← Back

Cisco

cisco

6,592 CVEs • 6,223 products

Products (6,223)

Click to collapse
Toggle
Ios
ios
Ios Xe
ios_xe
Nx Os
nx_os
Ios Xr
ios_xr
Asyncos
asyncos
Asa 5500
asa_5500
Jabber
jabber

CVEs (6,592)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
1Cisco
1Webex Recording Format Player
Apr 29, 2026
Oct 25, 2012
N/A· v4
N/A· v3
9.3 HIGH· v2
Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a craft...Show more
Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted WRF file, aka Bug ID CSCua61331.Show less
1Cisco
1Webex Recording Format Player
Apr 29, 2026
Oct 25, 2012
N/A· v4
N/A· v3
9.3 HIGH· v2
Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCtz73583.
1Cisco
1Webex Recording Format Player
Apr 29, 2026
Oct 25, 2012
N/A· v4
N/A· v3
9.3 HIGH· v2
Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCtz72967.
1Cisco
1Webex Recording Format Player
Apr 29, 2026
Oct 25, 2012
N/A· v4
N/A· v3
9.3 HIGH· v2
Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCua40962.
1Cisco
2Ios
Ios Xe
Apr 29, 2026
Sep 27, 2012
N/A· v4
N/A· v3
7.8 HIGH· v2
The DHCPv6 server in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x, 3.1.xS before 3.1.4S, 3.1.xSG and 3.2.xSG before 3.2.5SG, 3.2.xS, 3.2.xXO, 3.3.xS, and 3.3.xSG before 3.3.1SG allows...Show more
The DHCPv6 server in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x, 3.1.xS before 3.1.4S, 3.1.xSG and 3.2.xSG before 3.2.5SG, 3.2.xS, 3.2.xXO, 3.3.xS, and 3.3.xSG before 3.3.1SG allows remote attackers to cause a denial of service (device reload) via a malformed DHCPv6 packet, aka Bug ID CSCto57723.Show less
1Cisco
1Ios Xe
Apr 29, 2026
Sep 27, 2012
N/A· v4
N/A· v3
7.1 HIGH· v2
Cisco IOS XE 03.02.00.XO.15.0(2)XO on Catalyst 4500E series switches, when a Supervisor Engine 7L-E card is installed, allows remote attackers to cause a denial of service (card reload) via malformed packets that trigger...Show more
Cisco IOS XE 03.02.00.XO.15.0(2)XO on Catalyst 4500E series switches, when a Supervisor Engine 7L-E card is installed, allows remote attackers to cause a denial of service (card reload) via malformed packets that trigger uncorrected ECC error messages, aka Bug ID CSCty88456.Show less
1Cisco
1Ios
Apr 29, 2026
Sep 27, 2012
N/A· v4
N/A· v3
7.8 HIGH· v2
The Device Sensor feature in Cisco IOS 15.0 through 15.2 allows remote attackers to cause a denial of service (device reload) via a DHCP packet, aka Bug ID CSCty96049.
1Cisco
210008 Router
Ios
Apr 29, 2026
Sep 27, 2012
N/A· v4
N/A· v3
7.8 HIGH· v2
Cisco IOS 12.2 and 15.0 through 15.2 on Cisco 10000 series routers, when a tunnel interface exists, allows remote attackers to cause a denial of service (interface queue wedge) via tunneled (1) GRE/IP, (2) IPIP, or (3) I...Show more
Cisco IOS 12.2 and 15.0 through 15.2 on Cisco 10000 series routers, when a tunnel interface exists, allows remote attackers to cause a denial of service (interface queue wedge) via tunneled (1) GRE/IP, (2) IPIP, or (3) IPv6 in IPv4 packets, aka Bug ID CSCts66808.Show less
1Cisco
1Ios
Apr 29, 2026
Sep 27, 2012
N/A· v4
N/A· v3
7.8 HIGH· v2
The NAT implementation in Cisco IOS 12.2, 12.4, and 15.0 through 15.2 allows remote attackers to cause a denial of service (device reload) via transit IP packets, aka Bug ID CSCtr46123.
1Cisco
1Ios
Apr 29, 2026
Sep 27, 2012
N/A· v4
N/A· v3
7.8 HIGH· v2
The SIP ALG feature in the NAT implementation in Cisco IOS 12.2, 12.4, and 15.0 through 15.2 allows remote attackers to cause a denial of service (device reload) via transit IP packets, aka Bug ID CSCtn76183.
1Cisco
3Ios
Ios XeIos Xr
Apr 29, 2026
Sep 27, 2012
N/A· v4
N/A· v3
7.1 HIGH· v2
The BGP implementation in Cisco IOS 15.2, IOS XE 3.5.xS before 3.5.2S, and IOS XR 4.1.0 through 4.2.2 allows remote attackers to cause a denial of service (multiple connection resets) by leveraging a peer relationship an...Show more
The BGP implementation in Cisco IOS 15.2, IOS XE 3.5.xS before 3.5.2S, and IOS XR 4.1.0 through 4.2.2 allows remote attackers to cause a denial of service (multiple connection resets) by leveraging a peer relationship and sending a malformed attribute, aka Bug IDs CSCtt35379, CSCty58300, CSCtz63248, and CSCtz62914.Show less
1Cisco
1Ios
Apr 29, 2026
Sep 27, 2012
N/A· v4
N/A· v3
7.1 HIGH· v2
The Intrusion Prevention System (IPS) feature in Cisco IOS 12.3 through 12.4 and 15.0 through 15.2, in certain configurations of enabled categories and missing signatures, allows remote attackers to cause a denial of ser...Show more
The Intrusion Prevention System (IPS) feature in Cisco IOS 12.3 through 12.4 and 15.0 through 15.2, in certain configurations of enabled categories and missing signatures, allows remote attackers to cause a denial of service (device reload) via DNS packets, aka Bug ID CSCtw55976.Show less
1Cisco
3Ios
Ios XeUnified Communications Manager
Apr 29, 2026
Sep 27, 2012
N/A· v4
N/A· v3
7.8 HIGH· v2
The SIP implementation in Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su5, 8.x before 8.5(1)su4, and 8.6 before 8.6(2a)su1; Cisco IOS 12.2 through 12.4 and 15.0 through 15.2; and Cisco IOS XE 3....Show more
The SIP implementation in Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su5, 8.x before 8.5(1)su4, and 8.6 before 8.6(2a)su1; Cisco IOS 12.2 through 12.4 and 15.0 through 15.2; and Cisco IOS XE 3.3.xSG before 3.3.1SG, 3.4.xS, and 3.5.xS allows remote attackers to cause a denial of service (service crash or device reload) via a crafted SIP message containing an SDP session description, aka Bug IDs CSCtw66721, CSCtj33003, and CSCtw84664.Show less
1Cisco
1Secure Desktop
Apr 29, 2026
Sep 24, 2012
N/A· v4
N/A· v3
9.3 HIGH· v2
The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving...Show more
The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug IDs CSCtz76128 and CSCtz78204.Show less
1Cisco
1Ios
Apr 29, 2026
Sep 16, 2012
N/A· v4
N/A· v3
3.5 LOW· v2
The SSLVPN implementation in Cisco IOS 15.1 and 15.2, when DTLS is enabled, does not properly handle certain outbound ACL configurations, which allows remote authenticated users to cause a denial of service (device crash...Show more
The SSLVPN implementation in Cisco IOS 15.1 and 15.2, when DTLS is enabled, does not properly handle certain outbound ACL configurations, which allows remote authenticated users to cause a denial of service (device crash) via a session involving a PPP over ATM (PPPoA) interface, aka Bug ID CSCty97961.Show less
1Cisco
1Ios
Apr 29, 2026
Sep 16, 2012
N/A· v4
N/A· v3
3.5 LOW· v2
The SSLVPN implementation in Cisco IOS 12.4, 15.0, 15.1, and 15.2, when DTLS is not enabled, does not properly handle certain outbound ACL configurations, which allows remote authenticated users to cause a denial of serv...Show more
The SSLVPN implementation in Cisco IOS 12.4, 15.0, 15.1, and 15.2, when DTLS is not enabled, does not properly handle certain outbound ACL configurations, which allows remote authenticated users to cause a denial of service (device crash) via a session involving a PPP over ATM (PPPoA) interface, aka Bug ID CSCte41827.Show less
1Cisco
1Application Control Engine Module
Apr 29, 2026
Sep 16, 2012
N/A· v4
N/A· v3
5.0 MEDIUM· v2
The Cisco Application Control Engine (ACE) module 3.0 for Cisco Catalyst switches and Cisco routers does not properly monitor Load Balancer (LB) queues, which allows remote attackers to cause a denial of service (incorre...Show more
The Cisco Application Control Engine (ACE) module 3.0 for Cisco Catalyst switches and Cisco routers does not properly monitor Load Balancer (LB) queues, which allows remote attackers to cause a denial of service (incorrect memory access and module reboot) via application traffic, aka Bug ID CSCtw70879.Show less
1Cisco
1Ios
Apr 29, 2026
Sep 16, 2012
N/A· v4
N/A· v3
5.0 MEDIUM· v2
The DMVPN tunnel implementation in Cisco IOS 15.2 allows remote attackers to cause a denial of service (persistent IKE state) via a large volume of hub-to-spoke traffic, aka Bug ID CSCtq39602.
1Cisco
2Identity Services Engine
Identity Services Engine Software
Apr 29, 2026
Sep 16, 2012
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulat...Show more
Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.Show less
1Cisco
6Intrusion Prevention System
Ips 4240Ips 4250 Sx+3 more
Apr 29, 2026
Sep 16, 2012
N/A· v4
N/A· v3
5.0 MEDIUM· v2
The updateTime function in sensorApp on Cisco IPS 4200 series sensors 7.0 and 7.1 allows remote attackers to cause a denial of service (process crash and traffic-inspection outage) via network traffic, aka Bug ID CSCta96...Show more
The updateTime function in sensorApp on Cisco IPS 4200 series sensors 7.0 and 7.1 allows remote attackers to cause a denial of service (process crash and traffic-inspection outage) via network traffic, aka Bug ID CSCta96144.Show less