Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-20354

Summary
Assigner-cisco
Assigner Org ID-d1c1063e-7a18-46af-9102-31f8928bc633
Published At-05 Nov, 2025 | 16:31
Updated At-06 Nov, 2025 | 04:55
Rejected At-
Credits

Cisco Unified Contact Center Express Remote Code Execution Vulnerability

A vulnerability in the Java Remote Method Invocation (RMI) process of Cisco Unified CCX could allow an unauthenticated, remote attacker to upload arbitrary files and execute arbitrary commands with root permissions on an affected system. This vulnerability is due to improper authentication mechanisms that are associated to specific Cisco Unified CCX features. An attacker could exploit this vulnerability by uploading a crafted file to an affected system through the Java RMI process. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:cisco
Assigner Org ID:d1c1063e-7a18-46af-9102-31f8928bc633
Published At:05 Nov, 2025 | 16:31
Updated At:06 Nov, 2025 | 04:55
Rejected At:
▼CVE Numbering Authority (CNA)
Cisco Unified Contact Center Express Remote Code Execution Vulnerability

A vulnerability in the Java Remote Method Invocation (RMI) process of Cisco Unified CCX could allow an unauthenticated, remote attacker to upload arbitrary files and execute arbitrary commands with root permissions on an affected system. This vulnerability is due to improper authentication mechanisms that are associated to specific Cisco Unified CCX features. An attacker could exploit this vulnerability by uploading a crafted file to an affected system through the Java RMI process. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root.

Affected Products
Vendor
Cisco Systems, Inc.Cisco
Product
Cisco Unified Contact Center Express
Default Status
unknown
Versions
Affected
  • 10.5(1)SU1
  • 10.6(1)
  • 11.6(1)
  • 10.6(1)SU1
  • 10.6(1)SU3
  • 11.6(2)
  • 12.0(1)
  • 11.0(1)SU1
  • 11.5(1)SU1
  • 10.5(1)
  • 12.5(1)
  • 12.5(1)SU1
  • 12.5(1)SU2
  • 12.5(1)SU3
  • 12.5(1)_SU03_ES01
  • 12.5(1)_SU03_ES02
  • 12.5(1)_SU02_ES03
  • 12.5(1)_SU02_ES04
  • 12.5(1)_SU02_ES02
  • 12.5(1)_SU01_ES02
  • 12.5(1)_SU01_ES03
  • 12.5(1)_SU02_ES01
  • 11.6(2)ES07
  • 11.6(2)ES08
  • 12.5(1)_SU01_ES01
  • 12.0(1)ES04
  • 12.5(1)ES02
  • 12.5(1)ES03
  • 11.6(2)ES06
  • 12.5(1)ES01
  • 12.0(1)ES03
  • 12.0(1)ES01
  • 11.6(2)ES05
  • 12.0(1)ES02
  • 11.6(2)ES04
  • 11.6(2)ES03
  • 11.6(2)ES02
  • 11.6(2)ES01
  • 10.6(1)SU3ES03
  • 11.0(1)SU1ES03
  • 10.6(1)SU3ES01
  • 10.5(1)SU1ES10
  • 11.5(1)SU1ES03
  • 11.6(1)ES02
  • 11.5(1)ES01
  • 10.6(1)SU2
  • 10.6(1)SU2ES04
  • 11.6(1)ES01
  • 10.6(1)SU3ES02
  • 11.5(1)SU1ES02
  • 11.5(1)SU1ES01
  • 11.0(1)SU1ES02
  • 12.5(1)_SU03_ES03
  • 12.5(1)_SU03_ES04
  • 12.5(1)_SU03_ES05
  • UCCX 15.0.1
  • 12.5(1)_SU03_ES06
Problem Types
TypeCWE IDDescription
cweCWE-434Unrestricted Upload of File with Dangerous Type
Type: cwe
CWE ID: CWE-434
Description: Unrestricted Upload of File with Dangerous Type
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits

The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.

Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cc-unauth-rce-QeN8h7mQ
N/A
Hyperlink: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cc-unauth-rce-QeN8h7mQ
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@cisco.com
Published At:05 Nov, 2025 | 17:15
Updated At:07 Nov, 2025 | 15:44

A vulnerability in the Java Remote Method Invocation (RMI) process of Cisco Unified CCX could allow an unauthenticated, remote attacker to upload arbitrary files and execute arbitrary commands with root permissions on an affected system. This vulnerability is due to improper authentication mechanisms that are associated to specific Cisco Unified CCX features. An attacker could exploit this vulnerability by uploading a crafted file to an affected system through the Java RMI process. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Cisco Systems, Inc.
cisco
>>unified_contact_center_express>>Versions before 12.5\(1\)_su03_es07(exclusive)
cpe:2.3:a:cisco:unified_contact_center_express:*:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_contact_center_express>>15.0
cpe:2.3:a:cisco:unified_contact_center_express:15.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-434Primarypsirt@cisco.com
CWE ID: CWE-434
Type: Primary
Source: psirt@cisco.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cc-unauth-rce-QeN8h7mQpsirt@cisco.com
Vendor Advisory
Hyperlink: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cc-unauth-rce-QeN8h7mQ
Source: psirt@cisco.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

1312Records found
CVE-2023-20073
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-91.37% / 99.65%
||
7 Day CHG~0.00%
Published-05 Apr, 2023 | 00:00
Updated-28 Oct, 2024 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Arbitrary File Upload Vulnerability

A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement mechanisms in the context of file uploads. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to upload arbitrary files to the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv340_firmwarerv340wrv345prv345rv345_firmwarerv345p_firmwarerv340rv340w_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-20272
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-7.3||HIGH
EPSS-0.36% / 57.35%
||
7 Day CHG~0.00%
Published-17 Jan, 2024 | 16:54
Updated-02 Jun, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system and execute commands on the underlying operating system. This vulnerability is due to a lack of authentication in a specific API and improper validation of user-supplied data. An attacker could exploit this vulnerability by uploading arbitrary files to an affected system. A successful exploit could allow the attacker to store malicious files on the system, execute arbitrary commands on the operating system, and elevate privileges to root.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-unity_connectionCisco Unity Connection
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2021-1505
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.23% / 78.83%
||
7 Day CHG~0.00%
Published-06 May, 2021 | 12:41
Updated-08 Nov, 2024 | 23:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco SD-WAN vManage Software Vulnerabilities

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-sd-wan_vmanagecatalyst_sd-wan_managerCisco SD-WAN vManage
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-862
Missing Authorization
CVE-2025-20260
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.40% / 60.44%
||
7 Day CHG~0.00%
Published-18 Jun, 2025 | 17:08
Updated-03 Nov, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ClamAV PDF Scanning Buffer Overflow Vulnerability

A vulnerability in the PDF scanning processes of ClamAV could allow an unauthenticated, remote attacker to cause a buffer overflow condition, cause a denial of service (DoS) condition, or execute arbitrary code on an affected device. This vulnerability exists because memory buffers are allocated incorrectly when PDF files are processed. An attacker could exploit this vulnerability by submitting a crafted PDF file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to trigger a buffer overflow, likely resulting in the termination of the ClamAV scanning process and a DoS condition on the affected software. Although unproven, there is also a possibility that an attacker could leverage the buffer overflow to execute arbitrary code with the privileges of the ClamAV process.

Action-Not Available
Vendor-Cisco Systems, Inc.ClamAV
Product-clamavClamAV
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-20286
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-9.9||CRITICAL
EPSS-0.06% / 17.59%
||
7 Day CHG~0.00%
Published-04 Jun, 2025 | 16:18
Updated-15 Oct, 2025 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ISE on AWS Static Credential

A vulnerability in Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI) cloud deployments of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems. This vulnerability exists because credentials are improperly generated when Cisco ISE is being deployed on cloud platforms, resulting in different Cisco ISE deployments sharing the same credentials. These credentials are shared across multiple Cisco ISE deployments as long as the software release and cloud platform are the same. An attacker could exploit this vulnerability by extracting the user credentials from Cisco ISE that is deployed in the cloud and then using them to access Cisco ISE that is deployed in other cloud environments through unsecured ports. A successful exploit could allow the attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems. Note: If the Primary Administration node is deployed in the cloud, then Cisco ISE is affected by this vulnerability. If the Primary Administration node is on-premises, then it is not affected.

Action-Not Available
Vendor-amazonOracle CorporationMicrosoft CorporationCisco Systems, Inc.
Product-identity_services_engineamazon_web_servicesazurecloud_infrastructureCisco Identity Services Engine Software
CWE ID-CWE-259
Use of Hard-coded Password
CVE-2021-1619
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.87% / 74.77%
||
7 Day CHG~0.00%
Published-23 Sep, 2021 | 02:30
Updated-07 Nov, 2024 | 21:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software NETCONF and RESTCONF Authentication Bypass Vulnerability

A vulnerability in the authentication, authorization, and accounting (AAA) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass NETCONF or RESTCONF authentication and do either of the following: Install, manipulate, or delete the configuration of an affected device Cause memory corruption that results in a denial of service (DoS) on an affected device This vulnerability is due to an uninitialized variable. An attacker could exploit this vulnerability by sending a series of NETCONF or RESTCONF requests to an affected device. A successful exploit could allow the attacker to use NETCONF or RESTCONF to install, manipulate, or delete the configuration of a network device or to corrupt memory on the device, resulting a DoS.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xe_sd-wan_16.10.4_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.12.1c_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.9.1_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.10.3_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.10.3_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.12.1a_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.12.1d_when_installed_on_cloud_services_router_1000vios_xe_sd-wan_16.11.1a_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.11.1b_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.10.6_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.12.1b1_when_installed_on_1100_series_industrial_integrated_servicesios_xe_sd-wan_16.10.3a_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.12.2r_when_installed_on_1100_series_industrial_integrated_servicesios_xe_sd-wan_16.12.2r_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.12.5_when_installed_on_cloud_services_router_1000vios_xe_sd-wan_16.9.3_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.12.1_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.10.3b_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.12.1d_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.12.5_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.11.1b_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.12.1e_when_installed_on_1100_series_industrial_integrated_servicesios_xe_sd-wan_16.9.3_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.12.1a_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.12.1a_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.10.6_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.12.3_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.11.1s_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.12.4_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.11.1b_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.10.3_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.12.1_when_installed_on_cloud_services_router_1000vios_xe_sd-wan_16.10.2_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.12.1b_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.10.5_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.11.1_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.9.4_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.9.2_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.10.2_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.12.4_when_installed_on_cloud_services_router_1000vios_xe_sd-wan_16.11.1b_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.10.3a_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.12.1c_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.10.3_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.10.1_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.12.2r_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.12.1b_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.10.5_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.12.3_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.11.1_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.12.1c_when_installed_on_1100_series_industrial_integrated_servicesios_xe_sd-wan_16.12.5_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.10.3b_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.10.5_when_installed_on_cloud_services_router_1000vios_xe_sd-wan_16.12.1_when_installed_on_1100_series_industrial_integrated_servicesios_xe_sd-wan_16.11.1a_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.12.5_when_installed_on_1100_series_industrial_integrated_servicesios_xe_sd-wan_16.10.2_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.12.1d_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.10.4_when_installed_on_cloud_services_router_1000vios_xe_sd-wan_16.10.4_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.12.1e_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.10.1_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.10.1_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.12.2r_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.12.3_when_installed_on_1100_series_industrial_integrated_servicesios_xe_sd-wan_16.10.3b_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.12.1_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.12.1b1_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.12.1e_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.12.1b_when_installed_on_cloud_services_router_1000vios_xe_sd-wan_16.12.1b1_when_installed_on_cloud_services_router_1000vios_xe_sd-wan_16.12.1e_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.9.1_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.9.4_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.9.2_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.12.4a_when_installed_on_cloud_services_router_1000vios_xe_sd-wan_16.12.1d_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.10.6_when_installed_on_integrated_services_virtualios_xe_sd-wanios_xe_sd-wan_16.9.2_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.12.1d_when_installed_on_1100_series_industrial_integrated_servicesios_xe_sd-wan_16.12.1d_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.9.2_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.12.1_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.12.1b_when_installed_on_1100_series_industrial_integrated_servicesios_xe_sd-wan_16.9.1_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.12.1c_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.10.1_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.12.5_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.12.2r_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.12.1e_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.10.3a_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.9.1_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.12.1a_when_installed_on_cloud_services_router_1000vios_xe_sd-wan_16.10.4_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.11.1a_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.11.1s_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.12.3_when_installed_on_cloud_services_router_1000vios_xe_sd-wan_16.12.1b_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.12.1c_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.12.4a_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.10.3b_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.12.4_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.11.1_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.11.1_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.11.1f_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.11.1s_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.11.1a_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.12.1e_when_installed_on_cloud_services_router_1000vios_xe_sd-wan_16.12.4_when_installed_on_1100_series_industrial_integrated_servicesios_xe_sd-wan_16.12.3_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.10.5_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.11.1d_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.10.6_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.9.4_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.10.4_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.11.1s_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.12.1a_when_installed_on_1100_series_industrial_integrated_servicesios_xe_sd-wan_16.12.1_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.10.3a_when_installed_on_cloud_services_router_1000vios_xe_sd-wan_16.12.1b1_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.10.3a_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.10.5_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.11.1a_when_installed_on_cloud_services_router_1000vios_xe_sd-wan_16.12.1b_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.12.1b1_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.12.1b1_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.12.1c_when_installed_on_cloud_services_router_1000vios_xe_sd-wan_16.12.3_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.11.1d_when_installed_on_cloud_services_router_1000vios_xe_sd-wan_16.12.4a_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.9.3_when_installed_on_1000_series_integrated_servicesios_xeios_xe_sd-wan_16.10.2_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.12.4_when_installed_on_1000_series_integrated_servicesios_xe_sd-wan_16.12.5_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.12.2r_when_installed_on_cloud_services_router_1000vios_xe_sd-wan_16.12.1a_when_installed_on_asr_1000_series_aggregation_servicesios_xe_sd-wan_16.11.1s_when_installed_on_cloud_services_router_1000vios_xe_sd-wan_16.11.1b_when_installed_on_cloud_services_router_1000vios_xe_sd-wan_16.10.3b_when_installed_on_cloud_services_router_1000vios_xe_sd-wan_16.9.4_when_installed_on_4000_series_integrated_servicesios_xe_sd-wan_16.10.6_when_installed_on_cloud_services_router_1000vios_xe_sd-wan_16.9.3_when_installed_on_integrated_services_virtualios_xe_sd-wan_16.12.4_when_installed_on_4000_series_integrated_servicesCisco IOS XE Software
CWE ID-CWE-824
Access of Uninitialized Pointer
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2018-0171
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-93.12% / 99.78%
||
7 Day CHG~0.00%
Published-28 Mar, 2018 | 22:00
Updated-14 Jan, 2026 | 18:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.

A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition, or to execute arbitrary code on an affected device. The vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted Smart Install message to an affected device on TCP port 4786. A successful exploit could allow the attacker to cause a buffer overflow on the affected device, which could have the following impacts: Triggering a reload of the device, Allowing the attacker to execute arbitrary code on the device, Causing an indefinite loop on the affected device that triggers a watchdog crash. Cisco Bug IDs: CSCvg76186.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-iosCisco IOS and IOS XEIOS and IOS XE
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-0127
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-91.54% / 99.66%
||
7 Day CHG~0.00%
Published-08 Feb, 2018 | 07:00
Updated-02 Dec, 2024 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to view configuration parameters for an affected device, which could lead to the disclosure of confidential information. The vulnerability is due to the absence of user authentication requirements for certain pages that are part of the web interface and contain confidential information for an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device and examining the HTTP response to the request. A successful exploit could allow the attacker to view configuration parameters, including the administrator password, for the affected device. Cisco Bug IDs: CSCvg92739, CSCvh60172.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-rv132wrv134wrv132w_firmwarerv134w_firmwareCisco RV132W and RV134W Wireless VPN Routers
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2018-0150
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-2.91% / 86.06%
||
7 Day CHG~0.00%
Published-28 Mar, 2018 | 22:00
Updated-02 Dec, 2024 | 20:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in Cisco IOS XE Software could allow an unauthenticated, remote attacker to log in to a device running an affected release of Cisco IOS XE Software with the default username and password that are used at initial boot, aka a Static Credential Vulnerability. The vulnerability is due to an undocumented user account with privilege level 15 that has a default username and password. An attacker could exploit this vulnerability by using this account to remotely connect to an affected device. A successful exploit could allow the attacker to log in to the device with privilege level 15 access. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software Release 16.x. This vulnerability does not affect Cisco IOS XE Software releases prior to Release 16.x. Cisco Bug IDs: CSCve89880.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-ios_xe4431_integrated_services_router4451_integrated_services_routerCisco IOS XE
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2018-0315
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-14.93% / 94.38%
||
7 Day CHG~0.00%
Published-07 Jun, 2018 | 12:00
Updated-29 Nov, 2024 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the authentication, authorization, and accounting (AAA) security services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device or cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to incorrect memory operations that the affected software performs when the software parses a username during login authentication. An attacker could exploit this vulnerability by attempting to authenticate to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the affected device or cause the affected device to reload, resulting in a DoS condition. This vulnerability affects Cisco devices that are running Cisco IOS XE Software Release Fuji 16.7.1 or Fuji 16.8.1 and are configured to use AAA for login authentication. Cisco Bug IDs: CSCvi25380.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-ios_xeCisco IOS XE unknown
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-0125
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-39.59% / 97.20%
||
7 Day CHG~0.00%
Published-08 Feb, 2018 | 07:00
Updated-14 Jan, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-15||Apply updates per vendor instructions.

A vulnerability in the web interface of the Cisco RV132W ADSL2+ Wireless-N VPN and RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to an incomplete input validation on user-controlled input in an HTTP request to the targeted device. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to execute arbitrary code as the root user and gain full control of the affected system or cause it to reload, resulting in a DoS condition. This vulnerability is fixed in firmware version 1.0.1.11 for the following Cisco products: RV132W ADSL2+ Wireless-N VPN Router and RV134W VDSL2 Wireless-AC VPN Router. Cisco Bug IDs: CSCvg92737, CSCvh60170.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-rv134wrv132wrv132w_firmwarerv134w_firmwareCisco RV132W and RV134WVPN Routers
CWE ID-CWE-20
Improper Input Validation
CVE-2018-0147
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-4.02% / 88.22%
||
7 Day CHG+1.02%
Published-08 Mar, 2018 | 07:00
Updated-14 Jan, 2026 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-15||Apply updates per vendor instructions.

A vulnerability in Java deserialization used by Cisco Secure Access Control System (ACS) prior to release 5.8 patch 9 could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a crafted serialized Java object. An exploit could allow the attacker to execute arbitrary commands on the device with root privileges. Cisco Bug IDs: CSCvh25988.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-secure_access_control_systemCisco Secure Access Control SystemSecure Access Control System (ACS)
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2018-0349
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.18% / 78.41%
||
7 Day CHG~0.00%
Published-18 Jul, 2018 | 23:00
Updated-29 Nov, 2024 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the request admin-tech command in the CLI of the affected software. An attacker could exploit this vulnerability by modifying the request admin-tech command in the CLI of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the underlying operating system of an affected device and escalate their privileges to the root user. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69852, CSCvi69856.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-vbond_orchestratorvedge_100mvedge-plusvedge-5000vsmart_controllervedge_100b_firmwarevedge_100wm_firmwarevedge-2000vmanage_network_managementvedge-100vedge_100bvedge-100_firmwarevedge-2000_firmwarevedge-provedge_100m_firmwarevedge-1000_firmwarevedge-5000_firmwarevedge-1000vedge_100wmCisco SD-WAN Solution unknown
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-0448
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.11% / 29.51%
||
7 Day CHG~0.00%
Published-05 Oct, 2018 | 14:00
Updated-26 Nov, 2024 | 14:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Digital Network Architecture Center Authentication Bypass Vulnerability

A vulnerability in the identity management service of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and take complete control of identity management functions. The vulnerability is due to insufficient security restrictions for critical management functions. An attacker could exploit this vulnerability by sending a valid identity management request to the affected system. An exploit could allow the attacker to view and make unauthorized modifications to existing system users as well as create new users.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-digital_network_architecture_centerCisco Digital Network Architecture Center (DNA Center)
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2020-27125
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.4||HIGH
EPSS-1.11% / 77.73%
||
7 Day CHG~0.00%
Published-17 Nov, 2020 | 03:10
Updated-13 Nov, 2024 | 17:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Security Manager Static Credential Vulnerability

A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to insufficient protection of static credentials in the affected software. An attacker could exploit this vulnerability by viewing source code. A successful exploit could allow the attacker to view static credentials, which the attacker could use to carry out further attacks.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-security_managerCisco Security Manager
CWE ID-CWE-20
Improper Input Validation
CVE-2020-27131
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.1||HIGH
EPSS-88.49% / 99.48%
||
7 Day CHG~0.00%
Published-17 Nov, 2020 | 03:10
Updated-13 Nov, 2024 | 17:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Security Manager Java Deserialization Vulnerabilities

Multiple vulnerabilities in the Java deserialization function that is used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. These vulnerabilities are due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit these vulnerabilities by sending a malicious serialized Java object to a specific listener on an affected system. A successful exploit could allow the attacker to execute arbitrary commands on the device with the privileges of NT AUTHORITY\SYSTEM on the Windows target host. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-security_managerCisco Security Manager
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2017-9521
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.32% / 84.48%
||
7 Day CHG~0.00%
Published-31 Jul, 2017 | 03:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST); Cisco DPC3941T (firmware version DPC3941_2.5s3_PROD_sey); and Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices allows remote attackers to execute arbitrary code via a specific (but unstated) exposed service. NOTE: the scope of this CVE does NOT include the concept of "Unnecessary Services" in general; the scope is only a single service that is unnecessarily exposed, leading to remote code execution. The details of that service might be disclosed at a later date.

Action-Not Available
Vendor-commscopen/aCisco Systems, Inc.
Product-dpc3939b_firmwaredpc3941t_firmwarearris_tg1682g_firmwaredpc3941tdpc3939dpc3939bdpc3939_firmwarearris_tg1682gn/a
CVE-2017-3834
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-6.23% / 90.67%
||
7 Day CHG~0.00%
Published-06 Apr, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points running Cisco Mobility Express Software could allow an unauthenticated, remote attacker to take complete control of an affected device. The vulnerability is due to the existence of default credentials for an affected device that is running Cisco Mobility Express Software, regardless of whether the device is configured as a master, subordinate, or standalone access point. An attacker who has layer 3 connectivity to an affected device could use Secure Shell (SSH) to log in to the device with elevated privileges. A successful exploit could allow the attacker to take complete control of the device. This vulnerability affects Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points that are running an 8.2.x release of Cisco Mobility Express Software prior to Release 8.2.111.0, regardless of whether the device is configured as a master, subordinate, or standalone access point. Release 8.2 was the first release of Cisco Mobility Express Software for next generation Cisco Aironet Access Points. Cisco Bug IDs: CSCva50691.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-aironet_access_point_firmwareaironet_1850e_access_pointaironet_1830i_access_pointaironet_1850i_access_pointCisco Aironet 1830 Series and 1850 Series Access Points
CWE ID-CWE-1188
Initialization of a Resource with an Insecure Default
CWE ID-CWE-255
Not Available
CVE-2021-40119
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-7.64% / 91.69%
||
7 Day CHG~0.00%
Published-04 Nov, 2021 | 15:35
Updated-07 Nov, 2024 | 21:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Policy Suite Static SSH Keys Vulnerability

A vulnerability in the key-based SSH authentication mechanism of Cisco Policy Suite could allow an unauthenticated, remote attacker to log in to an affected system as the root user. This vulnerability is due to the re-use of static SSH keys across installations. An attacker could exploit this vulnerability by extracting a key from a system under their control. A successful exploit could allow the attacker to log in to an affected system as the root user.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-policy_suiteCisco Policy Suite (CPS) Software
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-40113
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-10||CRITICAL
EPSS-13.67% / 94.08%
||
7 Day CHG~0.00%
Published-04 Nov, 2021 | 15:35
Updated-07 Nov, 2024 | 21:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Catalyst PON Series Switches Optical Network Terminal Vulnerabilities

Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions: Log in with a default credential if the Telnet protocol is enabled Perform command injection Modify the configuration For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-catalyst_pon_switch_cgp-ont-4pv_firmwarecatalyst_pon_switch_cgp-ont-1p_firmwarecatalyst_pon_switch_cgp-ont-4pvcatalyst_pon_switch_cgp-ont-1pcatalyst_pon_switch_cgp-ont-4pvccatalyst_pon_switch_cgp-ont-4pcatalyst_pon_switch_cgp-ont-4pvc_firmwarecatalyst_pon_switch_cgp-ont-4tvcw_firmwarecatalyst_pon_switch_cgp-ont-4tvcwcatalyst_pon_switch_cgp-ont-4p_firmwareCisco Catalyst PON Series
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2017-3881
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-94.28% / 99.93%
||
7 Day CHG~0.00%
Published-17 Mar, 2017 | 22:00
Updated-12 Jan, 2026 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-15||Apply updates per vendor instructions.

A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges. The Cluster Management Protocol utilizes Telnet internally as a signaling and command protocol between cluster members. The vulnerability is due to the combination of two factors: (1) the failure to restrict the use of CMP-specific Telnet options only to internal, local communications between cluster members and instead accept and process such options over any Telnet connection to an affected device; and (2) the incorrect processing of malformed CMP-specific Telnet options. An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device. This affects Catalyst switches, Embedded Service 2020 switches, Enhanced Layer 2 EtherSwitch Service Module, Enhanced Layer 2/3 EtherSwitch Service Module, Gigabit Ethernet Switch Module (CGESM) for HP, IE Industrial Ethernet switches, ME 4924-10GE switch, RF Gateway 10, and SM-X Layer 2/3 EtherSwitch Service Module. Cisco Bug IDs: CSCvd48893.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-catalyst_3560cx-8tc-scatalyst_4948e_ethernet_switchcatalyst_2960xr-48lpd-icatalyst_2960x-24ts-lcatalyst_2975ie_2000-4ts_industrial_ethernet_switchcatalyst_2960l-8ts-llcatalyst_4900mcatalyst_3750_metro_24-acembedded_service_2020_24tc_ncp_bcatalyst_2960g-24tc-lie-3010-16s-8pc_industrial_ethernet_switchie-4000-8gt8gp4g-e_industrial_ethernet_switchcatalyst_2960cx-8tc-lcatalyst_2960cpd-8pt-lcatalyst_2960s-48ts-scatalyst_2960-48pst-scatalyst_2960-plus_48tc-lcatalyst_2960xr-48lps-icatalyst_3750-24pscatalyst_3560-24tscatalyst_3750x-48t-lcatalyst_2960x-48lpd-lme_4924-10gecatalyst_2960x-24ts-llenhanced_layer_2\/3_etherswitch_service_moduleie-4000-8s4g-e_industrial_ethernet_switchcatalyst_3560e-48pd-efcatalyst_3550_48_smicatalyst_3750g-24pscatalyst_2960xr-48fps-lcatalyst_2960-48tt-scatalyst_2960xr-48ts-icatalyst_3560v2-48pscatalyst_2960l-48ps-llcatalyst_2960s-24ps-lcatalyst_2960xr-24td-lcatalyst_3560e-12d-ecatalyst_2960xr-48td-lcatalyst_2918-24tc-ccatalyst_switch_module_3110catalyst_2960-48tt-lcatalyst_2350-48td-scatalyst_2960xr-24pd-lcatalyst_3750-48pscatalyst_2960s-f48lps-lcatalyst_2960l-16ts-llcatalyst_2960-24pc-scatalyst_2970g-24tscatalyst_3560x-48t-lcatalyst_2960c-8tc-lcatalyst_3560-8pccatalyst_2960xr-24ts-lcatalyst_3560e-24td-scatalyst_3750g-24tsembedded_service_2020_24tc_con_bembedded_service_2020_24tc_concatalyst_2960cpd-8tt-lcatalyst_2970g-24tcatalyst_3560x-48t-sie-4000-16gt4g-e_industrial_ethernet_switchgigabit_ethernet_switch_module_\(cgesm\)catalyst_3560e-48pd-scatalyst_2960-24lt-lcatalyst_3550_24_pwrcatalyst_3560e-24pd-ecatalyst_3750x-24u-eie_3000-4tc_industrial_ethernet_switchcatalyst_3560-48tscatalyst_3750x-48pf-eie-4000-4s8p4g-e_industrial_ethernet_switchcatalyst_3750x-48u-lcatalyst_3750e-48pd-sfcatalyst_2960x-24pd-lie-4000-4tc4g-e_industrial_ethernet_switchcatalyst_2960-plus_48pst-scatalyst_blade_switch_3020catalyst_3750v2-48pscatalyst_2960xr-48fps-icatalyst_4000_supervisor_engine_iie_2000-16tc-g-x_industrial_ethernet_switchcatalyst_3750e-48td-sie_2000-16t67p_industrial_ethernet_switchcatalyst_3560c-8pc-scatalyst_2960xr-24ts-icatalyst_3560-24pscatalyst_3750x-48t-ecatalyst_2960s-48lps-lcatalyst_2918-48tt-ccatalyst_3560-12pc-scatalyst_2960l-24ps-llcatalyst_3750x-48p-lcatalyst_2960xr-24ps-lcatalyst_2960xr-48fpd-icatalyst_blade_switch_3040catalyst_2960-24-scatalyst_2960s-24ts-lie_2000-8t67p_industrial_ethernet_switchcatalyst_4948_10_gigabit_ethernet_switchcatalyst_2960x-48fps-lcatalyst_2960x-24psq-lcatalyst_4500e_supervisor_engine_8-ecatalyst_2960x-24ps-lcatalyst_3560g-24tscatalyst_2960s-48td-lcatalyst_2960xr-24pd-icatalyst_3560x-24p-scatalyst_2960g-8tc-lcatalyst_3560x-48p-ecatalyst_3750g-16tdcatalyst_4500_supervisor_engine_6-ecatalyst_3560x-48u-scatalyst_3560v2-24pscatalyst_3550_12tie_2000-8tc_industrial_ethernet_switchcatalyst_2960c-8pc-lembedded_service_2020_ncp_bcatalyst_3560x-24u-ecatalyst_3750-24tsie-3010-24tc_industrial_ethernet_switchcatalyst_3750x-24s-scatalyst_2960x-48ts-lcatalyst_3750x-24t-scatalyst_3750x-48pf-lcatalyst_3750e-24pd-ecatalyst_2960s-f48fps-lcatalyst_3750e-24pd-sie-4000-4t4p4g-e_industrial_ethernet_switchcatalyst_2960cg-8tc-lcatalyst_switch_module_3110xie-4000-8gs4g-e_industrial_ethernet_switchcatalyst_2960s-24ts-scatalyst_2960l-24ts-llie_2000-16t67_industrial_ethernet_switchcatalyst_3560e-12sd-scatalyst_3560cx-12pc-scatalyst_2960s-48ts-lcatalyst_2960x-48lps-lcatalyst_2960s-48fps-lie-5000-16s12p_industrial_ethernet_switchcatalyst_2960c-12pc-lcatalyst_3560x-24t-scatalyst_3560cg-8pc-scatalyst_4500_supervisor_engine_vcatalyst_3750e-48pd-efcatalyst_3750v2-24pscatalyst_3750e-24td-scatalyst_3550_24_smicatalyst_4948e-f_ethernet_switchie_2000-16tc-g-e_industrial_ethernet_switchcatalyst_2960s-24td-lcatalyst_3560x-24u-lcatalyst_2960s-f48ts-scatalyst_4500_supervisor_engine_ivcatalyst_2960s-f24ts-lios_xecatalyst_3560x-48pf-scatalyst_3560e-24pd-scatalyst_2960-8tc-sie_2000-8tc-g_industrial_ethernet_switchcatalyst_2960-plus_24tc-scatalyst_3560x-48u-ecatalyst_3560x-48p-scatalyst_blade_switch_3120xcatalyst_3560e-48td-scatalyst_3750_metro_24-dccatalyst_2960-plus_24lc-lcatalyst_2960-plus_24pc-scatalyst_3560x-48t-ecatalyst_4928_10_gigabit_ethernet_switchcatalyst_3750e-48pd-ecatalyst_2960-24tc-lcatalyst_2960l-16ps-llcatalyst_2960pd-8tt-lcatalyst_3560cg-8tc-ssm-x_layer_2\/3_etherswitch_service_moduleie_2000-8tc-g-n_industrial_ethernet_switchcatalyst_2960-24pc-lcatalyst_2960-plus_48pst-lcatalyst_2960xr-24td-icatalyst_3750-24fscatalyst_3750g-24tcatalyst_4000_supervisor_engine_vcatalyst_3560x-48u-lie-5000-12s12p-10g_industrial_ethernet_switchcatalyst_3750x-24t-lie_2000-16tc-g-n_industrial_ethernet_switchcatalyst_3560x-24p-lcatalyst_4948catalyst_3750g-24ts-1uie-4000-8t4g-e_industrial_ethernet_switchcatalyst_3560x-24t-lcatalyst_3750x-24p-scatalyst_3560x-24u-scatalyst_3750x-24u-scatalyst_3560c-12pc-scatalyst_2960-24tc-scatalyst_2960s-f24ps-lcatalyst_3750e-48pd-scatalyst_2350-48td-sdcatalyst_3750g-48tscatalyst_2960s-48fpd-lie-4000-4gc4gp4g-e_industrial_ethernet_switchcatalyst_3750v2-24fscatalyst_3750g-12s-sdcatalyst_4500_supervisor_ii-plus-10gecatalyst_3560e-12d-scatalyst_3560g-24pscatalyst_2960xr-48lpd-lcatalyst_3750x-24t-ecatalyst_2960-48tc-scatalyst_2960cx-8pc-lcatalyst_3750e-48td-ecatalyst_3750x-12s-ecatalyst_3560cx-8pt-scatalyst_3750v2-48tscatalyst_2960x-48td-lcatalyst_2960-8tc-lcatalyst_2960-plus_24lc-srf_gateway_10catalyst_3560e-12sd-eie_2000-4t_industrial_ethernet_switchcatalyst_3560cx-8pc-scatalyst_c2928-24lt-cioscatalyst_3560v2-24tscatalyst_4500_supervisor_engine_6l-eie-4000-8gt4g-e_industrial_ethernet_switchcatalyst_2928-24tc-ccatalyst_blade_switch_3120catalyst_2960xr-24ps-iie_2000-4t-g_industrial_ethernet_switchcatalyst_2960-24tt-lembedded_service_2020_con_bcatalyst_2960s-24pd-lcatalyst_3560v2-24dccatalyst_2960-24lc-scatalyst_3560v2-48tscatalyst_3750x-12s-scatalyst_3750x-48u-ecatalyst_3560e-48pd-sfcatalyst_2960x-24td-lcatalyst_4500_supervisor_engine_ii-plus-tscatalyst_2960-48tc-lcatalyst_2360-48td-scatalyst_3560g-48tscatalyst_3560e-48td-ecatalyst_3750x-24s-ecatalyst_2960s-f24ts-scatalyst_2960xr-48fpd-lcatalyst_blade_switch_3130catalyst_2960xr-48td-icatalyst_3560e-48pd-ecatalyst_2960xr-48ts-lcatalyst_blade_switch_3030catalyst_3750x-48t-scatalyst_2960x-48ts-llcatalyst_3560cx-12tc-sie_2000-16ptc-g_industrial_ethernet_switchembedded_service_2020_ncpembedded_service_2020_conie-4000-16t4g-e_industrial_ethernet_switchcatalyst_3550_24_fx_smicatalyst_3560cpd-8pt-scatalyst_3560e-24td-ecatalyst_2960s-48lpd-lcatalyst_3560g-48pscatalyst_2960l-8ps-llcatalyst_3550_24_dc_smiie_2000-16tc_industrial_ethernet_switchcatalyst_3750e-24td-ecatalyst_3750v2-24tsie_2000-8tc-g-e_industrial_ethernet_switchcatalyst_blade_switch_3032catalyst_2960s-f48ts-lcatalyst_2960-plus_24pc-lie-4010-4s24p_industrial_ethernet_switchcatalyst_2960g-48tc-lcatalyst_2960-48pst-lcatalyst_c2928-48tc-cie_2000-4s-ts-g_industrial_ethernet_switchcatalyst_switch_module_3012catalyst_3550_12gie_2000-24t67_industrial_ethernet_switchcatalyst_3560-48pscatalyst_4000_supervisor_engine_ivenhanced_layer_2_etherswitch_service_modulecatalyst_3550_24_emicatalyst_3750x-48pf-scatalyst_3750x-24p-ecatalyst_3750g-48psie_3000-8tc_industrial_ethernet_switchie_2000-8t67_industrial_ethernet_switchcatalyst_2960-plus_48tc-scatalyst_2960c-8tc-scatalyst_3750-48tscatalyst_3560x-48p-lcatalyst_2960x-48fpd-lcatalyst_2918-48tc-ccatalyst_3560cx-8xpd-scatalyst_4500_supervisor_engine_ii-plusembedded_service_2020_24tc_ncpcatalyst_2960l-48ts-llcatalyst_3560x-48pf-lie_2000-4ts-g_industrial_ethernet_switchie_2000-16tc-g_industrial_ethernet_switchcatalyst_3560x-24p-ecatalyst_3750g-12scatalyst_2960-plus_24tc-lcatalyst_3750x-24p-lcatalyst_2960xr-48lps-lcatalyst_3750x-48p-scatalyst_4500_supervisor_engine_v-10gecatalyst_3550_48_emicatalyst_3750x-48p-ecatalyst_3560x-24t-ecatalyst_3750x-24u-lie-4010-16s12p_industrial_ethernet_switchcatalyst_3560x-48pf-ecatalyst_2918-24tt-ccatalyst_3560cx-12pd-scatalyst_3750x-48u-sie-4000-4gs8gp4g-e_industrial_ethernet_switchCisco IOS and IOS XE SoftwareIOS and IOS XE
CWE ID-CWE-20
Improper Input Validation
CVE-2026-20045
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.2||HIGH
EPSS-1.10% / 77.67%
||
7 Day CHG~0.00%
Published-21 Jan, 2026 | 16:26
Updated-13 Feb, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2026-02-11||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Cisco Unified Communications Products Remote Code Execution Vulnerability

A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device.  This vulnerability is due to improper validation of user-supplied input in HTTP requests. An attacker could exploit this vulnerability by sending a sequence of crafted HTTP requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root.  Note: Cisco has assigned this security advisory a Security Impact Rating (SIR) of Critical rather than High as the score indicates. The reason is that exploitation of this vulnerability could result in an attacker elevating privileges to root.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-unity_connectionunified_communications_manager_im_and_presence_serviceunified_communications_managerCisco Unity ConnectionCisco Unified Communications ManagerCisco Unified Communications Manager IM and Presence ServiceUnified Communications Manager
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2021-34770
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-10||CRITICAL
EPSS-1.03% / 76.91%
||
7 Day CHG~0.00%
Published-23 Sep, 2021 | 02:27
Updated-30 Oct, 2025 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software for Catalyst 9000 Family Wireless Controllers CAPWAP Remote Code Execution Vulnerability

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to execute arbitrary code with administrative privileges or cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a logic error that occurs during the validation of CAPWAP packets. An attacker could exploit this vulnerability by sending a crafted CAPWAP packet to an affected device. A successful exploit could allow the attacker to execute arbitrary code with administrative privileges or cause the affected device to crash and reload, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-catalyst_9800-l-cios_xecatalyst_9800-lcatalyst_9800_embedded_wireless_controllercatalyst_9800-80catalyst_9800-80_wireless_controllercatalyst_9800-l-fcatalyst_9800-40catalyst_9800catalyst_9800-clcatalyst_9800-40_wireless_controllerCisco IOS XE Software
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-34727
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.00% / 76.57%
||
7 Day CHG~0.00%
Published-23 Sep, 2021 | 02:26
Updated-07 Nov, 2024 | 21:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE SD-WAN Software Buffer Overflow Vulnerability

A vulnerability in the vDaemon process in Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. This vulnerability is due to insufficient bounds checking when an affected device processes traffic. An attacker could exploit this vulnerability by sending crafted traffic to the device. A successful exploit could allow the attacker to cause a buffer overflow and possibly execute arbitrary commands with root-level privileges, or cause the device to reload, which could result in a denial of service condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-4451-x_integrated_services_routerasr_1001-x_r1160_integrated_services_routerasr_1002-hxasr_1000_series_route_processor_\(rp2\)asr_1000_series_route_processor_\(rp3\)1100_integrated_services_router1109-2p_integrated_services_routerasr_1001-hx_r4331_integrated_services_router4461_integrated_services_routerasr_1002-hx_rasr_1002-x_rasr_1000-xasr_1009-xasr_1000-esp100asr_1002ios_xe_sd-wan4000_integrated_services_router1000_integrated_services_router1109_integrated_services_routerasr_1004111x_integrated_services_router1120_integrated_services_routerasr_1006-x1111x_integrated_services_routerasr_10134321_integrated_services_routerasr_10231101-4p_integrated_services_router4431_integrated_services_routerasr_10011100-4p_integrated_services_routerasr_1000csr_1000v1100-4g\/6g_integrated_services_router4221_integrated_services_router1111x-8p_integrated_services_routerasr_1000_seriesasr_10061100-8p_integrated_services_router1109-4p_integrated_services_routerasr_1001-x1101_integrated_services_routerasr_1001-hx4451_integrated_services_routerasr_1002-x4351_integrated_services_router422_integrated_services_routerCisco IOS XE SD-WAN Software
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-34730
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-37.27% / 97.07%
||
7 Day CHG~0.00%
Published-18 Aug, 2021 | 19:40
Updated-07 Nov, 2024 | 22:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerability

A vulnerability in the Universal Plug-and-Play (UPnP) service of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of incoming UPnP traffic. An attacker could exploit this vulnerability by sending a crafted UPnP request to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a DoS condition. Cisco has not released software updates that address this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-application_extension_platformrv130_vpn_routerrv130_vpn_router_firmwarerv215w_wireless-n_vpn_routerrv215w_wireless-n_vpn_router_firmwarerv130w_wireless-n_multifunction_vpn_routerrv130w_wireless-n_multifunction_vpn_router_firmwarerv110w_wireless-n_vpn_firewallrv110w_wireless-n_vpn_firewall_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-34746
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-3.62% / 87.53%
||
7 Day CHG~0.00%
Published-02 Sep, 2021 | 03:05
Updated-07 Nov, 2024 | 22:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Enterprise NFV Infrastructure Software Authentication Bypass Vulnerability

A vulnerability in the TACACS+ authentication, authorization and accounting (AAA) feature of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to bypass authentication and log in to an affected device as an administrator. This vulnerability is due to incomplete validation of user-supplied input that is passed to an authentication script. An attacker could exploit this vulnerability by injecting parameters into an authentication request. A successful exploit could allow the attacker to bypass authentication and log in as an administrator to the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-enterprise_nfv_infrastructure_softwareCisco Enterprise NFV Infrastructure Software
CWE ID-CWE-289
Authentication Bypass by Alternate Name
CWE ID-CWE-287
Improper Authentication
CVE-2021-34795
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-10||CRITICAL
EPSS-1.00% / 76.51%
||
7 Day CHG~0.00%
Published-04 Nov, 2021 | 15:35
Updated-07 Nov, 2024 | 21:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Catalyst PON Series Switches Optical Network Terminal Vulnerabilities

Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions: Log in with a default credential if the Telnet protocol is enabled Perform command injection Modify the configuration For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-catalyst_pon_switch_cgp-ont-4pv_firmwarecatalyst_pon_switch_cgp-ont-1p_firmwarecatalyst_pon_switch_cgp-ont-4pvcatalyst_pon_switch_cgp-ont-1pcatalyst_pon_switch_cgp-ont-4pvccatalyst_pon_switch_cgp-ont-4pcatalyst_pon_switch_cgp-ont-4pvc_firmwarecatalyst_pon_switch_cgp-ont-4tvcw_firmwarecatalyst_pon_switch_cgp-ont-4tvcwcatalyst_pon_switch_cgp-ont-4p_firmwareCisco Catalyst PON Series
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-1188
Initialization of a Resource with an Insecure Default
CVE-2017-12240
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-7.92% / 91.84%
||
7 Day CHG~0.00%
Published-28 Sep, 2017 | 07:00
Updated-12 Jan, 2026 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-03-24||Apply updates per vendor instructions.

The DHCP relay subsystem of Cisco IOS 12.2 through 15.6 and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to a buffer overflow condition in the DHCP relay subsystem of the affected software. An attacker could exploit this vulnerability by sending a crafted DHCP Version 4 (DHCPv4) packet to an affected system. A successful exploit could allow the attacker to execute arbitrary code and gain full control of the affected system or cause the affected system to reload, resulting in a DoS condition. Cisco Bug IDs: CSCsm45390, CSCuw77959.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-asr_901s-4sg-f-dasr_1000-esp100catalyst_3650-48ts-ecatalyst_3850-48xs-f-sasr_920-24tz-m1101-4p_integrated_services_routercatalyst_3650-48tq-ecatalyst_3850-24t-scatalyst_3850-16xs-sasr_901-6cz-ft-acatalyst_3650-24ts-ecatalyst_3650-24pdmasr_9904catalyst_3650-24td-l1841_integrated_service_routercatalyst_3650-48fs-lcatalyst_3650-12x48fd-scatalyst_3850-48p-lcatalyst_3850-24t-easr_920-4sz-a_r8800_12-slotcatalyst_3650-48pd-scatalyst_3650-48ts-lasr_920-12cz-aasr_10011111x_integrated_services_routerasr_901-6cz-fs-a8101-32fhcatalyst_3850-24xs-sasr_920-24sz-im1100-4gltena_integrated_services_router1120_integrated_services_routercatalyst_3850-24xucatalyst_3850-24p-ecatalyst_3850-24xs-e1100-4gltegb_integrated_services_router1109-4p_integrated_services_routercatalyst_3650-8x24pd-lasr_9901catalyst_3650-48ts-s8202catalyst_3650-12x48uq-ecatalyst_3650-48fs-sasr_920-24sz-masr_1000-esp200-xasr_920-12cz-d1803_integrated_service_routerasr_920-24sz-im_routercatalyst_3850-48f-ecatalyst_3650-12x48uq-lasr_920-10sz-pd_router1811_integrated_service_routercatalyst_3650-48td-s4000_integrated_services_routercatalyst_3850-nm-8-10gasr_901-4c-ft-d8800_4-slotcatalyst_3850-12x48u1100_integrated_services_routercatalyst_3850-48f-s1101_integrated_services_routerasr_920-4sz-a1802_integrated_service_routercatalyst_3850-48xs-ecatalyst_3650-24pd-lasr_901s-3sg-f-ahcatalyst_3650-48fd-lasr_1002-x_rcatalyst_3650-24ts-lcatalyst_3650-24pd-e1111x-8p_integrated_services_routerasr_902u1801_integrated_service_routerasr_1001-x_r1000_integrated_services_routercatalyst_3650-48fq-ecatalyst_3650-24ts-sasr_9903catalyst_3650-48tq-lcatalyst_3650-12x48ur-lasr_901s-2sg-f-dcatalyst_3650-12x48fd-ecatalyst_3850-24xu-e8101-32hcatalyst_3850-48u-lasr_920-4sz-d_routerasr_920-12sz-imasr_9001asr_1001-xasr_1013asr_9010asr_920-10sz-pdcatalyst_3650-8x24uq-sasr_920-24sz-m_rasr_920-12sz-im_rasr_1023asr_901-4c-f-dcatalyst_3850-48u-ecatalyst_3850-24u-easr_903catalyst_3650-8x24pd-s8208asr_901-6cz-f-acatalyst_3850-24ucatalyst_3850-24s-scatalyst_3650-12x48urcatalyst_3650-12x48uqcatalyst_3650-48fqm-scatalyst_3850-24u-scatalyst_3850-24pw-scatalyst_3650-24pdm-s1100-4p_integrated_services_router9800-lasr_901-6cz-fs-dasr_1006-xasr_9906catalyst_3850-24t-lasr_1002-hx_rcatalyst_3850catalyst_3650-12x48ur-e1100-lte_integrated_services_routercatalyst_3650-48td-lcatalyst_3650-48fd-easr_920-4sz-d8804catalyst_3650-48fq-s8831asr_920-12cz-d_routerasr_920-10sz-pd_rcatalyst_3650-8x24uq-l4221_integrated_services_routercatalyst_3650-12x48uq-scatalyst_3850-24xscatalyst_3650-48pq-l111x_integrated_services_routercatalyst_3650-12x48uz-scatalyst_3650-24pdcatalyst_3650-48td-easr_9006asr_900catalyst_3650-48fqm-ecatalyst_3850-24xu-scatalyst_3650-24pdm-l1100-4g_integrated_services_routercatalyst_3650-48tq-scatalyst_3650-24td-ecatalyst_3850-24p-s9800-40asr_920-24sz-m_routercatalyst_3850-12s-scatalyst_3850-24xu-l1160_integrated_services_router1100-8p_integrated_services_routercatalyst_3650-24pd-scatalyst_3850-48u-scatalyst_3650-12x48uzasr_920-12cz-a_rcatalyst_3850-16xs-e1905_integrated_services_router8800_8-slotcatalyst_3650-8x24uq-ecatalyst_3650-48pd-ecatalyst_3850-48f-l1906c_integrated_services_router8201-32fhasr_9912catalyst_3850-48xs-f-ecatalyst_3850-nm-2-40gcatalyst_3850-12s-ecatalyst_3650-24ps-lasr_920-12cz-d_rasr_9922asr_901s-2sg-f-ah1861_integrated_service_router8812catalyst_3850-48xs-scatalyst_3850-32xs-siosasr_901-12c-f-dcatalyst_3650-24ps-s9800-801100-6g_integrated_services_routerasr_907catalyst_3850-48pw-s82128201catalyst_3650-48fqmcatalyst_3650-24pdm-easr_9000vcatalyst_3850-48ucatalyst_3650-12x48fd-lcatalyst_3850-48p-easr_920-24tz-m_rcatalyst_3650-12x48uz-ecatalyst_3850-48t-lcatalyst_3850-48t-sasr_9141812_integrated_service_routercatalyst_3850-24u-lcatalyst_3650-48fs-e1941w_integrated_services_router1109-2p_integrated_services_routercatalyst_3850-24s-easr_1002asr_1000-xasr_1001-hxcatalyst_3850-12xs-sasr_902asr_920-24tz-m_routercatalyst_3850-48t-e8808catalyst_3650-48fqasr_901-6cz-f-d8102-64hcatalyst_3650-48fd-scatalyst_3650-48fq-lcatalyst_3650-48pq-scatalyst_3650-8x24uqcatalyst_3650-12x48ur-s422_integrated_services_routerasr_1009-x8800_18-slot9800-clasr_1004asr_9902catalyst_3650-8x24pd-easr_920-12sz-im_routercatalyst_3650-48ps-scatalyst_3850-32xs-easr_9920catalyst_3850-12xs-easr_920-24sz-im_rcatalyst_3850-48p-sasr_9000asr_920u-12sz-im1131_integrated_services_routercatalyst_3650-48pd-l8818catalyst_3650-24ps-ecatalyst_3650-48pq-ecatalyst_3650asr_920-4sz-a_routerasr_9910catalyst_3650-48ps-lcatalyst_3850-48xscatalyst_3850-24p-l1921_integrated_services_routerasr_1002-hxasr_920-12cz-a_router82181109_integrated_services_routerasr_901s-3sg-f-dasr_1001-hx_rasr_901-12c-ft-dcatalyst_3650-12x48uz-l1941_integrated_services_routerasr_1006asr_920-4sz-d_rasr_1000-esp100-xasr_1000catalyst_3650-24td-sasr_901-6cz-ft-dasr_1002-xcatalyst_3650-48fqm-lcatalyst_3650-48ps-eCisco IOS and IOS XEIOS and IOS XE Software
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-20
Improper Input Validation
CVE-2021-1497
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-94.40% / 99.97%
||
7 Day CHG~0.00%
Published-06 May, 2021 | 12:41
Updated-28 Oct, 2025 | 13:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2021-11-17||Apply updates per vendor instructions.
Cisco HyperFlex HX Command Injection Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-hyperflex_hx240c_m5hyperflex_hx220c_edge_m5hyperflex_hx240chyperflex_hx220c_af_m5hyperflex_hx220c_all_nvme_m5hyperflex_hx220c_m5hyperflex_hx_data_platformhyperflex_hx240c_af_m5Cisco HyperFlex HX Data PlatformHyperFlex HX
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-1971
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.1||HIGH
EPSS-1.40% / 80.09%
||
7 Day CHG~0.00%
Published-08 Aug, 2019 | 07:35
Updated-20 Nov, 2024 | 17:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Enterprise NFV Infrastructure Software Command Injection Vulnerability

A vulnerability in the web portal of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to perform a command injection attack and execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation by the web portal framework. An attacker could exploit this vulnerability by providing malicious input during web portal authentication. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-enterprise_network_function_virtualization_infrastructureCisco Enterprise NFV Infrastructure Software
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-20
Improper Input Validation
CVE-2016-1453
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-26.08% / 96.16%
||
7 Day CHG~0.00%
Published-06 Oct, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the Overlay Transport Virtualization (OTV) GRE feature in Cisco NX-OS 5.0 through 7.3 on Nexus 7000 and 7700 devices allows remote attackers to execute arbitrary code via long parameters in a packet header, aka Bug ID CSCuy95701.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-nx-osn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1363
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-11.61% / 93.48%
||
7 Day CHG~0.00%
Published-21 Apr, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the redirection functionality in Cisco Wireless LAN Controller (WLC) Software 7.2 through 7.4 before 7.4.140.0(MD) and 7.5 through 8.0 before 8.0.115.0(ED) allows remote attackers to execute arbitrary code via a crafted HTTP request, aka Bug ID CSCus25617.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-wireless_lan_controller_softwaren/a
CVE-2019-15958
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.1||HIGH
EPSS-2.48% / 84.97%
||
7 Day CHG~0.00%
Published-26 Nov, 2019 | 03:11
Updated-20 Nov, 2024 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerability

A vulnerability in the REST API of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network Manager (EPNM) could allow an unauthenticated remote attacker to execute arbitrary code with root privileges on the underlying operating system. The vulnerability is due to insufficient input validation during the initial High Availability (HA) configuration and registration process of an affected device. An attacker could exploit this vulnerability by uploading a malicious file during the HA registration period. A successful exploit could allow the attacker to execute arbitrary code with root-level privileges on the underlying operating system. Note: This vulnerability can only be exploited during the HA registration period. See the Details section for more information.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-prime_infrastructureevolved_programmable_network_managerCisco Prime Infrastructure
CWE ID-CWE-20
Improper Input Validation
CVE-2019-1620
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-85.97% / 99.37%
||
7 Day CHG~0.00%
Published-27 Jun, 2019 | 03:05
Updated-19 Nov, 2024 | 19:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Data Center Network Manager Arbitrary File Upload and Remote Code Execution Vulnerability

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to upload arbitrary files on an affected device. The vulnerability is due to incorrect permission settings in affected DCNM software. An attacker could exploit this vulnerability by uploading specially crafted data to the affected device. A successful exploit could allow the attacker to write arbitrary files on the filesystem and execute code with root privileges on the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-data_center_network_managerCisco Data Center Network Manager
CWE ID-CWE-264
Not Available
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-1291
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.87% / 82.73%
||
7 Day CHG~0.00%
Published-04 Feb, 2021 | 16:56
Updated-08 Nov, 2024 | 23:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers Remote Code Execution Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv260w_wireless-ac_vpn_routerrv160_vpn_routerrv160w_wireless-ac_vpn_routerrv160_vpn_router_firmwarerv260p_vpn_router_with_poerv260w_wireless-ac_vpn_router_firmwarerv160w_wireless-ac_vpn_router_firmwarerv260_vpn_routerrv260_vpn_router_firmwarerv260p_vpn_router_with_poe_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-472
External Control of Assumed-Immutable Web Parameter
CVE-2021-1275
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.89% / 82.84%
||
7 Day CHG~0.00%
Published-06 May, 2021 | 12:50
Updated-08 Nov, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco SD-WAN vManage Software Vulnerabilities

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-sd-wan_vmanagecatalyst_sd-wan_managerCisco SD-WAN vManage
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2021-1479
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-2.57% / 85.21%
||
7 Day CHG~0.00%
Published-08 Apr, 2021 | 04:07
Updated-08 Nov, 2024 | 23:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco SD-WAN vManage Software Vulnerabilities

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-sd-wan_vmanagecatalyst_sd-wan_managerCisco SD-WAN Solution
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-1451
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.1||HIGH
EPSS-0.66% / 70.55%
||
7 Day CHG~0.00%
Published-24 Mar, 2021 | 20:06
Updated-08 Nov, 2024 | 23:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software Easy Virtual Switching System Arbitrary Code Execution Vulnerability

A vulnerability in the Easy Virtual Switching System (VSS) feature of Cisco IOS XE Software for Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying Linux operating system of an affected device. The vulnerability is due to incorrect boundary checks of certain values in Easy VSS protocol packets that are destined for an affected device. An attacker could exploit this vulnerability by sending crafted Easy VSS protocol packets to UDP port 5500 while the affected device is in a specific state. When the crafted packet is processed, a buffer overflow condition may occur. A successful exploit could allow the attacker to trigger a denial of service (DoS) condition or execute arbitrary code with root privileges on the underlying Linux operating system of the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.Linux Kernel Organization, Inc
Product-ios_xelinux_kernelCisco IOS XE Software
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-1472
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-87.33% / 99.44%
||
7 Day CHG~0.00%
Published-08 Apr, 2021 | 04:06
Updated-08 Nov, 2024 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV Series Routers Vulnerabilities

Multiple vulnerabilities exist in the web-based management interface of Cisco Small Business RV Series Routers. A remote attacker could execute arbitrary commands or bypass authentication and upload files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv260_firmwarerv340_firmwarerv345prv345rv160w_firmwarerv160_firmwarerv260w_firmwarerv345p_firmwarerv340w_firmwarerv160wrv260rv260wrv340wrv260prv345_firmwarerv340rv260p_firmwarerv160Cisco Small Business RV Series Router Firmware
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-287
Improper Authentication
CVE-2021-1609
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.81% / 73.82%
||
7 Day CHG~0.00%
Published-04 Aug, 2021 | 17:20
Updated-07 Nov, 2024 | 22:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Web Management Vulnerabilities

Multiple vulnerabilities in the web-based management interface of the Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an attacker to do the following: Execute arbitrary code Cause a denial of service (DoS) condition Execute arbitrary commands For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-small_business_rv340wsmall_business_rv345psmall_business_rv345small_business_rv340small_business_rv_series_router_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2021-1301
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.88% / 74.87%
||
7 Day CHG~0.00%
Published-20 Jan, 2021 | 19:55
Updated-12 Nov, 2024 | 20:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco SD-WAN Buffer Overflow Vulnerabilities

Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-vedge_100b_routervedge_cloud_routersd-wan_vbond_orchestratorvedge_5000_routervedge_100_routersd-wan_firmwareios_xe_sd-wanvedge_2000_routersd-wan_vsmart_controller_firmwarevedge_100wm_routercatalyst_sd-wan_managervedge_1000_routervedge_100m_routerCisco SD-WAN Solution
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-20
Improper Input Validation
CVE-2021-1506
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.89% / 82.84%
||
7 Day CHG~0.00%
Published-06 May, 2021 | 12:41
Updated-08 Nov, 2024 | 23:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco SD-WAN vManage Software Vulnerabilities

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-sd-wan_vmanagecatalyst_sd-wan_managerCisco SD-WAN vManage
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-862
Missing Authorization
CVE-2019-15260
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-7.15% / 91.37%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 18:36
Updated-19 Nov, 2024 | 18:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Aironet Access Points Unauthorized Access Vulnerability

A vulnerability in Cisco Aironet Access Points (APs) Software could allow an unauthenticated, remote attacker to gain unauthorized access to a targeted device with elevated privileges. The vulnerability is due to insufficient access control for certain URLs on an affected device. An attacker could exploit this vulnerability by requesting specific URLs from an affected AP. An exploit could allow the attacker to gain access to the device with elevated privileges. While the attacker would not be granted access to all possible configuration options, it could allow the attacker to view sensitive information and replace some options with values of their choosing, including wireless network configuration. It would also allow the attacker to disable the AP, creating a denial of service (DoS) condition for clients associated with the AP.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-aironet_2800aironet_2800_firmwareaironet_4800_firmwareaironet_1800aironet_1560aironet_3800aironet_1540_firmwareaironet_1560_firmwareaironet_3800_firmwareaironet_1800_firmwareaironet_1540aironet_4800Cisco Aironet Access Point Software
CWE ID-CWE-284
Improper Access Control
CVE-2021-1396
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.83% / 74.09%
||
7 Day CHG~0.00%
Published-24 Feb, 2021 | 19:31
Updated-08 Nov, 2024 | 23:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Application Services Engine Unauthorized Access Vulnerabilities

Multiple vulnerabilities in Cisco Application Services Engine could allow an unauthenticated, remote attacker to gain privileged access to host-level operations or to learn device-specific information, create diagnostic files, and make limited configuration changes. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-application_policy_infrastructure_controllerapplication_services_engineCisco Application Services Engine Software
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2021-1289
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.87% / 82.73%
||
7 Day CHG~0.00%
Published-04 Feb, 2021 | 16:35
Updated-12 Nov, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers Remote Code Execution Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv260w_wireless-ac_vpn_routerrv160_vpn_routerrv160w_wireless-ac_vpn_routerrv160_vpn_router_firmwarerv260p_vpn_router_with_poerv260w_wireless-ac_vpn_router_firmwarerv160w_wireless-ac_vpn_router_firmwarerv260_vpn_routerrv260_vpn_router_firmwarerv260p_vpn_router_with_poe_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-472
External Control of Assumed-Immutable Web Parameter
CVE-2021-1473
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-90.79% / 99.61%
||
7 Day CHG~0.00%
Published-08 Apr, 2021 | 04:06
Updated-08 Nov, 2024 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV Series Routers Vulnerabilities

Multiple vulnerabilities exist in the web-based management interface of Cisco Small Business RV Series Routers. A remote attacker could execute arbitrary commands or bypass authentication and upload files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv340_firmwarerv340wrv345prv345rv345_firmwarerv345p_firmwarerv340rv340w_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-1292
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.87% / 82.73%
||
7 Day CHG~0.00%
Published-04 Feb, 2021 | 16:56
Updated-08 Nov, 2024 | 23:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers Remote Code Execution Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv260w_wireless-ac_vpn_routerrv160_vpn_routerrv160w_wireless-ac_vpn_routerrv160_vpn_router_firmwarerv260p_vpn_router_with_poerv260w_wireless-ac_vpn_router_firmwarerv160w_wireless-ac_vpn_router_firmwarerv260_vpn_routerrv260_vpn_router_firmwarerv260p_vpn_router_with_poe_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-472
External Control of Assumed-Immutable Web Parameter
CVE-2021-1602
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.2||HIGH
EPSS-1.62% / 81.45%
||
7 Day CHG~0.00%
Published-04 Aug, 2021 | 17:20
Updated-07 Nov, 2024 | 22:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV160 and RV260 Series VPN Routers Remote Command Execution Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device using root-level privileges. Due to the nature of the vulnerability, only commands without parameters can be executed.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-small_business_rv260small_business_rv160small_business_rv260wsmall_business_rv_series_router_firmwaresmall_business_rv160wsmall_business_rv260pCisco Small Business RV Series Router Firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-20
Improper Input Validation
CVE-2021-1293
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-6.34% / 90.77%
||
7 Day CHG~0.00%
Published-04 Feb, 2021 | 16:56
Updated-08 Nov, 2024 | 23:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers Remote Code Execution Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv260w_wireless-ac_vpn_routerrv160_vpn_routerrv160w_wireless-ac_vpn_routerrv160_vpn_router_firmwarerv260p_vpn_router_with_poerv260w_wireless-ac_vpn_router_firmwarerv160w_wireless-ac_vpn_router_firmwarerv260_vpn_routerrv260_vpn_router_firmwarerv260p_vpn_router_with_poe_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-472
External Control of Assumed-Immutable Web Parameter
CVE-2021-1295
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.87% / 82.73%
||
7 Day CHG~0.00%
Published-04 Feb, 2021 | 16:56
Updated-08 Nov, 2024 | 23:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers Remote Code Execution Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv260w_wireless-ac_vpn_routerrv160_vpn_routerrv160w_wireless-ac_vpn_routerrv160_vpn_router_firmwarerv260p_vpn_router_with_poerv260w_wireless-ac_vpn_router_firmwarerv160w_wireless-ac_vpn_router_firmwarerv260_vpn_routerrv260_vpn_router_firmwarerv260p_vpn_router_with_poe_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-472
External Control of Assumed-Immutable Web Parameter
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 26
  • 27
  • Next
Details not found