ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.
Max CVSS
2.1
EPSS Score
88.08%
Published
1997-08-01
Updated
2022-11-14
Cisco Cache Engine allows a remote attacker to gain access via a null username and password.
Max CVSS
2.6
EPSS Score
0.13%
Published
1999-12-16
Updated
2022-08-17
Cisco Resource Manager (CRM) 1.1 and earlier creates certain files with insecure permissions that allow local users to obtain sensitive configuration information including usernames, passwords, and SNMP community strings, from (1) swim_swd.log, (2) swim_debug.log, (3) dbi_debug.log, and (4) temporary files whose names begin with "DPR_".
Max CVSS
2.1
EPSS Score
0.04%
Published
1999-12-31
Updated
2017-12-19
The on-line help system options in Cisco routers allows non-privileged users without "enabled" access to obtain sensitive information via the show command.
Max CVSS
2.1
EPSS Score
0.05%
Published
2000-05-03
Updated
2008-09-10
Classic Cisco IOS 9.1 and later allows attackers with access to the login prompt to obtain portions of the command history of previous users, which may allow the attacker to access sensitive data.
Max CVSS
2.1
EPSS Score
0.05%
Published
2001-03-12
Updated
2016-09-21
Arrowpoint (aka Cisco Content Services, or CSS) allows local users to cause a denial of service via a long argument to the "show script," "clear script," "show archive," "clear archive," "show log," or "clear log" commands.
Max CVSS
2.1
EPSS Score
0.04%
Published
2001-02-12
Updated
2008-09-05
Directory traversal vulnerability in Arrowpoint (aka Cisco Content Services, or CSS) allows local unprivileged users to read arbitrary files via a .. (dot dot) attack.
Max CVSS
2.1
EPSS Score
0.05%
Published
2001-02-12
Updated
2017-10-10
Cisco CBOS 2.3.0.053 sends output of the "sh nat" (aka "show nat") command to the terminal of the next user who attempts to connect to the router via telnet, which could allow that user to obtain sensitive information.
Max CVSS
2.1
EPSS Score
0.07%
Published
2001-07-02
Updated
2017-10-10
Cisco Hot Standby Routing Protocol (HSRP) allows local attackers to cause a denial of service by spoofing HSRP packets.
Max CVSS
2.1
EPSS Score
0.04%
Published
2001-10-18
Updated
2017-10-10
Cisco PIX firewall manager (PFM) 4.3(2)g logs the enable password in plaintext in the pfm.log file, which could allow local users to obtain the password by reading the file.
Max CVSS
2.1
EPSS Score
0.04%
Published
2001-10-10
Updated
2017-10-10
Cisco IP Phone (VoIP) models 7910, 7940, and 7960 use a default administrative password, which allows attackers with physical access to the phone to modify the configuration settings.
Max CVSS
2.1
EPSS Score
0.10%
Published
2002-10-04
Updated
2018-10-30
Cisco IOS 12.0 through 12.4 and IOS XR before 3.2, with IPv6 enabled, allows remote attackers on a local network segment to cause a denial of service (device reload) and possibly execute arbitrary code via a crafted IPv6 packet.
Max CVSS
2.1
EPSS Score
13.26%
Published
2005-08-03
Updated
2017-10-11
The Cisco Management Center (MC) for IPS Sensors (IPS MC) 2.1 can omit port field values while generating the Cisco IOS IPS configuration file, wich can cause some signatures to be disabled and makes it easier for attackers to escape detection.
Max CVSS
2.1
EPSS Score
0.08%
Published
2005-11-02
Updated
2017-07-11
Cross-site scripting (XSS) vulnerability in Cisco IOS Web Server for IOS 12.0(2a) allows remote attackers to inject arbitrary web script or HTML by (1) packets containing HTML that an administrator views via an HTTP interface to the contents of memory buffers, as demonstrated by the URI /level/15/exec/-/buffers/assigned/dump; or (2) sending the router Cisco Discovery Protocol (CDP) packets with HTML payload that an administrator views via the CDP status pages. NOTE: these vectors were originally reported as being associated with the dump and packet options in /level/15/exec/-/show/buffers.
Max CVSS
2.6
EPSS Score
5.64%
Published
2005-11-30
Updated
2018-10-19
Unspecified vulnerability in the HTTP management interface in Cisco Unity Express (CUE) 2.2(2) and earlier, when running on any CUE Advanced Integration Module (AIM) or Network Module (NM), allows remote authenticated attackers to reset the password for any user with an expired password.
Max CVSS
2.1
EPSS Score
0.32%
Published
2006-05-04
Updated
2018-10-30
Multiple cross-site scripting (XSS) vulnerabilities in the WebVPN feature in the Cisco VPN 3000 Series Concentrators and Cisco ASA 5500 Series Adaptive Security Appliances (ASA), when in WebVPN clientless mode, allow remote attackers to inject arbitrary web script or HTML via the domain parameter in (1) dnserror.html and (2) connecterror.html, aka bugid CSCsd81095 (VPN3k) and CSCse48193 (ASA). NOTE: the vendor states that "WebVPN full-network-access mode" is not affected, despite the claims by the original researcher.
Max CVSS
2.6
EPSS Score
1.14%
Published
2006-06-19
Updated
2018-10-30
Cross-site scripting (XSS) vulnerability in the login page of the HTTP interface for the Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a "malicious URL".
Max CVSS
2.6
EPSS Score
0.43%
Published
2006-06-28
Updated
2017-07-20
Cisco IOS 12.0, 12.1, and 12.2, when GRE IP tunneling is used and the RFC2784 compliance fixes are missing, does not verify the offset field of a GRE packet during decapsulation, which leads to an integer overflow that references data from incorrect memory locations, which allows remote attackers to inject crafted packets into the routing queue, possibly bypassing intended router ACLs.
Max CVSS
2.6
EPSS Score
9.32%
Published
2006-09-09
Updated
2018-10-17
Cross-site scripting (XSS) vulnerability in Cisco Guard DDoS Mitigation Appliance before 5.1(6), when anti-spoofing is enabled, allows remote attackers to inject arbitrary web script or HTML via certain character sequences in a URL that are not properly handled when the appliance sends a meta-refresh.
Max CVSS
2.6
EPSS Score
0.62%
Published
2006-09-21
Updated
2017-07-20
Cisco Secure Desktop (CSD) does not require that the ClearPageFileAtShutdown (aka CCE-Winv2.0-407) registry value equals 1, which might allow local users to read certain memory pages that were written during another user's SSL VPN session.
Max CVSS
2.1
EPSS Score
0.04%
Published
2006-10-18
Updated
2008-09-05
The default configuration of Cisco Secure Desktop (CSD) has an unchecked "Disable printing" box in Secure Desktop Settings, which might allow local users to read data that was sent to a printer during another user's SSL VPN session.
Max CVSS
2.1
EPSS Score
0.04%
Published
2006-10-18
Updated
2008-09-05
SSL VPN Client in Cisco Secure Desktop before 3.1.1.45, when configured to spawn a web browser after a successful connection, stores sensitive browser session information in a directory outside of the CSD vault and does not restrict the user from saving files outside of the vault, which is not cleared after the VPN connection terminates and allows local users to read unencrypted data.
Max CVSS
2.1
EPSS Score
0.04%
Published
2006-11-08
Updated
2017-07-20
Cisco Wireless LAN Controller (WLC) before 3.2.116.21, and 4.0.x before 4.0.155.0, allows remote attackers on a local network to cause a denial of service (device crash) via malformed Ethernet traffic.
Max CVSS
2.9
EPSS Score
0.94%
Published
2007-04-16
Updated
2018-11-01
Unspecified vulnerability in Command EXEC in Cisco IOS allows local users to bypass command restrictions and obtain sensitive information via an unspecified "variation of an IOS command" involving "two different methods", aka CSCsk16129. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
Max CVSS
2.1
EPSS Score
0.04%
Published
2007-10-18
Updated
2008-11-15
The StartServiceCtrlDispatcher function in the cvpnd service (cvpnd.exe) in Cisco VPN client for Windows before 5.0.06.0100 does not properly handle an ERROR_FAILED_SERVICE_CONTROLLER_CONNECT error, which allows local users to cause a denial of service (service crash and VPN connection loss) via a manual start of cvpnd.exe while the cvpnd service is running.
Max CVSS
2.1
EPSS Score
0.25%
Published
2009-12-01
Updated
2012-10-25
33 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!