Filtered by vendor Cisco
Subscriptions
Total
6617 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-6789 | 1 Cisco | 1 Unified Intelligence Center | 2025-04-20 | N/A |
| A vulnerability in the Cisco Unified Intelligence Center web interface could allow an unauthenticated, remote attacker to impact the integrity of the system by executing a Document Object Model (DOM)-based, environment or client-side cross-site scripting (XSS) attack. The vulnerability occurs because user-supplied data in the DOM input is not validated. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious DOM statements to the affected system. A successful exploit could allow the attacker to affect the integrity of the system by manipulating the database. Known Affected Releases 11.0(1)ES10. Cisco Bug IDs: CSCvf18325. | ||||
| CVE-2017-9489 | 2 Cisco, Commscope | 4 Dpc3939b, Dpc3939b Firmware, Arris Tg1682g and 1 more | 2025-04-20 | 8.8 High |
| The Comcast firmware on Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST) devices allows configuration changes via CSRF. | ||||
| CVE-2017-6772 | 1 Cisco | 1 Elastic Services Controller | 2025-04-20 | N/A |
| A vulnerability in Cisco Elastic Services Controller (ESC) could allow an authenticated, remote attacker to view sensitive information. The vulnerability is due to insufficient protection of sensitive data. An attacker could exploit this vulnerability by authenticating to the application and navigating to certain configuration files. An exploit could allow the attacker to view sensitive system configuration files. Cisco Bug IDs: CSCvd29408. Known Affected Releases: 2.3(2). | ||||
| CVE-2017-6746 | 1 Cisco | 1 Web Security Appliance | 2025-04-20 | N/A |
| A vulnerability in the web interface of the Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid administrator credentials. Affected Products: Cisco AsyncOS Software 10.0 and later for WSA on both virtual and hardware appliances. More Information: CSCvd88862. Known Affected Releases: 10.1.0-204. Known Fixed Releases: 10.5.1-270 10.1.1-235. | ||||
| CVE-2017-6757 | 1 Cisco | 1 Unified Communications Manager | 2025-04-20 | N/A |
| A vulnerability in Cisco Unified Communications Manager 10.5(2.10000.5), 11.0(1.10000.10), and 11.5(1.10000.6) could allow an authenticated, remote attacker to conduct a blind SQL injection attack. The vulnerability is due to a failure to validate user-supplied input used in SQL queries that bypass protection filters. An attacker could exploit this vulnerability by sending crafted URLs that include SQL statements. An exploit could allow the attacker to modify or delete entries in some database tables, affecting the integrity of the data. Cisco Bug IDs: CSCve13786. | ||||
| CVE-2017-6731 | 1 Cisco | 1 Ios Xr | 2025-04-20 | N/A |
| A vulnerability in Multicast Source Discovery Protocol (MSDP) ingress packet processing for Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the MSDP session to be unexpectedly reset, causing a short denial of service (DoS) condition. The MSDP session will restart within a few seconds. More Information: CSCvd94828. Known Affected Releases: 4.3.2.MCAST 6.0.2.BASE. Known Fixed Releases: 6.3.1.19i.MCAST 6.2.3.1i.MCAST 6.2.2.17i.MCAST 6.1.4.12i.MCAST. | ||||
| CVE-2017-6758 | 1 Cisco | 1 Unified Communications Manager | 2025-04-20 | N/A |
| A vulnerability in the web framework of Cisco Unified Communications Manager 11.5(1.10000.6) could allow an authenticated, remote attacker to access arbitrary files in the context of the web root directory structure on an affected device. The vulnerability is due to insufficient input validation by the affected software. An attacker could exploit this vulnerability by using directory traversal techniques to read files in the web root directory structure on the Cisco Unified Communications Manager filesystem. Cisco Bug IDs: CSCve13796. | ||||
| CVE-2017-6771 | 1 Cisco | 1 Ultra Services Framework | 2025-04-20 | N/A |
| A vulnerability in the AutoVNF automation tool of the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to acquire sensitive information. The vulnerability is due to insufficient protection of sensitive data. An attacker could exploit this vulnerability by browsing to a specific URL of an affected device. An exploit could allow the attacker to view sensitive configuration information about the deployment. Cisco Bug IDs: CSCvd29358. Known Affected Releases: 21.0.v0.65839. | ||||
| CVE-2017-9490 | 3 Arris, Cisco, Commscope | 4 Tg1682g Firmware, Dpc3939b, Dpc3939b Firmware and 1 more | 2025-04-20 | N/A |
| The Comcast firmware on Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices allows configuration changes via CSRF. | ||||
| CVE-2017-6711 | 1 Cisco | 1 Ultra Services Framework | 2025-04-20 | N/A |
| A vulnerability in the Ultra Automation Service (UAS) of the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to gain unauthorized access to a targeted device. The vulnerability is due to an insecure default configuration of the Apache ZooKeeper service used by the affected software. An attacker could exploit this vulnerability by accessing the affected device through the orchestrator network. An exploit could allow the attacker to gain access to ZooKeeper data nodes (znodes) and influence the behavior of the system's high-availability feature. This vulnerability affects all releases of Cisco Ultra Services Framework UAS prior to Releases 5.0.3 and 5.1. Cisco Bug IDs: CSCvd29395. | ||||
| CVE-2017-6689 | 1 Cisco | 1 Elastic Services Controller | 2025-04-20 | N/A |
| A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the admin user, aka an Insecure Default Administrator Credentials Vulnerability. More Information: CSCvc76661. Known Affected Releases: 2.2(9.76). | ||||
| CVE-2017-6712 | 1 Cisco | 1 Elastic Services Controller | 2025-04-20 | N/A |
| A vulnerability in certain commands of Cisco Elastic Services Controller could allow an authenticated, remote attacker to elevate privileges to root and run dangerous commands on the server. The vulnerability occurs because a "tomcat" user on the system can run certain shell commands, allowing the user to overwrite any file on the filesystem and elevate privileges to root. This vulnerability affects Cisco Elastic Services Controller prior to releases 2.3.1.434 and 2.3.2. Cisco Bug IDs: CSCvc76634. | ||||
| CVE-2017-6681 | 1 Cisco | 1 Ultra Services Framework | 2025-04-20 | N/A |
| A vulnerability in the AutoVNF VNFStagingView class of Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to execute a relative path traversal attack, enabling an attacker to read sensitive files on the system. More Information: CSCvc76662. Known Affected Releases: 21.0.0. | ||||
| CVE-2017-6672 | 1 Cisco | 1 Asr 5000 Series Software | 2025-04-20 | N/A |
| A vulnerability in certain filtering mechanisms of access control lists (ACLs) for Cisco ASR 5000 Series Aggregation Services Routers through 21.x could allow an unauthenticated, remote attacker to bypass ACL rules that have been configured for an affected device. More Information: CSCvb99022 CSCvc16964 CSCvc37351 CSCvc54843 CSCvc63444 CSCvc77815 CSCvc88658 CSCve08955 CSCve14141 CSCve33870. | ||||
| CVE-2017-6685 | 1 Cisco | 1 Ultra Services Framework Staging Server | 2025-04-20 | N/A |
| A vulnerability in Cisco Ultra Services Framework Staging Server could allow an authenticated, remote attacker with access to the management network to log in as an admin user of the affected device, aka an Insecure Default Credentials Vulnerability. More Information: CSCvc76681. Known Affected Releases: 21.0.0. | ||||
| CVE-2017-6715 | 1 Cisco | 1 Secure Firewall Management Center | 2025-04-20 | N/A |
| A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. Affected Products: Cisco Firepower Management Center Releases 5.4.1.x and prior. More Information: CSCuy88951. Known Affected Releases: 5.4.1.6. | ||||
| CVE-2017-6653 | 1 Cisco | 1 Identity Services Engine | 2025-04-20 | N/A |
| A vulnerability in the TCP throttling process for the GUI of the Cisco Identity Services Engine (ISE) 2.1(0.474) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device where the ISE GUI may fail to respond to new or established connection requests. The vulnerability is due to insufficient TCP rate limiting protection on the GUI. An attacker could exploit this vulnerability by sending the affected device a high rate of TCP connections to the GUI. An exploit could allow the attacker to cause the GUI to stop responding while the high rate of connections is in progress. Cisco Bug IDs: CSCvc81803. | ||||
| CVE-2017-6698 | 1 Cisco | 1 Prime Infrastructure | 2025-04-20 | N/A |
| A vulnerability in the Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) SQL database interface could allow an authenticated, remote attacker to impact the confidentiality and integrity of the application by executing arbitrary SQL queries, aka SQL Injection. More Information: CSCvc23892 CSCvc35270 CSCvc35626 CSCvc35630 CSCvc49568. Known Affected Releases: 3.1(1) 2.0(4.0.45B). | ||||
| CVE-2017-6645 | 1 Cisco | 1 Remote Expert Manager | 2025-04-20 | N/A |
| A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Virtual Temporary Directory information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding to HTTP requests that are sent to the web interface of the software. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web interface of the software on an affected system. A successful exploit could allow the attacker to access sensitive information about the software. The attacker could use this information to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvc52861. | ||||
| CVE-2017-6639 | 1 Cisco | 1 Prime Data Center Network Manager | 2025-04-20 | N/A |
| A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to access sensitive information or execute arbitrary code with root privileges on an affected system. The vulnerability is due to the lack of authentication and authorization mechanisms for a debugging tool that was inadvertently enabled in the affected software. An attacker could exploit this vulnerability by remotely connecting to the debugging tool via TCP. A successful exploit could allow the attacker to access sensitive information about the affected software or execute arbitrary code with root privileges on the affected system. This vulnerability affects Cisco Prime Data Center Network Manager (DCNM) Software Releases 10.1(1) and 10.1(2) for Microsoft Windows, Linux, and Virtual Appliance platforms. Cisco Bug IDs: CSCvd09961. | ||||