Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-12285

Summary
Assigner-cisco
Assigner Org ID-d1c1063e-7a18-46af-9102-31f8928bc633
Published At-19 Oct, 2017 | 08:00
Updated At-05 Aug, 2024 | 18:36
Rejected At-
Credits

A vulnerability in the web interface of Cisco Network Analysis Module Software could allow an unauthenticated, remote attacker to delete arbitrary files from an affected system, aka Directory Traversal. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests that it receives and the software does not apply role-based access controls (RBACs) to requested HTTP URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker to delete arbitrary files from the affected system. Cisco Bug IDs: CSCvf41365.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:cisco
Assigner Org ID:d1c1063e-7a18-46af-9102-31f8928bc633
Published At:19 Oct, 2017 | 08:00
Updated At:05 Aug, 2024 | 18:36
Rejected At:
▼CVE Numbering Authority (CNA)

A vulnerability in the web interface of Cisco Network Analysis Module Software could allow an unauthenticated, remote attacker to delete arbitrary files from an affected system, aka Directory Traversal. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests that it receives and the software does not apply role-based access controls (RBACs) to requested HTTP URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker to delete arbitrary files from the affected system. Cisco Bug IDs: CSCvf41365.

Affected Products
Vendor
n/a
Product
Cisco Network Analysis Module
Versions
Affected
  • Cisco Network Analysis Module
Problem Types
TypeCWE IDDescription
CWECWE-20CWE-20
Type: CWE
CWE ID: CWE-20
Description: CWE-20
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.securityfocus.com/bid/101527
vdb-entry
x_refsource_BID
http://www.securitytracker.com/id/1039623
vdb-entry
x_refsource_SECTRACK
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-nam
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/101527
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.securitytracker.com/id/1039623
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-nam
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.securityfocus.com/bid/101527
vdb-entry
x_refsource_BID
x_transferred
http://www.securitytracker.com/id/1039623
vdb-entry
x_refsource_SECTRACK
x_transferred
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-nam
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/101527
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.securitytracker.com/id/1039623
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-nam
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@cisco.com
Published At:19 Oct, 2017 | 08:29
Updated At:20 Apr, 2025 | 01:37

A vulnerability in the web interface of Cisco Network Analysis Module Software could allow an unauthenticated, remote attacker to delete arbitrary files from an affected system, aka Directory Traversal. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests that it receives and the software does not apply role-based access controls (RBACs) to requested HTTP URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker to delete arbitrary files from the affected system. Cisco Bug IDs: CSCvf41365.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.05.3MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Primary2.06.4MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:P
Type: Primary
Version: 3.0
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Type: Primary
Version: 2.0
Base score: 6.4
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:P
CPE Matches

Cisco Systems, Inc.
cisco
>>prime_network_analysis_module>>6.2\(1b\)
cpe:2.3:a:cisco:prime_network_analysis_module:6.2\(1b\):*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Secondarypsirt@cisco.com
CWE-20Primarynvd@nist.gov
CWE-22Primarynvd@nist.gov
CWE ID: CWE-20
Type: Secondary
Source: psirt@cisco.com
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-22
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://www.securityfocus.com/bid/101527psirt@cisco.com
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039623psirt@cisco.com
Third Party Advisory
VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-nampsirt@cisco.com
Vendor Advisory
http://www.securityfocus.com/bid/101527af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039623af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-namaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/101527
Source: psirt@cisco.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id/1039623
Source: psirt@cisco.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-nam
Source: psirt@cisco.com
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/101527
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id/1039623
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-nam
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

1581Records found

CVE-2019-1984
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.98% / 75.89%
||
7 Day CHG~0.00%
Published-21 Aug, 2019 | 18:30
Updated-21 Nov, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Enterprise Network Functions Virtualization Infrastructure Software Arbitrary File Write Vulnerability

A vulnerability in Cisco Enterprise Network Functions Virtualization Infrastructure Software (NFVIS) could allow an authenticated, remote attacker with administrator privileges to overwrite files on the underlying operating system (OS) of an affected device. The vulnerability is due to improper input validation in an NFVIS file-system command. An attacker could exploit this vulnerability by using crafted variables during the execution of an affected command. A successful exploit could allow the attacker to overwrite arbitrary files on the underlying OS.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-enterprise_network_function_virtualization_infrastructure_sofwareCisco Enterprise NFV Infrastructure Software
CWE ID-CWE-20
Improper Input Validation
CVE-2021-1435
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-6.6||MEDIUM
EPSS-0.32% / 54.18%
||
7 Day CHG~0.00%
Published-24 Mar, 2021 | 20:05
Updated-23 Oct, 2024 | 19:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software Web UI Command Injection Vulnerability

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to inject arbitrary commands that can be executed as the root user. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request to the web UI of an affected device with arbitrary commands injected into a portion of the request. A successful exploit could allow the attacker to execute arbitrary commands as the root user.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS XE Software
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2010-4687
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.76% / 72.28%
||
7 Day CHG~0.00%
Published-07 Jan, 2011 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

STCAPP (aka the SCCP telephony control application) on Cisco IOS before 15.0(1)XA1 does not properly handle multiple calls to a shared line, which allows remote attackers to cause a denial of service (port hang) by simultaneously ending two calls that were controlled by CallManager Express (CME), aka Bug ID CSCtd42552.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-iosn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-1448
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.94%
||
7 Day CHG~0.00%
Published-29 Apr, 2021 | 17:30
Updated-08 Nov, 2024 | 23:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Firepower Threat Defense Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges on the underlying operating system of an affected device that is running in multi-instance mode. This vulnerability is due to insufficient validation of user-supplied command arguments. An attacker could exploit this vulnerability by submitting crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_9300firepower_4112firepower_4150firepower_4140firepower_4145firepower_4110firepower_4120firepower_4115firepower_4125firepower_threat_defenseCisco Firepower Threat Defense Software
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-1962
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-1.45% / 79.97%
||
7 Day CHG~0.00%
Published-28 Aug, 2019 | 18:50
Updated-19 Nov, 2024 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software Cisco Fabric Services over IP Denial of Service Vulnerability

A vulnerability in the Cisco Fabric Services component of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause process crashes, which can result in a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient validation of TCP packets when processed by the Cisco Fabric Services over IP (CFSoIP) feature. An attacker could exploit this vulnerability by sending a malicious Cisco Fabric Services TCP packet to an affected device. A successful exploit could allow the attacker to cause process crashes, resulting in a device reload and a DoS condition. Note: There are three distribution methods that can be configured for Cisco Fabric Services. This vulnerability affects only distribution method CFSoIP, which is disabled by default. See the Details section for more information.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_56128pucs_6332-16upucs-6296upnx-osnexus_3636c-rn9k-c9236c7000_10-slotnexus_7000_supervisor_2nexus_3524-x\/xlnexus_6004nexus_7700_supervisor_3en9k-c9504-fm-rmds_9506n7k-f248xp-25en9k-x96136yc-rmds_9250in9k-c93180yc-exn77-f324fq-25n9k-x9636q-rnexus_5020nexus_7700_supervisor_2e7700_2-slotx9636q-rnexus_5548pnexus_5648qmds_9718n9k-c9272qn9k-x9732c-exn7k-f306ck-25mds_9148smds_9513nexus_36180yc-rmds_9148tnexus_5672upn77-f312ck-26mds_9132tn7k-m348xp-25lmds_95097000_4-slotn9k-x9636c-rxn9k-x9736c-fxmds_9706nexus_5596upmds_92167700_6-slotnexus_7000_supervisor_1nexus_3548-x\/xln7k-m206fq-23lmds_9216anexus_5696qx96136yc-rn77-f348xp-23ucs_6248up7000_18-slotn77-m324fq-25lnexus_3048nexus_6001n7k-m202cf-22ln9k-c9508-fm-rucs_6324n9k-c93180yc-fxn7k-f312fq-25mds_9396t7000_9-slotmds_9396sx9636c-rucs_6332n77-m312cq-26lnexus_5548upn7k-m324fq-25lmds_9222inexus_5010nexus_7000_supervisor_2ex9636c-rx7700_10-slotn77-f430cq-36n77-m348xp-23lmds_9216i7700_18-slotnexus_5596tn9k-c92160yc-xnexus_5624qmds_9710n9k-c93180lc-exn9k-x9636c-rn7k-m224xp-23lnexus_5672up-16gCisco Unified Computing System (Managed)
CWE ID-CWE-20
Improper Input Validation
CVE-2019-1839
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.10% / 28.37%
||
7 Day CHG~0.00%
Published-21 Aug, 2019 | 18:10
Updated-20 Nov, 2024 | 17:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Remote PHY Device Software Command Injection Vulnerability

A vulnerability in Cisco Remote PHY Device Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attacker who has valid administrator access to an affected device could exploit this vulnerability by supplying various CLI commands with crafted arguments. A successful exploit could allow the attacker to run arbitrary commands as the root user, allowing complete compromise of the system.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-cbr-8_firmwareremote_phy_120remote_phy_120_firmwareremote_phy_shelf_7200_firmwareremote_phy_220_firmwarecbr-8remote_phy_220remote_phy_shelf_7200Cisco Remote PHY
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-1716
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-7.27% / 91.27%
||
7 Day CHG~0.00%
Published-22 Mar, 2019 | 20:05
Updated-19 Nov, 2024 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IP Phone 7800 Series and 8800 Series Remote Code Execution Vulnerability

A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code. The vulnerability exists because the software improperly validates user-supplied input during user authentication. An attacker could exploit this vulnerability by connecting to an affected device using HTTP and supplying malicious user credentials. A successful exploit could allow the attacker to trigger a reload of an affected device, resulting in a DoS condition, or to execute arbitrary code with the privileges of the app user. Cisco fixed this vulnerability in the following SIP Software releases: 10.3(1)SR5 and later for Cisco Unified IP Conference Phone 8831; 11.0(4)SR3 and later for Cisco Wireless IP Phone 8821 and 8821-EX; and 12.5(1)SR1 and later for the rest of the Cisco IP Phone 7800 Series and 8800 Series.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-unified_ip_conferenece_phone_8831ip_phone_8821-ex_firmwareip_phone_8821ip_phone_8800ip_conference_phone_7800ip_phone_8821_firmwareip_phone_8821-exip_conference_phone_7800_firmwareunified_ip_conferenece_phone_8831_firmwareip_phone_8800_firmwareCisco Wireless IP Phone 8821 and 8821-EXCisco IP Phone 7800 Series and 8800 SeriesCisco Unified IP Conference Phone 8831
CWE ID-CWE-20
Improper Input Validation
CVE-2010-3050
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.49% / 64.43%
||
7 Day CHG~0.00%
Published-25 Sep, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco IOS before 12.2(33)SXI allows remote authenticated users to cause a denial of service (device reboot).

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-iosn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-2819
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.43% / 61.49%
||
7 Day CHG~0.00%
Published-06 Aug, 2010 | 19:31
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the SunRPC inspection feature on the Cisco Firewall Services Module (FWSM) with software 3.1 before 3.1(17.2), 3.2 before 3.2(16.1), 4.0 before 4.0(10.1), and 4.1 before 4.1(1.1) for Catalyst 6500 series switches and 7600 series routers allows remote attackers to cause a denial of service (device reload) via crafted SunRPC messages, aka Bug ID CSCte61622.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-firewall_services_module_softwarecatalyst_6500firewall_services_modulecatalyst_7600n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-1740
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-1.05% / 76.67%
||
7 Day CHG~0.00%
Published-27 Mar, 2019 | 23:25
Updated-19 Nov, 2024 | 19:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS and IOS XE Software Network-Based Application Recognition Denial of Service Vulnerabilities

A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability are due to a parsing issue on DNS packets. An attacker could exploit this vulnerability by sending crafted DNS packets through routers that are running an affected version and have NBAR enabled. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeiosCisco IOS and Cisco IOS-XE Software
CWE ID-CWE-20
Improper Input Validation
CVE-2019-1886
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.85% / 73.97%
||
7 Day CHG~0.00%
Published-04 Jul, 2019 | 19:50
Updated-19 Nov, 2024 | 19:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Web Security Appliance HTTPS Certificate Denial of Service Vulnerability

A vulnerability in the HTTPS decryption feature of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of Secure Sockets Layer (SSL) server certificates. An attacker could exploit this vulnerability by installing a malformed certificate in a web server and sending a request to it through the Cisco WSA. A successful exploit could allow the attacker to cause an unexpected restart of the proxy process on an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-asyncosweb_security_applianceCisco Web Security Appliance (WSA)
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-295
Improper Certificate Validation
CVE-2010-2827
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.43% / 61.49%
||
7 Day CHG~0.00%
Published-16 Aug, 2010 | 18:25
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco IOS 15.1(2)T allows remote attackers to cause a denial of service (resource consumption and TCP outage) via spoofed TCP packets, related to embryonic TCP connections that remain in the SYN_RCVD or SYN_SENT state, aka Bug ID CSCti18193.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-iosn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-2840
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.43% / 61.49%
||
7 Day CHG~0.00%
Published-26 Aug, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Presence Engine (PE) service in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) does not properly handle an erroneous Contact field in the header of a SIP SUBSCRIBE message, which allows remote attackers to cause a denial of service (process failure) via a malformed message, aka Bug ID CSCtd39629.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_presence_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-16011
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.09% / 27.28%
||
7 Day CHG~0.00%
Published-29 Apr, 2020 | 20:40
Updated-15 Nov, 2024 | 17:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE SD-WAN Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI utility. The attacker must be authenticated to access the CLI utility. A successful exploit could allow the attacker to execute commands with root privileges.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-asr_10134431_integrated_services_routerasr_1002-hx1100_integrated_services_routerios_xe4221_integrated_services_router4331_integrated_services_routerasr_10064461_integrated_services_routerasr_1001-xasr_1001-hxasr_1004asr_1002-xcsr1000vasr_1009-xasr_1006-xCisco IOS XE SD-WAN Software
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-20
Improper Input Validation
CVE-2010-1561
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-1.24% / 78.41%
||
7 Day CHG~0.00%
Published-14 May, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SIP implementation on the Cisco PGW 2200 Softswitch with software 9.7(3)S before 9.7(3)S11 and 9.7(3)P before 9.7(3)P11 allows remote attackers to cause a denial of service (device crash) via a long message, aka Bug ID CSCsk44115.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-pgw_2200_softswitchn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-1563
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-1.24% / 78.41%
||
7 Day CHG~0.00%
Published-14 May, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SIP implementation on the Cisco PGW 2200 Softswitch with software 9.7(3)S before 9.7(3)S9 and 9.7(3)P before 9.7(3)P9 allows remote attackers to cause a denial of service (device crash) via a malformed header, aka Bug ID CSCsk04588.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-pgw_2200_softswitchn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-1562
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-1.10% / 77.13%
||
7 Day CHG~0.00%
Published-14 May, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SIP implementation on the Cisco PGW 2200 Softswitch with software 9.7(3)S before 9.7(3)S9 and 9.7(3)P before 9.7(3)P9 allows remote attackers to cause a denial of service (device crash) via a malformed Contact header, aka Bug ID CSCsj98521.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-pgw_2200_softswitchn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-6426
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.11% / 30.30%
||
7 Day CHG~0.00%
Published-18 Dec, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco Prime Network Services Controller 3.0 allows local users to bypass intended access restrictions and execute arbitrary commands via additional parameters to an unspecified command, aka Bug ID CSCus99427.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-prime_network_services_controllern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-1577
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-1.15% / 77.62%
||
7 Day CHG~0.00%
Published-27 Jul, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in Cisco Internet Streamer, as used in Cisco Content Delivery System (CDS) 2.2.x, 2.3.x, 2.4.x, and 2.5.x before 2.5.7 allows remote attackers to read arbitrary files via a crafted URL.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-internet_streamercontent_delivery_systemn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2010-1571
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.46% / 62.92%
||
7 Day CHG~0.00%
Published-10 Jun, 2010 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in the bootstrap service in Cisco Unified Contact Center Express (UCCX) 7.0 before 7.0(1)SR4 and 7.0(2), unspecified 6.0 versions, and 5.0 before 5.0(2)SR3 allows remote attackers to read arbitrary files via a crafted bootstrap message to TCP port 6295.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_contact_center_expresscustomer_response_solutionunified_ip_interactive_voice_responsen/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2010-1576
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-0.23% / 46.07%
||
7 Day CHG~0.00%
Published-06 Jul, 2010 | 14:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Cisco Content Services Switch (CSS) 11500 with software before 8.20.4.02 and the Application Control Engine (ACE) 4710 with software before A2(3.0) do not properly handle use of LF, CR, and LFCR as alternatives to the standard CRLF sequence between HTTP headers, which allows remote attackers to bypass intended header insertions or conduct HTTP request smuggling attacks via crafted header data, as demonstrated by LF characters preceding ClientCert-Subject and ClientCert-Subject-CN headers, aka Bug ID CSCta04885.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-ace_4710content_services_switch_11500n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-1567
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-1.24% / 78.41%
||
7 Day CHG~0.00%
Published-14 May, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SIP implementation on the Cisco PGW 2200 Softswitch with software before 9.8(1)S5 allows remote attackers to cause a denial of service (device crash) via a malformed header, aka Bug ID CSCsz13590.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-pgw_2200_softswitchn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-6369
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.10% / 27.78%
||
7 Day CHG~0.00%
Published-19 Nov, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The USB driver in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows physically proximate attackers to cause a denial of service via a crafted USB device that triggers invalid USB commands, aka Bug ID CSCux10531.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-firepower_extensible_operating_systemn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-6357
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-5.93% / 90.28%
||
7 Day CHG~0.00%
Published-18 Nov, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The rule-update feature in Cisco FireSIGHT Management Center (MC) 5.2 through 5.4.0.1 does not verify the X.509 certificate of the support.sourcefire.com SSL server, which allows man-in-the-middle attackers to spoof this server and provide an invalid package, and consequently execute arbitrary code, via a crafted certificate, aka Bug ID CSCuw06444.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-firesight_system_softwaren/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-6291
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-1.10% / 77.13%
||
7 Day CHG~0.00%
Published-06 Nov, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco AsyncOS before 8.5.7-043, 9.x before 9.1.1-023, and 9.5.x and 9.6.x before 9.6.0-046 on Email Security Appliance (ESA) devices mishandles malformed fields during body-contains, attachment-contains, every-attachment-contains, attachment-binary-contains, dictionary-match, and attachment-dictionary-match filtering, which allows remote attackers to cause a denial of service (memory consumption) via a crafted attachment in an e-mail message, aka Bug ID CSCuv47151.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-email_security_appliancen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-0146
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.44% / 62.47%
||
7 Day CHG~0.00%
Published-23 Feb, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in the Management Center for Cisco Security Agents 6.0 allows remote authenticated users to read arbitrary files via unspecified vectors.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-security_agentn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2015-6374
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 44.29%
||
7 Day CHG~0.00%
Published-19 Nov, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The web interface in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, aka Bug ID CSCux10604.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-firepower_extensible_operating_systemn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-6407
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-4||MEDIUM
EPSS-0.19% / 41.42%
||
7 Day CHG~0.00%
Published-13 Dec, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco Emergency Responder 10.5(3.10000.9) allows remote attackers to upload files to arbitrary locations via a crafted parameter, aka Bug ID CSCuv25501.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-emergency_respondern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-6260
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-0.37% / 58.03%
||
7 Day CHG~0.00%
Published-03 Mar, 2016 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco NX-OS 7.1(1)N1(1) on Nexus 5500, 5600, and 6000 devices does not properly validate PDUs in SNMP packets, which allows remote attackers to cause a denial of service (SNMP application restart) via a crafted packet, aka Bug ID CSCut84645.

Action-Not Available
Vendor-n/aCisco Systems, Inc.Zyxel Networks Corporation
Product-nexus_5596upgs1900-10hp_firmwarenexus_5672upnexus_5548pnexus_5648qnexus_5696qnexus_5548upnexus_5596tnexus_5624qnexus_56128pn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-6365
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-4||MEDIUM
EPSS-0.18% / 40.23%
||
7 Day CHG~0.00%
Published-14 Nov, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco IOS 15.2(04)M and 15.4(03)M lets physical-interface ACLs supersede virtual PPP interface ACLs, which allows remote authenticated users to bypass intended network-traffic restrictions in opportunistic circumstances by using PPP, aka Bug ID CSCur61303.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-iosn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-1174
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-8.13% / 91.83%
||
7 Day CHG~0.00%
Published-29 Mar, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco TFTP Server 1.1 allows remote attackers to cause a denial of service (daemon crash) via a crafted (1) read (aka RRQ) or (2) write (aka WRQ) request, or other TFTP packet. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-tftp_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-6256
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-5||MEDIUM
EPSS-0.46% / 62.97%
||
7 Day CHG~0.00%
Published-22 Aug, 2015 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco ASR 5000 devices with software 19.0.M0.60828 allow remote attackers to cause a denial of service (OSPF process restart) via crafted length fields in headers of OSPF packets, aka Bug ID CSCuv62820.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-asr_5000_series_softwaren/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-6282
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.41% / 60.57%
||
7 Day CHG~0.00%
Published-25 Sep, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco IOS XE 2.x and 3.x before 3.10.6S, 3.11.xS through 3.13.xS before 3.13.3S, and 3.14.xS through 3.15.xS before 3.15.1S allows remote attackers to cause a denial of service (device reload) via IPv4 packets that require NAT and MPLS actions, aka Bug ID CSCut96933.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-ios_xen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-6259
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-9.4||HIGH
EPSS-1.06% / 76.77%
||
7 Day CHG~0.00%
Published-04 Sep, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The JavaServer Pages (JSP) component in Cisco Integrated Management Controller (IMC) Supervisor before 1.0.0.1 and UCS Director (formerly Cloupia Unified Infrastructure Controller) before 5.2.0.1 allows remote attackers to write to arbitrary files via crafted HTTP requests, aka Bug IDs CSCus36435 and CSCus62625.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-integrated_management_controller_supervisorunified_computing_system_directorn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2009-5038
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.85% / 73.98%
||
7 Day CHG~0.00%
Published-07 Jan, 2011 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco IOS before 15.0(1)XA does not properly handle IRC traffic during a specific time period after an initial reload, which allows remote attackers to cause a denial of service (device reload) via an attempted connection to a certain IRC server, related to a "corrupted magic value," aka Bug ID CSCso05336.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-iosn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2009-4921
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.43% / 61.49%
||
7 Day CHG~0.00%
Published-29 Jun, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allow remote attackers to cause a denial of service (traceback) via malformed TCP packets, aka Bug ID CSCsm84110.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-asa_5580n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-12699
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.17% / 39.20%
||
7 Day CHG~0.00%
Published-02 Oct, 2019 | 19:06
Updated-20 Nov, 2024 | 17:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco FXOS Software and Firepower Threat Defense Software Command Injection Vulnerabilities

Multiple vulnerabilities in the CLI of Cisco FXOS Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute commands on the underlying operating system (OS) with root privileges. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by including crafted arguments to specific CLI commands. A successful exploit could allow the attacker to execute commands on the underlying OS with root privileges.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_9300firepower_4100firepower_2100firepower_threat_defensefirepower_9300_firmwarefirepower_extensible_operating_systemfirepower_1000Cisco Firepower Extensible Operating System (FXOS)
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2014-3268
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-5||MEDIUM
EPSS-0.41% / 60.66%
||
7 Day CHG~0.00%
Published-20 May, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco IOS 15.2(4)M4 on Cisco Unified Border Element (CUBE) devices allows remote attackers to cause a denial of service (input-queue consumption and traffic-processing outage) via crafted RTCP packets, aka Bug ID CSCuj72215.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-iosunified_border_elementn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-4329
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.46% / 63.26%
||
7 Day CHG~0.00%
Published-20 Aug, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The administrator web interface in Cisco TelePresence Video Communication Server (VCS) X8.5.2 allows remote authenticated users to execute arbitrary OS commands via crafted HTTP requests, aka Bug ID CSCuv11796.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-telepresence_video_communication_server_softwaren/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-3335
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-4.6||MEDIUM
EPSS-0.91% / 74.94%
||
7 Day CHG~0.00%
Published-26 Aug, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly perform NetFlow sampling of packets with multicast destination MAC addresses, which allows remote attackers to cause a denial of service (chip and card hangs) via a crafted packet, aka Bug ID CSCup77750.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-ios_xrasr_9904asr_9000_rsp440_routerasr_9922asr_9001asr_9006asr_9010asr_9912n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-3314
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-5||MEDIUM
EPSS-0.35% / 57.00%
||
7 Day CHG~0.00%
Published-14 Jan, 2015 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco AnyConnect on Android and OS X does not properly verify the host type, which allows remote attackers to spoof authentication forms and possibly capture credentials via unspecified vectors, aka Bug IDs CSCuo24931 and CSCuo24940.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-anyconnect_secure_mobility_clientn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-3348
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-5||MEDIUM
EPSS-1.82% / 82.11%
||
7 Day CHG~0.00%
Published-10 Sep, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SSH module in the Integrated Management Controller (IMC) before 2.3.1 in Cisco Unified Computing System on E-Series blade servers allows remote attackers to cause a denial of service (IMC hang) via a crafted SSH packet, aka Bug ID CSCuo69206.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_computing_system_e140s_m1unified_computing_system_e140dunified_computing_system_e160dpunified_computing_system_e160dunified_computing_system_e140dpunified_computing_system_en120s_m2integrated_management_controllerunified_computing_system_e140s_m2n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-4278
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.44% / 62.42%
||
7 Day CHG~0.00%
Published-16 Jul, 2015 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco Email Security Appliance (ESA) devices with software 8.5.6-106 and 9.5.0-201 allow remote attackers to cause a denial of service (per-domain e-mail reception outage) by placing malformed DMARC policy data in DNS TXT records for a domain, aka Bug ID CSCuv14806.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-email_security_appliance_firmwaren/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-3310
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.29% / 52.27%
||
7 Day CHG~0.00%
Published-10 Jul, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The File Transfer feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center does not verify that a requested file was an offered file, which allows remote attackers to read arbitrary files via a modified request, aka Bug IDs CSCup62442 and CSCup58463.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-webex_meetings_serverwebex_meeting_centern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-3285
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-5||MEDIUM
EPSS-1.14% / 77.56%
||
7 Day CHG~0.00%
Published-29 May, 2014 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco Wide Area Application Services (WAAS) 5.3(.5a) and earlier, when SharePoint acceleration is enabled, does not properly parse SharePoint responses, which allows remote attackers to cause a denial of service (application-optimization handler reload) via a crafted SharePoint application, aka Bug ID CSCue47674.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-wide_area_application_servicesn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-3337
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-2.47% / 84.65%
||
7 Day CHG~0.00%
Published-12 Aug, 2014 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SIP implementation in Cisco Unified Communications Manager (CM) 8.6(.2) and earlier allows remote authenticated users to cause a denial of service (process crash) via a crafted SIP message that is not properly handled during processing of an XML document, aka Bug ID CSCtq76428.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_communications_domain_managern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-3391
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.10% / 27.32%
||
7 Day CHG~0.00%
Published-10 Oct, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in Cisco ASA Software 8.x before 8.4(3), 8.5, and 8.7 before 8.7(1.13) allows local users to gain privileges by placing a Trojan horse library file in external memory, leading to library use after device reload because of an incorrect LD_LIBRARY_PATH value, aka Bug ID CSCtq52661.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-adaptive_security_appliance_softwaren/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-3331
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.40% / 59.79%
||
7 Day CHG~0.00%
Published-20 Aug, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Session Manager component in Packet Data Network Gateway (aka PGW) in Cisco ASR 5000 Series Software 11.0, 12.0, 12.1, 12.2, 14.0, 15.0, 16.x through 16.1.2, and 17.0 allows remote attackers to cause a denial of service (process crash) via a crafted TCP packet, aka Bug ID CSCuo21914.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-asr_5000_series_softwaren/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-3323
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-4||MEDIUM
EPSS-0.24% / 47.17%
||
7 Day CHG~0.00%
Published-18 Jul, 2014 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in Cisco Unified Contact Center Enterprise allows remote authenticated users to read arbitrary web-root files via a crafted URL, aka Bug ID CSCun25262.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_contact_center_enterprisen/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2014-3340
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-4||MEDIUM
EPSS-0.45% / 62.74%
||
7 Day CHG~0.00%
Published-20 Aug, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in an unspecified PHP script in the server in Cisco WebEx MeetMeNow allows remote authenticated users to read arbitrary files via a crafted request, aka Bug ID CSCuo16166.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-webex_meetmenown/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 31
  • 32
  • Next
Details not found