Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-1506

Summary
Assigner-cisco
Assigner Org ID-d1c1063e-7a18-46af-9102-31f8928bc633
Published At-06 May, 2021 | 12:41
Updated At-08 Nov, 2024 | 23:19
Rejected At-
Credits

Cisco SD-WAN vManage Software Vulnerabilities

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For more information about these vulnerabilities, see the Details section of this advisory.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:cisco
Assigner Org ID:d1c1063e-7a18-46af-9102-31f8928bc633
Published At:06 May, 2021 | 12:41
Updated At:08 Nov, 2024 | 23:19
Rejected At:
▼CVE Numbering Authority (CNA)
Cisco SD-WAN vManage Software Vulnerabilities

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For more information about these vulnerabilities, see the Details section of this advisory.

Affected Products
Vendor
Cisco Systems, Inc.Cisco
Product
Cisco SD-WAN vManage
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
CWECWE-20CWE-20
Type: CWE
CWE ID: CWE-20
Description: CWE-20
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits

The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.

Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-vmanage-4TbynnhZ
vendor-advisory
x_refsource_CISCO
Hyperlink: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-vmanage-4TbynnhZ
Resource:
vendor-advisory
x_refsource_CISCO
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-vmanage-4TbynnhZ
vendor-advisory
x_refsource_CISCO
x_transferred
Hyperlink: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-vmanage-4TbynnhZ
Resource:
vendor-advisory
x_refsource_CISCO
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:ykramarz@cisco.com
Published At:06 May, 2021 | 13:15
Updated At:07 Nov, 2023 | 03:28

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For more information about these vulnerabilities, see the Details section of this advisory.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.2HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Secondary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.06.5MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 7.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 6.5
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P
CPE Matches
Cisco Systems, Inc.
cisco
>>catalyst_sd-wan_manager>>Versions from 20.4(inclusive) to 20.4.1(exclusive)
cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>catalyst_sd-wan_manager>>Versions from 20.5(inclusive) to 20.5.1(exclusive)
cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>sd-wan_vmanage>>Versions before 20.3.3(exclusive)
cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-862Primarynvd@nist.gov
CWE-20Secondaryykramarz@cisco.com
CWE ID: CWE-862
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-20
Type: Secondary
Source: ykramarz@cisco.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-vmanage-4TbynnhZykramarz@cisco.com
Vendor Advisory
Hyperlink: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-vmanage-4TbynnhZ
Source: ykramarz@cisco.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

2863Records found
CVE-2018-0125
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-39.59% / 97.20%
||
7 Day CHG~0.00%
Published-08 Feb, 2018 | 07:00
Updated-14 Jan, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-15||Apply updates per vendor instructions.

A vulnerability in the web interface of the Cisco RV132W ADSL2+ Wireless-N VPN and RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to an incomplete input validation on user-controlled input in an HTTP request to the targeted device. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to execute arbitrary code as the root user and gain full control of the affected system or cause it to reload, resulting in a DoS condition. This vulnerability is fixed in firmware version 1.0.1.11 for the following Cisco products: RV132W ADSL2+ Wireless-N VPN Router and RV134W VDSL2 Wireless-AC VPN Router. Cisco Bug IDs: CSCvg92737, CSCvh60170.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-rv134wrv132wrv132w_firmwarerv134w_firmwareCisco RV132W and RV134WVPN Routers
CWE ID-CWE-20
Improper Input Validation
CVE-2018-0336
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-1.20% / 78.55%
||
7 Day CHG~0.00%
Published-07 Jun, 2018 | 21:00
Updated-29 Nov, 2024 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the batch provisioning feature of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to escalate privileges to the Administrator level. The vulnerability is due to insufficient authorization enforcement on batch processing. An attacker could exploit this vulnerability by uploading a batch file and having the batch file processed by the system. A successful exploit could allow the attacker to escalate privileges to the Administrator level. Cisco Bug IDs: CSCvd86578.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-prime_collaborationCisco Prime Collaboration Provisioning unknown
CWE ID-CWE-264
Not Available
CWE ID-CWE-862
Missing Authorization
CVE-2020-3425
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.98% / 76.40%
||
7 Day CHG~0.00%
Published-24 Sep, 2020 | 18:01
Updated-13 Nov, 2024 | 17:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software Privilege Escalation Vulnerabilities

Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to elevate privileges to the level of an Administrator user on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-catalyst_c9200l-48pxg-4xcatalyst_c9300-24pws-c3650-24pdws-c3650-48fsws-c3850-48pws-c3650-24tdcatalyst_c9300-48pws-c3850-24pcatalyst_c9300-48u1100_integrated_services_routerws-c3650-8x24uq4331_integrated_services_routercatalyst_c9500-16x4461_integrated_services_routercatalyst_9800-l-cws-c3650-48tscatalyst_c9200-24pws-c3850catalyst_c9300-48tcatalyst_c9200l-48pxg-2ycatalyst_c9200l-48t-4gcatalyst_c9500-12q111x_integrated_services_routercatalyst_c9500-24qws-c3650-12x48urasr_1006-xcatalyst_c9200-48tcatalyst_9800-lcatalyst_c9300-24sasr_1013catalyst_c9300l-48p-4xcatalyst_c9500-24y4cws-c3650-12x48uqcatalyst_c9200l-24t-4gws-c3650-48tdws-c3650-24pscloud_services_router_1000v4221_integrated_services_routerws-c3850-12x48ucatalyst_c9300-24ucatalyst_c9200l-48t-4xws-c3650-48fdcatalyst_9800-clws-c3650-48tqcatalyst_c9500-32ccatalyst_c9200l-48p-4gasr_1001-hxasr_1002-xws-c3650-12x48uzcatalyst_c9300l-24p-4gasr_1009-xws-c3850-12s4451-x_integrated_services_routercatalyst_c9500-32qcws-c3850-48xsws-c3850-48ucatalyst_c9200l-24p-4gcatalyst_c9300-48sws-c3650-48fqws-c3850-48f1160_integrated_services_routerws-c3850-24xucatalyst_c9300l-48t-4xws-c3650-48psasr_1002-hxcatalyst_c9300l-24t-4gintegrated_services_virtual_routerws-c3850-24tcatalyst_c9200l-24pxg-2yws-c3860ws-c3850-24ucatalyst_c9300l-24t-4xcatalyst_9800-80catalyst_9800-l-fws-c3650-24tsasr_10041109_integrated_services_routercatalyst_c9200l-24p-4xcatalyst_c9300l-24p-4xcatalyst_c9300l-48p-4gcatalyst_c9200-48p1120_integrated_services_routerws-c3650-48pdcatalyst_c9300-48uncatalyst_c9200l-24t-4x1111x_integrated_services_routercatalyst_c9300-48uxmws-c3650-48pqcatalyst_9800-404321_integrated_services_routercatalyst_c9300-24t4431_integrated_services_routercatalyst_c9200l-24pxg-4xcatalyst_c9500-40xios_xecatalyst_c9300l-48t-4gcatalyst_c9500-48y4casr_1006ws-c3850-24sws-c3850-24xscatalyst_c9300-24uxcatalyst_c9200-24tasr_1001-xws-c3650-24pdm1101_integrated_services_routerws-c3850-12xsws-c3650-48fqmws-c3850-48t4351_integrated_services_routercatalyst_c9200l-48p-4xCisco IOS XE Software 16.1.1
CWE ID-CWE-20
Improper Input Validation
CVE-2017-3881
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-94.28% / 99.93%
||
7 Day CHG~0.00%
Published-17 Mar, 2017 | 22:00
Updated-12 Jan, 2026 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-15||Apply updates per vendor instructions.

A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges. The Cluster Management Protocol utilizes Telnet internally as a signaling and command protocol between cluster members. The vulnerability is due to the combination of two factors: (1) the failure to restrict the use of CMP-specific Telnet options only to internal, local communications between cluster members and instead accept and process such options over any Telnet connection to an affected device; and (2) the incorrect processing of malformed CMP-specific Telnet options. An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device. This affects Catalyst switches, Embedded Service 2020 switches, Enhanced Layer 2 EtherSwitch Service Module, Enhanced Layer 2/3 EtherSwitch Service Module, Gigabit Ethernet Switch Module (CGESM) for HP, IE Industrial Ethernet switches, ME 4924-10GE switch, RF Gateway 10, and SM-X Layer 2/3 EtherSwitch Service Module. Cisco Bug IDs: CSCvd48893.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-catalyst_3560cx-8tc-scatalyst_4948e_ethernet_switchcatalyst_2960xr-48lpd-icatalyst_2960x-24ts-lcatalyst_2975ie_2000-4ts_industrial_ethernet_switchcatalyst_2960l-8ts-llcatalyst_4900mcatalyst_3750_metro_24-acembedded_service_2020_24tc_ncp_bcatalyst_2960g-24tc-lie-3010-16s-8pc_industrial_ethernet_switchie-4000-8gt8gp4g-e_industrial_ethernet_switchcatalyst_2960cx-8tc-lcatalyst_2960cpd-8pt-lcatalyst_2960s-48ts-scatalyst_2960-48pst-scatalyst_2960-plus_48tc-lcatalyst_2960xr-48lps-icatalyst_3750-24pscatalyst_3560-24tscatalyst_3750x-48t-lcatalyst_2960x-48lpd-lme_4924-10gecatalyst_2960x-24ts-llenhanced_layer_2\/3_etherswitch_service_moduleie-4000-8s4g-e_industrial_ethernet_switchcatalyst_3560e-48pd-efcatalyst_3550_48_smicatalyst_3750g-24pscatalyst_2960xr-48fps-lcatalyst_2960-48tt-scatalyst_2960xr-48ts-icatalyst_3560v2-48pscatalyst_2960l-48ps-llcatalyst_2960s-24ps-lcatalyst_2960xr-24td-lcatalyst_3560e-12d-ecatalyst_2960xr-48td-lcatalyst_2918-24tc-ccatalyst_switch_module_3110catalyst_2960-48tt-lcatalyst_2350-48td-scatalyst_2960xr-24pd-lcatalyst_3750-48pscatalyst_2960s-f48lps-lcatalyst_2960l-16ts-llcatalyst_2960-24pc-scatalyst_2970g-24tscatalyst_3560x-48t-lcatalyst_2960c-8tc-lcatalyst_3560-8pccatalyst_2960xr-24ts-lcatalyst_3560e-24td-scatalyst_3750g-24tsembedded_service_2020_24tc_con_bembedded_service_2020_24tc_concatalyst_2960cpd-8tt-lcatalyst_2970g-24tcatalyst_3560x-48t-sie-4000-16gt4g-e_industrial_ethernet_switchgigabit_ethernet_switch_module_\(cgesm\)catalyst_3560e-48pd-scatalyst_2960-24lt-lcatalyst_3550_24_pwrcatalyst_3560e-24pd-ecatalyst_3750x-24u-eie_3000-4tc_industrial_ethernet_switchcatalyst_3560-48tscatalyst_3750x-48pf-eie-4000-4s8p4g-e_industrial_ethernet_switchcatalyst_3750x-48u-lcatalyst_3750e-48pd-sfcatalyst_2960x-24pd-lie-4000-4tc4g-e_industrial_ethernet_switchcatalyst_2960-plus_48pst-scatalyst_blade_switch_3020catalyst_3750v2-48pscatalyst_2960xr-48fps-icatalyst_4000_supervisor_engine_iie_2000-16tc-g-x_industrial_ethernet_switchcatalyst_3750e-48td-sie_2000-16t67p_industrial_ethernet_switchcatalyst_3560c-8pc-scatalyst_2960xr-24ts-icatalyst_3560-24pscatalyst_3750x-48t-ecatalyst_2960s-48lps-lcatalyst_2918-48tt-ccatalyst_3560-12pc-scatalyst_2960l-24ps-llcatalyst_3750x-48p-lcatalyst_2960xr-24ps-lcatalyst_2960xr-48fpd-icatalyst_blade_switch_3040catalyst_2960-24-scatalyst_2960s-24ts-lie_2000-8t67p_industrial_ethernet_switchcatalyst_4948_10_gigabit_ethernet_switchcatalyst_2960x-48fps-lcatalyst_2960x-24psq-lcatalyst_4500e_supervisor_engine_8-ecatalyst_2960x-24ps-lcatalyst_3560g-24tscatalyst_2960s-48td-lcatalyst_2960xr-24pd-icatalyst_3560x-24p-scatalyst_2960g-8tc-lcatalyst_3560x-48p-ecatalyst_3750g-16tdcatalyst_4500_supervisor_engine_6-ecatalyst_3560x-48u-scatalyst_3560v2-24pscatalyst_3550_12tie_2000-8tc_industrial_ethernet_switchcatalyst_2960c-8pc-lembedded_service_2020_ncp_bcatalyst_3560x-24u-ecatalyst_3750-24tsie-3010-24tc_industrial_ethernet_switchcatalyst_3750x-24s-scatalyst_2960x-48ts-lcatalyst_3750x-24t-scatalyst_3750x-48pf-lcatalyst_3750e-24pd-ecatalyst_2960s-f48fps-lcatalyst_3750e-24pd-sie-4000-4t4p4g-e_industrial_ethernet_switchcatalyst_2960cg-8tc-lcatalyst_switch_module_3110xie-4000-8gs4g-e_industrial_ethernet_switchcatalyst_2960s-24ts-scatalyst_2960l-24ts-llie_2000-16t67_industrial_ethernet_switchcatalyst_3560e-12sd-scatalyst_3560cx-12pc-scatalyst_2960s-48ts-lcatalyst_2960x-48lps-lcatalyst_2960s-48fps-lie-5000-16s12p_industrial_ethernet_switchcatalyst_2960c-12pc-lcatalyst_3560x-24t-scatalyst_3560cg-8pc-scatalyst_4500_supervisor_engine_vcatalyst_3750e-48pd-efcatalyst_3750v2-24pscatalyst_3750e-24td-scatalyst_3550_24_smicatalyst_4948e-f_ethernet_switchie_2000-16tc-g-e_industrial_ethernet_switchcatalyst_2960s-24td-lcatalyst_3560x-24u-lcatalyst_2960s-f48ts-scatalyst_4500_supervisor_engine_ivcatalyst_2960s-f24ts-lios_xecatalyst_3560x-48pf-scatalyst_3560e-24pd-scatalyst_2960-8tc-sie_2000-8tc-g_industrial_ethernet_switchcatalyst_2960-plus_24tc-scatalyst_3560x-48u-ecatalyst_3560x-48p-scatalyst_blade_switch_3120xcatalyst_3560e-48td-scatalyst_3750_metro_24-dccatalyst_2960-plus_24lc-lcatalyst_2960-plus_24pc-scatalyst_3560x-48t-ecatalyst_4928_10_gigabit_ethernet_switchcatalyst_3750e-48pd-ecatalyst_2960-24tc-lcatalyst_2960l-16ps-llcatalyst_2960pd-8tt-lcatalyst_3560cg-8tc-ssm-x_layer_2\/3_etherswitch_service_moduleie_2000-8tc-g-n_industrial_ethernet_switchcatalyst_2960-24pc-lcatalyst_2960-plus_48pst-lcatalyst_2960xr-24td-icatalyst_3750-24fscatalyst_3750g-24tcatalyst_4000_supervisor_engine_vcatalyst_3560x-48u-lie-5000-12s12p-10g_industrial_ethernet_switchcatalyst_3750x-24t-lie_2000-16tc-g-n_industrial_ethernet_switchcatalyst_3560x-24p-lcatalyst_4948catalyst_3750g-24ts-1uie-4000-8t4g-e_industrial_ethernet_switchcatalyst_3560x-24t-lcatalyst_3750x-24p-scatalyst_3560x-24u-scatalyst_3750x-24u-scatalyst_3560c-12pc-scatalyst_2960-24tc-scatalyst_2960s-f24ps-lcatalyst_3750e-48pd-scatalyst_2350-48td-sdcatalyst_3750g-48tscatalyst_2960s-48fpd-lie-4000-4gc4gp4g-e_industrial_ethernet_switchcatalyst_3750v2-24fscatalyst_3750g-12s-sdcatalyst_4500_supervisor_ii-plus-10gecatalyst_3560e-12d-scatalyst_3560g-24pscatalyst_2960xr-48lpd-lcatalyst_3750x-24t-ecatalyst_2960-48tc-scatalyst_2960cx-8pc-lcatalyst_3750e-48td-ecatalyst_3750x-12s-ecatalyst_3560cx-8pt-scatalyst_3750v2-48tscatalyst_2960x-48td-lcatalyst_2960-8tc-lcatalyst_2960-plus_24lc-srf_gateway_10catalyst_3560e-12sd-eie_2000-4t_industrial_ethernet_switchcatalyst_3560cx-8pc-scatalyst_c2928-24lt-cioscatalyst_3560v2-24tscatalyst_4500_supervisor_engine_6l-eie-4000-8gt4g-e_industrial_ethernet_switchcatalyst_2928-24tc-ccatalyst_blade_switch_3120catalyst_2960xr-24ps-iie_2000-4t-g_industrial_ethernet_switchcatalyst_2960-24tt-lembedded_service_2020_con_bcatalyst_2960s-24pd-lcatalyst_3560v2-24dccatalyst_2960-24lc-scatalyst_3560v2-48tscatalyst_3750x-12s-scatalyst_3750x-48u-ecatalyst_3560e-48pd-sfcatalyst_2960x-24td-lcatalyst_4500_supervisor_engine_ii-plus-tscatalyst_2960-48tc-lcatalyst_2360-48td-scatalyst_3560g-48tscatalyst_3560e-48td-ecatalyst_3750x-24s-ecatalyst_2960s-f24ts-scatalyst_2960xr-48fpd-lcatalyst_blade_switch_3130catalyst_2960xr-48td-icatalyst_3560e-48pd-ecatalyst_2960xr-48ts-lcatalyst_blade_switch_3030catalyst_3750x-48t-scatalyst_2960x-48ts-llcatalyst_3560cx-12tc-sie_2000-16ptc-g_industrial_ethernet_switchembedded_service_2020_ncpembedded_service_2020_conie-4000-16t4g-e_industrial_ethernet_switchcatalyst_3550_24_fx_smicatalyst_3560cpd-8pt-scatalyst_3560e-24td-ecatalyst_2960s-48lpd-lcatalyst_3560g-48pscatalyst_2960l-8ps-llcatalyst_3550_24_dc_smiie_2000-16tc_industrial_ethernet_switchcatalyst_3750e-24td-ecatalyst_3750v2-24tsie_2000-8tc-g-e_industrial_ethernet_switchcatalyst_blade_switch_3032catalyst_2960s-f48ts-lcatalyst_2960-plus_24pc-lie-4010-4s24p_industrial_ethernet_switchcatalyst_2960g-48tc-lcatalyst_2960-48pst-lcatalyst_c2928-48tc-cie_2000-4s-ts-g_industrial_ethernet_switchcatalyst_switch_module_3012catalyst_3550_12gie_2000-24t67_industrial_ethernet_switchcatalyst_3560-48pscatalyst_4000_supervisor_engine_ivenhanced_layer_2_etherswitch_service_modulecatalyst_3550_24_emicatalyst_3750x-48pf-scatalyst_3750x-24p-ecatalyst_3750g-48psie_3000-8tc_industrial_ethernet_switchie_2000-8t67_industrial_ethernet_switchcatalyst_2960-plus_48tc-scatalyst_2960c-8tc-scatalyst_3750-48tscatalyst_3560x-48p-lcatalyst_2960x-48fpd-lcatalyst_2918-48tc-ccatalyst_3560cx-8xpd-scatalyst_4500_supervisor_engine_ii-plusembedded_service_2020_24tc_ncpcatalyst_2960l-48ts-llcatalyst_3560x-48pf-lie_2000-4ts-g_industrial_ethernet_switchie_2000-16tc-g_industrial_ethernet_switchcatalyst_3560x-24p-ecatalyst_3750g-12scatalyst_2960-plus_24tc-lcatalyst_3750x-24p-lcatalyst_2960xr-48lps-lcatalyst_3750x-48p-scatalyst_4500_supervisor_engine_v-10gecatalyst_3550_48_emicatalyst_3750x-48p-ecatalyst_3560x-24t-ecatalyst_3750x-24u-lie-4010-16s12p_industrial_ethernet_switchcatalyst_3560x-48pf-ecatalyst_2918-24tt-ccatalyst_3560cx-12pd-scatalyst_3750x-48u-sie-4000-4gs8gp4g-e_industrial_ethernet_switchCisco IOS and IOS XE SoftwareIOS and IOS XE
CWE ID-CWE-20
Improper Input Validation
CVE-2020-27131
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-8.1||HIGH
EPSS-88.49% / 99.48%
||
7 Day CHG~0.00%
Published-17 Nov, 2020 | 03:10
Updated-13 Nov, 2024 | 17:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Security Manager Java Deserialization Vulnerabilities

Multiple vulnerabilities in the Java deserialization function that is used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. These vulnerabilities are due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit these vulnerabilities by sending a malicious serialized Java object to a specific listener on an affected system. A successful exploit could allow the attacker to execute arbitrary commands on the device with the privileges of NT AUTHORITY\SYSTEM on the Windows target host. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-security_managerCisco Security Manager
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2017-12214
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.92% / 75.56%
||
7 Day CHG~0.00%
Published-21 Sep, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Operations, Administration, Maintenance, and Provisioning (OAMP) credential reset functionality for Cisco Unified Customer Voice Portal (CVP) could allow an authenticated, remote attacker to gain elevated privileges. The vulnerability is due to a lack of proper input validation. An attacker could exploit this vulnerability by authenticating to the OAMP and sending a crafted HTTP request. A successful exploit could allow the attacker to gain administrator privileges. The attacker must successfully authenticate to the system to exploit this vulnerability. This vulnerability affects Cisco Unified Customer Voice Portal (CVP) running software release 10.5, 11.0, or 11.5. Cisco Bug IDs: CSCve92752.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_customer_voice_portalCisco Unified Customer Voice Portal
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-264
Not Available
CVE-2017-12240
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-7.92% / 91.85%
||
7 Day CHG~0.00%
Published-28 Sep, 2017 | 07:00
Updated-12 Jan, 2026 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-03-24||Apply updates per vendor instructions.

The DHCP relay subsystem of Cisco IOS 12.2 through 15.6 and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to a buffer overflow condition in the DHCP relay subsystem of the affected software. An attacker could exploit this vulnerability by sending a crafted DHCP Version 4 (DHCPv4) packet to an affected system. A successful exploit could allow the attacker to execute arbitrary code and gain full control of the affected system or cause the affected system to reload, resulting in a DoS condition. Cisco Bug IDs: CSCsm45390, CSCuw77959.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-asr_901s-4sg-f-dasr_1000-esp100catalyst_3650-48ts-ecatalyst_3850-48xs-f-sasr_920-24tz-m1101-4p_integrated_services_routercatalyst_3650-48tq-ecatalyst_3850-24t-scatalyst_3850-16xs-sasr_901-6cz-ft-acatalyst_3650-24ts-ecatalyst_3650-24pdmasr_9904catalyst_3650-24td-l1841_integrated_service_routercatalyst_3650-48fs-lcatalyst_3650-12x48fd-scatalyst_3850-48p-lcatalyst_3850-24t-easr_920-4sz-a_r8800_12-slotcatalyst_3650-48pd-scatalyst_3650-48ts-lasr_920-12cz-aasr_10011111x_integrated_services_routerasr_901-6cz-fs-a8101-32fhcatalyst_3850-24xs-sasr_920-24sz-im1100-4gltena_integrated_services_router1120_integrated_services_routercatalyst_3850-24xucatalyst_3850-24p-ecatalyst_3850-24xs-e1100-4gltegb_integrated_services_router1109-4p_integrated_services_routercatalyst_3650-8x24pd-lasr_9901catalyst_3650-48ts-s8202catalyst_3650-12x48uq-ecatalyst_3650-48fs-sasr_920-24sz-masr_1000-esp200-xasr_920-12cz-d1803_integrated_service_routerasr_920-24sz-im_routercatalyst_3850-48f-ecatalyst_3650-12x48uq-lasr_920-10sz-pd_router1811_integrated_service_routercatalyst_3650-48td-s4000_integrated_services_routercatalyst_3850-nm-8-10gasr_901-4c-ft-d8800_4-slotcatalyst_3850-12x48u1100_integrated_services_routercatalyst_3850-48f-s1101_integrated_services_routerasr_920-4sz-a1802_integrated_service_routercatalyst_3850-48xs-ecatalyst_3650-24pd-lasr_901s-3sg-f-ahcatalyst_3650-48fd-lasr_1002-x_rcatalyst_3650-24ts-lcatalyst_3650-24pd-e1111x-8p_integrated_services_routerasr_902u1801_integrated_service_routerasr_1001-x_r1000_integrated_services_routercatalyst_3650-48fq-ecatalyst_3650-24ts-sasr_9903catalyst_3650-48tq-lcatalyst_3650-12x48ur-lasr_901s-2sg-f-dcatalyst_3650-12x48fd-ecatalyst_3850-24xu-e8101-32hcatalyst_3850-48u-lasr_920-4sz-d_routerasr_920-12sz-imasr_9001asr_1001-xasr_1013asr_9010asr_920-10sz-pdcatalyst_3650-8x24uq-sasr_920-24sz-m_rasr_920-12sz-im_rasr_1023asr_901-4c-f-dcatalyst_3850-48u-ecatalyst_3850-24u-easr_903catalyst_3650-8x24pd-s8208asr_901-6cz-f-acatalyst_3850-24ucatalyst_3850-24s-scatalyst_3650-12x48urcatalyst_3650-12x48uqcatalyst_3650-48fqm-scatalyst_3850-24u-scatalyst_3850-24pw-scatalyst_3650-24pdm-s1100-4p_integrated_services_router9800-lasr_901-6cz-fs-dasr_1006-xasr_9906catalyst_3850-24t-lasr_1002-hx_rcatalyst_3850catalyst_3650-12x48ur-e1100-lte_integrated_services_routercatalyst_3650-48td-lcatalyst_3650-48fd-easr_920-4sz-d8804catalyst_3650-48fq-s8831asr_920-12cz-d_routerasr_920-10sz-pd_rcatalyst_3650-8x24uq-l4221_integrated_services_routercatalyst_3650-12x48uq-scatalyst_3850-24xscatalyst_3650-48pq-l111x_integrated_services_routercatalyst_3650-12x48uz-scatalyst_3650-24pdcatalyst_3650-48td-easr_9006asr_900catalyst_3650-48fqm-ecatalyst_3850-24xu-scatalyst_3650-24pdm-l1100-4g_integrated_services_routercatalyst_3650-48tq-scatalyst_3650-24td-ecatalyst_3850-24p-s9800-40asr_920-24sz-m_routercatalyst_3850-12s-scatalyst_3850-24xu-l1160_integrated_services_router1100-8p_integrated_services_routercatalyst_3650-24pd-scatalyst_3850-48u-scatalyst_3650-12x48uzasr_920-12cz-a_rcatalyst_3850-16xs-e1905_integrated_services_router8800_8-slotcatalyst_3650-8x24uq-ecatalyst_3650-48pd-ecatalyst_3850-48f-l1906c_integrated_services_router8201-32fhasr_9912catalyst_3850-48xs-f-ecatalyst_3850-nm-2-40gcatalyst_3850-12s-ecatalyst_3650-24ps-lasr_920-12cz-d_rasr_9922asr_901s-2sg-f-ah1861_integrated_service_router8812catalyst_3850-48xs-scatalyst_3850-32xs-siosasr_901-12c-f-dcatalyst_3650-24ps-s9800-801100-6g_integrated_services_routerasr_907catalyst_3850-48pw-s82128201catalyst_3650-48fqmcatalyst_3650-24pdm-easr_9000vcatalyst_3850-48ucatalyst_3650-12x48fd-lcatalyst_3850-48p-easr_920-24tz-m_rcatalyst_3650-12x48uz-ecatalyst_3850-48t-lcatalyst_3850-48t-sasr_9141812_integrated_service_routercatalyst_3850-24u-lcatalyst_3650-48fs-e1941w_integrated_services_router1109-2p_integrated_services_routercatalyst_3850-24s-easr_1002asr_1000-xasr_1001-hxcatalyst_3850-12xs-sasr_902asr_920-24tz-m_routercatalyst_3850-48t-e8808catalyst_3650-48fqasr_901-6cz-f-d8102-64hcatalyst_3650-48fd-scatalyst_3650-48fq-lcatalyst_3650-48pq-scatalyst_3650-8x24uqcatalyst_3650-12x48ur-s422_integrated_services_routerasr_1009-x8800_18-slot9800-clasr_1004asr_9902catalyst_3650-8x24pd-easr_920-12sz-im_routercatalyst_3650-48ps-scatalyst_3850-32xs-easr_9920catalyst_3850-12xs-easr_920-24sz-im_rcatalyst_3850-48p-sasr_9000asr_920u-12sz-im1131_integrated_services_routercatalyst_3650-48pd-l8818catalyst_3650-24ps-ecatalyst_3650-48pq-ecatalyst_3650asr_920-4sz-a_routerasr_9910catalyst_3650-48ps-lcatalyst_3850-48xscatalyst_3850-24p-l1921_integrated_services_routerasr_1002-hxasr_920-12cz-a_router82181109_integrated_services_routerasr_901s-3sg-f-dasr_1001-hx_rasr_901-12c-ft-dcatalyst_3650-12x48uz-l1941_integrated_services_routerasr_1006asr_920-4sz-d_rasr_1000-esp100-xasr_1000catalyst_3650-24td-sasr_901-6cz-ft-dasr_1002-xcatalyst_3650-48fqm-lcatalyst_3650-48ps-eCisco IOS and IOS XEIOS and IOS XE Software
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-20
Improper Input Validation
CVE-2023-20026
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.34% / 55.95%
||
7 Day CHG~0.00%
Published-19 Jan, 2023 | 01:33
Updated-12 Mar, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320 and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to improper validation of user input within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface. A successful exploit could allow the attacker to gain root-level privileges and access unauthorized data. To exploit this vulnerability, an attacker would need to have valid administrative credentials on the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv042_firmwarerv042grv042rv016rv082rv042g_firmwarerv016_firmwarerv082_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-20103
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.18% / 40.12%
||
7 Day CHG~0.00%
Published-05 Apr, 2023 | 00:00
Updated-25 Oct, 2024 | 16:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Secure Network Analytics Remote Code Execution Vulnerability

A vulnerability in Cisco Secure Network Analytics could allow an authenticated, remote attacker to execute arbitrary code as a root user on an affected device. This vulnerability is due to insufficient validation of user input to the web interface. An attacker could exploit this vulnerability by uploading a crafted file to an affected device. A successful exploit could allow the attacker to execute code on the affected device. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-secure_network_analyticsCisco Secure Network Analytics
CWE ID-CWE-20
Improper Input Validation
CVE-2023-20252
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.01% / 76.72%
||
7 Day CHG~0.00%
Published-27 Sep, 2023 | 17:17
Updated-16 Dec, 2025 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN Manager Software could allow an unauthenticated, remote attacker to gain unauthorized access to the application as an arbitrary user. This vulnerability is due to improper authentication checks for SAML APIs. An attacker could exploit this vulnerability by sending requests directly to the SAML API. A successful exploit could allow the attacker to generate an authorization token sufficient to gain access to the application.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-catalyst_sd-wan_managerCisco SD-WAN vManage
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-287
Improper Authentication
CVE-2023-20045
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.25% / 47.83%
||
7 Day CHG~0.00%
Published-19 Jan, 2023 | 01:39
Updated-02 Aug, 2024 | 08:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web-based management interface of Cisco Small Business RV160 and RV260 Series VPN Routers could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary commands using root-level privileges on the affected device. To exploit this vulnerability, the attacker must have valid Administrator-level credentials on the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv160_vpn_routerrv160w_wireless-ac_vpn_routerrv160_vpn_router_firmwarerv260p_vpn_router_with_poerv160w_wireless-ac_vpn_router_firmwarerv260_vpn_routerrv260_vpn_router_firmwarerv260p_vpn_router_with_poe_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-20
Improper Input Validation
CVE-2019-1936
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-62.36% / 98.31%
||
7 Day CHG~0.00%
Published-21 Aug, 2019 | 18:25
Updated-20 Nov, 2024 | 17:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Command Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an authenticated, remote attacker to execute arbitrary commands on the underlying Linux shell as the root user. Exploitation of this vulnerability requires privileged access to an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by logging in to the web-based management interface with administrator privileges and then sending a malicious request to a certain part of the interface.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-integrated_management_controller_supervisorucs_directorucs_director_express_for_big_dataCisco Unified Computing System Director
CWE ID-CWE-20
Improper Input Validation
CVE-2019-1971
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-8.1||HIGH
EPSS-1.40% / 80.10%
||
7 Day CHG~0.00%
Published-08 Aug, 2019 | 07:35
Updated-20 Nov, 2024 | 17:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Enterprise NFV Infrastructure Software Command Injection Vulnerability

A vulnerability in the web portal of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to perform a command injection attack and execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation by the web portal framework. An attacker could exploit this vulnerability by providing malicious input during web portal authentication. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-enterprise_network_function_virtualization_infrastructureCisco Enterprise NFV Infrastructure Software
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-20
Improper Input Validation
CVE-2019-1889
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-1.23% / 78.88%
||
7 Day CHG~0.00%
Published-04 Jul, 2019 | 19:55
Updated-20 Nov, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Application Policy Infrastructure Controller REST API Privilege Escalation Vulnerability

A vulnerability in the REST API for software device management in Cisco Application Policy Infrastructure Controller (APIC) Software could allow an authenticated, remote attacker to escalate privileges to root on an affected device. The vulnerability is due to incomplete validation and error checking for the file path when specific software is uploaded. An attacker could exploit this vulnerability by uploading malicious software using the REST API. A successful exploit could allow an attacker to escalate their privilege level to root. The attacker would need to have the administrator role on the device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-application_policy_infrastructure_controllerCisco Application Policy Infrastructure Controller (APIC)
CWE ID-CWE-264
Not Available
CWE ID-CWE-20
Improper Input Validation
CVE-2021-40120
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.48% / 64.60%
||
7 Day CHG~0.00%
Published-04 Nov, 2021 | 15:35
Updated-07 Nov, 2024 | 21:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV Series Routers Command Injection Vulnerability

A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker with administrative privileges to inject arbitrary commands into the underlying operating system and execute them using root-level privileges. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious input to a specific field in the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system as a user with root-level privileges.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv325application_extension_platformrv320rv042rv042grv082rv016ios_xrCisco Small Business RV Series Router Firmware
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-1743
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.71% / 71.90%
||
7 Day CHG~0.00%
Published-27 Mar, 2019 | 23:35
Updated-20 Nov, 2024 | 17:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software Arbitrary File Upload Vulnerability

A vulnerability in the web UI framework of Cisco IOS XE Software could allow an authenticated, remote attacker to make unauthorized changes to the filesystem of the affected device. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by crafting a malicious file and uploading it to the device. An exploit could allow the attacker to gain elevated privileges on the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS XE Software
CWE ID-CWE-20
Improper Input Validation
CVE-2019-15957
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-1.10% / 77.70%
||
7 Day CHG~0.00%
Published-23 Sep, 2020 | 00:27
Updated-13 Nov, 2024 | 18:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business Routers RV016, RV042, RV042G, RV082, RV320, and RV325 Command Injection Vulnerability

A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker with administrative privileges to inject arbitrary commands into the underlying operating system. When processed, the commands will be executed with root privileges. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by providing malicious input to a specific field in the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system as the root user.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv325_dual_gigabit_wan_wf_vpn_routerrv042g_dual_gigabit_wan_vpnrv082_dual_wan_vpn_router_firmwarerv082_dual_wan_vpn_routerrv320_firmwarerv320_dual_gigabit_wan_vpn_routerrv016_multi-wan_vpnrv042g_dual_gigabit_wan_vpn_firmwarerv325_firmwarerv016_multi-wan_vpn_firmwarerv042_dual_wan_vpnCisco Small Business RV Series Router Firmware
CWE ID-CWE-20
Improper Input Validation
CVE-2019-15958
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-8.1||HIGH
EPSS-2.48% / 84.97%
||
7 Day CHG~0.00%
Published-26 Nov, 2019 | 03:11
Updated-20 Nov, 2024 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerability

A vulnerability in the REST API of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network Manager (EPNM) could allow an unauthenticated remote attacker to execute arbitrary code with root privileges on the underlying operating system. The vulnerability is due to insufficient input validation during the initial High Availability (HA) configuration and registration process of an affected device. An attacker could exploit this vulnerability by uploading a malicious file during the HA registration period. A successful exploit could allow the attacker to execute arbitrary code with root-level privileges on the underlying operating system. Note: This vulnerability can only be exploited during the HA registration period. See the Details section for more information.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-prime_infrastructureevolved_programmable_network_managerCisco Prime Infrastructure
CWE ID-CWE-20
Improper Input Validation
CVE-2019-1652
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-93.02% / 99.77%
||
7 Day CHG+0.08%
Published-24 Jan, 2019 | 16:00
Updated-28 Oct, 2025 | 13:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-03-17||Apply updates per vendor instructions.
Cisco Small Business RV320 and RV325 Routers Command Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious HTTP POST requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux shell as root. Cisco has released firmware updates that address this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv320_firmwarerv325_firmwarerv325rv320Cisco Small Business RV Series Router FirmwareSmall Business RV320 and RV325 Dual Gigabit WAN VPN Routers
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-16005
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.73% / 72.16%
||
7 Day CHG~0.00%
Published-26 Jan, 2020 | 04:45
Updated-15 Nov, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Webex Video Mesh Node Command Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Webex Video Mesh could allow an authenticated, remote attacker to execute arbitrary commands on the affected system. The vulnerability is due to improper validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by logging in to the web-based management interface with administrative privileges and supplying crafted requests to the application. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with root privileges on a targeted node.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-collaboration_meeting_roomswebex_video_meshCisco Webex Video Mesh
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-20
Improper Input Validation
CVE-2019-15288
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.75% / 72.68%
||
7 Day CHG~0.00%
Published-26 Nov, 2019 | 03:11
Updated-20 Nov, 2024 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco TelePresence Collaboration Endpoint, TelePresence Codec, and RoomOS Software Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE), Cisco TelePresence Codec (TC), and Cisco RoomOS Software could allow an authenticated, remote attacker to escalate privileges to an unrestricted user of the restricted shell. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including specific arguments when opening an SSH connection to an affected device. A successful exploit could allow the attacker to gain unrestricted user access to the restricted shell of an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-roomostelepresence_codectelepresence_collaboration_endpointCisco TelePresence TC Software
CWE ID-CWE-20
Improper Input Validation
CVE-2021-1147
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.58% / 68.25%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:38
Updated-12 Nov, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Command Injection Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwareapplication_extension_platformrv130_vpn_routerrv130_vpn_router_firmwarerv215w_wireless-n_vpn_routerrv110wrv215w_wireless-n_vpn_router_firmwarerv110w_firmwarerv130wCisco Small Business RV Series Router Firmware
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-1139
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-7.17% / 91.38%
||
7 Day CHG~0.00%
Published-20 Jan, 2021 | 20:11
Updated-12 Nov, 2024 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Smart Software Manager Satellite Web UI Command Injection Vulnerabilities

Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-smart_software_manager_satelliteCisco Smart Software Manager On-Prem
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-1468
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-2.60% / 85.30%
||
7 Day CHG~0.00%
Published-06 May, 2021 | 12:41
Updated-08 Nov, 2024 | 23:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco SD-WAN vManage Software Vulnerabilities

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-sd-wan_vmanagecatalyst_sd-wan_managerCisco SD-WAN vManage
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-287
Improper Authentication
CVE-2021-1602
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-8.2||HIGH
EPSS-1.62% / 81.45%
||
7 Day CHG~0.00%
Published-04 Aug, 2021 | 17:20
Updated-07 Nov, 2024 | 22:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV160 and RV260 Series VPN Routers Remote Command Execution Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device using root-level privileges. Due to the nature of the vulnerability, only commands without parameters can be executed.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-small_business_rv260small_business_rv160small_business_rv260wsmall_business_rv_series_router_firmwaresmall_business_rv160wsmall_business_rv260pCisco Small Business RV Series Router Firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-20
Improper Input Validation
CVE-2021-1150
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.58% / 68.25%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:37
Updated-12 Nov, 2024 | 20:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Command Injection Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwareapplication_extension_platformrv130_vpn_routerrv130_vpn_router_firmwarerv215w_wireless-n_vpn_routerrv110wrv215w_wireless-n_vpn_router_firmwarerv110w_firmwarerv130wCisco Small Business RV Series Router Firmware
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2016-6374
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-5.62% / 90.13%
||
7 Day CHG~0.00%
Published-22 Sep, 2016 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco Cloud Services Platform (CSP) 2100 2.0 allows remote attackers to execute arbitrary code via a crafted dnslookup command in an HTTP request, aka Bug ID CSCuz89093.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-cloud_services_platform_2100n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-1861
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-2.29% / 84.39%
||
7 Day CHG~0.00%
Published-05 Jun, 2019 | 16:25
Updated-20 Nov, 2024 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Industrial Network Director Remote Code Execution Vulnerability

A vulnerability in the software update feature of Cisco Industrial Network Director could allow an authenticated, remote attacker to execute arbitrary code. The vulnerability is due to improper validation of files uploaded to the affected application. An attacker could exploit this vulnerability by authenticating to the affected system using administrator privileges and uploading an arbitrary file. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-industrial_network_directorCisco Industrial Network Director
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2019-1822
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-2.95% / 86.15%
||
7 Day CHG~0.00%
Published-16 May, 2019 | 01:10
Updated-20 Nov, 2024 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerabilities

A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to execute code with root-level privileges on the underlying operating system.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-prime_infrastructureevolved_programmable_network_managerCisco Prime Infrastructure
CWE ID-CWE-20
Improper Input Validation
CVE-2016-1359
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.51% / 65.74%
||
7 Day CHG~0.00%
Published-03 Mar, 2016 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco Prime Infrastructure 3.0 allows remote authenticated users to execute arbitrary code via a crafted HTTP request that is mishandled during viewing of a log file, aka Bug ID CSCuw81494.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-prime_infrastructuren/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-1408
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.35% / 57.01%
||
7 Day CHG~0.00%
Published-02 Jul, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco Prime Infrastructure 1.2 through 3.1 and Evolved Programmable Network Manager (EPNM) 1.2 and 2.0 allow remote authenticated users to execute arbitrary commands or upload files via a crafted HTTP request, aka Bug ID CSCuz01488.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-prime_infrastructureevolved_programmable_network_managern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-1391
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.59% / 68.56%
||
7 Day CHG~0.00%
Published-04 Jun, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(2) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(2) allow remote authenticated users to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuy21889.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-prime_virtual_network_analysis_module_softwareprime_network_analysis_module_softwaren/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-12630
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-6.5||MEDIUM
EPSS-7.80% / 91.78%
||
7 Day CHG~0.00%
Published-02 Oct, 2019 | 18:15
Updated-19 Nov, 2024 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Security Manager Java Deserialization Vulnerability

A vulnerability in the Java deserialization function used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a malicious serialized Java object to a specific listener on an affected system. A successful exploit could allow the attacker to execute arbitrary commands on the device with the privileges of casuser.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-security_managerCisco Security Manager
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2015-6361
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.53% / 66.50%
||
7 Day CHG~0.00%
Published-13 Dec, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The administrative web interface on Cisco DPC3939 (XB3) devices with firmware 121109aCMCST allows remote authenticated users to execute arbitrary commands via unspecified fields, aka Bug ID CSCuw86170.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-dpc3939_wireless_residential_voice_gateway_firmwaredpc3939_wireless_residential_voice_gatewayn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-4329
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.46% / 63.69%
||
7 Day CHG~0.00%
Published-20 Aug, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The administrator web interface in Cisco TelePresence Video Communication Server (VCS) X8.5.2 allows remote authenticated users to execute arbitrary OS commands via crafted HTTP requests, aka Bug ID CSCuv11796.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-telepresence_video_communication_server_softwaren/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-4276
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.21% / 78.63%
||
7 Day CHG~0.00%
Published-16 Jul, 2015 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco WebEx Meetings Server 2.5MR1 allows remote authenticated users to execute arbitrary code via a crafted command parameter, aka Bug ID CSCus56138.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-webex_meetings_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2025-20184
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.20% / 42.36%
||
7 Day CHG~0.00%
Published-05 Feb, 2025 | 16:14
Updated-08 Aug, 2025 | 17:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Secure Email and Web Manager and Secure Web Appliance Command Injection Vulnerability

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Web Appliance could allow an authenticated, remote attacker to perform command injection attacks against an affected device. The attacker must authenticate with valid administrator credentials. This vulnerability is due to insufficient validation of XML configuration files by an affected device. An attacker could exploit this vulnerability by uploading a crafted XML configuration file. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-secure_web_appliance_virtual_s1000vsecure_email_gateway_virtual_appliance_c300vsecure_email_gateway_virtual_appliance_c600vsecure_email_gateway_c395secure_web_appliance_s396secure_web_appliance_virtual_s100vsecure_web_appliance_virtual_s300vsecure_email_gateway_c695secure_email_gateway_c195secure_web_appliance_s196secure_web_appliance_virtual_s600vsecure_web_appliance_s696asyncossecure_email_gateway_virtual_appliance_c100vCisco Secure EmailCisco Secure Web Appliance
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-20125
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.20% / 42.04%
||
7 Day CHG~0.00%
Published-05 Feb, 2025 | 16:12
Updated-28 Mar, 2025 | 13:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Identity Services Engine Insufficient Authorization Bypass Vulnerability

A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker with valid read-only credentials to obtain sensitive information, change node configurations, and restart the node. This vulnerability is due to a lack of authorization in a specific API and improper validation of user-supplied data. An attacker could exploit this vulnerability by sending a crafted HTTP request to a specific API on the device. A successful exploit could allow the attacker to attacker to obtain information, modify system configuration, and reload the device. Note: To successfully exploit this vulnerability, the attacker must have valid read-only administrative credentials. In a single-node deployment, new devices will not be able to authenticate during the reload time.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-identity_services_engineCisco ISE Passive Identity ConnectorCisco Identity Services Engine Software
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-862
Missing Authorization
CVE-2018-0394
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.55% / 67.47%
||
7 Day CHG~0.00%
Published-18 Jul, 2018 | 23:00
Updated-29 Nov, 2024 | 14:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web upload function of Cisco Cloud Services Platform 2100 could allow an authenticated, remote attacker to obtain restricted shell access on an affected system. The vulnerability is due to insufficient input validation of parameters passed to a specific function within the user interface. An attacker could exploit this vulnerability by injecting code into a function parameter. Cisco Bug IDs: CSCvi12935.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-cloud_services_platform_2100Cisco Cloud Services Platform 2100 unknown
CWE ID-CWE-20
Improper Input Validation
CVE-2021-1182
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.43% / 62.40%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:21
Updated-12 Nov, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwarerv130_firmwarerv110wrv110w_firmwarerv130wrv215wrv130rv215w_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1343
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.43% / 62.40%
||
7 Day CHG~0.00%
Published-04 Feb, 2021 | 16:40
Updated-08 Nov, 2024 | 23:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV Series Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv042_dual_wan_vpn_router_firmwarerv016_multi-wan_vpn_router_firmwarerv042_dual_wan_vpn_routerrv082_dual_wan_vpn_router_firmwarerv325_dual_gigabit_wan_vpn_router_firmwarerv082_dual_wan_vpn_routerrv016_multi-wan_vpn_routerrv320_dual_gigabit_wan_vpn_routerrv320_dual_gigabit_wan_vpn_router_firmwarerv042g_dual_gigabit_wan_vpn_routerrv325_dual_gigabit_wan_vpn_routerrv042g_dual_gigabit_wan_vpn_router_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2021-1538
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.7||MEDIUM
EPSS-1.98% / 83.24%
||
7 Day CHG~0.00%
Published-04 Jun, 2021 | 16:45
Updated-07 Nov, 2024 | 22:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Common Services Platform Collector Command Injection Vulnerability

A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to execute arbitrary code. This vulnerability is due to insufficient sanitization of configuration entries. An attacker could exploit this vulnerability by logging in as a super admin and entering crafted input to configuration options on the CSPC configuration dashboard. A successful exploit could allow the attacker to execute remote code as root.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-common_services_platform_collectorCisco Common Services Platform Collector Software
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-1415
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.3||MEDIUM
EPSS-1.24% / 78.94%
||
7 Day CHG~0.00%
Published-08 Apr, 2021 | 04:06
Updated-08 Nov, 2024 | 23:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Authenticated Remote Code Execution Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code with elevated privileges equivalent to the web service process on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv340_firmwarerv340wrv345prv345rv345_firmwarerv345p_firmwarerv340rv340w_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2021-1345
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.43% / 62.40%
||
7 Day CHG~0.00%
Published-04 Feb, 2021 | 16:40
Updated-08 Nov, 2024 | 23:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV Series Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv042_dual_wan_vpn_router_firmwarerv016_multi-wan_vpn_router_firmwarerv042_dual_wan_vpn_routerrv082_dual_wan_vpn_router_firmwarerv325_dual_gigabit_wan_vpn_router_firmwarerv082_dual_wan_vpn_routerrv016_multi-wan_vpn_routerrv320_dual_gigabit_wan_vpn_routerrv320_dual_gigabit_wan_vpn_router_firmwarerv042g_dual_gigabit_wan_vpn_routerrv325_dual_gigabit_wan_vpn_routerrv042g_dual_gigabit_wan_vpn_router_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2021-1196
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.43% / 62.40%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:22
Updated-12 Nov, 2024 | 20:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwareapplication_extension_platformrv130_vpn_routerrv130_vpn_router_firmwarerv215w_wireless-n_vpn_routerrv110wrv215w_wireless-n_vpn_router_firmwarerv110w_firmwarerv130wCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1294
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.87% / 82.74%
||
7 Day CHG~0.00%
Published-04 Feb, 2021 | 16:56
Updated-08 Nov, 2024 | 23:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers Remote Code Execution Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv260w_wireless-ac_vpn_routerrv160_vpn_routerrv160w_wireless-ac_vpn_routerrv160_vpn_router_firmwarerv260p_vpn_router_with_poerv260w_wireless-ac_vpn_router_firmwarerv160w_wireless-ac_vpn_router_firmwarerv260_vpn_routerrv260_vpn_router_firmwarerv260p_vpn_router_with_poe_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-472
External Control of Assumed-Immutable Web Parameter
CVE-2021-1168
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.27% / 49.75%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:36
Updated-12 Nov, 2024 | 20:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwareapplication_extension_platformrv130_vpn_routerrv130_vpn_router_firmwarerv215w_wireless-n_vpn_routerrv110wrv215w_wireless-n_vpn_router_firmwarerv110w_firmwarerv130wCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1619
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.87% / 74.76%
||
7 Day CHG~0.00%
Published-23 Sep, 2021 | 02:30
Updated-07 Nov, 2024 | 21:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software NETCONF and RESTCONF Authentication Bypass Vulnerability

A vulnerability in the authentication, authorization, and accounting (AAA) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass NETCONF or RESTCONF authentication and do either of the following: Install, manipulate, or delete the configuration of an affected device Cause memory corruption that results in a denial of service (DoS) on an affected device This vulnerability is due to an uninitialized variable. An attacker could exploit this vulnerability by sending a series of NETCONF or RESTCONF requests to an affected device. A successful exploit could allow the attacker to use NETCONF or RESTCONF to install, manipulate, or delete the configuration of a network device or to corrupt memory on the device, resulting a DoS.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xe_sd-wan_16.10.4_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.12.1c_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.9.1_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.10.3_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.10.3_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.12.1a_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.12.1d_when_installed_on_cloud_services_router_1000vios_xe_sd-wan_16.11.1a_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.11.1b_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.10.6_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.12.1b1_when_installed_on_1100_series_industrial_integrated_servicesios_xe_sd-wan_16.10.3a_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.12.2r_when_installed_on_1100_series_industrial_integrated_servicesios_xe_sd-wan_16.12.2r_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.12.5_when_installed_on_cloud_services_router_1000vios_xe_sd-wan_16.9.3_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.12.1_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.10.3b_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.12.1d_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.12.5_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.11.1b_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.12.1e_when_installed_on_1100_series_industrial_integrated_servicesios_xe_sd-wan_16.9.3_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.12.1a_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.12.1a_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.10.6_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.12.3_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.11.1s_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.12.4_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.11.1b_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.10.3_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.12.1_when_installed_on_cloud_services_router_1000vios_xe_sd-wan_16.10.2_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.12.1b_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.10.5_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.11.1_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.9.4_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.9.2_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.10.2_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.12.4_when_installed_on_cloud_services_router_1000vios_xe_sd-wan_16.11.1b_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.10.3a_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.12.1c_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.10.3_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.10.1_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.12.2r_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.12.1b_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.10.5_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.12.3_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.11.1_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.12.1c_when_installed_on_1100_series_industrial_integrated_servicesios_xe_sd-wan_16.12.5_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.10.3b_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.10.5_when_installed_on_cloud_services_router_1000vios_xe_sd-wan_16.12.1_when_installed_on_1100_series_industrial_integrated_servicesios_xe_sd-wan_16.11.1a_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.12.5_when_installed_on_1100_series_industrial_integrated_servicesios_xe_sd-wan_16.10.2_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.12.1d_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.10.4_when_installed_on_cloud_services_router_1000vios_xe_sd-wan_16.10.4_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.12.1e_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.10.1_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.10.1_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.12.2r_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.12.3_when_installed_on_1100_series_industrial_integrated_servicesios_xe_sd-wan_16.10.3b_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.12.1_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.12.1b1_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.12.1e_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.12.1b_when_installed_on_cloud_services_router_1000vios_xe_sd-wan_16.12.1b1_when_installed_on_cloud_services_router_1000vios_xe_sd-wan_16.12.1e_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.9.1_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.9.4_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.9.2_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.12.4a_when_installed_on_cloud_services_router_1000vios_xe_sd-wan_16.12.1d_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.10.6_when_installed_on_integrated_services_virtualios_xe_sd-wanios_xe_sd-wan_16.9.2_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.12.1d_when_installed_on_1100_series_industrial_integrated_servicesios_xe_sd-wan_16.12.1d_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.9.2_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.12.1_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.12.1b_when_installed_on_1100_series_industrial_integrated_servicesios_xe_sd-wan_16.9.1_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.12.1c_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.10.1_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.12.5_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.12.2r_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.12.1e_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.10.3a_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.9.1_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.12.1a_when_installed_on_cloud_services_router_1000vios_xe_sd-wan_16.10.4_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.11.1a_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.11.1s_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.12.3_when_installed_on_cloud_services_router_1000vios_xe_sd-wan_16.12.1b_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.12.1c_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.12.4a_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.10.3b_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.12.4_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.11.1_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.11.1_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.11.1f_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.11.1s_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.11.1a_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.12.1e_when_installed_on_cloud_services_router_1000vios_xe_sd-wan_16.12.4_when_installed_on_1100_series_industrial_integrated_servicesios_xe_sd-wan_16.12.3_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.10.5_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.11.1d_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.10.6_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.9.4_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.10.4_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.11.1s_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.12.1a_when_installed_on_1100_series_industrial_integrated_servicesios_xe_sd-wan_16.12.1_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.10.3a_when_installed_on_cloud_services_router_1000vios_xe_sd-wan_16.12.1b1_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.10.3a_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.10.5_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.11.1a_when_installed_on_cloud_services_router_1000vios_xe_sd-wan_16.12.1b_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.12.1b1_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.12.1b1_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.12.1c_when_installed_on_cloud_services_router_1000vios_xe_sd-wan_16.12.3_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.11.1d_when_installed_on_cloud_services_router_1000vios_xe_sd-wan_16.12.4a_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.9.3_when_installed_on_1000_series_integrated_servicesios_xeios_xe_sd-wan_16.10.2_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.12.4_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.12.5_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.12.2r_when_installed_on_cloud_services_router_1000vios_xe_sd-wan_16.12.1a_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.11.1s_when_installed_on_cloud_services_router_1000vios_xe_sd-wan_16.11.1b_when_installed_on_cloud_services_router_1000vios_xe_sd-wan_16.10.3b_when_installed_on_cloud_services_router_1000vios_xe_sd-wan_16.9.4_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.10.6_when_installed_on_cloud_services_router_1000vios_xe_sd-wan_16.9.3_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.12.4_when_installed_on_4000_series_integrated_servicesCisco IOS XE Software
CWE ID-CWE-824
Access of Uninitialized Pointer
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2021-1215
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.43% / 62.40%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:16
Updated-12 Nov, 2024 | 20:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwareapplication_extension_platformrv130_vpn_routerrv130_vpn_router_firmwarerv215w_wireless-n_vpn_routerrv110wrv215w_wireless-n_vpn_router_firmwarerv110w_firmwarerv130wCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1342
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.43% / 62.40%
||
7 Day CHG~0.00%
Published-04 Feb, 2021 | 16:40
Updated-08 Nov, 2024 | 23:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV Series Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv042_dual_wan_vpn_router_firmwarerv016_multi-wan_vpn_router_firmwarerv042_dual_wan_vpn_routerrv082_dual_wan_vpn_router_firmwarerv325_dual_gigabit_wan_vpn_router_firmwarerv082_dual_wan_vpn_routerrv016_multi-wan_vpn_routerrv320_dual_gigabit_wan_vpn_routerrv320_dual_gigabit_wan_vpn_router_firmwarerv042g_dual_gigabit_wan_vpn_routerrv325_dual_gigabit_wan_vpn_routerrv042g_dual_gigabit_wan_vpn_router_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 57
  • 58
  • Next
Details not found