Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-20492

Summary
Assigner-cisco
Assigner Org ID-d1c1063e-7a18-46af-9102-31f8928bc633
Published At-02 Oct, 2024 | 16:55
Updated At-02 Oct, 2024 | 19:24
Rejected At-
Credits

Cisco Expressway Series Privilege Escalation Vulnerability

A vulnerability in the restricted shell of Cisco Expressway Series could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have Administrator-level credentials with read-write privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a series of crafted CLI commands. A successful exploit could allow the attacker to escape the restricted shell and gain root privileges on the underlying operating system of the affected device. Note: Cisco Expressway Series refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:cisco
Assigner Org ID:d1c1063e-7a18-46af-9102-31f8928bc633
Published At:02 Oct, 2024 | 16:55
Updated At:02 Oct, 2024 | 19:24
Rejected At:
â–¼CVE Numbering Authority (CNA)
Cisco Expressway Series Privilege Escalation Vulnerability

A vulnerability in the restricted shell of Cisco Expressway Series could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have Administrator-level credentials with read-write privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a series of crafted CLI commands. A successful exploit could allow the attacker to escape the restricted shell and gain root privileges on the underlying operating system of the affected device. Note: Cisco Expressway Series refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices.

Affected Products
Vendor
Cisco Systems, Inc.Cisco
Product
Cisco TelePresence Video Communication Server (VCS) Expressway
Default Status
unknown
Versions
Affected
  • X8.11.2
  • X8.6
  • X8.11.3
  • X8.2.2
  • X8.8.3
  • X8.11.0
  • X12.5.2
  • X8.1.1
  • X8.9
  • X12.5.1
  • X12.5.6
  • X8.7.3
  • X12.6.0
  • X8.11.1
  • X8.5
  • X8.9.1
  • X8.10.2
  • X8.8.2
  • X8.5.3
  • X8.1
  • X8.9.2
  • X8.11.4
  • X12.5.4
  • X8.8.1
  • X8.2.1
  • X8.5.1
  • X8.6.1
  • X8.1.2
  • X8.8
  • X8.10.0
  • X12.5.3
  • X8.10.1
  • X12.5.7
  • X8.10.3
  • X8.7.1
  • X8.2
  • X12.5.8
  • X8.7
  • X8.5.2
  • X12.5.9
  • X12.5.0
  • X8.10.4
  • X8.7.2
  • X12.5.5
  • X12.6.1
  • X12.6.2
  • X12.6.3
  • X12.6.4
  • X12.7.0
  • X12.7.1
  • X14.0.0
  • X14.0.1
  • X14.0.2
  • X14.0.3
  • X14.0.4
  • X14.0.5
  • X14.0.6
  • X14.0.7
  • X14.0.8
  • X14.2.0
  • X14.0.9
  • X14.2.1
  • X14.2.2
  • X14.0.11
  • X14.2.5
  • X14.0.10
  • X14.2.6
  • X14.2.7
  • X14.3.0
  • X14.3.1
  • X14.3.2
  • X14.3.3
  • X15.0.0
  • X14.3.4
  • X14.3.5
  • X15.0.1
  • X15.0.2
  • X15.0.3
  • X14.3.6
Problem Types
TypeCWE IDDescription
cweCWE-77Improper Neutralization of Special Elements used in a Command ('Command Injection')
Type: cwe
CWE ID: CWE-77
Description: Improper Neutralization of Special Elements used in a Command ('Command Injection')
Metrics
VersionBase scoreBase severityVector
3.16.0MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Version: 3.1
Base score: 6.0
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expw-escalation-3bkz77bD
N/A
Hyperlink: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expw-escalation-3bkz77bD
Resource: N/A
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Vendor
Cisco Systems, Inc.cisco
Product
telepresence_video_communication_server
CPEs
  • cpe:2.3:a:cisco:telepresence_video_communication_server:-:*:*:*:expressway:*:*:*
Default Status
unknown
Versions
Affected
  • X8.11.2
  • X8.6
  • X8.11.3
  • X8.2.2
  • X8.8.3
  • X8.11.0
  • X12.5.2
  • X8.1.1
  • X8.9
  • X12.5.1
  • X12.5.6
  • X8.7.3
  • X12.6.0
  • X8.11.1
  • X8.5
  • X8.9.1
  • X8.10.2
  • X8.8.2
  • X8.5.3
  • X8.1
  • X8.9.2
  • X8.11.4
  • X12.5.4
  • X8.8.1
  • X8.2.1
  • X8.5.1
  • X8.6.1
  • X8.1.2
  • X8.8
  • X8.10.0
  • X12.5.3
  • X8.10.1
  • X12.5.7
  • X8.10.3
  • X8.7.1
  • X8.2
  • X12.5.8
  • X8.7
  • X8.5.2
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:ykramarz@cisco.com
Published At:02 Oct, 2024 | 17:15
Updated At:08 Oct, 2024 | 16:07

A vulnerability in the restricted shell of Cisco Expressway Series could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have Administrator-level credentials with read-write privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a series of crafted CLI commands. A successful exploit could allow the attacker to escape the restricted shell and gain root privileges on the underlying operating system of the affected device. Note: Cisco Expressway Series refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.7MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Secondary3.16.0MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Type: Primary
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 6.0
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
CPE Matches

Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x8.1
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.1:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x8.1.1
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.1.1:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x8.1.2
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.1.2:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x8.2
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x8.2.1
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2.1:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x8.2.2
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.2.2:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x8.5
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x8.5.1
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.1:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x8.5.2
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.2:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x8.5.3
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.5.3:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x8.6
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.6:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x8.6.1
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.6.1:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x8.7
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x8.7.1
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.1:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x8.7.2
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.2:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x8.7.3
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.7.3:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x8.8
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x8.8.1
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8.1:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x8.8.2
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8.2:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x8.8.3
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.8.3:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x8.9
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.9:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x8.9.1
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.9.1:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x8.9.2
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.9.2:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x8.10.0
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.0:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x8.10.1
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.1:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x8.10.2
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.2:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x8.10.3
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.3:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x8.10.4
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.10.4:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x8.11.0
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.0:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x8.11.1
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.1:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x8.11.2
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.2:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x8.11.3
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.3:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x8.11.4
cpe:2.3:a:cisco:telepresence_video_communication_server:x8.11.4:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x12.5.0
cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.0:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x12.5.1
cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.1:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x12.5.2
cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.2:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x12.5.3
cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.3:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x12.5.4
cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.4:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x12.5.5
cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.5:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x12.5.6
cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.6:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x12.5.7
cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.7:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x12.5.8
cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.8:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x12.5.9
cpe:2.3:a:cisco:telepresence_video_communication_server:x12.5.9:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x12.6.0
cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.0:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x12.6.1
cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.1:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x12.6.2
cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.2:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x12.6.3
cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.3:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x12.6.4
cpe:2.3:a:cisco:telepresence_video_communication_server:x12.6.4:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x12.7.0
cpe:2.3:a:cisco:telepresence_video_communication_server:x12.7.0:*:*:*:expressway:*:*:*
Cisco Systems, Inc.
cisco
>>telepresence_video_communication_server>>x12.7.1
cpe:2.3:a:cisco:telepresence_video_communication_server:x12.7.1:*:*:*:expressway:*:*:*
Weaknesses
CWE IDTypeSource
CWE-77Primarynvd@nist.gov
CWE-77Secondaryykramarz@cisco.com
CWE ID: CWE-77
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-77
Type: Secondary
Source: ykramarz@cisco.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expw-escalation-3bkz77bDykramarz@cisco.com
Vendor Advisory
Hyperlink: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expw-escalation-3bkz77bD
Source: ykramarz@cisco.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

336Records found

CVE-2025-20185
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-3.4||LOW
EPSS-0.17% / 6.75%
||
7 Day CHG~0.00%
Published-05 Feb, 2025 | 16:14
Updated-06 Aug, 2025 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance Privilege Escalation Vulnerability

A vulnerability in the implementation of the remote access functionality of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance could allow an authenticated, local attacker to elevate privileges to root. The attacker must authenticate with valid administrator credentials. This vulnerability is due to an architectural flaw in the password generation algorithm for the remote access functionality. An attacker could exploit this vulnerability by generating a temporary password for the service account. A successful exploit could allow the attacker to execute arbitrary commands as root and access the underlying operating system. Note: The Security Impact Rating (SIR) for this vulnerability is Medium due to the unrestricted scope of information that is accessible to an attacker.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-secure_email_and_web_manager_virtual_appliance_m300vsecure_email_and_web_manager_m390secure_email_and_web_manager_m690secure_email_and_web_manager_virtual_appliance_m600vsecure_email_and_web_manager_m190secure_email_and_web_manager_m390xsecure_email_and_web_manager_m690xsecure_email_and_web_manager_m170secure_email_and_web_manager_m395secure_email_and_web_manager_m680secure_email_and_web_manager_m195asyncossecure_email_and_web_manager_virtual_appliance_m100vsecure_email_and_web_manager_m380secure_email_and_web_manager_m695Cisco Secure EmailCisco Secure Web ApplianceCisco Secure Email and Web Manager
CWE ID-CWE-250
Execution with Unnecessary Privileges
CVE-2025-20238
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.14% / 3.40%
||
7 Day CHG~0.00%
Published-14 Aug, 2025 | 16:29
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level privileges. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to insufficient input validation of commands that are supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input for specific commands. A successful exploit could allow the attacker to execute commands on the underlying operating system as root.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-Cisco Firepower Threat Defense SoftwareCisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-1244
Internal Asset Exposed to Unsafe Debug Access Level or State
CVE-2025-20237
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.14% / 4.01%
||
7 Day CHG~0.00%
Published-14 Aug, 2025 | 16:29
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level privileges. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to insufficient input validation of commands that are supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input for specific commands. A successful exploit could allow the attacker to execute commands on the underlying operating system as root.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-Cisco Firepower Threat Defense SoftwareCisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-146
Improper Neutralization of Expression/Command Delimiters
CVE-2025-20155
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.15% / 4.42%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 17:37
Updated-26 Feb, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the bootstrap loading of Cisco IOS XE Software could allow an authenticated, local attacker to write arbitrary files to an affected system. This vulnerability is due to insufficient input validation of the bootstrap file that is read by the system software when a device is first deployed in SD-WAN mode or when an administrator configures SD-Routing on the device. An attacker could exploit this vulnerability by modifying a bootstrap file generated by Cisco Catalyst SD-WAN Manager, loading it into the device flash, and then either reloading the device in a green field deployment in SD-WAN mode or configuring the device with SD-Routing. A successful exploit could allow the attacker to perform arbitrary file writes to the underlying operating system.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS XE Software
CWE ID-CWE-1287
Improper Validation of Specified Type of Input
CVE-2025-20308
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.17% / 7.08%
||
7 Day CHG~0.00%
Published-02 Jul, 2025 | 16:05
Updated-26 Feb, 2026 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Spaces Connector Privilege Escalation Vulnerability

A vulnerability in Cisco Spaces Connector could allow an authenticated, local attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root. This vulnerability is due to insufficient restrictions during the execution of specific CLI commands. An attacker could exploit this vulnerability by logging in to the Cisco Spaces Connector CLI as the spacesadmin user and executing a specific command with crafted parameters. A successful exploit could allow the attacker to elevate privileges from the spacesadmin user and execute arbitrary commands on the underlying operating system as root.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-spaces_connectorCisco DNA Spaces Connector
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-20338
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.15% / 4.58%
||
7 Day CHG~0.00%
Published-24 Sep, 2025 | 17:14
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with administrative privileges to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker could exploit this vulnerability by logging in to the device CLI with valid administrative (level 15) credentials and using crafted commands at the CLI prompt. A successful exploit could allow the attacker to execute arbitrary commands as root.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS XE Software
CWE ID-CWE-141
Improper Neutralization of Parameter/Argument Delimiters
CVE-2025-20313
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.18% / 7.71%
||
7 Day CHG~0.00%
Published-24 Sep, 2025 | 17:12
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple vulnerabilities in Cisco IOS XE Software of could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to the device to execute persistent code at boot time and break the chain of trust. These vulnerabilities are due path traversal and improper image integrity validation. A successful exploit could allow the attacker to execute persistent code on the underlying operating system. Because this allows the attacker to bypass a major security feature of the device, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High. For more information about these vulnerabilities, see the Details ["#details"] section of this advisory. ERP

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-Cisco IOS XE Software
CWE ID-CWE-35
Path Traversal: '.../...//'
CVE-2025-20295
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.18% / 7.59%
||
7 Day CHG~0.00%
Published-27 Aug, 2025 | 16:23
Updated-26 Feb, 2026 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco UCS Manager Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco UCS Manager Software could allow an authenticated, local attacker with administrative privileges to read or create a file or overwrite any file on the file system of the underlying operating system of an affected device, including system files.   This vulnerability is due to insufficient input validation of command arguments supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to read or create a file or overwrite any file on the file system of the underlying operating system of the affected device, including system files. To exploit this vulnerability, the attacker must have valid administrative credentials on the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-Cisco Unified Computing System (Managed)
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-20220
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.16% / 5.70%
||
7 Day CHG~0.00%
Published-14 Aug, 2025 | 16:40
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the CLI of Cisco Secure Firewall Management Center (FMC) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root. This vulnerability is due to improper input validation for specific CLI commands. An attacker could exploit this vulnerability by injecting operating system commands into a legitimate command. A successful exploit could allow the attacker to escape the restricted command prompt and execute arbitrary commands on the underlying operating system. To successfully exploit this vulnerability, an attacker would need valid Administrator credentials. For more information about vulnerable scenarios, see the Details ["#details"] section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-Cisco Firepower Management CenterCisco Firepower Threat Defense Software
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-20201
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.14% / 4.15%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 17:44
Updated-26 Feb, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying operating system of an affected device. This vulnerability is due to insufficient input validation when processing specific configuration commands. An attacker could exploit this vulnerability by including crafted input in specific configuration commands. A successful exploit could allow the attacker to elevate privileges to root on the underlying operating system of an affected device. The security impact rating (SIR) of this advisory has been raised to High because an attacker could gain access to the underlying operating system of the affected device and perform potentially undetected actions. Note: The attacker must have privileges to enter configuration mode on the affected device. This is usually referred to as privilege level 15.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS XE Software
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2019-1649
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.61% / 44.92%
||
7 Day CHG~0.00%
Published-13 May, 2019 | 19:10
Updated-20 Nov, 2024 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Secure Boot Hardware Tampering Vulnerability

A vulnerability in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component. This vulnerability affects multiple Cisco products that support hardware-based Secure Boot functionality. The vulnerability is due to an improper check on the area of code that manages on-premise updates to a Field Programmable Gate Array (FPGA) part of the Secure Boot hardware implementation. An attacker with elevated privileges and access to the underlying operating system that is running on the affected device could exploit this vulnerability by writing a modified firmware image to the FPGA. A successful exploit could either cause the device to become unusable (and require a hardware replacement) or allow tampering with the Secure Boot verification process, which under some circumstances may allow the attacker to install and boot a malicious software image. An attacker will need to fulfill all the following conditions to attempt to exploit this vulnerability: Have privileged administrative access to the device. Be able to access the underlying operating system running on the device; this can be achieved either by using a supported, documented mechanism or by exploiting another vulnerability that would provide an attacker with such access. Develop or have access to a platform-specific exploit. An attacker attempting to exploit this vulnerability across multiple affected platforms would need to research each one of those platforms and then develop a platform-specific exploit. Although the research process could be reused across different platforms, an exploit developed for a given hardware platform is unlikely to work on a different hardware platform.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_9300nim-4e\/mfirepower_4150nim-4bri-nt\/teasr-920-12sz-im-ccnx-osa900-rsp3c-400\/wic3000-k9_firmwareasr-920-12cz-aintegrated_services_router_4400_firmware1240_connected_grid_routerncs-55a2-mod-se-h-snim-2foxc9300-24ufirepower_9000_firmware4331_integrated_services_routerasr1000-6tgenim-4fxsc6800-sup6t-xln77-sup3enc55-5504-fcnim-2fxs\/4fxoncs-55a1-36h-sc6800-8p10g-xlc6824-x-le-40gcatalyst_9800-80_wireless_controllernim-2ge-cu-sfpasr-920-4sz-aasr-920-12sz-da99-32x100ge-cma99-rp3-trc9500-24qsm-x-1t3\/e3_firmwarefirepower_4140n9k-sup-b\+nim-4fxoasr_1000_seriesasa_5506-xn9k-c93108tc-fxn7k-m348xp-25lasr-920-24sz-mncs2k-mr-mxp-k9_firmwareasr_1001_firmwareencs_5100sm-x-pvdm-3000nim-2mft-t1\/e1network_convergence_system_1002ncs-55a1-36h-sec9500-32csm-x-1t3\/e3n3k-c3264c-ec9300-24tons_15454_mstp_firmwarencs-5502cbr-ccap-lc-40g-rc6840-x-le-40ga9k-rsp5-senim-2fxsnim-1ce1t1-princ55-24h12f-seasr-920-10sz-pdasr-920-4sz-dintegrated_services_router_4200_firmwareons_15454_mstpasr-920-12cz-dnetwork_convergence_system_5001n9k-c93180yc-fxfirepower_4120c9300-48tn9k-c9348gc-fxpcbr-lc-8d31-16u31a900-rsp2a-64c9500-40xasr-920-24tz-imnim-8ce1t1-priencs_5400_firmwaren77-m312cq-26lncs2k-mr-mxp-k915454-m-wse-k9_firmwarecatalyst_9600_supervisor_engine-1cbr-8_converged_broadband_routerfirepower_2120c9300-48unn9k-c93240yc-fx2nc55-36x100g-a-sen9k-c93108tc-exn3k-c3132c-za99-32x100ge-trc9300-24uxc9300-48unc55-mod-a-snim-8mft-t1\/e11120_connected_grid_routerasr-920-24tz-masr-920-12sz-aic3000-k9asr1000-mip100asa_5516-xa9k-rsp5-trindustrial_security_appliances_3000_firmwarea900-rsp2a-128c6816-x-lefirepower_2130nim-2fxspfirepower_4110nim-2bri-nt\/tea9k-16x100ge-trc9500-12qfirepower_2110nc55-36x100g-sc6800-32p10g-xlintegrated_services_router_4300_firmwarea99-rp3-secatalyst_9800-40_wireless_controllerasr1000-2t\+20x1gencs-5501sm-x-pvdm-1000n9k-c93180yc-exncs-5501-sec9500-16xc6800-16p10g-xlc6800-8p40g-xla9k-16x100ge-cmnim-1mft-t1\/e1809_industrial_integrated_services_routersnim-4mft-t1\/e115454-m-wse-k9nim-4fxspncs-55a2-mod-se-s44461_integrated_services_routerasr1000-rp34221_integrated_services_routernc55-6x200-dwdm-sasr1000-esp200c9300-48pncs-55a2-mod-sn3k-c31108pc-vasr_1001-hxc6832-x-lesupervisor_b\+_firmwaresm-x-pvdm-500network_convergence_system_5002c9300-24p4451-x_integrated_services_routerc9500-32qcc9300-48uxm829_industrial_integrated_services_routersds-x9334-k9ds-x9648-1536k9firepower_4000_firmwareasr_1002-hxn9k-c92300ycencs_5400catalyst_9800-40_wireless_controller_firmwaresupervisor_a\+_firmwarencs-55a2-mod-hd-siosasr_1000-esp100nc55-5516-fcios_xrnim-1ge-cu-sfpa99-16x100ge-x-sen3k-c31108tc-vsm-x-pvdm-2000a900-rsp3c-200ncs-55a2-mod-hx-s4321_integrated_services_routern7k-m324fq-25lnim-2ce1t1-priencs_5100_firmware4431_integrated_services_routernim-2fxs\/4fxopasa_5506h-xindustrial_security_appliances_3000n77-m348xp-23lfirepower_2100_firmwareios_xencs-5502-seasa_5500_firmwarencs-55a1-24hasa_5506w-xfirepower_2140catalyst_9800-80_wireless_controller_firmwarec9500-48y4canalog_voice_network_interface_modules_firmwareintegrated_services_router_t1\/e1_voice_and_wan_network_interface_modules_firmwareasr_1001-xn9k-c93180lc-exn9k-sup-a\+c9500-24y4casr_1000_series_firmwareasa_5508-x4351_integrated_services_routerCisco Routers
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-667
Improper Locking
CVE-2019-1727
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.2||MEDIUM
EPSS-0.55% / 42.05%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 16:45
Updated-21 Nov, 2024 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software Python Parser Privilege Escalation Vulnerability

A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and issue arbitrary commands to elevate the attacker's privilege level. The vulnerability is due to insufficient sanitization of user-supplied parameters that are passed to certain Python functions in the scripting sandbox of the affected device. An attacker could exploit this vulnerability to escape the scripting sandbox and execute arbitrary commands to elevate the attacker's privilege level. To exploit this vulnerability, the attacker must have local access and be authenticated to the targeted device with administrative or Python execution privileges. These requirements could limit the possibility of a successful exploit.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_3500nexus_3100vmds_9500mds_9000nexus_9200nexus_5600nx-osnexus_3200mds_9700nexus_6000nexus_5500nexus_3400nexus_3100nexus_9000mds_9100nexus_9500nexus_3548-xnexus_3100-znexus_7000nexus_3524-xlnexus_9300nexus_3548-xlnexus_3000nexus_3600mds_9200nexus_7700nexus_3524-xCisco NX-OS Software
CWE ID-CWE-264
Not Available
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-15277
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.43% / 34.66%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 18:36
Updated-20 Nov, 2024 | 17:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco TelePresence Collaboration Endpoint Software Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to execute code with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating as the remote support user and sending malicious traffic to a listener who is internal to the device. A successful exploit could allow the attacker to execute commands with root privileges.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-telepresence_collaboration_endpointCisco TelePresence TC Software
CWE ID-CWE-264
Not Available
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-15275
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.45% / 35.68%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 18:36
Updated-20 Nov, 2024 | 17:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco TelePresence Collaboration Endpoint Software Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating as the remote support user and submitting malicious input to a specific command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system (OS) with root privileges.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-telepresence_collaboration_endpointCisco TelePresence TC Software
CWE ID-CWE-264
Not Available
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-15996
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.52% / 40.21%
||
7 Day CHG~0.00%
Published-26 Nov, 2019 | 03:41
Updated-20 Nov, 2024 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco DNA Spaces: Connector Privilege Escalation Vulnerability

A vulnerability in Cisco DNA Spaces: Connector could allow an authenticated, local attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root. The vulnerability is due to insufficient restrictions during the execution of an affected CLI command. An attacker could exploit this vulnerability by leveraging the insufficient restrictions to modify sensitive files. A successful exploit could allow the attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-dna_spaces\Cisco DNA Spaces
CWE ID-CWE-264
Not Available
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-20411
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.16% / 5.56%
||
7 Day CHG~0.00%
Published-28 Aug, 2024 | 16:27
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Bash Arbitrary Code Execution Vulnerability

A vulnerability in Cisco NX-OS Software could allow an authenticated, local attacker with privileges to access the Bash shell to execute arbitrary code as root on an affected device. This vulnerability is due to insufficient security restrictions when executing commands from the Bash shell. An attacker with privileges to access the Bash shell could exploit this vulnerability by executing a specific crafted command on the underlying operating system. A successful exploit could allow the attacker to execute arbitrary code with the privileges of root.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-Cisco NX-OS Softwarenx-os
CWE ID-CWE-267
Privilege Defined With Unsafe Actions
CVE-2019-1952
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.72% / 49.26%
||
7 Day CHG~0.00%
Published-08 Aug, 2019 | 07:25
Updated-20 Nov, 2024 | 17:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Enterprise NFV Infrastructure Software Path Traversal Vulnerability

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to overwrite or read arbitrary files. The attacker would need valid administrator privilege-level credentials. This vulnerability is due to improper input validation of CLI command arguments. An attacker could exploit this vulnerability by using directory traversal techniques when executing a vulnerable command. A successful exploit could allow the attacker to overwrite or read arbitrary files on an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-enterprise_network_function_virtualization_infrastructureCisco Enterprise NFV Infrastructure Software
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-20
Improper Input Validation
CVE-2019-1811
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.27% / 17.93%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 22:20
Updated-20 Nov, 2024 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS CLI Command Software Image Signature Verification Vulnerabilities

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attacker could exploit this vulnerability to install an unsigned software image on an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_93108tc-exnx-osnexus_3636c-rnexus_95089736pqnexus_93120txnexus_9316d-gxnexus_3524-x\/xln9k-x9732c-fxn9k-c9504-fm-rn9k-x9464tx2nexus_31128pqnexus_3132q-vnexus_9332cnexus_9364cnexus_3164qnexus_9336c-fx2nexus_3132c-znexus_3172pq\/pq-xlnexus_31108tc-vx9636q-rnexus_9348gc-fxp9536pqn9k-x9732c-exnexus_3464cnexus_9500_supervisor_b\+nexus_93216tc-fx2nexus_36180yc-rnexus_93180yc-fxnexus_3264qnexus_3432d-snexus_34180ycnexus_31108pc-vn9k-x9636c-rxn9k-x9736c-fxnexus_9500_supervisor_a\+n9k-x9736c-exnexus_3548-x\/xln9k-x97160yc-exnexus_92160yc-xnexus_9500_supervisor_bnexus_9504nexus_3048nexus_93108tc-fxnexus_93360yc-fx2n9k-c9508-fm-rnexus_9500_supervisor_anexus_92300ycnexus_3232cn9k-x9788tc-fxn9k-x9564txn9k-x9464px9432pqnexus_3264c-enexus_93240yc-fx2nexus_3132q-x\/3132q-xl9636pqn9k-x9432c-snexus_3172tq-xlnexus_93180yc-exnexus_3408-snexus_93600cd-gxn9k-x9564pxnexus_9516n9k-x9636c-rCisco NX-OS Software
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2019-12666
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-1.14% / 62.67%
||
7 Day CHG~0.00%
Published-25 Sep, 2019 | 20:16
Updated-20 Nov, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software Path Traversal Vulnerability

A vulnerability in the Guest Shell of Cisco IOS XE Software could allow an authenticated, local attacker to perform directory traversal on the base Linux operating system of Cisco IOS XE Software. The vulnerability is due to incomplete validation of certain commands. An attacker could exploit this vulnerability by first accessing the Guest Shell and then entering specific commands. A successful exploit could allow the attacker to execute arbitrary code on the base Linux operating system.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS XE Software 16.4.1
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2019-12709
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.46% / 36.82%
||
7 Day CHG~0.00%
Published-25 Sep, 2019 | 20:15
Updated-20 Nov, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XR Software for Cisco ASR 9000 VMAN CLI Privilege Escalation Vulnerability

A vulnerability in a CLI command related to the virtualization manager (VMAN) in Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with root privileges. The vulnerability is due to insufficient validation of arguments passed to a specific VMAN CLI command on an affected device. An attacker who has valid administrator access to an affected device could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to run arbitrary commands on the underlying operating system with root privileges, which may lead to complete system compromise.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-asr_9000vasr_9910asr_9906asr_9904asr_9006asr_9912asr_9922asr_9010asr_9001ios_xrasr_9901Cisco IOS XR Software
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-12694
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.43% / 34.18%
||
7 Day CHG~0.00%
Published-02 Oct, 2019 | 19:06
Updated-20 Nov, 2024 | 17:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Firepower Threat Defense Software Command Injection Vulnerability

A vulnerability in the command line interface (CLI) of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker with administrative privileges to execute commands on the underlying operating system with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by executing a specific CLI command that includes crafted arguments. A successful exploit could allow the attacker to execute commands on the underlying OS with root privileges.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_threat_defenseCisco Firepower Threat Defense Software
CWE ID-CWE-20
Improper Input Validation
CVE-2019-12649
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.24% / 14.63%
||
7 Day CHG~0.00%
Published-25 Sep, 2019 | 20:05
Updated-20 Nov, 2024 | 17:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software Digital Signature Verification Bypass Vulnerability

A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install and boot a malicious software image or execute unsigned binaries on an affected device. The vulnerability exists because, under certain circumstances, an affected device can be configured to not verify the digital signatures of system image files during the boot process. An attacker could exploit this vulnerability by abusing a specific feature that is part of the device boot process. A successful exploit could allow the attacker to install and boot a malicious software image or execute unsigned binaries on the targeted device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-catalyst_3850-24xs-ecatalyst_3850-32xs-ecatalyst_3850-12s-scatalyst_3850-12xs-scatalyst_3850-24s-ecatalyst_9300l-48p-4g-ecatalyst_9300l-48t-4g-ecatalyst_3850-24u-lcatalyst_3850-24p-scatalyst_9300l-24t-4g-acatalyst_3850-16xs-scatalyst_3850-48f-scatalyst_3850-24u-scatalyst_3850-48pw-scatalyst_9300l-24t-4x-acatalyst_c3850-12x48u-lcatalyst_9300l-24t-4x-ecatalyst_9300-48un-ecatalyst_9300-48p-acatalyst_9300-24s-acatalyst_9300l-24p-4g-ecatalyst_3850-48f-ecatalyst_9300l-48t-4x-acatalyst_3850-48u-lcatalyst_9300l-24p-4g-acatalyst_9300-48uxm-acatalyst_9300l-24p-4x-ecatalyst_9300-24ux-acatalyst_9300-24p-acatalyst_3850-32xs-scatalyst_9300-24t-ecatalyst_9300l-24t-4g-ecatalyst_3850-48f-lcatalyst_3850-24xu-lcatalyst_3850-48xs-ecatalyst_3850-24s-scatalyst_9300-48s-ecatalyst_9300-24u-acatalyst_3850-48t-scatalyst_9300-48p-ecatalyst_3850-24pw-scatalyst_3850-24t-scatalyst_9300lcatalyst_3850-24t-lcatalyst_3850-48u-ecatalyst_9300-48t-ecatalyst_9300-24u-ecatalyst_3850-24xu-ecatalyst_3850-48p-scatalyst_9300l-48p-4g-acatalyst_9300-48un-acatalyst_3850-48u-scatalyst_9300l-48t-4g-acatalyst_3850-16xs-eioscatalyst_9300-24p-ecatalyst_3850-48xs-f-ecatalyst_9300-48uxm-ecatalyst_9300-48t-acatalyst_3850-48p-ecatalyst_9300l-48t-4x-ecatalyst_3850-12s-ecatalyst_9300l-48p-4x-ecatalyst_3850-24p-lcatalyst_3850-48t-lcatalyst_3850-24t-ecatalyst_c3850-12x48u-ecatalyst_3850-24xs-scatalyst_9300l-48p-4x-acatalyst_9300-24s-ecatalyst_9300-48u-ecatalyst_9300-48u-acatalyst_9300-48s-acatalyst_3850-12xs-ecatalyst_3850-24u-ecatalyst_3850-48xs-sios_xecatalyst_3850-48p-lcatalyst_3850-24p-ecatalyst_3850-48xs-f-scatalyst_9300-24t-acatalyst_9300l-24p-4x-acatalyst_9300catalyst_3850-48t-ecatalyst_3850-24xu-scatalyst_9300-24ux-ecatalyst_c3850-12x48u-sCisco IOS XE Software 3.2.11aSG
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2019-12670
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.31% / 23.18%
||
7 Day CHG~0.00%
Published-25 Sep, 2019 | 20:16
Updated-20 Nov, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software IOx Guest Shell Namespace Protection Vulnerability

A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker within the IOx Guest Shell to modify the namespace container protections on an affected device. The vulnerability is due to insufficient file permissions. An attacker could exploit this vulnerability by modifying files that they should not have access to. A successful exploit could allow the attacker to remove container protections and perform file actions outside the namespace of the container.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-iosCisco IOS XE Software 3.2.11aSG
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-20930
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.23% / 13.84%
||
7 Day CHG~0.00%
Published-30 Sep, 2022 | 18:46
Updated-01 Nov, 2024 | 18:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco SD-WAN Software Arbitrary File Corruption Vulnerability

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite and possibly corrupt files on an affected system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary commands that are executed as the root user account. A successful exploit could allow the attacker to overwrite arbitrary system files, which could result in a denial of service (DoS) condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-vedge_2000sd-wanvedge_100bvedge_100msd-wan_vbond_orchestratorvedge_5000sd-wan_vsmart_controllervedge_100sd-wan_vmanagevedge_1000vedge_100wmcatalyst_sd-wan_managerCisco SD-WAN vManage
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-20907
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.19% / 9.38%
||
7 Day CHG~0.00%
Published-21 Jul, 2022 | 03:50
Updated-01 Nov, 2024 | 18:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Nexus Dashboard Privilege Escalation Vulnerabilities

Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these vulnerabilities by authenticating as the rescue-user and executing vulnerable CLI commands using a malicious payload. A successful exploit could allow the attacker to elevate privileges to root on an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_dashboardCisco Nexus Dashboard
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-20855
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.9||HIGH
EPSS-0.34% / 25.97%
||
7 Day CHG~0.00%
Published-30 Sep, 2022 | 18:46
Updated-01 Nov, 2024 | 18:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst Access Points Privilege Escalation Vulnerability

A vulnerability in the self-healing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst Access Points could allow an authenticated, local attacker to escape the restricted controller shell and execute arbitrary commands on the underlying operating system of the access point. This vulnerability is due to improper checks throughout the restart of certain system processes. An attacker could exploit this vulnerability by logging on to an affected device and executing certain CLI commands. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS as root. To successfully exploit this vulnerability, an attacker would need valid credentials for a privilege level 15 user of the wireless controller.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-catalyst_9120_apcatalyst_9800-lcatalyst_9105catalyst_9124catalyst_9800-40catalyst_9800catalyst_9120catalyst_9105axwcatalyst_9120axecatalyst_9124axdcatalyst_9105axicatalyst_9120axicatalyst_9130axeios_xecatalyst_9130_apcatalyst_9115axecatalyst_9800-l-ccatalyst_9800-clcatalyst_9117_apcatalyst_9800-80catalyst_9800-l-fcatalyst_9117catalyst_9120axpcatalyst_9115catalyst_9124axicatalyst_9115axicatalyst_9130catalyst_9115_apcatalyst_9130axicatalyst_9117axiCisco IOS XE Software
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-20908
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.21% / 10.69%
||
7 Day CHG~0.00%
Published-21 Jul, 2022 | 03:50
Updated-01 Nov, 2024 | 18:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Nexus Dashboard Privilege Escalation Vulnerabilities

Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these vulnerabilities by authenticating as the rescue-user and executing vulnerable CLI commands using a malicious payload. A successful exploit could allow the attacker to elevate privileges to root on an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_dashboardCisco Nexus Dashboard
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CWE ID-CWE-20
Improper Input Validation
CVE-2022-20727
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.5||MEDIUM
EPSS-1.04% / 59.92%
||
7 Day CHG+0.03%
Published-15 Apr, 2022 | 14:20
Updated-16 Sep, 2024 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOx Application Hosting Environment Vulnerabilities

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeiosic3000_industrial_compute_gatewaycgr1000_compute_moduleir510_operating_systemCisco IOS
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-20677
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.61% / 44.72%
||
7 Day CHG+0.02%
Published-15 Apr, 2022 | 14:16
Updated-06 Nov, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOx Application Hosting Environment Vulnerabilities

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-820188008101-32hcatalyst_3850catalyst_3650catalyst_9200asr_90101100-6g_integrated_services_routercatalyst_ie3400catalyst_ie9300catalyst_9500h1160_integrated_services_router8202catalyst_9600asr_1002-hxasr_9902ioscatalyst_cg418-easr_9006catalyst_8200catalyst_ie3200catalyst_9800-801109_integrated_services_routercatalyst_9400catalyst_8300111x_integrated_services_routerasr_9000v-v21120_integrated_services_routercatalyst_8500asr_1006-xcatalyst_9800-l1100-4g_integrated_services_router1111x_integrated_services_router8201-32fhasr_900asr_9903catalyst_9800-40catalyst_9800catalyst_8500lcatalyst_9500cloud_services_router_1000v8101-32fhasr_9001catalyst_ess93004221_integrated_services_routerasr_9910asr_9906esr6300asr_9904asr_9912asr_9922catalyst_9300catalyst_9800-clasr_1001-xcatalyst_cg522-eesr33001101_integrated_services_routercatalyst_ie33008102-64h1131_integrated_services_routerasr_1009-xasr_9901Cisco IOS
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2022-20906
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.19% / 9.38%
||
7 Day CHG~0.00%
Published-21 Jul, 2022 | 03:50
Updated-01 Nov, 2024 | 18:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Nexus Dashboard Privilege Escalation Vulnerabilities

Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these vulnerabilities by authenticating as the rescue-user and executing vulnerable CLI commands using a malicious payload. A successful exploit could allow the attacker to elevate privileges to root on an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_dashboardCisco Nexus Dashboard
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-20676
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.1||MEDIUM
EPSS-0.27% / 19.00%
||
7 Day CHG~0.00%
Published-15 Apr, 2022 | 14:16
Updated-16 Sep, 2024 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software Tool Command Language Privilege Escalation Vulnerability

A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root-level privileges. This vulnerability is due to insufficient input validation of data that is passed into the Tcl interpreter. An attacker could exploit this vulnerability by loading malicious Tcl code on an affected device. A successful exploit could allow the attacker to execute arbitrary commands as root. By default, Tcl shell access requires privilege level 15.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS XE Software
CWE ID-CWE-250
Execution with Unnecessary Privileges
CWE ID-CWE-20
Improper Input Validation
CVE-2022-20776
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.45% / 36.17%
||
7 Day CHG~0.00%
Published-26 Oct, 2022 | 14:01
Updated-25 Oct, 2024 | 16:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities

Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-roomostelepresence_collaboration_endpointCisco RoomOS Software
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-20909
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.21% / 10.69%
||
7 Day CHG~0.00%
Published-21 Jul, 2022 | 04:01
Updated-01 Nov, 2024 | 18:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Nexus Dashboard Privilege Escalation Vulnerabilities

Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these vulnerabilities by authenticating as the rescue-user and executing vulnerable CLI commands using a malicious payload. A successful exploit could allow the attacker to elevate privileges to root on an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_dashboardCisco Nexus Dashboard
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CWE ID-CWE-20
Improper Input Validation
CVE-2022-20865
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.33% / 24.62%
||
7 Day CHG~0.00%
Published-25 Aug, 2022 | 18:40
Updated-06 Nov, 2024 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco FXOS Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The attacker would need to have Administrator privileges on the device. This vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_4145_firmwarefirepower_9300_sm-48_firmwarefirepower_4150firepower_4110firepower_4112_firmwarefirepower_4125firepower_9300_sm-48firepower_4125_firmwarefirepower_9300_sm-40_firmwarefirepower_4112firepower_4140firepower_4115_firmwarefirepower_9300_sm-40firepower_4150_firmwarefirepower_4120_firmwarefirepower_9300_sm-56_firmwarefirepower_4145firepower_4120firepower_9300_sm-56firepower_9300_sm-56_x_3firepower_4110_firmwarefirepower_4140_firmwarefirepower_4115firepower_9300_sm-56_x_3_firmwareCisco Firepower Extensible Operating System (FXOS)
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-20413
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.15% / 4.52%
||
7 Day CHG~0.00%
Published-28 Aug, 2024 | 16:27
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Bash Privilege Escalation Vulnerability

A vulnerability in Cisco NX-OS Software could allow an authenticated, local attacker with privileges to access the Bash shell to elevate privileges to network-admin on an affected device. This vulnerability is due to insufficient security restrictions when executing application arguments from the Bash shell. An attacker with privileges to access the Bash shell could exploit this vulnerability by executing crafted commands on the underlying operating system. A successful exploit could allow the attacker to create new users with the privileges of network-admin.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-Cisco NX-OS Softwarenx-os
CWE ID-CWE-862
Missing Authorization
CVE-2024-20306
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.19% / 8.63%
||
7 Day CHG~0.00%
Published-27 Mar, 2024 | 16:58
Updated-30 Jul, 2025 | 14:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Unified Threat Defense (UTD) configuration CLI of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying host operating system. To exploit this vulnerability, an attacker must have level 15 privileges on the affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by submitting a crafted CLI command to an affected device. A successful exploit could allow the attacker to execute arbitrary commands as root on the underlying operating system.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS XE Softwareios_xe
CWE ID-CWE-233
Improper Handling of Parameters
CVE-2024-20399
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-4.27% / 89.89%
||
7 Day CHG~0.00%
Published-01 Jul, 2024 | 16:11
Updated-28 Oct, 2025 | 13:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2024-07-23||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Cisco NX-OS Software CLI Command Injection Vulnerability

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated user in possession of Administrator credentials to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments that are passed to specific configuration CLI commands. An attacker could exploit this vulnerability by including crafted input as the argument of an affected configuration CLI command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of root. Note: To successfully exploit this vulnerability on a Cisco NX-OS device, an attacker must have Administrator credentials. The following Cisco devices already allow administrative users to access the underlying operating system through the bash-shell feature, so, for these devices, this vulnerability does not grant any additional privileges: Nexus 3000 Series Switches Nexus 7000 Series Switches that are running Cisco NX-OS Software releases 8.1(1) and later Nexus 9000 Series Switches in standalone NX-OS mode

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_9804nexus_7000mds_9216inexus_3132q-xlnexus_3172pq-xlnexus_9000_in_standalone_nx-os_modenexus_31108pv-vnexus_3100vnexus_9232enexus_5548pnexus_9236cnexus_9432pqnexus_93128nexus_9500_supervisor_b\+nexus_7700_supervisor_2enexus_7702nexus_3200nexus_9316d-gxnexus_93240tc-fx2nexus_9364d-gx2anexus_34200yc-smnexus_93180yc-fx-24nexus_9500_8-slotnexus_9396pxnexus_92348gc-xnexus_7000_supervisor_2enexus_9332pqnexus_9332d-h2rnexus_5548upnexus_9272qnexus_93108tc-fx-24nexus_5000nexus_3548-xnexus_9332cnexus_5696qnexus_9332d-gx2bnexus_3100-vnexus_9536pqmds_9396snexus_5672up-16gnexus_9504mds_9506nexus_93180yc-fxnexus_5020nexus_9500_supervisor_bnexus_93108tc-fx3hnexus_7700_10-slotnexus_9336c-fx2-enexus_9396txnexus_3132q-xmds_9500nexus_3524-x\/xlmds_9148nexus_93180lc-exnexus_7700_supervisor_3enexus_3500nexus_31108pc-vnexus_7700_6-slotnexus_3172tq-xlnexus_7000_supervisor_2nexus_9200nexus_93216tc-fx2nexus_9500_supervisor_anexus_9808nexus_5500nexus_9364c-gxnexus_9336pq_acinexus_3524-xlnexus_3264qnexus_3264c-enexus_3064-32tnexus_3400nexus_3172pq\/pq-xlnexus_56128pmds_9700mds_9148tnexus_3164qnexus_3132qnexus_9508nexus_3132q-vnexus_3064xnexus_92160yc-xnexus_93108tc-fx3pnexus_93180yc-fx3nexus_3548-xlnexus_31108tc-vmds_9706nexus_3000nexus_3100nexus_5596upnexus_93180tc-exnexus_9348gc-fxpnexus_93108tc-fxnexus_31128pqnexus_7700_18-slotnexus_7010mds_9148snexus_5672upnexus_3548mds_9216anexus_93108tc-exnexus_93180yc-exmds_9200nexus_92300ycnexus_5648qnexus_7018nexus_36180yc-rmds_9250inexus_3172nexus_93240yc-fx2nexus_3172pqnexus_3464cnexus_93180yc-ex-24nexus_7700nexus_7718nexus_9500_4-slotnexus_9000mds_9222inexus_7700_2-slotnexus_9500mds_9132tnexus_9000vnexus_3064-xnexus_9516nexus_7004nexus_3636c-rnexus_7000_4-slotnexus_9000_in_standalonenexus_92304qcnexus_9348d-gx2anexus_3600nexus_3524-xnexus_7009nexus_9221cnexus_9408nexus_9000_in_aci_modenexus_3172tq-32tnexus_7706nexus_9300nexus_7710nexus_9500rnexus_9348gc-fx3nexus_3232c_nexus_5624qnexus_9336pqnexus_3232nx-osnexus_9336c-fx2nexus_3100-zmds_9216nexus_7000_supervisor_1nexus_93180yc-fx3snexus_9736pqnexus_5600mds_9710mds_9140nexus_7000_18-slotmds_9513nexus_9372tx-enexus_9500_supervisor_a\+nexus_3524nexus_9372pxmds_9100nexus_3064tnexus_3408-snexus_93108tc-ex-24nexus_9636pqmds_9396tnexus_7000_9-slotnexus_3132c-znexus_7000_10-slotnexus_9372txnexus_93600cd-gxnexus_9800nexus_3132q-x\/3132q-xlmds_9000nexus_93180yc-fx3hnexus_3432d-snexus_5010mds_9134nexus_9500_16-slotnexus_93128txnexus_9200ycnexus_3048nexus_93120txmds_9718nexus_93360yc-fx2nexus_9372px-enexus_34180ycnexus_9716d-gxnexus_9336pq_aci_spinemds_9509nexus_3016qnexus_3232cnexus_3064-tnexus_3064nexus_3016nexus_9364cnexus_3548-x\/xlnexus_5596tnexus_3172tqCisco NX-OS Softwarenx-osNX-OS
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-20461
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.18% / 7.87%
||
7 Day CHG~0.00%
Published-16 Oct, 2024 | 16:16
Updated-22 Oct, 2024 | 18:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco ATA 190 Series Analog Telephone Adapter Firmware Command Injection Vulnerability

A vulnerability in the CLI of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an authenticated, local attacker with high privileges to execute arbitrary commands as the root user. This vulnerability exists because CLI input is not properly sanitized. An attacker could exploit this vulnerability by sending malicious characters to the CLI. A successful exploit could allow the attacker to read and write to the underlying operating system as the root user.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ata_192_firmwareata_191_firmwareata_192ata_191Cisco Analog Telephone Adaptor (ATA) Softwareata_190_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-20282
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.17% / 6.38%
||
7 Day CHG~0.00%
Published-03 Apr, 2024 | 16:20
Updated-07 May, 2025 | 14:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in Cisco Nexus Dashboard could allow an authenticated, local attacker with valid rescue-user credentials to elevate privileges to root on an affected device. This vulnerability is due to insufficient protections for a sensitive access token. An attacker could exploit this vulnerability by using this token to access resources within the device infrastructure. A successful exploit could allow an attacker to gain root access to the filesystem or hosted containers on an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_dashboardCisco Nexus Dashboardnexus_dashboard
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2024-20359
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-16.99% / 96.69%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 18:16
Updated-28 Oct, 2025 | 14:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2024-05-01||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level privileges are required to exploit this vulnerability. This vulnerability is due to improper validation of a file when it is read from system flash memory. An attacker could exploit this vulnerability by copying a crafted file to the disk0: file system of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the affected device after the next reload of the device, which could alter system behavior. Because the injected code could persist across device reboots, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-adaptive_security_appliance_softwarefirepower_threat_defenseCisco Firepower Threat Defense SoftwareCisco Adaptive Security Appliance (ASA) Softwareasafirepower_threat_defense_softwareAdaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-20456
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.19% / 8.89%
||
7 Day CHG~0.00%
Published-10 Jul, 2024 | 16:06
Updated-04 Aug, 2025 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker with high privileges to bypass the Cisco Secure Boot functionality and load unverified software on an affected device. To exploit this successfully, the attacker must have root-system privileges on the affected device. This vulnerability is due to an error in the software build process. An attacker could exploit this vulnerability by manipulating the system’s configuration options to bypass some of the integrity checks that are performed during the booting process. A successful exploit could allow the attacker to control the boot configuration, which could enable them to bypass of the requirement to run Cisco signed images or alter the security properties of the running system.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-8201-32fh-oncs_540x-4z14g2q-ancs_540x-8z16g-sys-ancs_1010ncs_540-24q8l2dd-sysncs_540x-4z14g2q-d8122-64ehf-oncs_540-acc-sys8212-48fh-m8711-32fh-m8111-32eh-o8101-32fh-oncs_540-24q2c2dd-sysncs_540x-16z8q2c-d8808ncs_540-12z20g-sys-aios_xrncs_540-24z8q2c-sys870082028122-64eh-oncs_540-12z20g-sys-d8202-32fh-mncs_57b1-5dse-sys8608ncs_1014ncs_540-fh-csr-sysncs_540-28z4c-sys-ancs_540x-6z18g-sys-a8102-64h-oncs_57d2-18dd-sysncs_540x-16z4g8q2c-a8101-32h-oncs_540x-acc-sys88128404ncs_540-28z4c-sys-d8011-4g24y4h-i8101-32fhncs_540-6z14s-sys-dncs_540-6z18g-sys-dncs_57c1-48q6-sys8818ncs_540x-12z16g-sys-a8201-24h8fh8102-64h8501-sys-mtncs_540x-6z18g-sys-dncs_540-fh-agg88048201ncs_540-6z18g-sys-ancs_540x-16z4g8q2c-d8712-mod-m8102-28fh-dpu-o8201-32fhncs_540x-12z16g-sys-dncs_57b1-6d24-sysncs_540x-8z16g-sys-dCisco IOS XR Softwareios_xr_software
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2024-20370
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.17% / 6.31%
||
7 Day CHG~0.00%
Published-23 Oct, 2024 | 17:29
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Cisco FXOS CLI feature on specific hardware platforms for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to elevate their administrative privileges to root. The attacker would need valid administrative credentials on the device to exploit this vulnerability. This vulnerability exists because certain system configurations and executable files have insecure storage and permissions. An attacker could exploit this vulnerability by authenticating on the device and then performing a series of steps that includes downloading malicious system files and accessing the Cisco FXOS CLI to configure the attack. A successful exploit could allow the attacker to obtain root access on the device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-Cisco Firepower Threat Defense SoftwareCisco Adaptive Security Appliance (ASA) Softwarefirepower_threat_defense_softwareadaptive_security_appliance_software
CWE ID-CWE-264
Not Available
CVE-2024-20469
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.47% / 37.17%
||
7 Day CHG~0.00%
Published-04 Sep, 2024 | 16:28
Updated-25 Sep, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Identity Services Engine Command Injection Vulnerability

A vulnerability in specific CLI commands in Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have valid Administrator privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-identity_services_engineCisco Identity Services Engine Softwareidentity_services_engine_software
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-20485
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.20% / 9.78%
||
7 Day CHG~0.00%
Published-23 Oct, 2024 | 17:52
Updated-01 Nov, 2024 | 19:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the VPN web server of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level privileges are required to exploit this vulnerability. This vulnerability is due to improper validation of a specific file when it is read from system flash memory. An attacker could exploit this vulnerability by restoring a crafted backup file to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the affected device after the next reload of the device, which could alter system behavior. Because the injected code could persist across device reboots, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_threat_defense_softwareadaptive_security_appliance_softwareCisco Firepower Threat Defense SoftwareCisco Adaptive Security Appliance (ASA) Softwarefirepower_threat_defense_softwareadaptive_security_appliance_software
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-20358
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.70% / 48.83%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 19:38
Updated-04 Mar, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Cisco Adaptive Security Appliance (ASA) restore functionality that is available in Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level privileges. Administrator-level privileges are required to exploit this vulnerability. This vulnerability exists because the contents of a backup file are improperly sanitized at restore time. An attacker could exploit this vulnerability by restoring a crafted backup file to an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system as root.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_threat_defense_softwareadaptive_security_appliance_softwareCisco Secure Firewall Adaptive Security Appliance (ASA) SoftwareCisco Secure Firewall Threat Defense (FTD) Softwareadaptive_security_appliance
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-1375
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.23% / 14.01%
||
7 Day CHG~0.00%
Published-24 Mar, 2021 | 20:15
Updated-08 Nov, 2024 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software Fast Reload Vulnerabilities

Multiple vulnerabilities in the fast reload feature of Cisco IOS XE Software running on Cisco Catalyst 3850, Cisco Catalyst 9300, and Cisco Catalyst 9300L Series Switches could allow an authenticated, local attacker to either execute arbitrary code on the underlying operating system, install and boot a malicious software image, or execute unsigned binaries on an affected device. These vulnerabilities are due to improper checks performed by system boot routines. To exploit these vulnerabilities, the attacker would need privileged access to the CLI of the device. A successful exploit could allow the attacker to either execute arbitrary code on the underlying operating system or execute unsigned code and bypass the image verification check part of the secure boot process. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS XE Software
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2020-3393
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.34% / 26.23%
||
7 Day CHG~0.00%
Published-24 Sep, 2020 | 18:02
Updated-19 Dec, 2024 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software IOx Application Hosting Privilege Escalation Vulnerability

A vulnerability in the application-hosting subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to root on an affected device. The attacker could execute IOS XE commands outside the application-hosting subsystem Docker container as well as on the underlying Linux operating system. These commands could be run as the root user. The vulnerability is due to a combination of two factors: (a) incomplete input validation of the user payload of CLI commands, and (b) improper role-based access control (RBAC) when commands are issued at the command line within the application-hosting subsystem. An attacker could exploit this vulnerability by using a CLI command with crafted user input. A successful exploit could allow the lower-privileged attacker to execute arbitrary CLI commands with root privileges. The attacker would need valid user credentials to exploit this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-catalyst_c9200l-48pxg-4x1100-6g_integrated_services_routercatalyst_c9407rcatalyst_c9300-48pws-c3650-24td4331_integrated_services_routercatalyst_c9500-16x4461_integrated_services_routercatalyst_c9200-24pasr_1000-xws-c3850catalyst_c9200l-48pxg-2ycatalyst_c9200l-48t-4g111x_integrated_services_routercatalyst_9800-lasr_1013catalyst_c9300l-48p-4xcatalyst_c9500-24y4ccatalyst_c9200l-24t-4gws-c3650-24psasr1001-hxcatalyst_9800-clws-c3650-48tqcatalyst_c9200l-48p-4gws-c3650-12x48uzws-c3850-48xs1160_integrated_services_routercatalyst_c9300l-24t-4g1100-lte_integrated_services_routercatalyst_c9200l-24pxg-2yws-c3850-24ucatalyst_9800-801109_integrated_services_routercatalyst_c9200l-24p-4xcatalyst_c9300l-24p-4xcatalyst_c9300l-48p-4gws-c3650-48pd1100-4g_integrated_services_router1111x_integrated_services_routercatalyst_c9300-48uxmcatalyst_9800-401101-4p_integrated_services_router1100-4p_integrated_services_routercatalyst_c9500-40xasr_1006ws-c3850-24xsasr1002-hx-wscatalyst_c9200-24tws-c3650-24pdm1101_integrated_services_router1100-4gltegb_integrated_services_router4451_integrated_services_routerws-c3650-48fqmws-c3850-48tcatalyst_c9200l-48p-4xcatalyst_c9410rcatalyst_c9300-24pasr1001-hx-rfws-c3650-24pdws-c3650-48fsws-c3850-48pws-c3850-24pcatalyst_c9300-48u1100-4gltena_integrated_services_router1100_integrated_services_routerws-c3650-8x24uqcatalyst_9800-l-cws-c3650-48tscatalyst_c9300-48tcatalyst_c9500-12qcatalyst_c9500-24qws-c3650-12x48urcatalyst_c9200-48tcatalyst_c9300-24sasr1002-x-rfws-c3650-12x48uqws-c3650-48tdasr_1001asr1002-hx4221_integrated_services_routercatalyst_c9404rws-c3850-12x48ucatalyst_c9300-24ucatalyst_c9200l-48t-4xws-c3650-48fdasr1002-x-wscatalyst_c9500-32casr_1002-xcatalyst_c9300l-24p-4gws-c3850-12scatalyst_c9500-32qcasr1002-hx-rfws-c3850-48ucatalyst_c9200l-24p-4gcatalyst_c9300-48sws-c3650-48fqws-c3850-48fws-c3850-24xucatalyst_c9300l-48t-4xws-c3650-48ps1109-2p_integrated_services_routerws-c3850-24tasr_1002catalyst_c9300l-24t-4xcatalyst_9800-l-fws-c3650-24tsasr_1004catalyst_c9200-48p1120_integrated_services_routercatalyst_c9300-48uncatalyst_c9200l-24t-4xasr1001-x-rfws-c3650-48pqcatalyst_c9300-24t4431_integrated_services_routercatalyst_c9200l-24pxg-4xasr1001-x-wscsr_1000vios_xecatalyst_c9300l-48t-4g1111x-8p_integrated_services_routercatalyst_c9500-48y4c1100-8p_integrated_services_routerws-c3850-24s1109-4p_integrated_services_routercatalyst_c9300-24uxasr_1001-xws-c3850-12xsCisco IOS XE Software
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-20
Improper Input Validation
CVE-2025-20248
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.10% / 0.88%
||
7 Day CHG~0.00%
Published-10 Sep, 2025 | 16:06
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XR Software Image Verification Bypass Vulnerability

A vulnerability in the installation process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR Software image signature verification and load unsigned software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges on the affected device. This vulnerability is due to incomplete validation of files during the installation of an .iso file. An attacker could exploit this vulnerability by modifying contents of the .iso image and then installing and activating it on the device. A successful exploit could allow the attacker to load an unsigned file as part of the image activation process.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-Cisco IOS XR Software
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2018-15368
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.39% / 30.94%
||
7 Day CHG~0.00%
Published-05 Oct, 2018 | 14:00
Updated-26 Nov, 2024 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software Privileged EXEC Mode Root Shell Access Vulnerability

A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerability is due to the affected software improperly sanitizing command arguments to prevent modifications to the underlying Linux filesystem on a device. An attacker who has privileged EXEC mode (privilege level 15) access to an affected device could exploit this vulnerability on the device by executing CLI commands that contain crafted arguments. A successful exploit could allow the attacker to gain access to the underlying Linux shell of the affected device and execute arbitrary commands with root privileges on the device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS XE Software
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-40124
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.24% / 14.28%
||
7 Day CHG~0.00%
Published-04 Nov, 2021 | 15:36
Updated-07 Nov, 2024 | 21:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco AnyConnect Secure Mobility Client for Windows with Network Access Manager Module Privilege Escalation Vulnerability

A vulnerability in the Network Access Manager (NAM) module of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to escalate privileges on an affected device. This vulnerability is due to incorrect privilege assignment to scripts executed before user logon. An attacker could exploit this vulnerability by configuring a script to be executed before logon. A successful exploit could allow the attacker to execute arbitrary code with SYSTEM privileges.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-anyconnect_secure_mobility_clientCisco AnyConnect Secure Mobility Client
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-269
Improper Privilege Management
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • Next
Details not found