Vulnerabilities (CVE)

Filtered by vendor Cisco Subscribe
Total 6256 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-4312 1 Cisco 9 Adaptive Security Appliance, Pix Firewall 501, Pix Firewall 506 and 6 more 2025-04-03 6.8 MEDIUM N/A
Cisco PIX 500 Series Security Appliances and ASA 5500 Series Adaptive Security Appliances, when running 7.0(x) up to 7.0(5) and 7.1(x) up to 7.1(2.4), and Firewall Services Module (FWSM) 3.1(x) up to 3.1(1.6), causes the EXEC password, local user passwords, and the enable password to be changed to a "non-random value" under certain circumstances, which causes administrators to be locked out and might allow attackers to gain access.
CVE-2005-3886 1 Cisco 1 Security Agent 2025-04-03 7.2 HIGH N/A
Unspecified vulnerability in Cisco Security Agent (CSA) 4.5.0 and 4.5.1 agents, when running on Windows systems, allows local users to bypass protections and gain system privileges by executing certain local software.
CVE-2005-0600 1 Cisco 10 Application And Content Networking Software, Content Delivery Manager, Content Distribution Manager 4630 and 7 more 2025-04-03 5.0 MEDIUM N/A
Cisco devices running Application and Content Networking System (ACNS) 5.0, 5.1 before 5.1.13.7, or 5.2 before 5.2.3.9 allow remote attackers to cause a denial of service (bandwidth consumption) via "crafted IP packets" that are continuously forwarded.
CVE-2004-0352 1 Cisco 4 Content Services Switch 11000, Content Services Switch 11050, Content Services Switch 11150 and 1 more 2025-04-03 5.0 MEDIUM N/A
Cisco 11000 Series Content Services Switches (CSS) running WebNS 5.0(x) before 05.0(04.07)S, and 6.10(x) before 06.10(02.05)S allow remote attackers to cause a denial of service (device reset) via a malformed packet to UDP port 5002.
CVE-2004-1464 1 Cisco 1 Ios 2025-04-03 5.0 MEDIUM 5.9 MEDIUM
Cisco IOS 12.2(15) and earlier allows remote attackers to cause a denial of service (refused VTY (virtual terminal) connections), via a crafted TCP connection to the Telnet or reverse Telnet port.
CVE-2001-0455 1 Cisco 1 Aironet 340 2025-04-03 7.5 HIGH N/A
Cisco Aironet 340 Series wireless bridge before 8.55 does not properly disable access to the web interface, which allows remote attackers to modify its configuration.
CVE-2005-3774 1 Cisco 1 Pix 2025-04-03 5.0 MEDIUM N/A
Cisco PIX 6.3 and 7.0 allows remote attackers to cause a denial of service (blocked new connections) via spoofed TCP packets that cause the PIX to create embryonic connections that that would not produce a valid connection with the end system, including (1) SYN packets with invalid checksums, which do not result in a RST; or, from an external interface, (2) one byte of "meaningless data," or (3) a TTL that is one less than needed to reach the internal destination.
CVE-2001-0566 1 Cisco 1 Catalyst 2900 2025-04-03 5.0 MEDIUM N/A
Cisco Catalyst 2900XL switch allows a remote attacker to create a denial of service via an empty UDP packet sent to port 161 (SNMP) when SNMP is disabled.
CVE-2006-0340 1 Cisco 1 Ios 2025-04-03 7.1 HIGH N/A
Unspecified vulnerability in Stack Group Bidding Protocol (SGBP) support in Cisco IOS 12.0 through 12.4 running on various Cisco products, when SGBP is enabled, allows remote attackers on the local network to cause a denial of service (device hang and network traffic loss) via a crafted UDP packet to port 9900.
CVE-1999-0160 1 Cisco 1 Ios 2025-04-03 7.5 HIGH N/A
Some classic Cisco IOS devices have a vulnerability in the PPP CHAP authentication to establish unauthorized PPP connections.
CVE-2004-0081 23 4d, Apple, Avaya and 20 more 66 Webstar, Mac Os X, Mac Os X Server and 63 more 2025-04-03 5.0 MEDIUM N/A
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.
CVE-2006-3287 1 Cisco 1 Wireless Control System 2025-04-03 7.5 HIGH N/A
Cisco Wireless Control System (WCS) for Linux and Windows 4.0(1) and earlier uses a default administrator username "root" and password "public," which allows remote attackers to gain access (aka bug CSCse21391).
CVE-2005-2025 1 Cisco 8 Vpn 3000 Concentrator, Vpn 3000 Concentrator Series Software, Vpn 3005 Concentrator Software and 5 more 2025-04-03 5.0 MEDIUM N/A
Cisco VPN 3000 Concentrator before 4.1.7.F allows remote attackers to determine valid groupnames by sending an IKE Aggressive Mode packet with the groupname in the ID field, which generates a response if the groupname is valid, but does not generate a response for an invalid groupname.
CVE-2002-0908 1 Cisco 1 Ids Device Manager 2025-04-03 5.0 MEDIUM N/A
Directory traversal vulnerability in the web server for Cisco IDS Device Manager before 3.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTPS request.
CVE-2005-2681 1 Cisco 1 Ips Sensor Software 2025-04-03 7.2 HIGH N/A
Unspecified vulnerability in the command line processing (CLI) logic in Cisco Intrusion Prevention System 5.0(1) and 5.0(2) allows local users with OPERATOR or VIEWER privileges to gain additional privileges via unknown vectors.
CVE-2004-1433 1 Cisco 1 Optical Networking Systems Software 2025-04-03 5.0 MEDIUM N/A
Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, including 4.6(0) and 4.6(1), 4.5(x), 4.1(0) to 4.1(3), 4.0(0) to 4.0(2), and earlier versions, and ONS 15600 1.x(x), allows remote attackers to cause a denial of service (control card reset) via malformed (1) TCP and (2) UDP packets.
CVE-2002-1189 1 Cisco 1 Unity Server 2025-04-03 4.6 MEDIUM N/A
The default configuration of Cisco Unity 2.x and 3.x does not block international operator calls in the predefined restriction tables, which could allow authenticated users to place international calls using call forwarding.
CVE-2000-0268 1 Cisco 12 3660 Router, 7100 Router, 7200 Router and 9 more 2025-04-03 5.0 MEDIUM N/A
Cisco IOS 11.x and 12.x allows remote attackers to cause a denial of service by sending the ENVIRON option to the Telnet daemon before it is ready to accept it, which causes the system to reboot.
CVE-2001-0650 1 Cisco 1 Ios 2025-04-03 5.0 MEDIUM N/A
Cisco devices IOS 12.0 and earlier allow a remote attacker to cause a crash, or bad route updates, via malformed BGP updates with unrecognized transitive attribute.
CVE-2006-4430 1 Cisco 2 Network Admission Control, Network Admission Control Manager And Server System Software 2025-04-03 5.0 MEDIUM N/A
The Cisco Network Admission Control (NAC) 3.6.4.1 and earlier allows remote attackers to prevent installation of the Cisco Clean Access (CCA) Agent and bypass local and remote protection mechanisms by modifying (1) the HTTP User-Agent header or (2) the behavior of the TCP/IP stack. NOTE: the vendor has disputed the severity of this issue, stating that users cannot bypass authentication mechanisms.