← Back

Cisco

cisco

6,599 CVEs • 6,224 products

Products (6,224)

Click to collapse
Toggle
Ios
ios
Ios Xe
ios_xe
Nx Os
nx_os
Ios Xr
ios_xr
Asyncos
asyncos
Asa 5500
asa_5500
Jabber
jabber

CVEs (6,599)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
1Cisco
14Unified Videoconferencing System 3515 Multipoint Control Unit
Unified Videoconferencing System 3515 Multipoint Control Unit FirmwareUnified Videoconferencing System 3522 Basic Rate Interface Gateway+11 more
Apr 29, 2026
Nov 22, 2010
N/A· v4
N/A· v3
5.0 MEDIUM· v2
Cisco Unified Videoconferencing (UVC) System 3545, 5110, 5115, and 5230; Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway; Unified Videoconferencing 3522 Basic Rate Interfaces (BRI) Gateway; and Unifie...Show more
Cisco Unified Videoconferencing (UVC) System 3545, 5110, 5115, and 5230; Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway; Unified Videoconferencing 3522 Basic Rate Interfaces (BRI) Gateway; and Unified Videoconferencing 3515 Multipoint Control Unit (MCU) improperly use cookies for web-interface credentials, which allows remote attackers to obtain sensitive information by reading a (1) cleartext or (2) base64-encoded cleartext cookie, aka Bug ID CSCti54052.Show less
1Cisco
14Unified Videoconferencing System 3515 Multipoint Control Unit
Unified Videoconferencing System 3515 Multipoint Control Unit FirmwareUnified Videoconferencing System 3522 Basic Rate Interface Gateway+11 more
Apr 29, 2026
Nov 22, 2010
N/A· v4
N/A· v3
6.4 MEDIUM· v2
The web interface in Cisco Unified Videoconferencing (UVC) System 3545, 5110, 5115, and 5230; Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway; Unified Videoconferencing 3522 Basic Rate Interfaces (BRI...Show more
The web interface in Cisco Unified Videoconferencing (UVC) System 3545, 5110, 5115, and 5230; Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway; Unified Videoconferencing 3522 Basic Rate Interfaces (BRI) Gateway; and Unified Videoconferencing 3515 Multipoint Control Unit (MCU) uses predictable session IDs based on time values, which makes it easier for remote attackers to hijack sessions via a brute-force attack, aka Bug ID CSCti54048.Show less
1Cisco
4Unified Videoconferencing System 5110
Unified Videoconferencing System 5110 FirmwareUnified Videoconferencing System 5115+1 more
Apr 29, 2026
Nov 22, 2010
N/A· v4
N/A· v3
4.9 MEDIUM· v2
Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the Linux operating system is used, uses world-readable permissions for the /etc/shadow file, which allows local users to discover encrypted passwords by r...Show more
Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the Linux operating system is used, uses world-readable permissions for the /etc/shadow file, which allows local users to discover encrypted passwords by reading this file, aka Bug ID CSCti54043.Show less
1Cisco
4Unified Videoconferencing System 5110
Unified Videoconferencing System 5110 FirmwareUnified Videoconferencing System 5115+1 more
Apr 29, 2026
Nov 22, 2010
N/A· v4
N/A· v3
4.9 MEDIUM· v2
/opt/rv/Versions/CurrentVersion/Mcu/Config/Mcu.val in Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the Linux operating system is used, uses a weak hashing algorithm for the (1) administrator and (2) o...Show more
/opt/rv/Versions/CurrentVersion/Mcu/Config/Mcu.val in Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the Linux operating system is used, uses a weak hashing algorithm for the (1) administrator and (2) operator passwords, which makes it easier for local users to obtain sensitive information by recovering the cleartext values, aka Bug ID CSCti54010.Show less
1Cisco
4Unified Videoconferencing System 5110
Unified Videoconferencing System 5110 FirmwareUnified Videoconferencing System 5115+1 more
Apr 29, 2026
Nov 22, 2010
N/A· v4
N/A· v3
10.0 HIGH· v2
Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the Linux operating system is used, has a default password for the (1) root, (2) cs, and (3) develop accounts, which makes it easier for remote attackers t...Show more
Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the Linux operating system is used, has a default password for the (1) root, (2) cs, and (3) develop accounts, which makes it easier for remote attackers to obtain access via the (a) FTP or (b) SSH daemon, aka Bug ID CSCti54008.Show less
1Cisco
14Unified Videoconferencing System 3515 Multipoint Control Unit
Unified Videoconferencing System 3515 Multipoint Control Unit FirmwareUnified Videoconferencing System 3522 Basic Rate Interface Gateway+11 more
Apr 29, 2026
Nov 22, 2010
N/A· v4
N/A· v3
8.5 HIGH· v2
goform/websXMLAdminRequestCgi.cgi in Cisco Unified Videoconferencing (UVC) System 5110 and 5115, and possibly Unified Videoconferencing System 3545 and 5230, Unified Videoconferencing 3527 Primary Rate Interface (PRI) Ga...Show more
goform/websXMLAdminRequestCgi.cgi in Cisco Unified Videoconferencing (UVC) System 5110 and 5115, and possibly Unified Videoconferencing System 3545 and 5230, Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway, Unified Videoconferencing 3522 Basic Rate Interfaces (BRI) Gateway, and Unified Videoconferencing 3515 Multipoint Control Unit (MCU), allows remote authenticated administrators to execute arbitrary commands via the username field, related to a "shell command injection vulnerability," aka Bug ID CSCti54059.Show less
1Cisco
1Intelligent Contact Manager
Apr 29, 2026
Nov 9, 2010
N/A· v4
N/A· v3
10.0 HIGH· v2
Multiple stack-based buffer overflows in agent.exe in Setup Manager in Cisco Intelligent Contact Manager (ICM) before 7.0 allow remote attackers to execute arbitrary code via a long parameter in a (1) HandleUpgradeAll, (...Show more
Multiple stack-based buffer overflows in agent.exe in Setup Manager in Cisco Intelligent Contact Manager (ICM) before 7.0 allow remote attackers to execute arbitrary code via a long parameter in a (1) HandleUpgradeAll, (2) AgentUpgrade, (3) HandleQueryNodeInfoReq, or (4) HandleUpgradeTrace TCP packet, aka Bug IDs CSCti45698, CSCti45715, CSCti45726, and CSCti46164.Show less
1Cisco
1Unified Communications Manager
Apr 29, 2026
Nov 9, 2010
N/A· v4
N/A· v3
6.8 MEDIUM· v2
/usr/local/cm/bin/pktCap_protectData in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6, 7, and 8 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters...Show more
/usr/local/cm/bin/pktCap_protectData in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6, 7, and 8 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in a request to the administrative interface, aka Bug IDs CSCti52041 and CSCti74930.Show less
1Cisco
7Ciscoworks Common Services
Ciscoworks Lan Management SolutionQos Policy Manager+4 more
Apr 29, 2026
Oct 29, 2010
N/A· v4
N/A· v3
10.0 HIGH· v2
Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Common Services before 4.0 allow remote attackers to execute arbitrary code via a session on TCP port (1) 443 or...Show more
Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Common Services before 4.0 allow remote attackers to execute arbitrary code via a session on TCP port (1) 443 or (2) 1741, aka Bug ID CSCti41352.Show less
1Cisco
1Secure Desktop
Apr 29, 2026
Oct 14, 2010
N/A· v4
N/A· v3
2.1 LOW· v2
Cisco Secure Desktop (CSD), when used in conjunction with an AnyConnect SSL VPN server, does not properly perform verification, which allows local users to bypass intended policy restrictions via a modified executable fi...Show more
Cisco Secure Desktop (CSD), when used in conjunction with an AnyConnect SSL VPN server, does not properly perform verification, which allows local users to bypass intended policy restrictions via a modified executable file.Show less
1Cisco
1Anyconnect Ssl Vpn
Apr 29, 2026
Oct 14, 2010
N/A· v4
N/A· v3
3.3 LOW· v2
The Cisco trial client on Linux for Cisco AnyConnect SSL VPN allows local users to overwrite arbitrary files via a symlink attack on unspecified temporary files.
1Cisco
1Ios
Apr 29, 2026
Sep 23, 2010
N/A· v4
N/A· v3
7.8 HIGH· v2
Memory leak in the SSL VPN feature in Cisco IOS 12.4, 15.0, and 15.1, when HTTP port redirection is enabled, allows remote attackers to cause a denial of service (memory consumption) by improperly disconnecting SSL sessi...Show more
Memory leak in the SSL VPN feature in Cisco IOS 12.4, 15.0, and 15.1, when HTTP port redirection is enabled, allows remote attackers to cause a denial of service (memory consumption) by improperly disconnecting SSL sessions, leading to connections that remain in the CLOSE-WAIT state, aka Bug ID CSCtg21685.Show less
1Cisco
3Ios
Ios XeUnified Communications Manager
Apr 29, 2026
Sep 23, 2010
N/A· v4
N/A· v3
7.8 HIGH· v2
Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.0 before 7.0(2a)su3, 7.1su befo...Show more
Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.0 before 7.0(2a)su3, 7.1su before 7.1(3b)su2, 7.1 before 7.1(5), and 8.0 before 8.0(1) allow remote attackers to cause a denial of service (device reload or voice-services outage) via a SIP REFER request with an invalid Refer-To header, aka Bug IDs CSCta20040 and CSCta31358.Show less
1Cisco
3Ios
Ios XeUnified Communications Manager
Apr 29, 2026
Sep 23, 2010
N/A· v4
N/A· v3
7.8 HIGH· v2
Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)SU1, 7.x before 7.1(5), and 8.0 bef...Show more
Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)SU1, 7.x before 7.1(5), and 8.0 before 8.0(2) allow remote attackers to cause a denial of service (device reload or voice-services outage) via crafted SIP registration traffic over UDP, aka Bug IDs CSCtf72678 and CSCtf14987.Show less
1Cisco
2Ios
Ios Xe
Apr 29, 2026
Sep 23, 2010
N/A· v4
N/A· v3
7.8 HIGH· v2
Unspecified vulnerability in the NAT for H.225.0 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1 allows remote attackers to cause a denial of service (device reload) via transit traffic, aka Bug ID CS...Show more
Unspecified vulnerability in the NAT for H.225.0 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1 allows remote attackers to cause a denial of service (device reload) via transit traffic, aka Bug ID CSCtd86472.Show less
1Cisco
2Ios
Ios Xe
Apr 29, 2026
Sep 23, 2010
N/A· v4
N/A· v3
7.8 HIGH· v2
Unspecified vulnerability in the NAT for H.323 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1 allows remote attackers to cause a denial of service (device reload) via transit traffic, aka Bug ID CSCt...Show more
Unspecified vulnerability in the NAT for H.323 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1 allows remote attackers to cause a denial of service (device reload) via transit traffic, aka Bug ID CSCtf91428.Show less
1Cisco
2Ios
Ios Xe
Apr 29, 2026
Sep 23, 2010
N/A· v4
N/A· v3
7.8 HIGH· v2
Unspecified vulnerability in the NAT for SIP implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1 allows remote attackers to cause a denial of service (device reload) via transit traffic on UDP port 5060,...Show more
Unspecified vulnerability in the NAT for SIP implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1 allows remote attackers to cause a denial of service (device reload) via transit traffic on UDP port 5060, aka Bug ID CSCtf17624.Show less
1Cisco
2Ios
Ios Xe
Apr 29, 2026
Sep 23, 2010
N/A· v4
N/A· v3
7.1 HIGH· v2
The IGMPv3 implementation in Cisco IOS 12.2, 12.3, 12.4, and 15.0 and IOS XE 2.5.x before 2.5.2, when PIM is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed IGMP packet, aka...Show more
The IGMPv3 implementation in Cisco IOS 12.2, 12.3, 12.4, and 15.0 and IOS XE 2.5.x before 2.5.2, when PIM is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed IGMP packet, aka Bug ID CSCte14603.Show less
1Cisco
2Ios
Ios Xe
Apr 29, 2026
Sep 23, 2010
N/A· v4
N/A· v3
7.8 HIGH· v2
Unspecified vulnerability in the H.323 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 2.5.x before 2.5.2 and 2.6.x before 2.6.1, allows remote attackers to cause a denial of service (trac...Show more
Unspecified vulnerability in the H.323 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 2.5.x before 2.5.2 and 2.6.x before 2.6.1, allows remote attackers to cause a denial of service (traceback and device reload) via crafted H.323 packets, aka Bug ID CSCtd33567.Show less
1Cisco
2Ios
Ios Xe
Apr 29, 2026
Sep 23, 2010
N/A· v4
N/A· v3
7.8 HIGH· v2
Unspecified vulnerability in the H.323 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 2.5.x before 2.5.2 and 2.6.x before 2.6.1, allows remote attackers to cause a denial of service (devi...Show more
Unspecified vulnerability in the H.323 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 2.5.x before 2.5.2 and 2.6.x before 2.6.1, allows remote attackers to cause a denial of service (device reload) via crafted H.323 packets, aka Bug ID CSCtc73759.Show less