cisco security advisories
33 threat alerts tracking vulnerabilities and security advisories that affect cisco products.
Vulnios monitors cisco CVE feeds, vendor advisories, CISA KEV listings, and exploit-prediction data continuously. Each alert below is enriched with severity, exploitation status, affected products, and a remediation path. Use this page to scan recent cisco security news in one place, or click into an individual alert for full detail.
Critical Vulnerability: CVE-2017-12371 — cisco — webex_meetings
A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files.
criticalCVE-2017-12371Critical Vulnerability: CVE-2017-12369 — cisco — webex_meetings
A "Cisco WebEx Network Recording Player Out-of-Bounds Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote
criticalCVE-2017-12369Critical Vulnerability: CVE-2017-12370 — cisco — webex_meetings
A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files.
criticalCVE-2017-12370Critical Vulnerability: CVE-2017-12367 — cisco — webex_meetings_server
A "Cisco WebEx Network Recording Player Denial of Service Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A re
criticalCVE-2017-12367Critical Vulnerability: CVE-2017-12368 — cisco — webex_meetings, webex_meetings_server
A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files.
criticalCVE-2017-12368Critical Vulnerability: CVE-2017-12372 — cisco — webex_meetings_server, webex_meetings
A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files.
criticalCVE-2017-12372Critical Vulnerability: CVE-2017-12337 — cisco — emergency_responder, finesse
A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorize
criticalCVE-2017-12337Critical Vulnerability: CVE-2017-12251 — cisco — cloud_services_platform_2100
A vulnerability in the web console of the Cisco Cloud Services Platform (CSP) 2100 could allow an authenticated, remote attacker to interact maliciously with the services or virtual machines (VMs) ope
criticalCVE-2017-12251Critical Vulnerability: CVE-2017-12229 — cisco — ios_xe
A vulnerability in the REST API of the web-based user interface (web UI) of Cisco IOS XE 3.1 through 16.5 could allow an unauthenticated, remote attacker to bypass authentication to the REST API of th
criticalCVE-2017-12229Critical Vulnerability: CVE-2017-12236 — cisco — ios_xe
A vulnerability in the implementation of the Locator/ID Separation Protocol (LISP) in Cisco IOS XE 3.2 through 16.5 could allow an unauthenticated, remote attacker using an x tunnel router to bypass a
criticalCVE-2017-12236Critical Vulnerability: CVE-2017-12249 — cisco — meeting_server
A vulnerability in the Traversal Using Relay NAT (TURN) server included with Cisco Meeting Server (CMS) could allow an authenticated, remote attacker to gain unauthenticated or unauthorized access to
criticalCVE-2017-12249Critical Vulnerability: CVE-2017-6747 — cisco — identity_services_engine
A vulnerability in the authentication module of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to bypass local authentication. The vulnerability is due to imprope
criticalCVE-2017-6747Critical Vulnerability: CVE-2017-9479 — cisco — dpc3939_firmware, dpc3939
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to execute arbitrary commands as root by leveraging local network ac
criticalCVE-2017-9479Critical Vulnerability: CVE-2017-9483 — cisco — dpc3939_firmware, dpc3939
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows Network Processor (NP) Linux users to obtain root access to the Application Processor
criticalCVE-2017-9483Critical Vulnerability: CVE-2017-9482 — cisco — dpc3939_firmware, dpc3939
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to obtain root access to the Network Processor (NP) Linux system by
criticalCVE-2017-9482Critical Vulnerability: CVE-2017-11588 — cisco — residential_gateway_firmware, residential_gateway
On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is remote command exec
criticalCVE-2017-11588Critical Vulnerability: CVE-2017-11589 — cisco — residential_gateway_firmware, residential_gateway
On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is no access control f
criticalCVE-2017-11589Critical Vulnerability: CVE-2017-11502 — cisco — dpc3928ad_docsis_wireless_router_firmware, dpc3928ad_docsis_wireless_router
Technicolor DPC3928AD DOCSIS devices allow remote attackers to read arbitrary files via a request starting with "GET /../" on TCP port 4321.
criticalCVE-2017-11502Critical Vulnerability: CVE-2017-6713 — cisco — elastic_services_controller
A vulnerability in the Play Framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to gain full access to the affected system. The vulnerability is due to
criticalCVE-2017-6713Critical Vulnerability: CVE-2017-6708 — cisco — ultra_services_framework
A vulnerability in the symbolic link (symlink) creation functionality of the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to read sensitive files
criticalCVE-2017-6708Critical Vulnerability: CVE-2017-6714 — cisco — ultra_services_framework_staging_server
A vulnerability in the AutoIT service of Cisco Ultra Services Framework Staging Server could allow an unauthenticated, remote attacker to execute arbitrary shell commands as the Linux root user. The v
criticalCVE-2017-6714Critical Vulnerability: CVE-2017-6709 — cisco — ultra_services_framework
A vulnerability in the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to access administrative credentials for Cisco Elastic Services Controller (E
criticalCVE-2017-6709Critical Vulnerability: CVE-2017-6711 — cisco — ultra_services_framework
A vulnerability in the Ultra Automation Service (UAS) of the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to gain unauthorized access to a targeted device. The vulner
criticalCVE-2017-6711Critical Vulnerability: CVE-2017-6667 — cisco — context_service_development_kit
A vulnerability in the update process for the dynamic JAR file of the Cisco Context Service software development kit (SDK) could allow an unauthenticated, remote attacker to execute arbitrary code on
criticalCVE-2017-6667Critical Vulnerability: CVE-2017-6639 — cisco — prime_data_center_network_manager
A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to access sensitive information
criticalCVE-2017-6639Critical Vulnerability: CVE-2017-6640 — cisco — prime_data_center_network_manager
A vulnerability in Cisco Prime Data Center Network Manager (DCNM) Software could allow an unauthenticated, remote attacker to log in to the administrative console of a DCNM server by using an account
criticalCVE-2017-6640Critical Vulnerability: CVE-2017-6622 — cisco — prime_collaboration_provisioning
A vulnerability in the web interface for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to bypass authentication and perform command injection with root privile
criticalCVE-2017-6622Critical Vulnerability: CVE-2017-3882 — cisco — small_business_rv_router_firmware, small_business_rv_router_firmware_1.0
A vulnerability in the Universal Plug-and-Play (UPnP) implementation in the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, Layer 2-adjacent attacker to execute arbitrary code or c
criticalCVE-2017-3882Critical Vulnerability: CVE-2017-3834 — cisco — aironet_access_point_firmware, aironet_1830i_access_point
A vulnerability in Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points running Cisco Mobility Express Software could allow an unauthenticated, remote attacker to take complete contro
criticalCVE-2017-3834Critical Vulnerability: CVE-2017-3853 — cisco — iox
A vulnerability in the Data-in-Motion (DMo) process installed with the Cisco IOx application environment could allow an unauthenticated, remote attacker to cause a stack overflow that could allow remo
criticalCVE-2017-3853Critical Vulnerability: CVE-2017-3831 — cisco — aironet_access_point_software, aironet_1810
A vulnerability in the web-based GUI of Cisco Mobility Express 1800 Series Access Points could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full ad
criticalCVE-2017-3831Critical Vulnerability: CVE-2017-3792 — cisco — telepresence_mcu_software, telepresence_mcu_4505
A vulnerability in a proprietary device driver in the kernel of Cisco TelePresence Multipoint Control Unit (MCU) Software could allow an unauthenticated, remote attacker to execute arbitrary code or c
criticalCVE-2017-3792Critical Vulnerability: CVE-2017-3791 — cisco — cisco_prime_home
A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication and execute actions with administrator privileges. The vulnerability i
criticalCVE-2017-3791
Track cisco exposure across your environment
Vulnios automatically cross-references your asset inventory against new cisco CVEs and surfaces only what affects you. No more sifting manually — actionable findings only.
Start a free scan