cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-20165,https://securityvulnerability.io/vulnerability/CVE-2025-20165,Denial of Service vulnerability in Cisco BroadWorks SIP processing,"A vulnerability exists in the SIP processing subsystem of Cisco BroadWorks that allows unauthenticated, remote attackers to disrupt service by overwhelming the system with SIP requests. This issue stems from improper memory management for specific SIP requests. When an attacker floods the affected system with a high volume of SIP requests, they can deplete the memory available to the Cisco BroadWorks Network Servers, causing them to be unable to process any additional requests. This results in a denial of service condition, necessitating manual intervention to restore functionality.",Cisco,Cisco Broadworks,7.5,HIGH,0.0005099999834783375,false,,false,false,true,2025-01-22T16:21:30.377Z,false,false,false,,2025-01-22T16:21:30.377Z,0
CVE-2025-20156,https://securityvulnerability.io/vulnerability/CVE-2025-20156,Remote Privilege Escalation Vulnerability in Cisco Meeting Management,"A vulnerability in the REST API of Cisco Meeting Management enables a remote, authenticated attacker with minimal privileges to elevate their status to that of an administrator on affected devices. This issue arises from inadequate authorization checks for REST API users, allowing attackers to exploit this gap by sending crafted API requests to a specific endpoint. Successful exploitation could grant attackers unauthorized administrator-level access to edge nodes managed by Cisco Meeting Management, posing a significant risk to system integrity and data security.",Cisco,Cisco Meeting Management,9.9,CRITICAL,0.00044999999227002263,false,,true,false,true,2025-01-22T16:21:20.333Z,false,false,false,,2025-01-22T16:21:20.333Z,1522
CVE-2025-20128,https://securityvulnerability.io/vulnerability/CVE-2025-20128,Denial of Service Vulnerability in ClamAV OLE2 Processing,"A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV can be exploited by an unauthenticated remote attacker to cause a denial of service (DoS) condition. This issue arises from an integer underflow in a bounds check, allowing for a heap buffer overflow read. An attacker can execute this by submitting a specially crafted file containing OLE2 content to the ClamAV scanner on an affected device. A successful attack may terminate the ClamAV scanning process, resulting in a denial of service. Cisco has issued software updates that mitigate this vulnerability, and no workarounds exist.",Cisco,Cisco Secure Endpoint,5.3,MEDIUM,0.0004600000102072954,false,,true,false,true,2025-01-22T16:21:12.329Z,false,false,false,,2025-01-22T16:21:12.329Z,40
CVE-2025-20168,https://securityvulnerability.io/vulnerability/CVE-2025-20168,Cross-Site Scripting Vulnerability in Cisco Common Services Platform Collector,"A vulnerability exists in the web-based management interface of the Cisco Common Services Platform Collector (CSPC) that enables authenticated, remote attackers to conduct cross-site scripting (XSS) attacks. This arises from insufficient validation of user-supplied input, permitting attackers to inject malicious code into specific pages. Exploiting this vulnerability allows attackers to execute arbitrary script code within the context of the interface or access sensitive information stored in the browser. To exploit this issue, attackers must possess at least a low-privileged account on the affected device. Currently, Cisco has not provided any software updates or workarounds to mitigate this vulnerability.",Cisco,Cisco Common Services Platform Collector,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-08T17:15:00.000Z,0
CVE-2025-20167,https://securityvulnerability.io/vulnerability/CVE-2025-20167,Cross-Site Scripting Vulnerability in Cisco Common Services Platform Collector,"A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) allows an authenticated, remote attacker to perform cross-site scripting (XSS) attacks. This issue arises from inadequate validation of user-supplied input, enabling an attacker to inject malicious scripts into specific pages within the interface. Exploitation could lead to execution of arbitrary code in the context of the application or unauthorized access to sensitive data on the user's browser. To successfully execute the attack, the attacker needs to possess at least a low-privileged account on the affected device.",Cisco,Cisco Common Services Platform Collector (CSPC),5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-08T17:15:00.000Z,0
CVE-2025-20166,https://securityvulnerability.io/vulnerability/CVE-2025-20166,Cross-Site Scripting Vulnerability in Cisco Common Services Platform Collector,"A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) allows authenticated remote attackers to execute cross-site scripting (XSS) attacks. This issue arises from inadequate validation of user input, permitting an attacker to inject malicious code into specific pages of the interface. A successful attack could allow the execution of arbitrary scripts in the context of the web interface, potentially exposing sensitive browser-based information. To exploit this vulnerability, an attacker requires at least a low-privilege account on the affected device. Currently, no software updates or workarounds are available to mitigate this issue.",Cisco,Common Services Platform Collector,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-08T17:15:00.000Z,0
CVE-2025-20126,https://securityvulnerability.io/vulnerability/CVE-2025-20126,Certification Validation Flaw in Cisco ThousandEyes Endpoint Agent for macOS and RoomOS,"A security issue exists within the certification validation routines of Cisco's ThousandEyes Endpoint Agent for macOS and RoomOS. This flaw permits an unauthenticated, remote attacker to potentially intercept or manipulate metrics data by exploiting the lack of proper certificate validation for hosted metrics services. An attacker could compromise network traffic with a maliciously crafted certificate, leading to unauthorized access and manipulation of communications between the vulnerable client and the trusted metrics service.",Cisco,ThousandEyes Endpoint Agent,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-08T16:15:00.000Z,0
CVE-2025-20123,https://securityvulnerability.io/vulnerability/CVE-2025-20123,Cross-Site Scripting Vulnerabilities in Cisco Crosswork Network Controller,"The web-based management interface of Cisco Crosswork Network Controller contains multiple vulnerabilities that permit authenticated remote attackers to execute cross-site scripting (XSS) attacks. The vulnerabilities arise from inadequate validation of user-supplied input, enabling attackers to inject malicious scripts via specific data fields. A successful attack can lead to the execution of arbitrary script code within the affected interface or compromise sensitive, browser-based information. To successfully exploit these vulnerabilities, attackers must possess valid administrative credentials. Cisco has released software updates to mitigate these issues, and there are no workarounds available.",Cisco,Crosswork Network Controller,4.8,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-08T16:15:00.000Z,0
CVE-2024-20397,https://securityvulnerability.io/vulnerability/CVE-2024-20397,Unauthenticated Attacker Could Bypass NX-OS Image Signature Verification via Insecure Bootloader Settings,"A vulnerability exists in the bootloader of Cisco NX-OS Software that could potentially allow unauthenticated attackers with physical access, or authenticated local attackers with administrative privileges, to bypass the image signature verification process. This issue stems from insecure bootloader settings. By executing specific bootloader commands, an attacker may succeed in loading unverified software, which could compromise the integrity and security of the affected devices. Proper management of bootloader configurations is crucial to mitigate this risk.",Cisco,,5.2,MEDIUM,0.00044999999227002263,false,,true,false,false,,,false,false,,2024-12-04T17:15:00.000Z,0
CVE-2020-26066,https://securityvulnerability.io/vulnerability/CVE-2020-26066,Cisco SD-WAN vManage Software Vulnerability: Authenticated Attackers Can Access Sensitive Information,"A vulnerability identified in the web UI of Cisco SD-WAN vManage Software allows an authenticated remote attacker to gain unauthorized read and write access to sensitive information stored on the affected system. This issue arises from the improper handling of XML External Entity (XXE) entries when certain XML files are parsed. An attacker could exploit this flaw by convincing a user to import a specially crafted XML file containing malicious inputs. If successful, the attacker could manipulate files within the application, risking the integrity and confidentiality of the stored data. Cisco has released updates to rectify this vulnerability, but no workarounds are available to mitigate the risk.",Cisco,Cisco Catalyst Sd-wan Manager,6.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-18T16:23:47.442Z,0
CVE-2020-26067,https://securityvulnerability.io/vulnerability/CVE-2020-26067,Cisco Webex Teams vulnerability could lead to cross-site scripting attacks,"A vulnerability exists in the web interface of Cisco Webex Teams, where inadequate validation of usernames can permit authenticated remote attackers to carry out cross-site scripting (XSS) attacks. By creating an account that incorporates malicious HTML or script content, an attacker can join a space with a harmful account name. If successful, this exploitation may allow access to sensitive information stored in the user's browser. Cisco has released software updates to mitigate this issue, and there are no identified workarounds available.",Cisco,Cisco Webex Teams,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-11-18T16:10:24.951Z,0
CVE-2020-26062,https://securityvulnerability.io/vulnerability/CVE-2020-26062,Cisco Integrated Management Controller Vulnerability Could Allow Unauthorized Access to Administrative User Accounts,"A vulnerability exists in Cisco Integrated Management Controller that could enable an unauthenticated, remote attacker to enumerate valid usernames in the application. This issue arises from variations in the authentication responses that the application generates during login attempts. By exploiting this vulnerability, an attacker could send crafted authentication requests, identifying valid administrative usernames. This information could lead to follow-up attacks targeting those accounts. Mitigation options are limited as there are no effective workarounds to address this vulnerability.",Cisco,Cisco Unified Computing System (managed),5.3,MEDIUM,0.0005200000014156103,false,,false,false,false,,,false,false,,2024-11-18T16:06:00.592Z,0
CVE-2020-26063,https://securityvulnerability.io/vulnerability/CVE-2020-26063,Cisco Integrated Management Controller Vulnerability Allows Unauthorized Actions,"A vulnerability exists within the API endpoints of Cisco Integrated Management Controller, enabling authenticated, remote attackers to bypass authorization mechanisms. This weakness stems from inadequate authorization checks on the API endpoints, permitting attackers to send crafted malicious requests. Exploitation of this vulnerability potentially allows attackers to download sensitive files or modify specific configuration settings on the compromised system. It is critical to note that there are currently no available workarounds to mitigate this risk.",Cisco,Cisco Unified Computing System (managed),5.4,MEDIUM,0.0006799999973736703,false,,false,false,false,,,false,false,,2024-11-18T16:05:53.165Z,0
CVE-2020-26071,https://securityvulnerability.io/vulnerability/CVE-2020-26071,Cisco SD-WAN Software Vulnerability Discovered,"A vulnerability has been identified in the Command Line Interface (CLI) of Cisco SD-WAN Software, allowing an authenticated local attacker to create or overwrite arbitrary files on the device. This situation arises from inadequate input validation for certain commands within the software. By injecting crafted arguments into these commands, an attacker could potentially disrupt the normal operation of the device, resulting in a denial of service condition. Cisco has addressed this issue in subsequent software updates, and there are no known workarounds to mitigate the risk. Users are advised to apply the latest updates to protect their systems.",Cisco,"Cisco Catalyst Sd-wan Manager,Cisco Sd-wan Vcontainer,Cisco Sd-wan Vedge Cloud,Cisco Sd-wan Vedge Router",8.4,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-11-18T16:05:35.221Z,0
CVE-2020-27124,https://securityvulnerability.io/vulnerability/CVE-2020-27124,Cisco ASA Software Vulnerability Could Lead to Unauthorized Reload and Denial of Service,"A flaw exists in the SSL/TLS handler of Cisco Adaptive Security Appliance (ASA) Software that enables an unauthenticated remote attacker to disrupt normal operations by causing the affected device to unexpectedly reload. This situation arises from improper error handling during established SSL/TLS connections. An attacker can exploit this by initiating an SSL/TLS connection and transmitting a specially crafted malicious message, resulting in a potential denial of service (DoS) condition. Cisco has issued software updates to mitigate this risk; however, no workarounds are available.",Cisco,Cisco Adaptive Security Appliance (asa) Software,8.6,HIGH,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-11-18T16:03:00.333Z,0
CVE-2020-3420,https://securityvulnerability.io/vulnerability/CVE-2020-3420,Cisco Unified Communications Manager and Session Management Edition Vulnerable to XSS Attacks,"A cross-site scripting vulnerability exists in the web-based management interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition. This issue stems from inadequate validation of user-supplied input, enabling an authenticated, remote attacker to inject malicious scripts into the interface. By exploiting this vulnerability, an attacker could execute arbitrary script code within the context of the interface or gain unauthorized access to sensitive browser-based information. There are currently no workarounds available to mitigate this vulnerability.",Cisco,Cisco Unified Communications Manager,5.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-18T16:02:49.827Z,0
CVE-2020-3431,https://securityvulnerability.io/vulnerability/CVE-2020-3431,Cross-Site Scripting Vulnerability in Cisco Small Business RV042 and RV042G VPN Routers,"A flaw in the web-based management interface of Cisco Small Business RV042 Dual WAN VPN Routers and RV042G Dual Gigabit WAN VPN Routers allows remote attackers to perform cross-site scripting (XSS) attacks. This vulnerability arises from inadequate validation of user input in the management interface, enabling attackers to execute arbitrary script code. By tricking an interface user into clicking a specially crafted link, an attacker can gain access to sensitive browser information or manipulate the front-end interface. Cisco has issued software updates to mitigate this vulnerability, and no workarounds are available.",Cisco,Cisco Small Business Rv Series Router Firmware,6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-11-18T16:02:42.393Z,0
CVE-2020-26073,https://securityvulnerability.io/vulnerability/CVE-2020-26073,Unauthorized Access to Sensitive Information via Directory Traversal,"The application data endpoints of Cisco SD-WAN vManage Software are vulnerable due to improper validation of directory traversal character sequences. This vulnerability enables an unauthenticated, remote attacker to exploit application programming interfaces (APIs) by sending malicious requests. Successful exploitation could lead to directory traversal attacks, granting access to sensitive information such as credentials or user tokens. Cisco has issued software updates that mitigate this vulnerability, and there are no effective workarounds available.",Cisco,Cisco Catalyst Sd-wan Manager,7.5,HIGH,0.0074800001457333565,false,,false,false,false,,,false,false,,2024-11-18T15:57:25.059Z,0
CVE-2020-26074,https://securityvulnerability.io/vulnerability/CVE-2020-26074,Cisco SD-WAN vManage Software Vulnerability - Escalated Privileges on Local Systems,"A local attacker with valid access can exploit a vulnerability in the system file transfer functions of Cisco SD-WAN vManage Software to achieve escalated privileges on the underlying operating system. This vulnerability arises from improper validation of path inputs for file transfer operations. An attacker may send specially crafted requests with malicious path variables to the system, potentially allowing them to overwrite arbitrary files. Such exploitation could enable the attacker to alter the system's behavior and gain higher privileges. Cisco has addressed this issue through software updates, and no workarounds are available to mitigate the vulnerability.",Cisco,Cisco Catalyst Sd-wan Manager,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-18T15:56:13.890Z,0
CVE-2020-3525,https://securityvulnerability.io/vulnerability/CVE-2020-3525,Cisco ISE Vulnerability Could Allow Attacker to Recover Service Account Passwords,"A security issue exists in the Admin portal of Cisco Identity Services Engine that may enable an authenticated remote attacker to retrieve service account passwords stored in the system. This vulnerability arises from improper handling of saved passwords when accessing configuration pages within the Admin portal. An attacker with either read or write access could exploit this flaw by navigating to a page containing sensitive information. Successful exploitation may lead to the unauthorized disclosure of passwords, thereby increasing the risk of further attacks on affected accounts. Cisco has made software updates available to rectify this issue, and no effective workarounds are currently available.",Cisco,Cisco Identity Services Engine Software,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-11-18T15:54:17.507Z,0
CVE-2020-3532,https://securityvulnerability.io/vulnerability/CVE-2020-3532,Cisco Unified Communications Manager vulnerable to Cross-Site Scripting (XSS) Attacks,"A vulnerability exists in the web-based management interface of various Cisco Unified Communications Manager products, allowing remote attackers to exploit cross-site scripting (XSS). This occurs due to insufficient validation of user-supplied input, enabling attackers to craft deceptive links that, when clicked by users, can execute arbitrary script code or access sensitive browser information within the context of the affected interfaces. Importantly, there are no available workarounds to mitigate this vulnerability, making prompt remediation and awareness crucial for affected users.",Cisco,"Cisco Unity Connection,Cisco Unified Communications Manager,Cisco Unified Communications Manager Im And Presence Service,Cisco Unified Communications Manager / Cisco Unity Connection",6.1,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-11-18T15:54:09.023Z,0
CVE-2020-3538,https://securityvulnerability.io/vulnerability/CVE-2020-3538,Cisco DCNM Software Vulnerability: Path Traversal Attacks Ahead,"A security vulnerability exists in a specific REST API endpoint of Cisco Data Center Network Manager (DCNM) Software, enabling an authenticated remote attacker to conduct path traversal attacks. This issue arises from inadequate enforcement of path restrictions within the API. An attacker could exploit this flaw by sending specially crafted HTTP requests, which may allow them to overwrite or list arbitrary files on the affected device. To mitigate this threat, Cisco has provided software updates designed to resolve the vulnerability. There are currently no alternative workarounds available to address this issue.",Cisco,Cisco Data Center Network Manager,4.6,MEDIUM,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-11-18T15:53:59.243Z,0
CVE-2020-3539,https://securityvulnerability.io/vulnerability/CVE-2020-3539,Cisco DCNM Vulnerability Allows Unauthorized Access to Templates,"A vulnerability exists in the web-based management interface of Cisco Data Center Network Manager, enabling an authenticated, remote attacker to gain unauthorized access to data typically restricted to users with Administrator privileges. This flaw arises from the application's failure to appropriately restrict access to certain resources. By leveraging this vulnerability, an attacker can exploit the system through social engineering tactics, such as tricking a user into clicking a specially crafted URL. Upon successful exploitation, the attacker can conduct various unauthorized actions, including listing, viewing, creating, editing, and deleting templates, thereby masquerading as a fully privileged Administrator user. Cisco has acknowledged this vulnerability and has released software updates addressing these issues, with no viable workarounds available.",Cisco,Cisco Data Center Network Manager,6.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-11-18T15:53:49.599Z,0
CVE-2020-3548,https://securityvulnerability.io/vulnerability/CVE-2020-3548,Cisco Email Security Appliance (ESA) Vulnerability: High CPU Usage DoS Attack,"A vulnerability exists within the Transport Layer Security (TLS) implementation of Cisco AsyncOS software for the Email Security Appliance (ESA). This flaw allows an unauthenticated, remote attacker to exploit how incoming TLS traffic is processed, potentially resulting in significant CPU demand on the affected device. By sending specifically crafted TLS packets, an attacker can induce a state of elevated CPU utilization, leading to service disruptions characterized by degraded response times and overall performance. The affected device remains operational but may experience significant delays, compromising the efficiency of email security operations. Current configurations lack effective mitigation strategies for this vulnerability.",Cisco,Cisco Secure Email,5.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-11-18T15:53:40.744Z,0
CVE-2021-1234,https://securityvulnerability.io/vulnerability/CVE-2021-1234,Cisco SD-WAN vManage Software Vulnerability,"A vulnerability exists in the cluster management interface of Cisco SD-WAN vManage Software, potentially enabling remote attackers to access sensitive information without authentication. This issue arises from the lack of proper authentication mechanisms within the cluster management interface, specifically when the software operates in cluster mode. By sending specially crafted requests, an attacker may retrieve confidential data, posing significant security risks to the affected systems. Cisco has made software updates available to rectify this issue, and it is critical to apply these updates as there are currently no effective workarounds to mitigate the risk.",Cisco,Cisco Catalyst Sd-wan Manager,5.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-11-18T15:45:40.772Z,0