← Back

Cisco

cisco

6,602 CVEs • 6,224 products

Products (6,224)

Click to collapse
Toggle
Ios
ios
Ios Xe
ios_xe
Nx Os
nx_os
Ios Xr
ios_xr
Asyncos
asyncos
Asa 5500
asa_5500
Jabber
jabber

CVEs (6,602)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
1Cisco
18Spa2102 Phone Adapter With Router
Spa2102 Phone Adapter With Router FirmwareSpa3102 Voice Gateway With Router+15 more
Apr 29, 2026
Jun 13, 2012
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Cross-site scripting (XSS) vulnerability in the SIP implementation on the Cisco SPA8000 and SPA8800 before 6.1.11, SPA2102 and SPA3102 before 5.2.13, and SPA 500 series IP phones before 7.4.9 allows remote attackers to i...Show more
Cross-site scripting (XSS) vulnerability in the SIP implementation on the Cisco SPA8000 and SPA8800 before 6.1.11, SPA2102 and SPA3102 before 5.2.13, and SPA 500 series IP phones before 7.4.9 allows remote attackers to inject arbitrary web script or HTML via the FROM field of an INVITE message, aka Bug IDs CSCtr27277, CSCtr27256, CSCtr27274, and CSCtr14715.Show less
1Cisco
3Asr 9000 Rsp440 Router
Crs Performance Route ProcessorIos Xr
Apr 29, 2026
May 31, 2012
N/A· v4
N/A· v3
7.8 HIGH· v2
Cisco IOS XR before 4.2.1 on ASR 9000 series devices and CRS series devices allows remote attackers to cause a denial of service (packet transmission outage) via a crafted packet, aka Bug IDs CSCty94537 and CSCtz62593.
1Cisco
2Unified Ip Phone
Unified Ip Phone Firmware
Apr 29, 2026
May 3, 2012
N/A· v4
N/A· v3
4.6 MEDIUM· v2
Cisco Unified IP Phones 9900 series devices with firmware 9.1 and 9.2 do not properly handle downloads of configuration information to an RT phone, which allows local users to gain privileges via unspecified injected dat...Show more
Cisco Unified IP Phones 9900 series devices with firmware 9.1 and 9.2 do not properly handle downloads of configuration information to an RT phone, which allows local users to gain privileges via unspecified injected data, aka Bug ID CSCts32237.Show less
1Cisco
1Ios
Apr 29, 2026
May 3, 2012
N/A· v4
N/A· v3
6.1 MEDIUM· v2
dot11t/t_if_dot11_hal_ath.c in Cisco IOS 12.3, 12.4, 15.0, and 15.1 allows remote attackers to cause a denial of service (assertion failure and reboot) via 802.11 wireless traffic, as demonstrated by a video call from Ap...Show more
dot11t/t_if_dot11_hal_ath.c in Cisco IOS 12.3, 12.4, 15.0, and 15.1 allows remote attackers to cause a denial of service (assertion failure and reboot) via 802.11 wireless traffic, as demonstrated by a video call from Apple iOS 5.0 on an iPhone 4S, aka Bug ID CSCtt94391.Show less
1Cisco
1Ios
Apr 29, 2026
May 3, 2012
N/A· v4
N/A· v3
7.1 HIGH· v2
Race condition in the Zone-Based Firewall in Cisco IOS 15.1 and 15.2, when IPS policies are configured, allows remote attackers to cause a denial of service (device crash) by sending IPv6 packets, aka Bug ID CSCtk53534.
1Cisco
25500 Series Adaptive Security Appliance
Adaptive Security Appliance Software
Apr 29, 2026
May 3, 2012
N/A· v4
N/A· v3
7.8 HIGH· v2
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 through 8.4 allow remote attackers to cause a denial of service (connection limit exceeded) by triggering a large number of stale connections...Show more
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 through 8.4 allow remote attackers to cause a denial of service (connection limit exceeded) by triggering a large number of stale connections that result in an incorrect value for an MPF connection count, aka Bug ID CSCtv19854.Show less
1Cisco
1Unified Communications Manager
Apr 29, 2026
May 3, 2012
N/A· v4
N/A· v3
5.0 MEDIUM· v2
The voice-sipstack component in Cisco Unified Communications Manager (CUCM) 8.5 allows remote attackers to cause a denial of service (core dump) via vectors involving SIP messages that arrive after an upgrade, aka Bug ID...Show more
The voice-sipstack component in Cisco Unified Communications Manager (CUCM) 8.5 allows remote attackers to cause a denial of service (core dump) via vectors involving SIP messages that arrive after an upgrade, aka Bug ID CSCtj87367.Show less
1Cisco
1Ciscoworks Common Services
Apr 29, 2026
May 3, 2012
N/A· v4
N/A· v3
4.3 MEDIUM· v2
CRLF injection vulnerability in autologin.jsp in Cisco CiscoWorks Common Services 4.0, as used in Cisco Prime LAN Management Solution and other products, allows remote attackers to inject arbitrary HTTP headers and condu...Show more
CRLF injection vulnerability in autologin.jsp in Cisco CiscoWorks Common Services 4.0, as used in Cisco Prime LAN Management Solution and other products, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter, aka Bug ID CSCtu18693.Show less
1Cisco
1Unified Meetingplace
Apr 29, 2026
May 3, 2012
N/A· v4
N/A· v3
5.0 MEDIUM· v2
The web server in Cisco Unified MeetingPlace 6.1 and 8.5 produces different responses for directory queries depending on whether the directory exists, which allows remote attackers to enumerate directory names via a seri...Show more
The web server in Cisco Unified MeetingPlace 6.1 and 8.5 produces different responses for directory queries depending on whether the directory exists, which allows remote attackers to enumerate directory names via a series of queries, aka Bug ID CSCtt94070.Show less
1Cisco
2Ios
Ios Xe
Apr 29, 2026
May 3, 2012
N/A· v4
N/A· v3
6.3 MEDIUM· v2
Cisco IOS 15.1 and 15.2 and IOS XE 3.x, when configured as an IPsec hub with X.509 certificates in use, allows remote authenticated users to cause a denial of service (segmentation fault and device crash) via unspecified...Show more
Cisco IOS 15.1 and 15.2 and IOS XE 3.x, when configured as an IPsec hub with X.509 certificates in use, allows remote authenticated users to cause a denial of service (segmentation fault and device crash) via unspecified vectors, aka Bug ID CSCtq61128.Show less
1Cisco
12Nexus 2148t Fex Switch
Nexus 2224tp Fex SwitchNexus 2232pp Fex Switch+9 more
Apr 29, 2026
May 3, 2012
N/A· v4
N/A· v3
7.8 HIGH· v2
Memory leak in libcmd in Cisco NX-OS 5.0 on Nexus switches allows remote authenticated users to cause a denial of service (memory consumption) via SNMP requests, aka Bug ID CSCtr65682.
1Cisco
1Intrusion Prevention System
Apr 29, 2026
May 3, 2012
N/A· v4
N/A· v3
5.0 MEDIUM· v2
The sensor in Cisco Intrusion Prevention System (IPS) 7.0 and 7.1 allows remote attackers to cause a denial of service (file-handle exhaustion and mainApp hang) by making authentication attempts that exceed the configure...Show more
The sensor in Cisco Intrusion Prevention System (IPS) 7.0 and 7.1 allows remote attackers to cause a denial of service (file-handle exhaustion and mainApp hang) by making authentication attempts that exceed the configured limit, aka Bug ID CSCto51204.Show less
1Cisco
2Ios
Unified Communications Manager
Apr 29, 2026
May 3, 2012
N/A· v4
N/A· v3
5.4 MEDIUM· v2
Memory leak in Cisco IOS 12.4 and 15.0 through 15.2, and Cisco Unified Communications Manager (CUCM) 7.x, allows remote attackers to cause a denial of service (memory consumption) via a crafted response to a SIP SUBSCRIB...Show more
Memory leak in Cisco IOS 12.4 and 15.0 through 15.2, and Cisco Unified Communications Manager (CUCM) 7.x, allows remote attackers to cause a denial of service (memory consumption) via a crafted response to a SIP SUBSCRIBE message, aka Bug IDs CSCto93837 and CSCtj61883.Show less
1Cisco
1Ios
Apr 29, 2026
May 2, 2012
N/A· v4
N/A· v3
4.3 MEDIUM· v2
The extended ACL functionality in Cisco IOS 12.2(58)SE2 and 15.0(1)SE discards all lines that end with a log or time keyword, which allows remote attackers to bypass intended access restrictions in opportunistic circumst...Show more
The extended ACL functionality in Cisco IOS 12.2(58)SE2 and 15.0(1)SE discards all lines that end with a log or time keyword, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by sending network traffic, aka Bug ID CSCts01106.Show less
1Cisco
1Ip Communicator
Apr 29, 2026
May 2, 2012
N/A· v4
N/A· v3
5.0 MEDIUM· v2
The sccp-protocol component in Cisco IP Communicator (CIPC) 7.0 through 8.6 does not limit the rate of SCCP messages to Cisco Unified Communications Manager (CUCM), which allows remote attackers to cause a denial of serv...Show more
The sccp-protocol component in Cisco IP Communicator (CIPC) 7.0 through 8.6 does not limit the rate of SCCP messages to Cisco Unified Communications Manager (CUCM), which allows remote attackers to cause a denial of service via vectors that trigger (1) on hook and (2) off hook messages, as demonstrated by a Plantronics headset, aka Bug ID CSCti40315.Show less
1Cisco
1Ios
Apr 29, 2026
May 2, 2012
N/A· v4
N/A· v3
5.0 MEDIUM· v2
Cisco IOS 12.2 through 12.4 and 15.0 does not recognize the vrf-also keyword during enforcement of access-class commands, which allows remote attackers to establish TELNET connections from arbitrary source IP addresses v...Show more
Cisco IOS 12.2 through 12.4 and 15.0 does not recognize the vrf-also keyword during enforcement of access-class commands, which allows remote attackers to establish TELNET connections from arbitrary source IP addresses via a standard TELNET client, aka Bug ID CSCsi77774.Show less
1Cisco
1Ios
Apr 29, 2026
May 2, 2012
N/A· v4
N/A· v3
5.0 MEDIUM· v2
Cisco IOS 12.2 through 12.4 and 15.0 does not recognize the vrf-also keyword during enforcement of access-class commands, which allows remote attackers to establish SSH connections from arbitrary source IP addresses via...Show more
Cisco IOS 12.2 through 12.4 and 15.0 does not recognize the vrf-also keyword during enforcement of access-class commands, which allows remote attackers to establish SSH connections from arbitrary source IP addresses via a standard SSH client, aka Bug ID CSCsv86113.Show less
1Cisco
1Unified Meetingplace
Apr 29, 2026
May 2, 2012
N/A· v4
N/A· v3
6.5 MEDIUM· v2
SQL injection vulnerability in the web component in Cisco Unified MeetingPlace 7.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtx08939.
1Cisco
25500 Series Adaptive Security Appliance
Adaptive Security Appliance Software
Apr 29, 2026
May 2, 2012
N/A· v4
N/A· v3
5.0 MEDIUM· v2
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 through 8.4 do not properly perform proxy authentication during attempts to cut through a firewall, which allows remote attackers to obtain s...Show more
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 through 8.4 do not properly perform proxy authentication during attempts to cut through a firewall, which allows remote attackers to obtain sensitive information via a connection attempt, aka Bug ID CSCtx42746.Show less
1Cisco
2Small Business Ip Phone
Small Business Ip Phone Firmware
Apr 29, 2026
May 2, 2012
N/A· v4
N/A· v3
5.0 MEDIUM· v2
Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and earlier do not require authentication for Push XML requests, which allows remote attackers to make telephone calls via an XML document, aka Bug ID CSC...Show more
Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and earlier do not require authentication for Push XML requests, which allows remote attackers to make telephone calls via an XML document, aka Bug ID CSCts08768.Show less