CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2020-3452	High	94.5%	CiscoAdaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)	Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an improper input validation vulnerability when HTTP requests process URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device.	Nov 3, 2021	KEV
CVE-2021-1497	High 9.8	94.4%	CiscoHyperFlex HX	Cisco HyperFlex HX Installer Virtual Machine contains an insufficient input validation vulnerability which could allow an attacker to execute commands on an affected device as the root user.	Nov 3, 2021	KEVExploit
CVE-2018-0171	High	93.0%	CiscoIOS and IOS XE	Cisco IOS and IOS XE Software improperly validates packet data, allowing an unauthenticated, remote attacker to trigger a reload of an affected device, cause a denial-of-service (DoS) condition, or perform code execution on the affected device.	Nov 3, 2021	KEV
CVE-2019-1653	High	94.4%	CiscoSmall Business RV320 and RV325 Routers	Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers contain improper access controls for URLs. Exploitation could allow an attacker to download the router configuration or detailed diagnostic information.	Nov 3, 2021	KEV
CVE-2018-0296	High	94.4%	CiscoAdaptive Security Appliance (ASA)	Cisco Adaptive Security Appliance (ASA) contains an improper input validation vulnerability with HTTP URLs. Exploitation could allow an attacker to cause a denial-of-service (DoS) condition or information disclosure.	Nov 3, 2021	KEV
CVE-2021-1498	High	94.2%	CiscoHyperFlex HX	Cisco HyperFlex HX Installer Virtual Machine contains an insufficient input validation vulnerability which could allow an attacker to execute commands on an affected device as the tomcat8 user.	Nov 3, 2021	KEV
CVE-2020-3569	High	5.6%	CiscoIOS XR	Cisco IOS XR Distance Vector Multicast Routing Protocol (DVMRP) incorrectly handles Internet Group Management Protocol (IGMP) packets. Exploitation could allow an unauthenticated, remote attacker to immediately crash the IGMP process or make it consume available memory and eventually crash.	Nov 3, 2021	KEV
CVE-2020-3566	High	5.1%	CiscoIOS XR	Cisco IOS XR Distance Vector Multicast Routing Protocol (DVMRP) incorrectly handles Internet Group Management Protocol (IGMP) packets. Exploitation could allow an unauthenticated, remote attacker to immediately crash the IGMP process or make it consume available memory and eventually crash.	Nov 3, 2021	KEV

CVE-2020-3452KEV

High

Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an improper input validation vulnerability when HTTP requests process URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device.

CiscoEPSS 94.5%

CVE-2021-1497KEV

High

Cisco HyperFlex HX Installer Virtual Machine contains an insufficient input validation vulnerability which could allow an attacker to execute commands on an affected device as the root user.

CiscoCVSS 9.8EPSS 94.4%

Exploit

CVE-2018-0171KEV

High

Cisco IOS and IOS XE Software improperly validates packet data, allowing an unauthenticated, remote attacker to trigger a reload of an affected device, cause a denial-of-service (DoS) condition, or perform code execution on the affected device.

CiscoEPSS 93.0%

CVE-2019-1653KEV

High

Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers contain improper access controls for URLs. Exploitation could allow an attacker to download the router configuration or detailed diagnostic information.

CiscoEPSS 94.4%

CVE-2018-0296KEV

High

Cisco Adaptive Security Appliance (ASA) contains an improper input validation vulnerability with HTTP URLs. Exploitation could allow an attacker to cause a denial-of-service (DoS) condition or information disclosure.

CiscoEPSS 94.4%

CVE-2021-1498KEV

High

Cisco HyperFlex HX Installer Virtual Machine contains an insufficient input validation vulnerability which could allow an attacker to execute commands on an affected device as the tomcat8 user.

CiscoEPSS 94.2%

CVE-2020-3569KEV

High

Cisco IOS XR Distance Vector Multicast Routing Protocol (DVMRP) incorrectly handles Internet Group Management Protocol (IGMP) packets. Exploitation could allow an unauthenticated, remote attacker to immediately crash the IGMP process or make it consume available memory and eventually crash.

1 2 3 4 5