← Back

Cisco

cisco

6,602 CVEs • 6,224 products

Products (6,224)

Click to collapse
Toggle
Ios
ios
Ios Xe
ios_xe
Nx Os
nx_os
Ios Xr
ios_xr
Asyncos
asyncos
Asa 5500
asa_5500
Jabber
jabber

CVEs (6,602)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
1Cisco
4Sa500 Software
Sa520Sa520w+1 more
Apr 29, 2026
Jul 28, 2011
N/A· v4
N/A· v3
9.0 HIGH· v2
The web-based management interface on Cisco SA 500 series security appliances with software before 2.1.19 allows remote authenticated users to execute arbitrary commands via crafted parameters to web forms, aka Bug ID CS...Show more
The web-based management interface on Cisco SA 500 series security appliances with software before 2.1.19 allows remote authenticated users to execute arbitrary commands via crafted parameters to web forms, aka Bug ID CSCtq65681.Show less
1Cisco
4Sa500 Software
Sa520Sa520w+1 more
Apr 29, 2026
Jul 28, 2011
N/A· v4
N/A· v3
5.0 MEDIUM· v2
SQL injection vulnerability in the web-based management interface on Cisco SA 500 series security appliances with software before 2.1.19 allows remote attackers to execute arbitrary SQL commands via unspecified vectors,...Show more
SQL injection vulnerability in the web-based management interface on Cisco SA 500 series security appliances with software before 2.1.19 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtq65669.Show less
1Cisco
2Content Services Gateway Second Generation
Ios
Apr 29, 2026
Jul 11, 2011
N/A· v4
N/A· v3
7.8 HIGH· v2
Cisco IOS 12.4MDA before 12.4(24)MDA5 on the Cisco Content Services Gateway - Second Generation (CSG2) allows remote attackers to cause a denial of service (device reload) via crafted ICMP packets, aka Bug ID CSCtl79577.
1Cisco
1Vpn Client
Apr 29, 2026
Jul 7, 2011
N/A· v4
N/A· v3
6.8 MEDIUM· v2
The Cisco VPN Client 5.0.7.0240 and 5.0.7.0290 on 64-bit Windows platforms uses weak permissions (NT AUTHORITY\INTERACTIVE:F) for cvpnd.exe, which allows local users to gain privileges by replacing this executable file w...Show more
The Cisco VPN Client 5.0.7.0240 and 5.0.7.0290 on 64-bit Windows platforms uses weak permissions (NT AUTHORITY\INTERACTIVE:F) for cvpnd.exe, which allows local users to gain privileges by replacing this executable file with an arbitrary program, aka Bug ID CSCtn50645. NOTE: this vulnerability exists because of a CVE-2007-4415 regression.Show less
1Cisco
1Ios
Apr 29, 2026
Jun 9, 2011
N/A· v4
N/A· v3
5.0 MEDIUM· v2
The Neighbor Discovery (ND) protocol implementation in Cisco IOS on unspecified switches allows remote attackers to bypass the Router Advertisement Guarding functionality via a fragmented IPv6 packet in which the Router...Show more
The Neighbor Discovery (ND) protocol implementation in Cisco IOS on unspecified switches allows remote attackers to bypass the Router Advertisement Guarding functionality via a fragmented IPv6 packet in which the Router Advertisement (RA) message is contained in the second fragment, as demonstrated by (1) a packet in which the first fragment contains a long Destination Options extension header or (2) a packet in which the first fragment contains an ICMPv6 Echo Request message.Show less
1Cisco
1Anyconnect Secure Mobility Client
Apr 29, 2026
Jun 2, 2011
N/A· v4
N/A· v3
7.2 HIGH· v2
The Start Before Logon (SBL) functionality in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.254 on Windows, and on Windows Mobile, allows local users to gain privileges via unspecifi...Show more
The Start Before Logon (SBL) functionality in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.254 on Windows, and on Windows Mobile, allows local users to gain privileges via unspecified user-interface interaction, aka Bug ID CSCta40556.Show less
1Cisco
1Cns Network Registrar
Apr 29, 2026
Jun 2, 2011
N/A· v4
N/A· v3
10.0 HIGH· v2
Cisco Network Registrar before 7.2 has a default administrative password, which makes it easier for remote attackers to obtain access via a TCP session, aka Bug ID CSCsm50627.
1Cisco
15Skinny Client Control Protocol Software
Unified Ip Phone 7906Unified Ip Phone 7911g+12 more
Apr 29, 2026
Jun 2, 2011
N/A· v4
N/A· v3
1.5 LOW· v2
Cisco Unified IP Phones 7900 devices (aka TNP phones) with software before 9.2.1 do not properly verify signatures for software images, which allows local users to gain privileges via a crafted image, aka Bug ID CSCtn659...Show more
Cisco Unified IP Phones 7900 devices (aka TNP phones) with software before 9.2.1 do not properly verify signatures for software images, which allows local users to gain privileges via a crafted image, aka Bug ID CSCtn65962.Show less
1Cisco
2Media Experience Engine 5600
Media Processing Software
Apr 29, 2026
Jun 2, 2011
N/A· v4
N/A· v3
10.0 HIGH· v2
Cisco Media Processing Software before 1.2 on Media Experience Engine (MXE) 5600 devices has a default root password, which makes it easier for context-dependent attackers to obtain access via (1) the local console, (2)...Show more
Cisco Media Processing Software before 1.2 on Media Experience Engine (MXE) 5600 devices has a default root password, which makes it easier for context-dependent attackers to obtain access via (1) the local console, (2) an SSH session, or (3) a TELNET session, aka Bug ID CSCto77737.Show less
1Cisco
15Skinny Client Control Protocol Software
Unified Ip Phone 7906Unified Ip Phone 7911g+12 more
Apr 29, 2026
Jun 2, 2011
N/A· v4
N/A· v3
6.6 MEDIUM· v2
Cisco Unified IP Phones 7900 devices (aka TNP phones) with software before 9.2.1 allow local users to gain privileges via unspecified vectors, aka Bug ID CSCtn65815.
1Cisco
15Skinny Client Control Protocol Software
Unified Ip Phone 7906Unified Ip Phone 7911g+12 more
Apr 29, 2026
Jun 2, 2011
N/A· v4
N/A· v3
6.6 MEDIUM· v2
The su utility on Cisco Unified IP Phones 7900 devices (aka TNP phones) with software before 9.0.3 allows local users to gain privileges via unspecified vectors, aka Bug ID CSCtf07426.
1Cisco
1Anyconnect Secure Mobility Client
Apr 29, 2026
Jun 2, 2011
N/A· v4
N/A· v3
9.3 HIGH· v2
The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.5.3041, and 3.0.x before 3.0.629, on Linux and Mac OS X downloads a client executable file (vpndownloader.exe) w...Show more
The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.5.3041, and 3.0.x before 3.0.629, on Linux and Mac OS X downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a Java applet, aka Bug ID CSCsy05934.Show less
1Cisco
1Anyconnect Secure Mobility Client
Apr 29, 2026
Jun 2, 2011
N/A· v4
N/A· v3
7.6 HIGH· v2
The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.185 on Windows, and on Windows Mobile, downloads a client executable file (vpndownloader.exe) without verifyin...Show more
The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.185 on Windows, and on Windows Mobile, downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a certain ActiveX control in vpnweb.ocx, aka Bug ID CSCsy00904.Show less
1Cisco
1Ios Xr
Apr 29, 2026
May 31, 2011
N/A· v4
N/A· v3
7.8 HIGH· v2
Cisco IOS XR 3.9.x and 4.0.x before 4.0.3 and 4.1.x before 4.1.1, when an SPA interface processor is installed, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 packet, aka Bug ID C...Show more
Cisco IOS XR 3.9.x and 4.0.x before 4.0.3 and 4.1.x before 4.1.1, when an SPA interface processor is installed, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 packet, aka Bug ID CSCto45095.Show less
1Cisco
2Content Delivery System
Content Delivery System Engine
Apr 29, 2026
May 31, 2011
N/A· v4
N/A· v3
7.8 HIGH· v2
The Internet Streamer application in Cisco Content Delivery System (CDS) with software 2.5.7, 2.5.8, and 2.5.9 before build 126 allows remote attackers to cause a denial of service (Web Engine crash) via a crafted URL, a...Show more
The Internet Streamer application in Cisco Content Delivery System (CDS) with software 2.5.7, 2.5.8, and 2.5.9 before build 126 allows remote attackers to cause a denial of service (Web Engine crash) via a crafted URL, aka Bug IDs CSCtg67333 and CSCth25341.Show less
1Cisco
4Rvs4000
Rvs4000 SoftwareWrvs4400n+1 more
Apr 29, 2026
May 31, 2011
N/A· v4
N/A· v3
5.0 MEDIUM· v2
The web management interface on the Cisco RVS4000 Gigabit Security Router with software 1.x before 1.3.3.4 and 2.x before 2.0.2.7, and the WRVS4400N Gigabit Security Router with software before 2.0.2.1, allows remote att...Show more
The web management interface on the Cisco RVS4000 Gigabit Security Router with software 1.x before 1.3.3.4 and 2.x before 2.0.2.7, and the WRVS4400N Gigabit Security Router with software before 2.0.2.1, allows remote attackers to read the private key for the admin SSL certificate via unspecified vectors, aka Bug ID CSCtn23871.Show less
1Cisco
4Rvs4000
Rvs4000 SoftwareWrvs4400n+1 more
Apr 29, 2026
May 31, 2011
N/A· v4
N/A· v3
9.0 HIGH· v2
The web management interface on the Cisco RVS4000 Gigabit Security Router with software 1.x before 1.3.3.4 and 2.x before 2.0.2.7, and the WRVS4400N Gigabit Security Router with software before 2.0.2.1, allows remote aut...Show more
The web management interface on the Cisco RVS4000 Gigabit Security Router with software 1.x before 1.3.3.4 and 2.x before 2.0.2.7, and the WRVS4400N Gigabit Security Router with software before 2.0.2.1, allows remote authenticated users to execute arbitrary commands via the (1) ping test parameter or (2) traceroute test parameter, aka Bug ID CSCtn23871.Show less
1Cisco
4Rvs4000
Rvs4000 SoftwareWrvs4400n+1 more
Apr 29, 2026
May 31, 2011
N/A· v4
N/A· v3
9.3 HIGH· v2
The web management interface on the Cisco RVS4000 Gigabit Security Router with software 1.x before 1.3.3.4 and 2.x before 2.0.2.7, and the WRVS4400N Gigabit Security Router with software before 2.0.2.1, allows remote att...Show more
The web management interface on the Cisco RVS4000 Gigabit Security Router with software 1.x before 1.3.3.4 and 2.x before 2.0.2.7, and the WRVS4400N Gigabit Security Router with software before 2.0.2.1, allows remote attackers to read the backup configuration file, and consequently execute arbitrary code, via unspecified vectors, aka Bug ID CSCtn23871.Show less
1Cisco
1Ios Xr
Apr 29, 2026
May 31, 2011
N/A· v4
N/A· v3
7.8 HIGH· v2
Cisco IOS XR 3.6.x, 3.8.x before 3.8.3, and 3.9.x before 3.9.1 does not properly remove sshd_lock files from /tmp/, which allows remote attackers to cause a denial of service (disk consumption) by making many SSHv1 conne...Show more
Cisco IOS XR 3.6.x, 3.8.x before 3.8.3, and 3.9.x before 3.9.1 does not properly remove sshd_lock files from /tmp/, which allows remote attackers to cause a denial of service (disk consumption) by making many SSHv1 connections, aka Bug ID CSCtd64417.Show less
1Cisco
1Ios Xr
Apr 29, 2026
May 31, 2011
N/A· v4
N/A· v3
7.8 HIGH· v2
Cisco IOS XR 3.8.3, 3.8.4, and 3.9.1 allows remote attackers to cause a denial of service (NetIO process restart or device reload) via a crafted IPv4 packet, aka Bug ID CSCth44147.