| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote authenticated users to bypass intended access restrictions and read configuration files by leveraging the Mobile and Remote Access (MRA) role and establishing a TFTP session, aka Bug ID CSCuv78531. |
| Cross-site scripting (XSS) vulnerability in Cisco IP Interoperability and Collaboration System 4.10(1) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy12339. |
| Cisco NX-OS 7.1(1)N1(1) on Nexus 5500, 5600, and 6000 devices does not properly validate PDUs in SNMP packets, which allows remote attackers to cause a denial of service (SNMP application restart) via a crafted packet, aka Bug ID CSCut84645. |
| Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted IPv4 UDP packet, aka Bug ID CSCsw95482. |
| Cross-site scripting (XSS) vulnerability in Cisco Videoscape Distribution Suite Service Manager (VDS-SM) 3.0 through 3.4.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCva14552. |
| Cisco Adaptive Security Appliance (ASA) Software 9.0 through 9.5.1 mishandles IPsec error processing, which allows remote authenticated users to cause a denial of service (memory consumption) via crafted (1) LAN-to-LAN or (2) Remote Access VPN tunnel packets, aka Bug ID CSCuv70576. |
| The JavaServer Pages (JSP) component in Cisco Integrated Management Controller (IMC) Supervisor before 1.0.0.1 and UCS Director (formerly Cloupia Unified Infrastructure Controller) before 5.2.0.1 allows remote attackers to write to arbitrary files via crafted HTTP requests, aka Bug IDs CSCus36435 and CSCus62625. |
| The Internet Access Point Protocol (IAPP) module on Cisco Wireless LAN Controller (WLC) devices with software 8.1(104.37) allows remote attackers to trigger incorrect traffic forwarding via crafted IPv6 packets, aka Bug ID CSCuv40033. |
| Cisco ASR 5000 devices with software 19.0.M0.60828 allow remote attackers to cause a denial of service (OSPF process restart) via crafted length fields in headers of OSPF packets, aka Bug ID CSCuv62820. |
| Memory leak in Cisco AsyncOS through 8.8 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via an unspecified HTTP status code, aka Bug ID CSCur28305. |
| Cross-site scripting (XSS) vulnerability in Cisco Unified Web and E-Mail Interaction Manager 9.0(2) allows remote attackers to inject arbitrary web script or HTML via a crafted chat message, aka Bug ID CSCuo89051. |
| SQL injection vulnerability in Cisco Firepower Management Center 4.10.3 through 5.4.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCur25485. |
| The DHCP Relay implementation in Cisco Adaptive Security Appliance (ASA) Software 8.4.7.29 and 9.1.7.4 allows remote attackers to cause a denial of service (interface wedge) via a crafted rate of DHCP packet transmission, aka Bug ID CSCuy66942. |
| The Threat Management Console in Cisco Firepower Management Center 5.2.0 through 6.0.1 allows remote authenticated users to execute arbitrary commands via crafted web-application parameters, aka Bug ID CSCva30872. |
| The Cavium cryptographic-module firmware on Cisco Adaptive Security Appliance (ASA) devices with software 9.3(3) and 9.4(1.1) does not verify the AES-GCM Integrity Check Value (ICV) octets, which makes it easier for man-in-the-middle attackers to spoof IPSec and IKEv2 traffic by modifying packet data, aka Bug ID CSCuu66218. |
| The TLS implementation in the Cavium cryptographic-module firmware, as distributed with Cisco Adaptive Security Appliance (ASA) Software 9.1(5.21) and other products, does not verify the MAC field, which allows man-in-the-middle attackers to spoof TLS content by modifying packets, aka Bug ID CSCuu52976. |
| The installation procedure on Cisco Application Policy Infrastructure Controller (APIC) devices 1.3(2f) mishandles binary files, which allows local users to obtain root access via unspecified vectors, aka Bug ID CSCva50496. |
| Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(2) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(2) allow remote authenticated users to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuy21889. |
| Cisco Prime Infrastructure (PI) 1.4(0.45) and earlier, when AAA authentication is used, allows remote authenticated users to bypass intended access restrictions via a username with a modified composition of lowercase and uppercase characters, aka Bug ID CSum59958. |
| A local file script in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to gain privileges for OS command execution via invalid parameters, aka Bug ID CSCuv10556. |
