:a:cisco:unified_communications_manager:7.0\(2a\)su1:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_communications_manager>>7.0\(2a\)su2
cpe:2.3:a:cisco:unified_communications_manager:7.0\(2a\)su2:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_communications_manager>>7.1\(2a\)
cpe:2.3:a:cisco:unified_communications_manager:7.1\(2a\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_communications_manager>>7.1\(2a\)su1
cpe:2.3:a:cisco:unified_communications_manager:7.1\(2a\)su1:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_communications_manager>>7.1\(2b\)
cpe:2.3:a:cisco:unified_communications_manager:7.1\(2b\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_communications_manager>>7.1\(2b\)su1
cpe:2.3:a:cisco:unified_communications_manager:7.1\(2b\)su1:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_communications_manager>>7.1\(3\)
cpe:2.3:a:cisco:unified_communications_manager:7.1\(3\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_communications_manager>>7.1\(3a\)
cpe:2.3:a:cisco:unified_communications_manager:7.1\(3a\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_communications_manager>>7.1\(3a\)su1
cpe:2.3:a:cisco:unified_communications_manager:7.1\(3a\)su1:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_communications_manager>>7.1\(3a\)su1a
cpe:2.3:a:cisco:unified_communications_manager:7.1\(3a\)su1a:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_communications_manager>>7.1\(3b\)
cpe:2.3:a:cisco:unified_communications_manager:7.1\(3b\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_communications_manager>>7.1\(3b\)su1
cpe:2.3:a:cisco:unified_communications_manager:7.1\(3b\)su1:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_communications_manager>>7.1\(3b\)su2
cpe:2.3:a:cisco:unified_communications_manager:7.1\(3b\)su2:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_communications_manager>>7.1\(5\)
cpe:2.3:a:cisco:unified_communications_manager:7.1\(5\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_communications_manager>>7.1\(5\)su1
cpe:2.3:a:cisco:unified_communications_manager:7.1\(5\)su1:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_communications_manager>>7.1\(5\)su1a
cpe:2.3:a:cisco:unified_communications_manager:7.1\(5\)su1a:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_communications_manager>>7.1\(5a\)
cpe:2.3:a:cisco:unified_communications_manager:7.1\(5a\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_communications_manager>>7.1\(5b\)
cpe:2.3:a:cisco:unified_communications_manager:7.1\(5b\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_communications_manager>>7.1\(5b\)su1
cpe:2.3:a:cisco:unified_communications_manager:7.1\(5b\)su1:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_communications_manager>>7.1\(5b\)su1a
cpe:2.3:a:cisco:unified_communications_manager:7.1\(5b\)su1a:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_communications_manager>>7.1\(5b\)su2
cpe:2.3:a:cisco:unified_communications_manager:7.1\(5b\)su2:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_communications_manager>>7.1\(5b\)su3
cpe:2.3:a:cisco:unified_communications_manager:7.1\(5b\)su3:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_communications_manager>>7.1\(5b\)su4
cpe:2.3:a:cisco:unified_communications_manager:7.1\(5b\)su4:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_communications_manager>>8.0
cpe:2.3:a:cisco:unified_communications_manager:8.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-89Primarynvd@nist.gov
CWE ID: CWE-89
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-cucmpsirt@cisco.com
Vendor Advisory
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-cucmaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-cucm
Source: psirt@cisco.com
Resource:
Vendor Advisory
Hyperlink: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-cucm
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

648Records found
CVE-2019-1590
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.1||HIGH
EPSS-0.68% / 70.71%
||
7 Day CHG~0.00%
Published-03 May, 2019 | 14:50
Updated-20 Nov, 2024 | 17:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Insecure Fabric Authentication Vulnerability

A vulnerability in the Transport Layer Security (TLS) certificate validation functionality of Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, remote attacker to perform insecure TLS client authentication on an affected device. The vulnerability is due to insufficient TLS client certificate validations for certificates sent between the various components of an ACI fabric. An attacker who has possession of a certificate that is trusted by the Cisco Manufacturing CA and the corresponding private key could exploit this vulnerability by presenting a valid certificate while attempting to connect to the targeted device. An exploit could allow the attacker to gain full control of all other components within the ACI fabric of an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_9348gc-fxpnexus_9332pqnexus_93108tc-exnexus_9272qnexus_9396pxnx-osnexus_9372pxnexus_9508nexus_93120txnexus_92304qcnexus_92160yc-xnexus_93128txnexus_93240yc-fx2nexus_93180yc-fxnexus_9000nexus_9372txnexus_9372tx-enexus_93108tc-fxnexus_93180yc-exnexus_9372px-enexus_9396txnexus_9336pqnexus_9332cnexus_9236cnexus_9364cnexus_92300ycnexus_9336c-fx2Cisco NX-OS Software for Nexus 9000 Series Fabric Switches ACI Mode
CWE ID-CWE-295
Improper Certificate Validation
CVE-2009-0055
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.25% / 48.25%
||
7 Day CHG~0.00%
Published-16 Jan, 2009 | 21:00
Updated-07 Aug, 2024 | 04:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the administration interface in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to modify appliance preferences as arbitrary users via unspecified vectors.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-ironport_encryption_applianceironport_postxn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-12624
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-2.81% / 85.57%
||
7 Day CHG~0.00%
Published-21 Aug, 2019 | 18:05
Updated-20 Nov, 2024 | 17:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE NGWC Legacy Wireless Device Manager GUI Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco IOS XE New Generation Wireless Controller (NGWC) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected device by using a web browser and with the privileges of the user.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-catalyst_3850-24xs5760_wireless_lan_controllercatalyst_3850-nm-2-40gcatalyst_3850-12x48ucatalyst_4500e_supervisor_engine_8-ecatalyst_3650-8x24uqcatalyst_3650-12x48urcatalyst_3850-24uios_xecatalyst_3650-12x48uzcatalyst_3650-24pdcatalyst_3850-48xscatalyst_3850-24xucatalyst_3850-nm-8-10gcatalyst_3650-12x48uqcatalyst_3850-48ucatalyst_3650-48fqmcatalyst_3650-48fqcatalyst_3650-24pdmCisco IOS XE Software
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-9218
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.19% / 41.28%
||
7 Day CHG~0.00%
Published-26 Jan, 2017 | 07:45
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in Cisco Hybrid Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against the user of the web interface. More Information: CSCvc28662. Known Affected Releases: 1.0.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-hybrid_meeting_serverCisco Hybrid Meeting Server 1.0
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-12636
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.1||HIGH
EPSS-0.50% / 64.91%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 18:36
Updated-21 Nov, 2024 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business Smart and Managed Switches Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user. If the user has administrative privileges, the attacker could alter the configuration, execute commands, or cause a denial of service (DoS) condition on an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-sf550x-48mpsf250-24psf250-08sg300-10p_firmwaresg300-52_firmwaresf250-08hp_firmwaresf250-10p_firmwaresg500-52mp_firmwaresf250-26sf250x-48p_firmwaresg300-52sf250-26_firmwaresg200-26sg500-28sg500x-48sg550x-48p_firmwaresx550x-24sg200-26_firmwaresg200-50p_firmwaresf200e48psg200-08psf250-24p_firmwaresf200-24_firmwaresg300-20sg500-28psx550x-12fsf200-48sf200e-24sf250x-48_firmwaresf350-48psf350-48sg550x-48mp_firmwaresg500x-24psf250-08_firmwaresf300-48psf300-24_firmwaresg500-52sf300-24mp_firmwaresf550x-24mp_firmwaresg500-28mpp_firmwaresg500-52psf200e-24psg350-28sf250-24sg500-52_firmwaresf250-26p_firmwaresf550x-48p_firmwaresg550x-48psg200-10fpsf300-24ppsf200e-48sf250-50hpsx550x-24ft_firmwaresg300-10mpp_firmwaresf250-50hp_firmwaresf550x-48_firmwaresf250-50psg200-50sg300-52mpsf250-18_firmwaresf250-26hp_firmwaresf250x-24psf250x-48psg350-10p_firmwaresg355-10psf200-48p_firmwaresg350-10psg200-26fp_firmwaresx550x-16ft_firmwaresg200-50psf302-08p_firmwaresg500-52mpsg300-52psf250-48sg300-20_firmwaresf250x-24sf500-24p_firmwaresf500-48sg300-10sfpsg550x-24_firmwaresg200-50fpsg300-28_firmwaresf302-08psg500-28mppsf500-24psf200-24p_firmwaresf302-08ppsf350-48p_firmwaresf300-48sg300-10sfp_firmwaresf550x-48mp_firmwaresf250-50sg350-28p_firmwaresf550x-24_firmwaresf250-48hp_firmwaresg300-28ppsf250-08hpsf250-26hpsg300-52mp_firmwaresg350-10mpsf500-48_firmwaresf550x-48psg500-28p_firmwaresg550x-24mppsf550x-24sf500-48psf200-24psg500-52p_firmwaresf500-48p_firmwaresf200e-24_firmwaresg300-28mpsf302-08mp_firmwaresf350-48mp_firmwaresf250-24_firmwaresg350-28mpsf302-08sg350-28mp_firmwaresg300-28pp_firmwaresf250-26psf200-24sx550x-24fsg500x-48psg350-10mp_firmwaresf302-08mpp_firmwaresf200e-48_firmwaresg355-10p_firmwaresg550x-24mp_firmwaresg500x-48p_firmwaresg200-18_firmwaresg300-10psg300-52p_firmwaresf300-48ppsg500x-24_firmwaresg550x-48_firmwaresf550x-24p_firmwaresg300-10mp_firmwaresf302-08_firmwaresg200-08p_firmwaresf200-24fp_firmwaresg550x-24sf250x-24_firmwaresg300-10mpsf250-18sf300-08sg300-10ppsf350-48_firmwaresx550x-24f_firmwaresg200-08sf250-50_firmwaresf250-10psf250x-24p_firmwaresg350-28psf200e48p_firmwaresg200-26fpsg200-26p_firmwaresf550x-48sf200e-24p_firmwaresg300-28sx550x-52_firmwaresg200-10fp_firmwaresg350-28_firmwaresg300-10_firmwaresg350-10sf250x-48sg550x-24mpsx550x-16ftsf300-24p_firmwaresg500x-24sg550x-48mpsg350-10_firmwaresx550x-24ftsx550x-52sg200-50fp_firmwaresg500x-24p_firmwaresg300-10pp_firmwaresf550x-24psg300-10sf500-24sf300-48p_firmwaresf350-48mpsg550x-24p_firmwaresf200-24fpsg300-10mppsg500xg-8f8t_firmwaresg300-28psg550x-24psg200-26psf200-48psf300-24psf300-24sg200-08_firmwaresf302-08mppsg550x-48sf302-08mpsf250-48_firmwaresf300-48pp_firmwaresf300-24mpsg300-28mp_firmwaresf550x-24mpsx550x-12f_firmwaresf302-08pp_firmwaresg550x-24mpp_firmwaresf250-48hpsg200-18sx550x-24_firmwaresg200-50_firmwaresg500x-48_firmwaresf300-08_firmwaresf200-48_firmwaresg500xg-8f8tsf250-50p_firmwaresg500-28_firmwaresf500-24_firmwaresf300-48_firmwaresf300-24pp_firmwaresg300-28p_firmwareCisco Small Business 250 Series Smart Switches Software
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-34739
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.1||HIGH
EPSS-0.25% / 48.01%
||
7 Day CHG~0.00%
Published-04 Nov, 2021 | 15:40
Updated-07 Nov, 2024 | 21:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business Series Switches Session Credentials Replay Vulnerability

A vulnerability in the web-based management interface of multiple Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to replay valid user session credentials and gain unauthorized access to the web-based management interface of an affected device. This vulnerability is due to insufficient expiration of session credentials. An attacker could exploit this vulnerability by conducting a man-in-the-middle attack against an affected device to intercept valid session credentials and then replaying the intercepted credentials toward the same device at a later time. A successful exploit could allow the attacker to access the web-based management interface with administrator privileges.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-sf550x-48mpsf500-24mp_firmwarecbs350-48t-4gsf250-08hp_firmwaresf250-10p_firmwaresg500-52mp_firmwaresf250-26cbs350-24mgp-4x_firmwaresf250x-48p_firmwaresf250-26_firmwarecbs350-8xtsg200-26sg500-28cbs350-8p-2gsg350x-24mpsx550x-24cbs350-24xtsg550x-48p_firmwaresg200-50p_firmwaresg200-08psf250-24p_firmwaresf200-24_firmwarecbs250-48p-4x_firmwaresg550xg-8f8t_firmwarecbs250-8pp-e-2g_firmwarecbs250-24pp-4g_firmwarecbs350-24xts_firmwaresg350xg-24tsg550xg-48t_firmwarecbs350-12xt_firmwaresf350-48psg550xg-48tesw2-350g-52dcsg500x-24pesw2-350g-52_firmwarecbs350-24t-4x_firmwaresf250-08_firmwarecbs350-16t-e-2g_firmwaresg500-52sx350x-24f_firmwaresf300-24mp_firmwarecbs350-48p-4g_firmwaresf550x-24mp_firmwarecbs350-16p-e-2g_firmwarecbs350-24p-4xsg350x-24mp_firmwaresf250-26p_firmwaresf550x-48p_firmwaresg200-10fpcbs350-24p-4gsx550x-24ft_firmwaresg350x-12pmvcbs350-48p-4x_firmwarecbs350-16p-2g_firmwarecbs350-24fp-4g_firmwaresg350x-24cbs250-8t-e-2gcbs350-8mp-2x_firmwaresf550x-48_firmwaresf350-28mpcbs350-8fp-e-2gcbs350-12xs_firmwaresg550xg-8f8tsf250-50pcbs350-16t-e-2gcbs350-12xtsg550xg-24tsf250-18_firmwaresf250-26hp_firmwaresg200-50psg200-26fp_firmwaresf302-08p_firmwarecbs350-48fp-4g_firmwaresg300-52pcbs350-16t-2gsf350-20_firmwaresf352-08_firmwaresf352-08mpsg350x-24pv_firmwarecbs350-48p-4xsf500-24p_firmwarecbs350-48xt-4x_firmwaresg500x-48mp_firmwaresg300-10sfpsf500-24mpcbs350-8mgp-2x_firmwaresf302-08psg300-28_firmwaresf500-24pcbs350-48fp-4gsf200-24p_firmwaresf302-08ppsg350xg-48t_firmwaresf300-48sx350x-24_firmwaresg300-10sfp_firmwaresf550x-48mp_firmwarecbs250-8t-dsf350-52sf550x-24_firmwaresf350-10_firmwaresf250-48hp_firmwaresg300-28ppsf250-08hpsg300-52mp_firmwaresf500-48_firmwarecbs350-24t-4gsg500-28p_firmwaresf550x-48psg550x-24mppsf350-20sf500-48psg350xg-24f_firmwaresg500x-24mpp_firmwarecbs250-24fp-4g_firmwaresg300-28mpsf302-08mp_firmwaresf350-24mpsf250-24_firmwaresf302-08sg350x-48sg300-28pp_firmwarecbs350-48fp-4xcbs250-16p-2gsf302-08mpp_firmwarecbs350-12xssg300-52p_firmwaresf500-48mpsg300-10pcbs250-24p-4x_firmwaresf550x-24p_firmwarecbs250-48p-4xsg300-10mp_firmwarecbs350-24fp-4x_firmwaresg200-08p_firmwaresf200-24fp_firmwaresg550x-24sf350-52psf250x-24_firmwaresf300-08cbs250-8pp-e-2gcbs350-16t-2g_firmwaresg350xg-2f10_firmwaresf350-48_firmwaresx550x-24f_firmwarecbs250-24p-4gsg200-08sf250-50_firmwaresf250-10psf250x-24p_firmwaresx350x-52cbs350-8p-e-2g_firmwaresg350xg-48tcbs250-24t-4g_firmwarecbs350-24xssg350x-8pmdsg300-10_firmwaresg350x-48pcbs250-24fp-4x_firmwaresg500x-24sx550x-16ftsf350-10sfp_firmwaresx550x-24ftsx550x-52sf350-52p_firmwarecbs350-8p-2g_firmwaresg500x-24p_firmwarecbs350-24ngp-4xcbs350-48fp-4x_firmwaresg550x-24p_firmwaresf200-24fpsg500xg-8f8t_firmwarecbs250-8p-e-2gsf300-24psg550xg-24t_firmwaresf302-08mppsf302-08mpsf250-48_firmwaresg350x-48p_firmwarecbs250-8t-d_firmwaresg300-28mp_firmwarecbs250-48t-4xsx350x-24fsf550x-24mpcbs250-24t-4xcbs250-8fp-e-2gsg550x-24mpp_firmwarecbs350-16p-2gsg200-18sg350xg-24fsg500x-48mpcbs350-12np-4x_firmwarecbs350-24xt_firmwaresf200-48_firmwaresg500xg-8f8tsg300-28sfp_firmwaresg500-28_firmwarecbs250-16t-2g_firmwarecbs350-16xtssf350-28psf350-8pdsf355-10p_firmwarecbs250-48p-4gsf300-24pp_firmwarecbs350-24xs_firmwaresx350x-12_firmwarecbs250-48t-4x_firmwaresf250-24psf250-08sg300-10p_firmwaresf350-10psg300-52_firmwaresf350-24pesw2-550x-48dc_firmwaresg300-52sx350x-24sg500x-48cbs250-8p-e-2g_firmwaresg200-26_firmwaresf350-24sg300-20sg500-28pcbs350-48p-4gsg350x-48_firmwaresx550x-12fsf200-48cbs350-8xt_firmwarecbs350-48ngp-4x_firmwaresf350-24mp_firmwaresf250x-48_firmwaresg350x-24_firmwaresf350-48sg550x-48mp_firmwaresf350-52mp_firmwaresf350-52mpsf300-24_firmwaresf300-48psf350-10sfpesw2-550x-48_firmwaresf350-28mp_firmwaresg350x-48pvsg500-28mpp_firmwaresg500-52pcbs250-8pp-dsf250-24sg500-52_firmwarecbs350-24mgp-4xsg550x-48psf300-24ppcbs250-24fp-4gcbs350-8mgp-2xcbs250-24p-4xcbs250-16p-2g_firmwaresg350x-48mp_firmwaresf250-50hpsg550xg-24f_firmwarecbs350-24xtssf350-8mpsg350x-12pmv_firmwaresf352-08mp_firmwaresg300-10mpp_firmwaresf350-24p_firmwaresf250-50hp_firmwarecbs350-48xt-4xsf350-24_firmwarecbs350-24p-4g_firmwaresg200-50cbs350-24t-4xsg300-52mpsf250x-24psf250x-48psf200-48p_firmwarecbs350-24s-4g_firmwaresx550x-16ft_firmwaresf352-08sg500-52mpsx350x-12cbs350-24p-4x_firmwaresf250-48cbs250-48pp-4gsg300-20_firmwaresf350-28sfp_firmwarecbs350-48t-4x_firmwaresf250x-24cbs250-48t-4gcbs350-24t-4g_firmwarecbs350-48t-4xcbs350-24ngp-4x_firmwarecbs250-16t-2gsf500-48cbs350-8t-e-2g_firmwarecbs350-8fp-2g_firmwaresg550x-24_firmwarecbs250-24fp-4xsg200-50fpsg500-28mppcbs350-8fp-2gcbs250-48p-4g_firmwaresf350-8pd_firmwarecbs350-8s-e-2gsf350-48p_firmwarecbs250-48t-4g_firmwaresf350-10mp_firmwaresg350x-24pd_firmwaresf350-08sf250-50cbs250-24p-4g_firmwaresg350xg-2f10sg350x-8pmd_firmwaresf250-26hpcbs250-8t-e-2g_firmwaresf550x-24sg500-52p_firmwaresf200-24psf500-48p_firmwaresf350-28sf250-26psf200-24sx550x-24fsg500x-48pcbs250-8fp-e-2g_firmwaresg550x-24mp_firmwaresg500x-48p_firmwaresg200-18_firmwarecbs250-24t-4gesw2-350g-52cbs350-8t-e-2gsf300-48ppsg500x-24_firmwaresf350-10mpsg350xg-24t_firmwaresg550x-48_firmwaresg350x-24p_firmwaresf302-08_firmwaresg300-10mpsf350-28_firmwaresf350-10p_firmwaresx350x-52_firmwarecbs350-24s-4gsf250-18sf352-08pesw2-550x-48dcsg300-10ppsf350-8mp_firmwarecbs250-24t-4x_firmwareesw2-550x-48sf350-28p_firmwaresg200-26fpsg200-26p_firmwaresx350x-08_firmwaresf550x-48sf350-10sg350x-48pv_firmwaresg350x-24pdsg300-28sx550x-52_firmwaresg200-10fp_firmwaresg550xg-24fsf250x-48sg550x-24mpcbs350-8mp-2xsf300-24p_firmwarecbs350-16p-e-2gsg550x-48mpsg200-50fp_firmwarecbs350-16fp-2gsg300-10pp_firmwaresf500-24sf550x-24pcbs350-8p-e-2gsg300-10sf352-08p_firmwarecbs250-24pp-4gcbs350-24fp-4xsf300-48p_firmwaresg300-10mppcbs250-48pp-4g_firmwarecbs350-24fp-4gsg550x-24psg200-26psf200-48psf300-24sg350x-24pvsg300-28pesw2-350g-52dc_firmwaresg200-08_firmwaresg350x-48mpsx350x-08cbs350-16fp-2g_firmwarecbs350-48ngp-4xsg500x-24mppsg300-28sfpsg550x-48sf300-48pp_firmwaresf300-24mpsg350x-24pcbs350-8fp-e-2g_firmwaresf350-52_firmwaresf350-28sfpsx550x-12f_firmwaresf302-08pp_firmwaresf250-48hpcbs350-8s-e-2g_firmwaresx550x-24_firmwarecbs350-48t-4g_firmwaresg500x-48_firmwaresg200-50_firmwaresf300-08_firmwarecbs350-12np-4xsf250-50p_firmwaresf500-24_firmwaresf350-08_firmwarecbs350-16xts_firmwaresf500-48mp_firmwaresf300-48_firmwarecbs250-8pp-d_firmwaresf355-10psg300-28p_firmwareCisco Small Business Smart and Managed Switches
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2013-6976
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.83% / 73.58%
||
7 Day CHG~0.00%
Published-19 Dec, 2013 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in goform/Quick_setup on Cisco EPC3925 devices allows remote attackers to hijack the authentication of administrators for requests that change a password via the Password and PasswordReEnter parameters, aka Bug ID CSCuh37496.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-epc3925n/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-6444
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.19% / 41.54%
||
7 Day CHG~0.00%
Published-27 Oct, 2016 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a Web Bridge user. More Information: CSCvb03308. Known Affected Releases: 1.8, 1.9, 2.0.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-meeting_serverCisco Meeting Server 1.8, 1.9, 2.0
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-15409
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.43% / 61.39%
||
7 Day CHG~0.00%
Published-05 Oct, 2018 | 14:00
Updated-26 Nov, 2024 | 14:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Webex Network Recording Player and Cisco Webex Player Remote Code Execution Vulnerabilities

A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-webex_meetings_serverwebex_business_suite_31webex_meetings_onlinewebex_business_suite_33Cisco WebEx WRF Player
CWE ID-CWE-20
Improper Input Validation
CVE-2021-1272
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.20% / 41.99%
||
7 Day CHG~0.00%
Published-20 Jan, 2021 | 19:56
Updated-12 Nov, 2024 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Data Center Network Manager Server-Side Request Forgery Vulnerability

A vulnerability in the session validation feature of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack on a targeted system. This vulnerability is due to insufficient validation of parameters in a specific HTTP request by an attacker. An attacker could exploit this vulnerability by sending a crafted HTTP request to an authenticated user of the DCNM web application. A successful exploit could allow the attacker to bypass access controls and gain unauthorized access to the Device Manager application, which provides access to network devices managed by the system.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-data_center_network_managerCisco Data Center Network Manager
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-3549
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.1||HIGH
EPSS-0.53% / 66.26%
||
7 Day CHG~0.00%
Published-21 Oct, 2020 | 18:35
Updated-26 Nov, 2024 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Firepower Management Center Software and Firepower Threat Defense Software sftunnel Pass the Hash Vulnerability

A vulnerability in the sftunnel functionality of Cisco Firepower Management Center (FMC) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to obtain the device registration hash. The vulnerability is due to insufficient sftunnel negotiation protection during initial device registration. An attacker in a man-in-the-middle position could exploit this vulnerability by intercepting a specific flow of the sftunnel communication between an FMC device and an FTD device. A successful exploit could allow the attacker to decrypt and modify the sftunnel communication between FMC and FTD devices, allowing the attacker to modify configuration data sent from an FMC device to an FTD device or alert data sent from an FTD device to an FMC device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-secure_firewall_management_centerfirepower_threat_defenseCisco Firepower Management Center
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2018-15402
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.10% / 27.46%
||
7 Day CHG~0.00%
Published-17 Oct, 2018 | 20:00
Updated-26 Nov, 2024 | 14:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Enterprise NFV Infrastructure Software Cross-Site Request Forgery Vulnerability

A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks. The vulnerability is due to improper validation of Origin headers on HTTP requests within the management interface. An attacker could exploit this vulnerability by convincing a targeted user to follow a URL to a malicious website. An exploit could allow the attacker to take actions within the software with the privileges of the targeted user or gain access to sensitive information.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-enterprise_network_virtualization_softwareCisco Enterprise NFV Infrastructure Software
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-6417
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.13% / 33.04%
||
7 Day CHG~0.00%
Published-05 Oct, 2016 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT System Software 4.10.2 through 6.1.0 and Firepower Management Center allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCva21636.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-firesight_system_softwaren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-6442
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.20% / 42.60%
||
7 Day CHG~0.00%
Published-27 Oct, 2016 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in Cisco Finesse Agent and Supervisor Desktop Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against the user of the web interface. More Information: CSCvb57213. Known Affected Releases: 11.0(1).

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-finesseCisco Finesse 11.0(1)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-6377
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.1||HIGH
EPSS-0.34% / 55.63%
||
7 Day CHG~0.00%
Published-03 Sep, 2016 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Media Origination System Suite Software 2.6 and earlier in Cisco Virtual Media Packager (VMP) allows remote attackers to bypass authentication and make arbitrary Platform and Applications Manager (PAM) API calls via unspecified vectors, aka Bug ID CSCuz52110.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-media_origination_system_suiten/a
CWE ID-CWE-287
Improper Authentication
CVE-2016-6468
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.33% / 55.23%
||
7 Day CHG~0.00%
Published-14 Dec, 2016 | 00:37
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web-based management interface of Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. More Information: CSCvb06663. Known Affected Releases: 11.5(1.10000.4). Known Fixed Releases: 12.0(0.98000.14).

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-emergency_responderCisco Emergency Responder
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-6427
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.13% / 33.04%
||
7 Day CHG~0.00%
Published-06 Oct, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuy75036 and CSCuy81654.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_intelligence_centerunified_contact_center_expressn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-3135
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 37.30%
||
7 Day CHG~0.00%
Published-23 Sep, 2020 | 00:25
Updated-13 Nov, 2024 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Unified Communications Manager Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager (UCM) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-unified_communications_managerCisco Unified Communications Manager
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-3456
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.25% / 48.23%
||
7 Day CHG~0.00%
Published-21 Oct, 2020 | 18:36
Updated-13 Nov, 2024 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco FXOS Software Firepower Chassis Manager Cross-Site Request Forgery Vulnerability

A vulnerability in the Cisco Firepower Chassis Manager (FCM) of Cisco FXOS Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of an affected device. The vulnerability is due to insufficient CSRF protections for the FCM interface. An attacker could exploit this vulnerability by persuading a targeted user to click a malicious link. A successful exploit could allow the attacker to send arbitrary requests that could take unauthorized actions on behalf of the targeted user.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_4150firepower_9300_sm-24firepower_9300_sm-36firepower_4110firepower_extensible_operating_systemfirepower_9300_sm-48firepower_4125firepower_4112firepower_4140firepower_9300_sm-44_x_3firepower_9300_sm-40firepower_4145firepower_4120firepower_9300_sm-56firepower_9300_sm-56_x_3firepower_4115firepower_9300_sm-44Cisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-1448
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.22% / 44.88%
||
7 Day CHG~0.00%
Published-17 Jul, 2016 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 2.7 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuy92706.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-webex_meetings_servern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-1443
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.1||HIGH
EPSS-0.36% / 57.25%
||
7 Day CHG~0.00%
Published-07 Jul, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The virtual network stack on Cisco AMP Threat Grid Appliance devices before 2.1.1 allows remote attackers to bypass a sandbox protection mechanism, and consequently obtain sensitive interprocess information or modify interprocess data, via a crafted malware sample.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-amp_threat_grid_appliancen/a
CVE-2016-1470
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.24% / 47.44%
||
7 Day CHG~0.00%
Published-02 Sep, 2016 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the web-based management interface on Cisco Small Business 220 devices with firmware before 1.0.1.1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuz76230.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-small_business_220_series_smart_plus_switchesn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-0107
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.33% / 55.23%
||
7 Day CHG~0.00%
Published-18 Jan, 2018 | 06:00
Updated-02 Dec, 2024 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web framework of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device. The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An attacker could exploit this vulnerability by tricking the user of a web application into executing an adverse action. Cisco Bug IDs: CSCvg30313.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-prime_service_catalogCisco Prime Service Catalog
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-0287
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-2.11% / 83.40%
||
7 Day CHG~0.00%
Published-02 May, 2018 | 22:00
Updated-29 Nov, 2024 | 15:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability is due to a design flaw in the affected software. An attacker could exploit this vulnerability by sending a user an email attachment or link to a malicious ARF file and persuading the user to open the file or follow the link. A successful exploit could allow the attacker to execute arbitrary code on the user's system. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. Cisco Bug IDs: CSCvh70213, CSCvh70222, CSCvh70228.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-webex_meetings_onlineCisco WebEx Advanced Recording Format Player
CWE ID-CWE-20
Improper Input Validation
CVE-2018-0255
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.20% / 42.52%
||
7 Day CHG~0.00%
Published-19 Apr, 2018 | 20:00
Updated-29 Nov, 2024 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the device manager web interface of Cisco Industrial Ethernet Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of an affected system. The vulnerability is due to insufficient CSRF protection by the device manager web interface. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link or visit an attacker-controlled website. A successful exploit could allow the attacker to submit arbitrary requests to an affected device via the device manager web interface with the privileges of the user. This vulnerability affects the following Cisco Industrial Ethernet (IE) Switches if they are running a vulnerable release of Cisco IOS Software: IE 2000 Series, IE 2000U Series, IE 3000 Series, IE 3010 Series, IE 4000 Series, IE 4010 Series, IE 5000 Series. Cisco Bug IDs: CSCvc96405.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-iosCisco Industrial Ethernet Switches
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-0210
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.32% / 54.50%
||
7 Day CHG~0.00%
Published-08 Mar, 2018 | 07:00
Updated-02 Dec, 2024 | 20:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web-based management interface of Cisco Data Center Network Manager could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections on the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. Cisco Bug IDs: CSCvg88291.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-data_center_network_managerCisco Data Center Network Manager
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-9805
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-8.1||HIGH
EPSS-94.39% / 99.97%
||
7 Day CHG~0.00%
Published-15 Sep, 2017 | 19:00
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.

The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.

Action-Not Available
Vendor-Cisco Systems, Inc.NetApp, Inc.The Apache Software Foundation
Product-strutsoncommand_balancedigital_media_managervideo_distribution_suite_for_internet_streaminghosted_collaboration_solutionnetwork_performance_analysismedia_experience_engineApache StrutsStruts
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2018-0365
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.20% / 42.52%
||
7 Day CHG~0.00%
Published-21 Jun, 2018 | 11:00
Updated-29 Nov, 2024 | 14:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions on the targeted device via a web browser and with the privileges of the user. Cisco Bug IDs: CSCvb19750.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-firepower_management_center_2500firepower_appliance_8120amp_7150firepower_management_center_virtual_appliancefirepower_appliance_7050firepower_appliance_7010_firmwarefirepower_management_center_1000_firmwaresecure_firewall_management_centerfirepower_management_center_4500_firmwarefirepower_appliance_8250_firmwarefirepower_management_center_4500firepower_appliance_8270_firmwarefiresight_management_center_750_firmwarefirepower_management_center_2000_firmwarefirepower_appliance_8140firepower_appliance_7030firesight_management_center_3500_firmwarefirepower_appliance_8250firesight_management_center_3500firepower_appliance_8120_firmwarefirepower_appliance_8290firepower_appliance_7110_firmwarefirepower_appliance_8130firepower_appliance_8360_firmwarefirepower_appliance_8260_firmwarefirepower_appliance_8350_firmwarefirepower_management_center_1000firepower_appliance_7030_firmwarefirepower_appliance_8390firepower_management_center_2500_firmwarefiresight_management_center_750firepower_management_center_2000firesight_management_center_1500firesight_management_center_1500_firmwareamp_8150amp_8150_firmwarefirepower_appliance_7125amp_7150_firmwarefirepower_appliance_8290_firmwarefirepower_appliance_8390_firmwarefirepower_appliance_7115_firmwarefirepower_appliance_8370firepower_appliance_7020firepower_appliance_8350firepower_management_center_4000_firmwarefirepower_appliance_7110firepower_appliance_7010firepower_appliance_8370_firmwarefirepower_appliance_7125_firmwarefirepower_appliance_8360firepower_appliance_8260firepower_appliance_7120_firmwarefirepower_appliance_8130_firmwarefirepower_appliance_7115firepower_appliance_8140_firmwarefirepower_appliance_7120firepower_appliance_7020_firmwarefirepower_management_center_4000ngips_virtual_appliancefirepower_appliance_8270firepower_appliance_7050_firmwareCisco Firepower Management Center unknown
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-0270
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.20% / 42.52%
||
7 Day CHG~0.00%
Published-17 May, 2018 | 03:00
Updated-29 Nov, 2024 | 15:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web-based management interface of Cisco IoT Field Network Director (IoT-FND) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and alter the data of existing users and groups on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. If the user has administrative privileges, the attacker could create a new, privileged account to obtain full control over the device interface. This vulnerability affects Connected Grid Network Management System, if running a software release prior to IoT-FND Release 3.0; and IoT Field Network Director, if running a software release prior to IoT-FND Release 4.1.1-6 or 4.2.0-123. Cisco Bug IDs: CSCvi02448.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-iot_field_network_directorCisco IoT Field Network Director
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-0379
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.41% / 60.28%
||
7 Day CHG~0.00%
Published-18 Jul, 2018 | 23:00
Updated-29 Nov, 2024 | 14:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple vulnerabilities exist in the Cisco Webex Network Recording Player for Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by providing a user with a malicious .arf or .wrf file via email or URL and convincing the user to launch the file in the Webex recording players. Exploitation of these vulnerabilities could allow arbitrary code execution on the system of a targeted user. These vulnerabilities affect ARF and WRF recording players available from Cisco Webex Meetings Suite sites, Cisco Webex Meetings Online sites, and Cisco Webex Meetings Server. Cisco Bug IDs: CSCvi02621, CSCvi02965, CSCvi63329, CSCvi63333, CSCvi63335, CSCvi63374, CSCvi63376, CSCvi63377, CSCvi63391, CSCvi63392, CSCvi63396, CSCvi63495, CSCvi63497, CSCvi63498, CSCvi82684, CSCvi82700, CSCvi82705, CSCvi82725, CSCvi82737, CSCvi82742, CSCvi82760, CSCvi82771, CSCvj51284, CSCvj51294.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-webex_meeting_serverwebex_business_suitewebex_meetings_onlineCisco Webex Network Recording Players unknown
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-20798
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.08% / 24.75%
||
7 Day CHG+0.01%
Published-15 Jun, 2022 | 17:55
Updated-01 Nov, 2024 | 19:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Email Security Appliance and Cisco Secure Email and Web Manager External Authentication Bypass Vulnerability

A vulnerability in the external authentication functionality of Cisco Secure Email and Web Manager, formerly known as Cisco Security Management Appliance (SMA), and Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass authentication and log in to the web management interface of an affected device. This vulnerability is due to improper authentication checks when an affected device uses Lightweight Directory Access Protocol (LDAP) for external authentication. An attacker could exploit this vulnerability by entering a specific input on the login page of the affected device. A successful exploit could allow the attacker to gain unauthorized access to the web-based management interface of the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-secure_email_and_web_manageremail_security_applianceCisco Email Security Appliance (ESA)
CWE ID-CWE-287
Improper Authentication
CVE-2020-16137
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-73.25% / 98.74%
||
7 Day CHG~0.00%
Published-12 Aug, 2020 | 20:07
Updated-04 Aug, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege escalation issue in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers to reset the credentials for the SSH administrative console to arbitrary values. Note: We cannot prove this vulnerability exists. Out of an abundance of caution, this CVE is being assigned to better serve our customers and ensure all who are still running this product understand that the product is end of life and should be removed or upgraded. For more information on this, and how to upgrade, refer to the CVE’s reference information

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_ip_conference_station_7937g_firmwareunified_ip_conference_station_7937gn/a
CVE-2018-0461
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.27% / 50.02%
||
7 Day CHG-0.05%
Published-10 Jan, 2019 | 16:00
Updated-19 Nov, 2024 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IP Phone 8800 Series Arbitrary Script Injection Vulnerability

A vulnerability in the Cisco IP Phone 8800 Series Software could allow an unauthenticated, remote attacker to conduct an arbitrary script injection attack on an affected device. The vulnerability exists because the software running on an affected device insufficiently validates user-supplied data. An attacker could exploit this vulnerability by persuading a user to click a malicious link provided to the user or through the interface of an affected device. A successful exploit could allow an attacker to execute arbitrary script code in the context of the user interface or access sensitive system-based information, which under normal circumstances should be prohibited.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ip_phone_8865ip_phone_8841ip_phone_8861ip_phone_8851ip_phone_8845ip_phone_8800_series_firmwareip_phone_8811Cisco IP Phone 8800 Series Software
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2018-0363
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.41% / 60.69%
||
7 Day CHG~0.00%
Published-21 Jun, 2018 | 11:00
Updated-29 Nov, 2024 | 14:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service (formerly CUPS) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. Cisco Bug IDs: CSCvi55878.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_communications_manager_im_and_presence_serviceCisco Unified Communications Manager IM & Presence Service unknown
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-0439
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.46% / 63.01%
||
7 Day CHG~0.00%
Published-05 Oct, 2018 | 14:00
Updated-26 Nov, 2024 | 14:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Meeting Server Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a customized link. A successful exploit could allow the attacker to perform arbitrary actions on an affected device by using a web browser and with the privileges of the user.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-meeting_serverCisco Meeting Server
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-0446
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.19% / 40.98%
||
7 Day CHG~0.00%
Published-05 Oct, 2018 | 14:00
Updated-26 Nov, 2024 | 14:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Industrial Network Director Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Industrial Network Director could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious, customized link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device via a web browser and with the privileges of the user.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-network_level_serviceCisco Industrial Network Director
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-0402
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.19% / 41.60%
||
7 Day CHG~0.00%
Published-18 Jul, 2018 | 23:00
Updated-29 Nov, 2024 | 14:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack. Cisco Bug IDs: CSCvg70921.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_contact_center_expressunified_ip_interactive_voice_responseCisco Unified Contact Center Express unknown
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-0148
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.35% / 56.53%
||
7 Day CHG~0.00%
Published-22 Feb, 2018 | 00:00
Updated-02 Dec, 2024 | 21:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web-based management interface of Cisco UCS Director Software and Cisco Integrated Management Controller (IMC) Supervisor Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protection by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the affected interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions, via the user's web browser and with the user's privileges, on an affected system. Cisco Bug IDs: CSCvf71929.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-ucs_directorCisco UCS Director and Cisco Integrated Management Controller Supervisor
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-0262
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.1||HIGH
EPSS-4.39% / 88.55%
||
7 Day CHG~0.00%
Published-02 May, 2018 | 22:00
Updated-29 Nov, 2024 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain unauthorized access to components of, or sensitive information in, an affected system, leading to Remote Code Execution. The vulnerability is due to incorrect default configuration of the device, which can expose internal interfaces and ports on the external interface of the system. A successful exploit could allow the attacker to gain unauthenticated access to configuration and database files as well as sensitive meeting information on an affected system. Additionally, if the Traversal Using Relay NAT (TURN) service is enabled and utilizing Transport Layer Security (TLS) connections, an attacker could utilize TURN credentials to forward traffic to device daemons, allowing for remote exploitation. This vulnerability affects Cisco Meeting Server (CMS) Acano X-series platforms that are running a CMS Software release prior to 2.2.11. Cisco Bug IDs: CSCvg76469.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-meeting_serverCisco Meeting Server
CWE ID-CWE-16
Not Available
CVE-2018-0087
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.6||MEDIUM
EPSS-0.28% / 50.90%
||
7 Day CHG~0.00%
Published-08 Mar, 2018 | 07:00
Updated-02 Dec, 2024 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the FTP server of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to log in to the FTP server of the device without a valid password. The attacker does need to have a valid username. The vulnerability is due to incorrect FTP user credential validation. An attacker could exploit this vulnerability by using FTP to connect to the management IP address of the targeted device. A successful exploit could allow the attacker to log in to the FTP server of the Cisco WSA without having a valid password. This vulnerability affects Cisco AsyncOS for WSA Software on both virtual and hardware appliances that are running any release of Cisco AsyncOS 10.5.1 for WSA Software. The device is vulnerable only if FTP is enabled on the management interface. FTP is disabled by default. Cisco Bug IDs: CSCvf74281.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-asyncosCisco Web Security Appliance
CWE ID-CWE-287
Improper Authentication
CVE-2018-0451
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.19% / 40.69%
||
7 Day CHG~0.00%
Published-05 Oct, 2018 | 14:00
Updated-26 Nov, 2024 | 14:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Tetration Analytics Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Tetration Analytics could allow an authenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a customized link. A successful exploit could allow the attacker to perform arbitrary actions on an affected device by using a web browser and with the privileges of the user.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-tetration_analyticsCisco Tetration Analytics
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-0215
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.15% / 35.63%
||
7 Day CHG~0.00%
Published-08 Mar, 2018 | 07:00
Updated-02 Dec, 2024 | 20:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections on the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. Cisco Bug IDs: CSCuv32863.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-identity_services_engineCisco Identity Services Engine
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-0364
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.19% / 40.74%
||
7 Day CHG~0.00%
Published-21 Jun, 2018 | 11:00
Updated-29 Nov, 2024 | 14:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web-based management interface of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. Cisco Bug IDs: CSCvi44320.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_communications_domain_managerCisco Unified Communications Domain Manager unknown
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-0264
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-9.6||CRITICAL
EPSS-0.88% / 74.43%
||
7 Day CHG~0.00%
Published-02 May, 2018 | 22:00
Updated-29 Nov, 2024 | 15:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow an unauthenticated, remote attacker to execute arbitrary code on the system of a targeted user. An attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file and persuading the user to follow the link or open the file. Successful exploitation could allow the attacker to execute arbitrary code on the user's system. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. The following client builds of Cisco WebEx Business Suite (WBS31 and WBS32), Cisco WebEx Meetings, and Cisco WebEx Meetings Server are affected: Cisco WebEx Business Suite (WBS31) client builds prior to T31.23.4, Cisco WebEx Business Suite (WBS32) client builds prior to T32.12, Cisco WebEx Meetings with client builds prior to T32.12, Cisco WebEx Meeting Server builds prior to 3.0 Patch 1. Cisco Bug IDs: CSCvh85410, CSCvh85430, CSCvh85440, CSCvh85442, CSCvh85453, CSCvh85457.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-webex_meeting_serverwebex_business_suite_31webex_meetingswebex_business_suite_32Cisco WebEx Advanced Recording Format file players
CWE ID-CWE-20
Improper Input Validation
CVE-2018-0445
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.21% / 42.75%
||
7 Day CHG~0.00%
Published-05 Oct, 2018 | 14:00
Updated-26 Nov, 2024 | 14:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Packaged Contact Center Enterprise Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Packaged Contact Center Enterprise could allow an unauthenticated, remote attacker to conduct a CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a customized link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-packaged_contact_center_enterpriseCisco Packaged Contact Center Enterprise
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-6330
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.12% / 30.94%
||
7 Day CHG~0.00%
Published-18 Nov, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Cisco Prime Collaboration Assurance 10.5(1) and 10.6 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus62712.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-prime_collaboration_assurancen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-6262
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.11% / 29.44%
||
7 Day CHG~0.00%
Published-25 Aug, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Cisco Prime Infrastructure 1.2(0.103) and 2.0(0.0) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCum49054 and CSCum49059.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-prime_infrastructuren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-6304
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.11% / 29.44%
||
7 Day CHG~0.00%
Published-24 Sep, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Cisco TelePresence Server software 3.0(2.24) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCut63718, CSCut63724, and CSCut63760.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-telepresence_server_softwaren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-6405
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.13% / 32.65%
||
7 Day CHG~0.00%
Published-13 Dec, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Cisco Emergency Responder 10.5(1) and 10.5(1a) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv26501.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-emergency_respondern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-6373
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.12% / 30.94%
||
7 Day CHG~0.00%
Published-18 Nov, 2015 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCux10611.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-firepower_extensible_operating_systemn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 12
  • 13
  • Next
Details not found