Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-20003

Summary
Assigner-cisco
Assigner Org ID-d1c1063e-7a18-46af-9102-31f8928bc633
Published At-18 May, 2023 | 00:00
Updated At-25 Oct, 2024 | 15:58
Rejected At-
Credits

Cisco Business Wireless Access Points Social Login Guest User Authentication Bypass Vulnerability

A vulnerability in the social login configuration option for the guest users of Cisco Business Wireless Access Points (APs) could allow an unauthenticated, adjacent attacker to bypass social login authentication. This vulnerability is due to a logic error with the social login implementation. An attacker could exploit this vulnerability by attempting to authenticate to an affected device. A successful exploit could allow the attacker to access the Guest Portal without authentication.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:cisco
Assigner Org ID:d1c1063e-7a18-46af-9102-31f8928bc633
Published At:18 May, 2023 | 00:00
Updated At:25 Oct, 2024 | 15:58
Rejected At:
▼CVE Numbering Authority (CNA)
Cisco Business Wireless Access Points Social Login Guest User Authentication Bypass Vulnerability

A vulnerability in the social login configuration option for the guest users of Cisco Business Wireless Access Points (APs) could allow an unauthenticated, adjacent attacker to bypass social login authentication. This vulnerability is due to a logic error with the social login implementation. An attacker could exploit this vulnerability by attempting to authenticate to an affected device. A successful exploit could allow the attacker to access the Guest Portal without authentication.

Affected Products
Vendor
Cisco Systems, Inc.Cisco
Product
Cisco Business Wireless Access Point Software
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
CWECWE-288CWE-288
Type: CWE
CWE ID: CWE-288
Description: CWE-288
Metrics
VersionBase scoreBase severityVector
3.14.7MEDIUM
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
Version: 3.1
Base score: 4.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits

The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cbw-auth-bypass-ggnAfdZ
vendor-advisory
Hyperlink: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cbw-auth-bypass-ggnAfdZ
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cbw-auth-bypass-ggnAfdZ
vendor-advisory
x_transferred
Hyperlink: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cbw-auth-bypass-ggnAfdZ
Resource:
vendor-advisory
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:ykramarz@cisco.com
Published At:18 May, 2023 | 03:15
Updated At:07 Nov, 2023 | 04:05

A vulnerability in the social login configuration option for the guest users of Cisco Business Wireless Access Points (APs) could allow an unauthenticated, adjacent attacker to bypass social login authentication. This vulnerability is due to a logic error with the social login implementation. An attacker could exploit this vulnerability by attempting to authenticate to an affected device. A successful exploit could allow the attacker to access the Guest Portal without authentication.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary3.14.7MEDIUM
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 4.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
CPE Matches
Cisco Systems, Inc.
cisco
>>business_140ac_access_point_firmware>>Versions before 10.8.1.0(exclusive)
cpe:2.3:o:cisco:business_140ac_access_point_firmware:*:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>business_140ac_access_point>>-
cpe:2.3:h:cisco:business_140ac_access_point:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>business_141acm_firmware>>Versions before 10.8.1.0(exclusive)
cpe:2.3:o:cisco:business_141acm_firmware:*:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>business_141acm>>-
cpe:2.3:h:cisco:business_141acm:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>business_142acm_firmware>>Versions before 10.8.1.0(exclusive)
cpe:2.3:o:cisco:business_142acm_firmware:*:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>business_142acm>>-
cpe:2.3:h:cisco:business_142acm:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>business_143acm_firmware>>Versions before 10.8.1.0(exclusive)
cpe:2.3:o:cisco:business_143acm_firmware:*:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>business_143acm>>-
cpe:2.3:h:cisco:business_143acm:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>business_151axm_firmware>>10.4.2
cpe:2.3:o:cisco:business_151axm_firmware:10.4.2:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>business_151axm>>-
cpe:2.3:h:cisco:business_151axm:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>business_145ac_access_point_firmware>>Versions before 10.8.1.0(exclusive)
cpe:2.3:o:cisco:business_145ac_access_point_firmware:*:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>business_145ac_access_point>>-
cpe:2.3:h:cisco:business_145ac_access_point:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>business_150ax_access_point_firmware>>10.4.2
cpe:2.3:o:cisco:business_150ax_access_point_firmware:10.4.2:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>business_150ax_access_point>>-
cpe:2.3:h:cisco:business_150ax_access_point:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>business_240ac_access_point_firmware>>Versions before 10.8.1.0(exclusive)
cpe:2.3:o:cisco:business_240ac_access_point_firmware:*:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>business_240ac_access_point>>-
cpe:2.3:h:cisco:business_240ac_access_point:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-306Primarynvd@nist.gov
CWE-288Secondaryykramarz@cisco.com
CWE ID: CWE-306
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-288
Type: Secondary
Source: ykramarz@cisco.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cbw-auth-bypass-ggnAfdZykramarz@cisco.com
Vendor Advisory
Hyperlink: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cbw-auth-bypass-ggnAfdZ
Source: ykramarz@cisco.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

110Records found
CVE-2024-20510
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.07% / 22.04%
||
7 Day CHG~0.00%
Published-25 Sep, 2024 | 16:28
Updated-03 Oct, 2024 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Central Web Authentication (CWA) feature of Cisco IOS XE Software for Wireless Controllers could allow an unauthenticated, adjacent attacker to bypass the pre-authentication access control list (ACL), which could allow access to network resources before user authentication. This vulnerability is due to a logic error when activating the pre-authentication ACL that is received from the authentication, authorization, and accounting (AAA) server. An attacker could exploit this vulnerability by connecting to a wireless network that is configured for CWA and sending traffic through an affected device that should be denied by the configured ACL before user authentication. A successful exploit could allow the attacker to bypass configured ACL protections on the affected device before the user authentication is completed, allowing the attacker to access trusted networks that the device might be protecting.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS XE Software
CWE ID-CWE-863
Incorrect Authorization
CVE-2021-34779
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 27.14%
||
7 Day CHG~0.00%
Published-06 Oct, 2021 | 19:45
Updated-07 Nov, 2024 | 21:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities

Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-business_220-8t-e-2gbusiness_220-24p-4xbusiness_220-48t-4x_firmwarebusiness_220-16t-2g_firmwarebusiness_220-8t-e-2g_firmwarebusiness_220-16p-2g_firmwarebusiness_220-16p-2gbusiness_220-24t-4gbusiness_220-24p-4gbusiness_220-8fp-e-2gbusiness_220-24t-4g_firmwarebusiness_220-48p-4x_firmwarebusiness_220-48fp-4x_firmwarebusiness_220-24fp-4g_firmwarebusiness_220-48t-4g_firmwarebusiness_220-48t-4xbusiness_220-24fp-4x_firmwarebusiness_220-8p-e-2g_firmwarebusiness_220-24p-4x_firmwarebusiness_220-48p-4gbusiness_220-24t-4xbusiness_220-24p-4g_firmwarebusiness_220-48t-4gbusiness_220-48p-4xbusiness_220-24t-4x_firmwarebusiness_220-24fp-4xbusiness_220-16t-2gbusiness_220-48p-4g_firmwarebusiness_220-8fp-e-2g_firmwarebusiness_220-48fp-4xbusiness_220-24fp-4gbusiness_220-8p-e-2gCisco Small Business 200 Series Smart Switches
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-34780
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 27.14%
||
7 Day CHG~0.00%
Published-06 Oct, 2021 | 19:45
Updated-07 Nov, 2024 | 21:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities

Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-business_220-8t-e-2gbusiness_220-24p-4xbusiness_220-48t-4x_firmwarebusiness_220-16t-2g_firmwarebusiness_220-8t-e-2g_firmwarebusiness_220-16p-2g_firmwarebusiness_220-16p-2gbusiness_220-24t-4gbusiness_220-24p-4gbusiness_220-8fp-e-2gbusiness_220-24t-4g_firmwarebusiness_220-48p-4x_firmwarebusiness_220-48fp-4x_firmwarebusiness_220-24fp-4g_firmwarebusiness_220-48t-4g_firmwarebusiness_220-48t-4xbusiness_220-24fp-4x_firmwarebusiness_220-8p-e-2g_firmwarebusiness_220-24p-4x_firmwarebusiness_220-48p-4gbusiness_220-24t-4xbusiness_220-24p-4g_firmwarebusiness_220-48t-4gbusiness_220-48p-4xbusiness_220-24t-4x_firmwarebusiness_220-24fp-4xbusiness_220-16t-2gbusiness_220-48p-4g_firmwarebusiness_220-8fp-e-2g_firmwarebusiness_220-48fp-4xbusiness_220-24fp-4gbusiness_220-8p-e-2gCisco Small Business 200 Series Smart Switches
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-27853
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-4.7||MEDIUM
EPSS-0.03% / 8.18%
||
7 Day CHG~0.00%
Published-27 Sep, 2022 | 17:55
Updated-21 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
L2 network filtering can be bypassed using stacked VLAN0 and LLC/SNAP headers

Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using combinations of VLAN 0 headers and LLC/SNAP headers.

Action-Not Available
Vendor-ieeeIEEEThe IETF Administration LLC (IETF LLC)Cisco Systems, Inc.
Product-catalyst_3650-48pd-ln9k-x9788tc-fxcatalyst_3650-48fqm-snexus_92300ycn9k-c93600cd-gx_firmwarecatalyst_3850-24xu-en9k-x9788tc-fx_firmwarecatalyst_3650-24ps-lsg500-52nexus_9536pq_firmwaresf500-48mp_firmwarenexus_9364c-gxn9k-x9636c-r_firmwaresg500x-24mppcatalyst_3650-12x48uz-ssg500-28nexus_9516catalyst_6509-v-enexus_x9636q-rsg500-28mppnexus_92300yc_firmwaren9k-x9432c-snexus_93360yc-fx2_firmwarecatalyst_3850-24p-lp802.1qcatalyst_3650-48fq-scatalyst_3650-24pd-ln9k-c9316d-gxcatalyst_9400catalyst_6800ia_firmwarecatalyst_3650-48fs-lcatalyst_3650-24pdm-ecatalyst_3850-16xs-ecatalyst_3850-48u-snexus_93240yc-fx2sf-500-24mp_firmwarecatalyst_3650-8x24uq-sn9k-x9464tx2_firmwarecatalyst_6506-enexus_9636pqnexus_9336c-fx2-e_firmwarecatalyst_3650-48fd-scatalyst_3650-12x48uq-enexus_9716d-gxcatalyst_c3850-12x48u-scatalyst_3650-24ts-ecatalyst_c6816-x-len9k-x9736c-fxnexus_9336c-fx2-ecatalyst_3650-48fs-ecatalyst_6800iacatalyst_3650-48ts-snexus_93180yc-fxcatalyst_3850-12xs-ecatalyst_3650-24td-lcatalyst_3650-12x48ur-ssf500-24_firmwaremeraki_ms390_firmwarecatalyst_9600catalyst_3650-12x48fd-scatalyst_3850-24p-en9k-c9332d-gx2b_firmwarenexus_9364c_firmwarenexus_9348gc-fxpcatalyst_3650-24ps-emeraki_ms250catalyst_6503-e_firmwarecatalyst_6503-ecatalyst_3650-48ts-lcatalyst_6880-xmeraki_ms410_firmwarecatalyst_3650-48fqm-lnexus_9516_firmwaren9k-x9464tx2meraki_ms355_firmwarecatalyst_3650-24ps-snexus_9236c_firmwarenexus_93180yc-ex_firmwaresg500x-48mpp_firmwarenexus_92304qc_firmwaremeraki_ms210catalyst_3850-48t-eieee_802.2n9k-x97160yc-ex_firmwarecatalyst_3850-48f-lsg500x-24p_firmwarecatalyst_3850-24xs-ecatalyst_3650-24pd-scatalyst_3850-32xs-sn9k-x9564px_firmwarecatalyst_9300lmsg500-52p_firmwarecatalyst_3650-48fd-lcatalyst_c6824-x-le-40g_firmwaremeraki_ms450catalyst_3850-24pw-scatalyst_6509-neb-anexus_9716d-gx_firmwarecatalyst_3650-24ts-lnexus_9432pq_firmwarecatalyst_3650-24pdm-snexus_93180yc-fx3_firmwarenexus_93108tc-fx3p_firmwarecatalyst_6807-xl_firmwaren9k-x9564pxsg500x-24pnexus_93108tc-fxcatalyst_3650-8x24pd-lmeraki_ms410catalyst_9200cxnexus_93216tc-fx2_firmwaren9k-x97160yc-exnexus_93180yc-fx_firmwaresg500-52mpnexus_93108tc-fx_firmwarecatalyst_9500hcatalyst_6506-e_firmwarecatalyst_3850-48t-ssf500-18p_firmwaresg500-52mp_firmwarecatalyst_6513-ecatalyst_3850-48xs-f-en9k-x9736c-excatalyst_3850-12xs-snexus_9332cmeraki_ms350_firmwarecatalyst_3650-12x48uz-enexus_9236ccatalyst_6880-x_firmwarecatalyst_3650-48fd-esf500-48catalyst_3650-24td-ecatalyst_9600xnexus_93120tx_firmwarecatalyst_6807-xlcatalyst_6840-xnexus_9736pqn9k-c9364d-gx2acatalyst_3850-24t-esg500x-48p_firmwaren9k-c9332d-gx2bsg500x-48mppcatalyst_3650-24pdm-lsg500x-24mpp_firmwarenexus_9736pq_firmwarecatalyst_3650-48tq-esg500-28psf500-48mpsg500x-24meraki_ms250_firmwaren9k-x9736c-ex_firmwarecatalyst_6509-e_firmwarecatalyst_3650-12x48fd-lcatalyst_3850-48pw-snexus_93120txcatalyst_6509-ecatalyst_c6824-x-le-40gcatalyst_3650-48fs-scatalyst_3650-48ts-ecatalyst_3850-48p-ecatalyst_3650-48fq-ecatalyst_3650-48tq-scatalyst_6504-e_firmwarecatalyst_c6832-x-le_firmwarenexus_93180yc-fx3nexus_9800_firmwarecatalyst_3850-24xs-smeraki_ms225_firmwarecatalyst_3650-8x24pd-ssf500-18pcatalyst_6509-neb-a_firmwaresg500-52pmeraki_ms350meraki_ms420catalyst_3850-48f-ecatalyst_3850-48xs-f-scatalyst_3650-12x48fd-ecatalyst_6504-ecatalyst_3650-48td-lnexus_9432pqsf500-48_firmwarecatalyst_3650-12x48ur-lcatalyst_3850-48xs-ecatalyst_3850-48u-esg500x-24_firmwarecatalyst_3650-48ps-enexus_93180yc-excatalyst_3650-48td-scatalyst_3850-24t-lcatalyst_6509-v-e_firmwarenexus_93216tc-fx2sf-500-24mpcatalyst_3650-12x48uq-lcatalyst_9300lcatalyst_3850-48p-ln9k-c9348d-gx2a_firmwarenexus_9272q_firmwarecatalyst_3850-24xu-smeraki_ms450_firmwarecatalyst_3850-24s-en9k-x9432c-s_firmwarenexus_93240yc-fx2_firmwarecatalyst_3850-24t-snexus_9364c-gx_firmwarecatalyst_3650-48fq-lnexus_92348gc-x_firmwaren9k-x9736c-fx_firmwaren9k-c9316d-gx_firmwarecatalyst_3650-12x48uz-lcatalyst_3650-48td-eios_xecatalyst_3650-48pd-scatalyst_3850-12s-smeraki_ms225nexus_92160yc-xcatalyst_3650-8x24uq-ecatalyst_9200sg500-52_firmwarecatalyst_9200ln9k-x9636c-rnexus_9336c-fx2catalyst_3850-48xs-scatalyst_3850-24u-ecatalyst_9500catalyst_c6840-x-le-40gnexus_x9636q-r_firmwaresf500-24p_firmwaresg500-28_firmwarenexus_9800nexus_9636pq_firmwarecatalyst_c6832-x-len9k-x9732c-fxnexus_9504_firmwarecatalyst_9300nexus_9332c_firmwarecatalyst_3850-48p-scatalyst_c6840-x-le-40g_firmwaren9k-x9564tx_firmwarecatalyst_3650-12x48uq-sn9k-x9732c-excatalyst_3650-8x24pd-enexus_93360yc-fx2catalyst_3850-32xs-enexus_92348gc-xnexus_9272qn9k-c9364d-gx2a_firmwaremeraki_ms390catalyst_3850-24xu-lcatalyst_3650-48tq-ln9k-x9564txsg500x-48_firmwarecatalyst_9300xn9k-x9464pxnexus_9508_firmwaren9k-x9732c-fx_firmwarenexus_93108tc-exn9k-x9636c-rxn9k-c9348d-gx2anexus_9536pqmeraki_ms210_firmwaremeraki_ms425_firmwarecatalyst_3650-48pq-ln9k-c93600cd-gxnexus_9504catalyst_3650-48fqm-emeraki_ms355meraki_ms420_firmwarecatalyst_3650-24ts-sn9k-x9464px_firmwarecatalyst_3850-48f-scatalyst_3850-24u-lcatalyst_3650-48pq-scatalyst_3650-48pd-esg500-28mpp_firmwaresf500-24catalyst_c6816-x-le_firmwarecatalyst_3850-48u-lnexus_93108tc-fx3pcatalyst_3650-48pq-ecatalyst_6840-x_firmwarecatalyst_3850-24u-snexus_9364csf500-24pmeraki_ms425catalyst_3650-12x48ur-enexus_93108tc-ex_firmwarecatalyst_3650-48ps-scatalyst_c3850-12x48u-ecatalyst_3850-48t-lnexus_9336c-fx2_firmwarecatalyst_3850-16xs-snexus_9348gc-fxp_firmwaresg500-28p_firmwarecatalyst_3650-8x24uq-lsg500x-48pcatalyst_3650-24pd-enexus_92160yc-x_firmwaren9k-x9732c-ex_firmwaren9k-x9636c-rx_firmwarecatalyst_3850-12s-ecatalyst_3650-48ps-lsg500x-48catalyst_6513-e_firmwarenexus_92304qcnexus_9508catalyst_c3850-12x48u-lcatalyst_3850-24s-scatalyst_3650-24td-s802.2draft-ietf-v6ops-ra-guardP802.1Q
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2018-0167
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-2.54% / 84.86%
||
7 Day CHG~0.00%
Published-28 Mar, 2018 | 22:00
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-03-17||Apply updates per vendor instructions.

Multiple Buffer Overflow vulnerabilities in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. Cisco Bug IDs: CSCuo17183, CSCvd73487.

Action-Not Available
Vendor-n/aCisco Systems, Inc.Rockwell Automation, Inc.
Product-asr_9912allen-bradley_stratix_5400allen-bradley_stratix_8300ios_xeallen-bradley_stratix_5900asr_9010allen-bradley_stratix_8000asr_9906asr_9001asr_9006asr_9910allen-bradley_armorstratix_5700asr_9904iosasr_9922allen-bradley_stratix_5410ios_xrallen-bradley_stratix_5700Cisco IOS, IOS XE, and IOS XRIOS, XR, and XE Software
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2025-20137
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.06% / 18.86%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 17:31
Updated-05 Aug, 2025 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the access control list (ACL) programming of Cisco IOS Software that is running on Cisco Catalyst 1000 Switches and Cisco Catalyst 2960L Switches could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to the use of both an IPv4 ACL and a dynamic ACL of IP Source Guard on the same interface, which is an unsupported configuration. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an ACL on the affected device. Note: Cisco documentation has been updated to reflect that this is an unsupported configuration. However, Cisco is publishing this advisory because the device will not prevent an administrator from configuring both features on the same interface. There are no plans to implement the ability to configure both features on the same interface on Cisco Catalyst 1000 or Catalyst 2960L Switches.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-catalyst_1000-48p-4g-lcatalyst_1000fe-24t-4g-lcatalyst_1000-48pp-4g-lcatalyst_2960l-24ts-llcatalyst_2960l-8ts-llcatalyst_1000-16t-e-2g-lcatalyst_2960l-24pq-llcatalyst_2960l-48pq-llcatalyst_1000fe-48p-4g-lcatalyst_2960l-16ts-llcatalyst_1000-48fp-4g-lcatalyst_1000-8p-e-2g-lcatalyst_1000-8t-e-2g-lcatalyst_1000-24pp-4g-lcatalyst_1000-8fp-e-2g-lcatalyst_2960l-48tq-llcatalyst_1000-16t-2g-lcatalyst_2960l-16ps-llcatalyst_1000-24p-4g-lcatalyst_1000-48t-4g-lcatalyst_1000-8fp-2g-lcatalyst_2960l-24tq-llcatalyst_1000fe-48t-4g-lcatalyst_2960l-48ts-llioscatalyst_1000fe-24p-4g-lcatalyst_1000-24fp-4x-lcatalyst_1000-24t-4g-lcatalyst_1000-16fp-2g-lcatalyst_1000-24fp-4g-lcatalyst_1000-48fp-4x-lcatalyst_1000-24t-4x-lcatalyst_2960l-8ps-llcatalyst_1000-16p-2g-lcatalyst_2960l-24ps-llcatalyst_1000-48p-4x-lcatalyst_1000-8p-2g-lcatalyst_1000-24p-4x-lcatalyst_2960l-48ps-llcatalyst_1000-8t-2g-lcatalyst_1000-48t-4x-lIOS
CWE ID-CWE-284
Improper Access Control
CVE-2021-1309
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.4||HIGH
EPSS-0.11% / 29.68%
||
7 Day CHG~0.00%
Published-08 Apr, 2021 | 04:05
Updated-08 Nov, 2024 | 23:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilities

Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv260_firmwarerv340_firmwarerv345prv345rv134w_firmwarerv160w_firmwarerv160_firmwarerv345p_firmwarerv260w_firmwarerv340w_firmwarerv132w_firmwarerv160wrv260rv260wrv340wrv132wrv260prv345_firmwarerv340rv260p_firmwarerv134wrv160Cisco Small Business RV Series Router Firmware
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2021-1284
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.07% / 22.96%
||
7 Day CHG~0.00%
Published-06 May, 2021 | 12:50
Updated-08 Nov, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco SD-WAN vManage Software Authentication Bypass Vulnerability

A vulnerability in the web-based messaging service interface of Cisco SD-WAN vManage Software could allow an unauthenticated, adjacent attacker to bypass authentication and authorization and modify the configuration of an affected system. To exploit this vulnerability, the attacker must be able to access an associated Cisco SD-WAN vEdge device. This vulnerability is due to insufficient authorization checks. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based messaging service interface of an affected system. A successful exploit could allow the attacker to gain unauthenticated read and write access to the affected vManage system. With this access, the attacker could access information about the affected vManage system, modify the configuration of the system, or make configuration changes to devices that are managed by the system.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-sd-wan_vmanagecatalyst_sd-wan_managerCisco SD-WAN vManage
CWE ID-CWE-284
Improper Access Control
CVE-2017-3854
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-1.36% / 79.36%
||
7 Day CHG~0.00%
Published-15 Mar, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the mesh code of Cisco Wireless LAN Controller (WLC) software could allow an unauthenticated, remote attacker to impersonate a WLC in a meshed topology. The vulnerability is due to insufficient authentication of the parent access point in a mesh configuration. An attacker could exploit this vulnerability by forcing the target system to disconnect from the correct parent access point and reconnect to a rogue access point owned by the attacker. An exploit could allow the attacker to control the traffic flowing through the impacted access point or take full control of the target system. This vulnerability affects the following products running a vulnerable version of Wireless LAN Controller software and configured for meshed mode: Cisco 8500 Series Wireless Controller, Cisco 5500 Series Wireless Controller, Cisco 2500 Series Wireless Controller, Cisco Flex 7500 Series Wireless Controller, Cisco Virtual Wireless Controller, Wireless Services Module 2 (WiSM2). Note that additional configuration is needed in addition to upgrading to a fixed release. Cisco Bug IDs: CSCuc98992 CSCuu14804.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-5508_wireless_lan_controller7500_wireless_lan_controller7510_wireless_lan_controller8540_wireless_lan_controller8510_wireless_lan_controllerwireless_lan_controller_firmwarewireless_lan_controller_softwarewireless_service_module_22504_wireless_lan_controller5500_wireless_lan_controllervirtual_wireless_controller2500_wireless_lan_controllerCisco Meshed Wireless LAN Controller
CWE ID-CWE-287
Improper Authentication
CVE-2020-3507
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.12% / 31.05%
||
7 Day CHG~0.00%
Published-26 Aug, 2020 | 16:15
Updated-13 Nov, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Remote Code Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP camera. These vulnerabilities are due to missing checks when the IP cameras process a Cisco Discovery Protocol packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to the targeted IP camera. A successful exploit could allow the attacker to execute code on the affected IP camera or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-8400_ip_camera_firmware8630_ip_camera_firmware8620_ip_camera8000p_ip_camera_firmware8930_speed_dome_ip_camera_firmware8020_ip_camera8400_ip_camera8030_ip_camera_firmware8070_ip_camera_firmware8620_ip_camera_firmware8070_ip_camera8020_ip_camera_firmware8000p_ip_camera8930_speed_dome_ip_camera8030_ip_camera8630_ip_cameraCisco Video Surveillance 8000 Series IP Cameras
CWE ID-CWE-20
Improper Input Validation
CVE-2020-3118
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.19% / 41.28%
||
7 Day CHG~0.00%
Published-05 Feb, 2020 | 17:40
Updated-30 Jul, 2025 | 01:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.
Cisco IOS XR Software Cisco Discovery Protocol Format String Vulnerability

A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability is due to improper validation of string input from certain fields in Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges on an affected device. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ncs_5502asr_9920asr_9906asr_9000ncs_560crs-xasr_9904ncs_6008asr_9910asr_9903ncs_540x-12z16g-sys-dncs_540x-acc-sysncs_5501asr_9912ncs_540x-16z4g8q2c-ancs_5508asr_9901asr_9006ncs_540-acc-sysncs_5516ncs_5502-sencs_540x-12z16g-sys-ancs_540-12z20g-sys-aasr_9922asr_9000vncs_540-28z4c-sys-dxrv_9000ncs_540-24z8q2c-sysios_xrasr_9010asr_9001ncs_5501-sencs_6000ncs_540lncs_540x-16z4g8q2c-dncs_540-28z4c-sys-ancs_540-12z20g-sys-dCisco IOS XR SoftwareIOS XR
CWE ID-CWE-134
Use of Externally-Controlled Format String
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-3110
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-1.46% / 80.06%
||
7 Day CHG~0.00%
Published-05 Feb, 2020 | 17:35
Updated-15 Nov, 2024 | 17:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Remote Code Execution and Denial of Service Vulnerability

A vulnerability in the Cisco Discovery Protocol implementation for the Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP Camera. The vulnerability is due to missing checks when processing Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to the targeted IP Camera. A successful exploit could allow the attacker to expose the affected IP Camera for remote code execution or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). This vulnerability is fixed in Video Surveillance 8000 Series IP Camera Firmware Release 1.0.7 and later.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-video_surveillance_8030_ip_camera_firmwarevideo_surveillance_8070_ip_camera_firmwarevideo_surveillance_8400_ip_cameravideo_surveillance_8020_ip_cameravideo_surveillance_8000p_ip_cameravideo_surveillance_8000p_ip_camera_firmwarevideo_surveillance_8930_speed_dome_ip_cameravideo_surveillance_8070_ip_cameravideo_surveillance_8630_ip_cameravideo_surveillance_8930_speed_dome_ip_camera_firmwarevideo_surveillance_8620_ip_cameravideo_surveillance_8620_ip_camera_firmwarevideo_surveillance_8400_ip_camera_firmwarevideo_surveillance_8030_ip_cameravideo_surveillance_8020_ip_camera_firmwarevideo_surveillance_8630_ip_camera_firmwareCisco Video Surveillance 8000 Series IP Cameras
CWE ID-CWE-20
Improper Input Validation
CVE-2020-3217
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.32% / 54.78%
||
7 Day CHG~0.00%
Published-03 Jun, 2020 | 17:41
Updated-15 Nov, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS, IOS XE, IOS XR, and NX-OS Software One Platform Kit Remote Code Execution Vulnerability

A vulnerability in the Topology Discovery Service of Cisco One Platform Kit (onePK) in Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient length restrictions when the onePK Topology Discovery Service parses Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol message to an affected device. An exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges, or to cause a process crash, which could result in a reload of the device and cause a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_7000_4-slotnexus_3016nx-osnexus_5010nexus_5000nexus_6004nexus_3064xios_xeiosnexus_3048nexus_6001nexus_6004xnexus_3064tnexus_7000_18-slotnexus_3016qnexus_3064nexus_7000_9-slotnexus_7000_10-slotnexus_5020ios_xrCisco IOS XR Software
CWE ID-CWE-20
Improper Input Validation
CVE-2020-3174
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.10% / 28.86%
||
7 Day CHG~0.00%
Published-26 Feb, 2020 | 16:50
Updated-15 Nov, 2024 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software Anycast Gateway Invalid ARP Vulnerability

A vulnerability in the anycast gateway feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a device to learn invalid Address Resolution Protocol (ARP) entries. The ARP entries are for nonlocal IP addresses for the subnet. The vulnerability is due to improper validation of a received gratuitous ARP (GARP) request. An attacker could exploit this vulnerability by sending a malicious GARP packet on the local subnet to cause the ARP table on the device to become corrupted. A successful exploit could allow the attacker to populate the ARP table with incorrect entries, which could lead to traffic disruptions.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_9332pqnexus_3172tqnexus_93108tc-exnx-osnexus_3636c-rnexus_9508nexus_93120txnexus_93128txnexus_9336pq_aci_spinemds_9506nexus_3548-xlnexus_31128pqnexus_3132q-vnexus_9332cnexus_9364cnexus_3164qnexus_92348gc-xnexus_3172tq-32tnexus_9336c-fx2nexus_3524-xnexus_3132c-znexus_31108tc-vnexus_9348gc-fxpnexus_3172mds_9718nexus_9272qnexus_3464cmds_9148snexus_93216tc-fx2mds_9513nexus_36180yc-rmds_9148tnexus_93180yc-fxmds_9132tnexus_3264qnexus_3432d-snexus_34180ycnexus_9000vmds_9509nexus_31108pc-vmds_9706nexus_3524mds_9216nexus_3548nexus_3132qnexus_3016mds_9216anexus_9372pxnexus_92304qcnexus_92160yc-xnexus_9504nexus_3048nexus_9372tx-enexus_93108tc-fxnexus_93360yc-fx2nexus_3524-xlnexus_9396txnexus_3232c_nexus_7000nexus_92300ycnexus_3064nexus_9396pxmds_9222imds_9216inexus_3264c-enexus_93240yc-fx2nexus_9372txnexus_3548-xnexus_3132q-xlnexus_3064-tmds_9710nexus_3172tq-xlnexus_93180yc-exnexus_3408-snexus_9372px-enexus_9236cnexus_9516nexus_3172pq-xlnexus_7700Cisco NX-OS Software 7.3(2)D1(1d)
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2020-3418
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.07% / 21.26%
||
7 Day CHG~0.00%
Published-24 Sep, 2020 | 18:01
Updated-13 Nov, 2024 | 17:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family Improper Access Control Vulnerability

A vulnerability in Cisco IOS XE Wireless Controller Software for Cisco Catalyst 9800 Series Routers could allow an unauthenticated, adjacent attacker to send ICMPv6 traffic prior to the client being placed into RUN state. The vulnerability is due to an incomplete access control list (ACL) being applied prior to RUN state. An attacker could exploit this vulnerability by connecting to the associated service set identifier (SSID) and sending ICMPv6 traffic. A successful exploit could allow the attacker to send ICMPv6 traffic prior to RUN state.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xecatalyst_9800-lcatalyst_9800-l-ccatalyst_9800-40catalyst_9800-clcatalyst_9800-80catalyst_9800-l-fCisco IOS XE Software
CWE ID-CWE-284
Improper Access Control
CVE-2022-20824
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.07% / 20.53%
||
7 Day CHG~0.00%
Published-25 Aug, 2022 | 18:40
Updated-06 Nov, 2024 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco FXOS and NX-OS Software Cisco Discovery Protocol Denial of Service and Arbitrary Code Execution Vulnerability

A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with root privileges or cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper input validation of specific values that are within a Cisco Discovery Protocol message. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to execute arbitrary code with root privileges or cause the Cisco Discovery Protocol process to crash and restart multiple times, which would cause the affected device to reload, resulting in a DoS condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_34200yc-smnexus_9300_firmwarenexus_56128pnexus_3132q-xnexus_3172tqnexus_9332c_firmwarenexus_3172pq\/pq-xl_firmwarenexus_93108tc-ex_firmwarenexus_3200mds_9513_firmwarenexus_93128txnexus_3064t_firmwarenexus_3064-t_firmwaremds_9506nexus_3132q-vnexus_9332cnexus_93360yc-fx2_firmwarenexus_9336c-fx2nexus_3524-xnexus_9348gc-fxpnexus_3172mds_9718nexus_9272qnexus_56128p_firmwarenexus_9500_supervisor_b\+nexus_7000_supervisor_2e_firmwarenexus_93180yc-fxnexus_9336pq_firmwarenexus_3548_firmwarenexus_3432d-snexus_3264q_firmwarenexus_93180yc-fx3_firmwarenexus_9272q_firmwarenexus_3548-x\/xlnexus_3636c-r_firmwarenexus_3016nexus_7018nexus_92304qcnexus_9500_supervisor_bnexus_3100nexus_5596t_firmwarenexus_3048nexus_7700_supervisor_3e_firmwarenexus_93360yc-fx2mds_9710_firmwarenexus_3432d-s_firmwarenexus_3232c_nexus_7010_firmwarenexus_7010nexus_93180yc-fx_firmwarenexus_93216tc-fx2_firmwarenexus_3064x_firmwarenexus_3132q-v_firmwarenexus_7018_firmwarenexus_5596tnexus_7702nexus_5624qnexus_3264c-e_firmwarenexus_6004xnexus_93600cd-gxnexus_3132q-xl_firmwarenexus_6001tnexus_9372px-enexus_5596up_firmwarenexus_3132q-x\/3132q-xl_firmwarenexus_3400nexus_7700_firmwarenexus_9332pqnexus_9508nexus_7004_firmwarenexus_31108pv-v_firmwarenexus_93120txnexus_6000nexus_7000_supervisor_2nexus_93120tx_firmwarenexus_7000_supervisor_1_firmwarenexus_6004nexus_3132q_firmwarenexus_3100-znexus_3548-xlnexus_31128pqnexus_93180yc-fx3snexus_7700_supervisor_2enexus_3132c-znexus_5548pnexus_9336c-fx2_firmwarenexus_5648qnexus_3464cnexus_93128_firmwarenexus_93216tc-fx2nexus_3048_firmwarenexus_3524-x\/xl_firmwarenexus_31128pq_firmwarenexus_3200_firmwarenexus_5672upnexus_93180tc-exnexus_3264qnexus_7004nexus_3232c_firmwarenexus_9000vnexus_9300nexus_31108pc-vnexus_7706_firmwarenexus_9500_supervisor_a\+nexus_93180yc-fx3nexus_3064-32tnexus_5596upnexus_3464c_firmwarenexus_7009nexus_9332pq_firmwarenexus_93128tx_firmwarenexus_3100vnexus_3172tq-32t_firmwarenexus_3132qnexus_5648q_firmwarenexus_3524_firmwarenexus_6001p_firmwarenexus_5696qnexus_31108pc-v_firmwarenexus_3064xnexus_9000nexus_31108pv-vnexus_93108tc-fx3pnexus_3172_firmwarenexus_93108tc-fxnexus_9364c-gx_firmwarenexus_9396tx_firmwarenexus_92300ycnexus_7706nexus_9348gc-fxp_firmwarenexus_93108tc-fx3p_firmwarenexus_6001_firmwarenexus_7700_supervisor_2e_firmwarenexus_93240yc-fx2_firmwarenexus_5672up-16g_firmwarenexus_3548-xnexus_9336c-fx2-e_firmwaremds_9710nexus_3172tq-xlnexus_93180yc-exnexus_3016q_firmwarenexus_9372tx-e_firmwarenexus_9236cnexus_9516nexus_6000_firmwarenexus_9000_firmwarenexus_3172pq-xlnexus_9500rnexus_7000_supervisor_2_firmwarenexus_3064-32t_firmwarenexus_93180lc-exnexus_7009_firmwarenexus_3636c-rnexus_3100-z_firmwarenexus_3548-x_firmwarenexus_3172tq_firmwarenexus_7700_supervisor_3enexus_3172pq-xl_firmwarenexus_3524-x_firmwarenexus_3016qnexus_92348gc-xnexus_3172tq-32tnexus_93180yc-fx3s_firmwarenexus_31108tc-vnexus_3400_firmwaremds_9513nexus_92304qc_firmwarenexus_3232c__firmwarenexus_3100v_firmwarenexus_7710_firmwarenexus_9372tx_firmwarenexus_9500_supervisor_a\+_firmwarenexus_3548-x\/xl_firmwarenexus_3100-v_firmwarenexus_7702_firmwarenexus_9500_supervisor_b\+_firmwaremds_9506_firmwarenexus_3524nexus_93108tc-ex-24_firmwarenexus_7000_supervisor_1nexus_92160yc-x_firmwarenexus_5548p_firmwarenexus_7718_firmwarenexus_9504_firmwarenexus_93108tc-fx-24nexus_9516_firmwarenexus_36180yc-r_firmwarenexus_7710nexus_3100_firmwarenexus_93180yc-fx-24_firmwarenexus_9372tx-enexus_9364c_firmwarenexus_3524-xlnexus_9200_firmwarenexus_5548up_firmwarenexus_9396txnexus_7000nexus_3064nexus_7718nexus_9372px_firmwarenexus_5548upnexus_9336c-fx2-enexus_9396pxnexus_7000_supervisor_2enexus_9221cnexus_5672up_firmwarenexus_3132q-x\/3132q-xlnexus_9372txnexus_9221c_firmwarenexus_3064-tnexus_93180yc-ex_firmwarenexus_3408-snexus_93108tc-fx-24_firmwarenexus_9336pqnexus_7700nexus_92348gc-x_firmwarenexus_6004_firmwarenexus_9000v_firmwarenexus_93108tc-exnexus_3100-vnexus_9316d-gxnexus_3524-x\/xlnexus_31108tc-v_firmwarenexus_9500_supervisor_a_firmwarenexus_3064-x_firmwarenexus_6001pnexus_3164qnexus_3408-s_firmwarenexus_9364cnexus_9396px_firmwarenexus_93180yc-ex-24_firmwarenexus_3172pq\/pq-xlnexus_34180yc_firmwarenexus_93180yc-fx-24nexus_6004x_firmwarenexus_93600cd-gx_firmwarenexus_36180yc-rnexus_3164q_firmwarenexus_3524-xl_firmwarenexus_9508_firmwarenexus_5600_firmwarenexus_34180ycmds_9706nexus_5624q_firmwarenexus_6001t_firmwarenexus_9316d-gx_firmwarenexus_5696q_firmwarenexus_34200yc-sm_firmwarenexus_3064_firmwarenexus_93180yc-ex-24nexus_3548nexus_9372pxnexus_9364c-gxnexus_92160yc-xnexus_93108tc-ex-24nexus_93180lc-ex_firmwarenexus_93180tc-ex_firmwarenexus_1000v_firmwaremds_9718_firmwarenexus_9504nexus_9500r_firmwarenexus_6001nexus_9372px-e_firmwaremds_9706_firmwarenexus_3064tnexus_9500_supervisor_anexus_3172pqnexus_3172tq-xl_firmwarenexus_3064-xnexus_3232cnexus_3172pq_firmwarenexus_9200nexus_9500_supervisor_b_firmwarenexus_92300yc_firmwarenexus_3548-xl_firmwarenexus_1000vnexus_3264c-enexus_93240yc-fx2nexus_9236c_firmwarenexus_93108tc-fx_firmwarenexus_7000_firmwarenexus_3132q-xlnexus_3132q-x_firmwarenexus_93128nexus_3132c-z_firmwarenexus_3016_firmwarenexus_5600nexus_5672up-16gCisco NX-OS Software
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-20728
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.01% / 1.02%
||
7 Day CHG~0.00%
Published-30 Sep, 2022 | 18:45
Updated-06 Nov, 2024 | 16:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Access Points VLAN Bypass from Native VLAN Vulnerability

A vulnerability in the client forwarding code of multiple Cisco Access Points (APs) could allow an unauthenticated, adjacent attacker to inject packets from the native VLAN to clients within nonnative VLANs on an affected device. This vulnerability is due to a logic error on the AP that forwards packets that are destined to a wireless client if they are received on the native VLAN. An attacker could exploit this vulnerability by obtaining access to the native VLAN and directing traffic directly to the client through their MAC/IP combination. A successful exploit could allow the attacker to bypass VLAN separation and potentially also bypass any Layer 3 protection mechanisms that are deployed.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-aironet_1562icatalyst_9130ax_firmwareaironet_1850ecatalyst_iw6300aironet_1830_firmwarecatalyst_9105ax_firmwareaironet_3800ecatalyst_9117ax_firmwareaironet_1815taironet_3800i_firmwarecatalyst_9124ax_firmwareaironet_1562eaironet_3800e_firmwarecatalyst_9115ax_firmwareaironet_2800i_firmwareaironet_1542iaironet_2800iaironet_3800paironet_1830aironet_1815i_firmwareaironet_3800p_firmwareaironet_1850e_firmwareaironet_1815icatalyst_9105axaironet_1815waironet_4800aironet_1542daironet_4800_firmwareaironet_1850i_firmwareaironet_1815w_firmwarecatalyst_9115axaironet_1542i_firmwareaironet_1815m_firmwareaironet_1840_firmwareaironet_1562dcatalyst_iw6300_firmwarecatalyst_9120axaironet_1562d_firmwareaironet_1815t_firmwareaironet_2800e_firmwareaironet_3800icatalyst_9117axcatalyst_9120ax_firmwareaironet_1840catalyst_9130axaironet_1850iaironet_1562e_firmwareaironet_1562i_firmwareaironet_1815maironet_2800ecatalyst_9124axaironet_1542d_firmwareCisco Aironet Access Point Software (IOS XE Controller)
CWE ID-CWE-284
Improper Access Control
CVE-2022-20690
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 13.51%
||
7 Day CHG~0.00%
Published-07 Dec, 2022 | 16:56
Updated-03 Aug, 2024 | 02:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple vulnerabilities in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, adjacent attacker to cause Cisco Discovery Protocol memory corruption on an affected device. These vulnerabilities are due to missing length validation checks when processing Cisco Discovery Protocol messages. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause an out-of-bounds read of the valid Cisco Discovery Protocol packet data, which could allow the attacker to cause corruption in the internal Cisco Discovery Protocol database of the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ata_192_firmwareata_190ata_190_firmwareata_191_firmwareata_191ata_192Cisco Analog Telephone Adaptor (ATA) Software
CWE ID-CWE-130
Improper Handling of Length Parameter Inconsistency
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CVE-2022-20696
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-0.14% / 34.66%
||
7 Day CHG~0.00%
Published-08 Sep, 2022 | 12:30
Updated-06 Nov, 2024 | 16:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco SD-WAN vManage Software Unauthenticated Access to Messaging Services Vulnerability

A vulnerability in the binding configuration of Cisco SD-WAN vManage Software containers could allow an unauthenticated, adjacent attacker who has access to the VPN0 logical network to also access the messaging service ports on an affected system. This vulnerability exists because the messaging server container ports on an affected system lack sufficient protection mechanisms. An attacker could exploit this vulnerability by connecting to the messaging service ports of the affected system. To exploit this vulnerability, the attacker must be able to send network traffic to interfaces within the VPN0 logical network. This network may be restricted to protect logical or physical adjacent networks, depending on device deployment configuration. A successful exploit could allow the attacker to view and inject messages into the messaging service, which can cause configuration changes or cause the system to reload.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-sd-wan_vmanagecatalyst_sd-wan_managerCisco SD-WAN vManage
CWE ID-CWE-284
Improper Access Control
CVE-2022-20968
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.1||HIGH
EPSS-3.32% / 86.75%
||
7 Day CHG~0.00%
Published-08 Dec, 2022 | 16:13
Updated-03 Aug, 2024 | 02:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Cisco Discovery Protocol processing feature of Cisco IP Phone 7800 and 8800 Series firmware could allow an unauthenticated, adjacent attacker to cause a stack overflow on an affected device. This vulnerability is due to insufficient input validation of received Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by sending crafted Cisco Discovery Protocol traffic to an affected device. A successful exploit could allow the attacker to cause a stack overflow, resulting in possible remote code execution or a denial of service (DoS) condition on an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ip_phone_7821_firmwareip_phone_8841_firmwareip_phone_8865_firmwareip_phone_8841ip_phone_8865ip_phone_8832ip_phone_8861ip_phone_8831_firmwareip_phone_7841_firmwareip_phone_8832_firmwareip_phone_8831ip_phone_8845_firmwareip_phone_7841ip_phone_7811_firmwareip_phone_8811ip_phone_7832ip_phone_7832_firmwareip_phone_8811_firmwareip_phone_7811ip_phone_7861ip_phone_8851ip_phone_8861_firmwareip_phone_7861_firmwareip_phone_7821ip_phone_8845ip_phone_8851_firmwareCisco Session Initiation Protocol (SIP) Software
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-20689
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 17.12%
||
7 Day CHG~0.00%
Published-07 Dec, 2022 | 16:54
Updated-01 Nov, 2024 | 18:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple vulnerabilities in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, adjacent attacker to cause Cisco Discovery Protocol memory corruption on an affected device. These vulnerabilities are due to missing length validation checks when processing Cisco Discovery Protocol messages. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause an out-of-bounds read of the valid Cisco Discovery Protocol packet data, which could allow the attacker to cause corruption in the internal Cisco Discovery Protocol database of the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ata_192_firmwareata_190ata_190_firmwareata_191_firmwareata_191ata_192Cisco Analog Telephone Adaptor (ATA) Software
CWE ID-CWE-130
Improper Handling of Length Parameter Inconsistency
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CVE-2021-1368
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.27% / 49.82%
||
7 Day CHG~0.00%
Published-24 Feb, 2021 | 19:30
Updated-08 Nov, 2024 | 23:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco FXOS and NX-OS Software Unidirectional Link Detection Denial of Service and Arbitrary Code Execution Vulnerability

A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with administrative privileges or cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted Cisco UDLD protocol packets to a directly connected, affected device. A successful exploit could allow the attacker to execute arbitrary code with administrative privileges or cause the Cisco UDLD process to crash and restart multiple times, causing the affected device to reload and resulting in a DoS condition. Note: The UDLD feature is disabled by default, and the conditions to exploit this vulnerability are strict. The attacker needs full control of a directly connected device. That device must be connected over a port channel that has UDLD enabled. To trigger arbitrary code execution, both the UDLD-enabled port channel and specific system conditions must exist. In the absence of either the UDLD-enabled port channel or the system conditions, attempts to exploit this vulnerability will result in a DoS condition. It is possible, but highly unlikely, that an attacker could control the necessary conditions for exploitation. The CVSS score reflects this possibility. However, given the complexity of exploitation, Cisco has assigned a Medium Security Impact Rating (SIR) to this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exfirepower_9300firepower_4150nexus_56128pucs_6332-16upnexus_3132q-xnexus_9332pqnexus_93108tc-exnx-osnexus_3636c-rnexus_9508nexus_93120txfirepower_4110nexus_9316d-gxnexus_93128txnexus_6004mds_9250inexus_3548-xlfirepower_4145nexus_3132q-vnexus_31128pqnexus_93180yc-fx3snexus_9364cnexus_92348gc-xnexus_3164qnexus_9336c-fx2nexus_3524-xnexus_3132c-znexus_31108tc-vnexus_5548pnexus_9348gc-fxpnexus_5648qnexus_9272qnexus_93180yc-fx-24nexus_3464cmds_9148snexus_93216tc-fx2nexus_36180yc-rnexus_5672upnexus_93180yc-fxnexus_3264qnexus_3432d-sfirepower_4140ucs_6454nexus_34180ycnexus_9000vmds_9706nexus_93180yc-fx3nexus_5596upfirepower_4115nexus_93180yc-ex-24nexus_9372pxnexus_9364c-gxucs_64108nexus_93108tc-fx-24nexus_92304qcnexus_5696qnexus_92160yc-xucs_6248upnexus_93108tc-ex-24firepower_4125nexus_31108pv-vnexus_3048nexus_9372tx-enexus_6001nexus_93108tc-fxnexus_93360yc-fx2nexus_3524-xlucs_6324nexus_9396txfirepower_4120nexus_7000nexus_92300ycnexus_3172pqunified_computing_systemucs_6332nexus_3232cnexus_5548upnexus_9336c-fx2-enexus_9396pxucs_6296upnexus_9221cnexus_5596tnexus_3264c-enexus_93240yc-fx2firepower_extensible_operating_systemnexus_9372txnexus_5624qnexus_3548-xfirepower_4112nexus_3132q-xlmds_9710nexus_93600cd-gxnexus_3408-snexus_93180yc-exnexus_9372px-enexus_9336pqnexus_9236cnexus_3172pq-xlnexus_7700nexus_5672up-16gCisco NX-OS Software
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-1901
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.16% / 37.32%
||
7 Day CHG~0.00%
Published-31 Jul, 2019 | 17:25
Updated-20 Nov, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Nexus 9000 Series ACI Mode Switch Software Link Layer Discovery Protocol Buffer Overflow Vulnerability

A vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an adjacent, unauthenticated attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges. The vulnerability is due to improper input validation of certain type, length, value (TLV) fields of the LLDP frame header. An attacker could exploit this vulnerability by sending a crafted LLDP packet to the targeted device. A successful exploit may lead to a buffer overflow condition that could either cause a DoS condition or allow the attacker to execute arbitrary code with root privileges. Note: This vulnerability cannot be exploited by transit traffic through the device; the crafted packet must be targeted to a directly connected interface. This vulnerability affects Cisco Nexus 9000 Series Fabric Switches in ACI mode if they are running a Cisco Nexus 9000 Series ACI Mode Switch Software release prior to 13.2(7f) or any 14.x release.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_9348gc-fxpnexus_9332pqnexus_93108tc-exnexus_9396pxnx-osnexus_9372pxnexus_9508nexus_93120txnexus_93128txnexus_93240yc-fx2nexus_93180yc-fxnexus_9372txnexus_9504nexus_9372tx-enexus_93108tc-fxnexus_93180yc-exnexus_9372px-enexus_9396txnexus_9336pqnexus_9332cnexus_9516nexus_9364cnexus_9336c-fx2Cisco NX-OS System Software
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-3415
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.21% / 43.93%
||
7 Day CHG~0.00%
Published-27 Aug, 2020 | 15:40
Updated-13 Nov, 2024 | 18:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software Data Management Engine Remote Code Execution Vulnerability

A vulnerability in the Data Management Engine (DME) of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with administrative privileges or cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to a Layer 2-adjacent affected device. A successful exploit could allow the attacker to execute arbitrary code with administrative privileges or cause the Cisco Discovery Protocol process to crash and restart multiple times, causing the affected device to reload and resulting in a DoS condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Exploitation of this vulnerability also requires jumbo frames to be enabled on the interface that receives the crafted Cisco Discovery Protocol packets on the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_9332pqnexus_3172tqnexus_93108tc-exnx-osnexus_3636c-rnexus_9508nexus_93120txnexus_93128txnexus_9336pq_aci_spinenexus_3548-xlnexus_31128pqnexus_3132q-vnexus_9332cnexus_9364cnexus_3164qnexus_92348gc-xnexus_3172tq-32tnexus_9336c-fx2nexus_3132c-znexus_3524-xnexus_31108tc-vnexus_9348gc-fxpnexus_3172nexus_9272qnexus_3464cnexus_93216tc-fx2nexus_36180yc-rnexus_93180yc-fxnexus_3264qnexus_3432d-sucs_6454nexus_34180ycnexus_31108pc-vnexus_3524nexus_3548nexus_3132qnexus_3016nexus_9372pxucs_64108nexus_92304qcnexus_92160yc-xnexus_9504nexus_3048nexus_9372tx-enexus_93108tc-fxnexus_93360yc-fx2nexus_3524-xlnexus_9396txnexus_92300ycnexus_3064nexus_3232cnexus_9396pxnexus_3264c-enexus_93240yc-fx2nexus_9372txnexus_3548-xnexus_3132q-xlnexus_3064-tnexus_3172tq-xlnexus_93180yc-exnexus_3408-snexus_9372px-enexus_9236cnexus_9516nexus_3172pq-xlCisco NX-OS Software
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-3205
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.40% / 59.90%
||
7 Day CHG~0.00%
Published-03 Jun, 2020 | 17:40
Updated-15 Nov, 2024 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS Software for Cisco Industrial Routers Virtual Device Server Inter-VM Channel Command Injection Vulnerability

A vulnerability in the implementation of the inter-VM channel of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, adjacent attacker to execute arbitrary shell commands on the Virtual Device Server (VDS) of an affected device. The vulnerability is due to insufficient validation of signaling packets that are destined to VDS. An attacker could exploit this vulnerability by sending malicious packets to an affected device. A successful exploit could allow the attacker to execute arbitrary commands in the context of the Linux shell of VDS with the privileges of the root user. Because the device is designed on a hypervisor architecture, exploitation of a vulnerability that affects the inter-VM channel may lead to a complete system compromise. For more information about this vulnerability, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios11201240829809Cisco IOS 12.2(60)EZ16
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-3119
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-7.91% / 91.67%
||
7 Day CHG~0.00%
Published-05 Feb, 2020 | 17:45
Updated-15 Nov, 2024 | 17:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software Cisco Discovery Protocol Remote Code Execution Vulnerability

A vulnerability in the Cisco Discovery Protocol implementation for Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability exists because the Cisco Discovery Protocol parser does not properly validate input for certain fields in a Cisco Discovery Protocol message. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. An successful exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges on an affected device. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exucs_6300nexus_56128pnexus_9332pqnexus_3172tqnexus_93108tc-exnx-osnexus_3636c-rnexus_9508nexus_93120txnexus_93128txnexus_9336pq_aci_spinenexus_6004nexus_3548-xlnexus_31128pqnexus_3132q-vnexus_9332cnexus_9364cnexus_3164qnexus_92348gc-xnexus_3172tq-32tnexus_9336c-fx2nexus_3524-xnexus_3132c-znexus_31108tc-vnexus_5548pnexus_9348gc-fxpnexus_5648qnexus_3172nexus_9272qnexus_3464cnexus_93216tc-fx2nexus_36180yc-rnexus_5672upnexus_93180yc-fxnexus_3264qnexus_3432d-sucs_managerucs_6454nexus_34180ycnexus_9000vnexus_31108pc-vnexus_5596upnexus_3524nexus_3548nexus_3132qnexus_3016nexus_9372pxucs_64108nexus_5696qnexus_92304qcnexus_92160yc-xucs_6248upnexus_9504nexus_3048nexus_9372tx-enexus_6001nexus_93108tc-fxnexus_93360yc-fx2nexus_3524-xlucs_6324nexus_9396txnexus_3232c_nexus_92300ycnexus_3064nexus_5548upnexus_9396pxucs_6296upnexus_5596tnexus_3264c-enexus_93240yc-fx2nexus_9372txnexus_5624qnexus_3548-xnexus_3132q-xlnexus_3064-tnexus_3172tq-xlnexus_93180yc-exnexus_3408-snexus_9372px-enexus_9236cnexus_9516nexus_3172pq-xlCisco Unified Computing System (Managed)
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-3544
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.12% / 31.05%
||
7 Day CHG~0.00%
Published-08 Oct, 2020 | 04:20
Updated-13 Nov, 2024 | 17:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Remote Code Execution and Denial of Service Vulnerability

A vulnerability in the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute arbitrary code on an affected device or cause the device to reload. This vulnerability is due to missing checks when an IP camera processes a Cisco Discovery Protocol packet. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to execute code on the affected IP camera or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-8400_ip_camera_firmware8630_ip_camera_firmware8620_ip_camera8000p_ip_camera_firmware8930_speed_dome_ip_camera_firmware8020_ip_camera8400_ip_camera8030_ip_camera_firmware8070_ip_camera_firmware8620_ip_camera_firmware8070_ip_camera8020_ip_camera_firmware8000p_ip_camera8930_speed_dome_ip_camera8030_ip_camera8630_ip_cameraCisco Video Surveillance 8000 Series IP Cameras
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-3111
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.23% / 46.11%
||
7 Day CHG~0.00%
Published-05 Feb, 2020 | 17:40
Updated-15 Nov, 2024 | 17:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IP Phone Remote Code Execution and Denial of Service Vulnerability

A vulnerability in the Cisco Discovery Protocol implementation for the Cisco IP Phone could allow an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload of an affected IP phone. The vulnerability is due to missing checks when processing Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to the targeted IP phone. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ip_phone_7861_with_multiplatform_firmwareip_conference_phone_7832_with_multiplatform_firmwareip_phone_8841ip_phone_7821_with_multiplatform_firmwareip_phone_8861ip_phone_6851ip_conference_phone_8832ip_phone_8845_firmwareip_phone_7841ip_phone_7811_firmwareip_phone_8811ip_phone_8841_with_multiplatform_firmwareip_phone_6821unified_ip_conference_phone_8831_for_third-party_call_control_firmwarewireless_ip_phone_8821-ex_firmwareip_phone_7811_with_multiplatform_firmwareip_conference_phone_8832_with_multiplatform_firmwareunified_ip_conference_phone_8831_for_third-party_call_controlip_phone_8811_firmwareip_phone_8861_with_multiplatform_firmwareip_conference_phone_8832_firmwareip_phone_7861_firmwareip_phone_8845unified_ip_conference_phone_8831ip_phone_7841_with_multiplatform_firmwareip_phone_8851_firmwareip_phone_6821_firmwareip_phone_6841ip_phone_7821_firmwareip_phone_8841_firmwareip_phone_8865_firmwareip_conference_phone_7832ip_phone_6851_firmwareip_phone_6871ip_phone_8865ip_phone_6871_firmwareip_phone_7841_firmwareunified_ip_conference_phone_8831_firmwareip_phone_8845_with_multiplatform_firmwareip_phone_8865_with_multiplatform_firmwarewireless_ip_phone_8821-exip_conference_phone_7832_firmwareip_phone_8811_with_multiplatform_firmwareip_phone_6861ip_phone_6861_firmwareip_phone_7811ip_phone_7861ip_phone_6841_firmwareip_phone_8851ip_phone_8861_firmwarewireless_ip_phone_8821ip_phone_7821wireless_ip_phone_8821_firmwareip_phone_8851_with_multiplatform_firmwareCisco IP phone
CWE ID-CWE-20
Improper Input Validation
CVE-2020-3199
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.1||HIGH
EPSS-0.12% / 31.05%
||
7 Day CHG~0.00%
Published-03 Jun, 2020 | 17:45
Updated-15 Nov, 2024 | 17:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOx Application Environment for IOS Software for Cisco Industrial Routers Vulnerabilities

Multiple vulnerabilities in the Cisco IOx application environment of Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) that are running Cisco IOS Software could allow an attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios11201240829809Cisco IOS 12.2(60)EZ16
CWE ID-CWE-20
Improper Input Validation
CVE-2020-3506
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.12% / 31.05%
||
7 Day CHG~0.00%
Published-26 Aug, 2020 | 16:15
Updated-13 Nov, 2024 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Remote Code Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP camera. These vulnerabilities are due to missing checks when the IP cameras process a Cisco Discovery Protocol packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to the targeted IP camera. A successful exploit could allow the attacker to execute code on the affected IP camera or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-8400_ip_camera_firmware8630_ip_camera_firmware8620_ip_camera8000p_ip_camera_firmware8930_speed_dome_ip_camera_firmware8020_ip_camera8400_ip_camera8030_ip_camera_firmware8070_ip_camera_firmware8620_ip_camera_firmware8070_ip_camera8020_ip_camera_firmware8000p_ip_camera8930_speed_dome_ip_camera8030_ip_camera8630_ip_cameraCisco Video Surveillance 8000 Series IP Cameras
CWE ID-CWE-20
Improper Input Validation
CVE-2020-3172
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-1.08% / 76.91%
||
7 Day CHG~0.00%
Published-26 Feb, 2020 | 16:50
Updated-15 Nov, 2024 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco FXOS and NX-OS Software Cisco Discovery Protocol Arbitrary Code Execution and Denial of Service Vulnerability

A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code as root or cause a denial of service (DoS) condition on an affected device. The vulnerability exists because of insufficiently validated Cisco Discovery Protocol packet headers. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to a Layer 2-adjacent affected device. A successful exploit could allow the attacker to cause a buffer overflow that could allow the attacker to execute arbitrary code as root or cause a DoS condition on the affected device. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Note: This vulnerability is different from the following Cisco FXOS and NX-OS Software Cisco Discovery Protocol vulnerabilities that Cisco announced on Feb. 5, 2020: Cisco FXOS, IOS XR, and NX-OS Software Cisco Discovery Protocol Denial of Service Vulnerability and Cisco NX-OS Software Cisco Discovery Protocol Remote Code Execution Vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_9300nexus_93180lc-exfirepower_4150ucs_6332-16upnexus_56128pnexus_3172tqnexus_9332pqnexus_93108tc-exnx-osnexus_3636c-rnexus_9508nexus_93120txfirepower_4110nexus_93128txnexus_9336pq_aci_spinenexus_6004nexus_1000vemds_9506firepower_4145nexus_3548-xlnexus_31128pqnexus_3132q-vnexus_9332cnexus_9364cnexus_3164qnexus_92348gc-xnexus_3172tq-32tnexus_5020nexus_9336c-fx2nexus_3524-xnexus_3132c-znexus_31108tc-vnexus_5548pnexus_9348gc-fxpnexus_5648qnexus_3172mds_9718nexus_9272qnexus_3464cmds_9148snexus_93216tc-fx2mds_9513nexus_36180yc-rmds_9148tnexus_5672upnexus_93180yc-fxmds_9132tnexus_3264qfirepower_4140nexus_3432d-sucs_managernexus_34180ycmds_9509nexus_31108pc-vmds_9706nexus_5596upfirepower_4115nexus_3524mds_9216nexus_3548nexus_3132qnexus_3016mds_9216anexus_9372pxnexus_5696qnexus_92304qcucs_6248upfirepower_4125nexus_9504nexus_3048nexus_9372tx-enexus_6001nexus_93108tc-fxnexus_93360yc-fx2nexus_3524-xlucs_6324nexus_9396txfirepower_4120nexus_3232c_nexus_7000nexus_3064ucs_6332nexus_5548upnexus_9396pxmds_9222iucs_6296upnexus_5010nexus_1000vmds_9216inexus_5596tfirepower_extensible_operating_systemnexus_3264c-enexus_93240yc-fx2nexus_9372txnexus_5624qnexus_3548-xnexus_3132q-xlnexus_3064-tmds_9710nexus_3172tq-xlnexus_93180yc-exnexus_3408-snexus_9372px-enexus_9236cnexus_9516nexus_3172pq-xlnexus_7700Cisco Unified Computing System (Managed)
CWE ID-CWE-20
Improper Input Validation
CVE-2023-20247
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-5||MEDIUM
EPSS-0.03% / 5.41%
||
7 Day CHG~0.00%
Published-01 Nov, 2023 | 17:14
Updated-12 Jun, 2025 | 14:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the remote access SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to bypass a configured multiple certificate authentication policy and connect using only a valid username and password. This vulnerability is due to improper error handling during remote access VPN authentication. An attacker could exploit this vulnerability by sending crafted requests during remote access VPN session establishment. A successful exploit could allow the attacker to bypass the configured multiple certificate authentication policy while retaining the privileges and permissions associated with the original connection profile.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_threat_defenseadaptive_security_appliance_softwareCisco Adaptive Security Appliance (ASA) SoftwareCisco Firepower Threat Defense Software
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2023-20269
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-5||MEDIUM
EPSS-0.33% / 55.12%
||
7 Day CHG-0.03%
Published-06 Sep, 2023 | 17:09
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-10-04||Apply mitigations per vendor instructions for group-lock and vpn-simultaneous-logins or discontinue use of the product for unsupported devices.

A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a brute force attack in an attempt to identify valid username and password combinations or an authenticated, remote attacker to establish a clientless SSL VPN session with an unauthorized user. This vulnerability is due to improper separation of authentication, authorization, and accounting (AAA) between the remote access VPN feature and the HTTPS management and site-to-site VPN features. An attacker could exploit this vulnerability by specifying a default connection profile/tunnel group while conducting a brute force attack or while establishing a clientless SSL VPN session using valid credentials. A successful exploit could allow the attacker to achieve one or both of the following: Identify valid credentials that could then be used to establish an unauthorized remote access VPN session. Establish a clientless SSL VPN session (only when running Cisco ASA Software Release 9.16 or earlier). Notes: Establishing a client-based remote access VPN tunnel is not possible as these default connection profiles/tunnel groups do not and cannot have an IP address pool configured. This vulnerability does not allow an attacker to bypass authentication. To successfully establish a remote access VPN session, valid credentials are required, including a valid second factor if multi-factor authentication (MFA) is configured. Cisco will release software updates that address this vulnerability. There are workarounds that address this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_threat_defenseadaptive_security_appliance_softwareCisco Firepower Threat Defense SoftwareCisco Adaptive Security Appliance (ASA) SoftwareAdaptive Security Appliance and Firepower Threat Defense
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-20018
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.08% / 24.51%
||
7 Day CHG~0.00%
Published-19 Jan, 2023 | 01:35
Updated-02 Aug, 2024 | 08:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series Phones could allow an unauthenticated, remote attacker to bypass authentication on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to access certain parts of the web interface that would normally require authentication.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ip_phone_8841ip_phones_8832_firmwareunified_ip_phone_8865nrip_phone_8832ip_phone_8861ip_phone_8831_firmwareip_phone_8831ip_phone_8845_firmwareip_phone_7841ip_phones_8832ip_phone_7811_firmwareip_phone_8811wireless_ip_phone_8821-ex_firmwareip_phone_7800ip_phone_7832ip_phone_8811_firmwareip_phone_8821ip_phone_7861_firmwareip_phone_8821_firmwareip_phone_8845ip_phone_8821-exip_phone_8851_firmwareip_phone_7800_firmwareip_phone_7821_firmwareip_phone_8841_firmwareip_phone_8865_firmwareip_phone_8865unified_ip_phone_8851nrip_phone_8821-ex_firmwareip_phone_7841_firmwareip_phone_8832_firmwarewireless_ip_phone_8821-exunified_ip_phone_8851nr_firmwareip_phone_7832_firmwareip_phone_7811ip_phone_7861ip_phone_8851ip_phone_8800ip_phone_8861_firmwarewireless_ip_phone_8821ip_phone_7821wireless_ip_phone_8821_firmwareunified_ip_phone_8865nr_firmwareip_phone_8800_firmwareCisco Session Initiation Protocol (SIP) Software
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-20126
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-70.19% / 98.62%
||
7 Day CHG~0.00%
Published-04 May, 2023 | 00:00
Updated-28 Oct, 2024 | 16:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco SPA112 2-Port Phone Adapters Remote Command Execution Vulnerability

A vulnerability in the web-based management interface of Cisco SPA112 2-Port Phone Adapters could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to a missing authentication process within the firmware upgrade function. An attacker could exploit this vulnerability by upgrading an affected device to a crafted version of firmware. A successful exploit could allow the attacker to execute arbitrary code on the affected device with full privileges. Cisco has not released firmware updates to address this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-spa112_firmwarespa112Cisco Small Business IP Phones
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-20391
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.21% / 42.83%
||
7 Day CHG+0.01%
Published-15 May, 2024 | 17:24
Updated-22 Jul, 2025 | 18:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Network Access Manager (NAM) module of Cisco Secure Client could allow an unauthenticated attacker with physical access to an affected device to elevate privileges to SYSTEM. This vulnerability is due to a lack of authentication on a specific function. A successful exploit could allow the attacker to execute arbitrary code with SYSTEM privileges on an affected device.

Action-Not Available
Vendor-Microsoft CorporationCisco Systems, Inc.
Product-windowssecure_clientCisco Secure Clientsecure_client
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-3531
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-4.84% / 89.11%
||
7 Day CHG~0.00%
Published-18 Nov, 2020 | 17:41
Updated-13 Nov, 2024 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IoT Field Network Director Unauthenticated REST API Vulnerability

A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to access the back-end database of an affected system. The vulnerability exists because the affected software does not properly authenticate REST API calls. An attacker could exploit this vulnerability by obtaining a cross-site request forgery (CSRF) token and then using the token with REST API requests. A successful exploit could allow the attacker to access the back-end database of the affected device and read, alter, or drop information.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-iot_field_network_directorCisco IoT Field Network Director (IoT-FND)
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2018-15466
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.60% / 68.61%
||
7 Day CHG~0.00%
Published-11 Jan, 2019 | 15:00
Updated-19 Nov, 2024 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Policy Suite Graphite Unauthenticated Read-Only Access Vulnerability

A vulnerability in the Graphite web interface of the Policy and Charging Rules Function (PCRF) of Cisco Policy Suite (CPS) could allow an unauthenticated, remote attacker to access the Graphite web interface. The attacker would need to have access to the internal VLAN where CPS is deployed. The vulnerability is due to lack of authentication. An attacker could exploit this vulnerability by directly connecting to the Graphite web interface. An exploit could allow the attacker to access various statistics and Key Performance Indicators (KPIs) regarding the Cisco Policy Suite environment.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-policy_suite_for_mobileCisco Policy Suite (CPS) Software
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-32433
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-10||CRITICAL
EPSS-66.92% / 98.49%
||
7 Day CHG+6.00%
Published-16 Apr, 2025 | 21:34
Updated-20 Aug, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-06-30||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Erlang/OTP SSH Vulnerable to Pre-Authentication RCE

Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.

Action-Not Available
Vendor-erlangerlangErlangCisco Systems, Inc.
Product-rv340wrv260ultra_cloud_corerv260p_firmwareinode_managerncs_1002ultra_packet_corerv160ncs_1004rv340rv345_firmwarenetwork_services_orchestratorrv260pncs_1001rv260wrv160_firmwarencs_2000_shelf_virtualization_orchestrator_modulerv160w_firmwarerv345poptical_site_managerultra_services_platformsmart_phyrv345rv260w_firmwareenterprise_nfv_infrastructure_softwareconfd_basicrv340w_firmwareerlang\/otprv160wstaroscloud_native_broadband_network_gatewayncs_2000_shelf_virtualization_orchestrator_firmwarerv340_firmwarerv345p_firmwarerv260_firmwareotpErlang/OTP
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2018-0376
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-9.45% / 92.49%
||
7 Day CHG~0.00%
Published-18 Jul, 2018 | 23:00
Updated-29 Nov, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Policy Builder interface of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to access the Policy Builder interface. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by accessing the Policy Builder interface. A successful exploit could allow the attacker to make changes to existing repositories and create new repositories. Cisco Bug IDs: CSCvi35109.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-policy_suitemobility_services_engineCisco Policy Suite unknown
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2018-0127
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-90.50% / 99.59%
||
7 Day CHG-0.14%
Published-08 Feb, 2018 | 07:00
Updated-02 Dec, 2024 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to view configuration parameters for an affected device, which could lead to the disclosure of confidential information. The vulnerability is due to the absence of user authentication requirements for certain pages that are part of the web interface and contain confidential information for an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device and examining the HTTP response to the request. A successful exploit could allow the attacker to view configuration parameters, including the administrator password, for the affected device. Cisco Bug IDs: CSCvg92739, CSCvh60172.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-rv132wrv134wrv132w_firmwarerv134w_firmwareCisco RV132W and RV134W Wireless VPN Routers
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2018-0181
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-7.3||HIGH
EPSS-4.08% / 88.09%
||
7 Day CHG~0.00%
Published-10 Jan, 2019 | 00:00
Updated-19 Nov, 2024 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent Software Redis Server Unauthenticated Access Vulnerability

A vulnerability in the Redis implementation used by the Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent software could allow an unauthenticated, remote attacker to modify key-value pairs for short-lived events stored by the Redis server. The vulnerability is due to improper authentication when accessing the Redis server. An unauthenticated attacker could exploit this vulnerability by modifying key-value pairs stored within the Redis server database. An exploit could allow the attacker to reduce the efficiency of the Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent software.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-cisco_policy_suite_diameter_routing_agentcisco_policy_suite_for_mobileCisco Policy Suite (CPS) Software
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2018-0377
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-9.45% / 92.49%
||
7 Day CHG~0.00%
Published-18 Jul, 2018 | 23:00
Updated-29 Nov, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Open Systems Gateway initiative (OSGi) interface of Cisco Policy Suite before 18.1.0 could allow an unauthenticated, remote attacker to directly connect to the OSGi interface. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by directly connecting to the OSGi interface. An exploit could allow the attacker to access or change any files that are accessible by the OSGi process. Cisco Bug IDs: CSCvh18017.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-policy_suitemobility_services_engineCisco Policy Suite unknown
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2021-1396
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.56% / 67.10%
||
7 Day CHG~0.00%
Published-24 Feb, 2021 | 19:31
Updated-08 Nov, 2024 | 23:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Application Services Engine Unauthorized Access Vulnerabilities

Multiple vulnerabilities in Cisco Application Services Engine could allow an unauthenticated, remote attacker to gain privileged access to host-level operations or to learn device-specific information, create diagnostic files, and make limited configuration changes. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-application_policy_infrastructure_controllerapplication_services_engineCisco Application Services Engine Software
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2021-1499
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-93.66% / 99.84%
||
7 Day CHG~0.00%
Published-06 May, 2021 | 12:41
Updated-08 Nov, 2024 | 23:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco HyperFlex HX Data Platform File Upload Vulnerability

A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to upload files to an affected device. This vulnerability is due to missing authentication for the upload function. An attacker could exploit this vulnerability by sending a specific HTTP request to an affected device. A successful exploit could allow the attacker to upload files to the affected device with the permissions of the tomcat8 user.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-hyperflex_hx240c_af_m5hyperflex_hx240c_m5hyperflex_hx220c_m5hyperflex_hx220c_edge_m5hyperflex_hx_data_platformhyperflex_hx220c_all_nvme_m5hyperflex_hx220c_af_m5hyperflex_hx240cCisco HyperFlex HX Data Platform
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2021-1393
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.06% / 76.69%
||
7 Day CHG~0.00%
Published-24 Feb, 2021 | 19:31
Updated-08 Nov, 2024 | 23:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Application Services Engine Unauthorized Access Vulnerabilities

Multiple vulnerabilities in Cisco Application Services Engine could allow an unauthenticated, remote attacker to gain privileged access to host-level operations or to learn device-specific information, create diagnostic files, and make limited configuration changes. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-application_policy_infrastructure_controllerapplication_services_engineCisco Application Services Engine Software
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-20210
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-7.3||HIGH
EPSS-0.12% / 32.51%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 17:16
Updated-13 Aug, 2025 | 19:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Catalyst Center Unprotected API Endpoint

A vulnerability in the management API of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to read and modify the outgoing proxy configuration settings. This vulnerability is due to the lack of authentication in an API endpoint. An attacker could exploit this vulnerability by sending a request to the affected API of a Catalyst Center device. A successful exploit could allow the attacker to view or modify the outgoing proxy configuration, which could disrupt internet traffic from Cisco Catalyst Center or may allow the attacker to intercept outbound internet traffic.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-catalyst_centerCisco Digital Network Architecture Center (DNA Center)
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2021-1246
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 27.19%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:17
Updated-17 Sep, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Finesse OpenSocial Gadget Editor Unauthenticated Access Vulnerability

Cisco Finesse, Cisco Virtualized Voice Browser, and Cisco Unified CVP OpenSocial Gadget Editor Unauthenticated Access Vulnerability A vulnerability in the web management interface of Cisco Finesse, Cisco Virtualized Voice Browser, and Cisco Unified CVP could allow an unauthenticated, remote attacker to access the OpenSocial Gadget Editor without providing valid user credentials. The vulnerability is due to missing authentication for a specific section of the web-based management interface. An attacker could exploit this vulnerability by accessing a crafted URL. A successful exploit could allow the attacker to obtain access to a section of the interface, which they could use to obtain potentially confidential information and create arbitrary XML files. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-finesseCisco Unified Customer Voice Portal (CVP)
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-3819
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.64% / 69.57%
||
7 Day CHG~0.00%
Published-15 Mar, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege escalation vulnerability in the Secure Shell (SSH) subsystem in the StarOS operating system for Cisco ASR 5000 Series, ASR 5500 Series, ASR 5700 Series devices, and Cisco Virtualized Packet Core could allow an authenticated, remote attacker to gain unrestricted, root shell access. The vulnerability is due to missing input validation of parameters passed during SSH or SFTP login. An attacker could exploit this vulnerability by providing crafted user input to the SSH or SFTP command-line interface (CLI) during SSH or SFTP login. An exploit could allow an authenticated attacker to gain root privileges access on the router. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered via both IPv4 and IPv6 traffic. An established TCP connection toward port 22, the SSH default port, is needed to perform the attack. The attacker must have valid credentials to login to the system via SSH or SFTP. The following products have been confirmed to be vulnerable: Cisco ASR 5000/5500/5700 Series devices running StarOS after 17.7.0 and prior to 18.7.4, 19.5, and 20.2.3 with SSH configured are vulnerable. Cisco Virtualized Packet Core - Single Instance (VPC-SI) and Distributed Instance (VPC-DI) devices running StarOS prior to N4.2.7 (19.3.v7) and N4.7 (20.2.v0) with SSH configured are vulnerable. Cisco Bug IDs: CSCva65853.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-virtualized_packet_coreasr_5000_series_softwareCisco StarOS
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-264
Not Available
CVE-2020-3392
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-1.64% / 81.17%
||
7 Day CHG~0.00%
Published-18 Nov, 2020 | 17:41
Updated-13 Nov, 2024 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IoT Field Network Director Missing API Authentication Vulnerability

A vulnerability in the API of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to view sensitive information on an affected system. The vulnerability exists because the affected software does not properly authenticate API calls. An attacker could exploit this vulnerability by sending API requests to an affected system. A successful exploit could allow the attacker to view sensitive information on the affected system, including information about the devices that the system manages, without authentication.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-iot_field_network_directorCisco IoT Field Network Director (IoT-FND)
CWE ID-CWE-306
Missing Authentication for Critical Function
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found