Cisco Security Vulnerabilities (CVEs)
Track 508 security vulnerabilities affecting Cisco products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This critical vulnerability in Cisco ISE and ISE-PIC allows unauthenticated remote attackers to upload arbitrary files and execute them as root on the...
Jun 25, 2025An unauthenticated remote code execution vulnerability in Cisco ISE and ISE-PIC API allows attackers to execute arbitrary commands as root without cre...
Jun 25, 2025A memory overread vulnerability in ClamAV's Universal Disk Format (UDF) processing allows unauthenticated remote attackers to cause denial of service ...
Jun 18, 2025A critical vulnerability in Cisco ISE cloud deployments allows unauthenticated attackers to access shared credentials across multiple cloud environmen...
Jun 4, 2025This vulnerability allows unauthenticated attackers to execute arbitrary code on Cisco Unified CCX Editor systems by exploiting insecure Java deserial...
Jun 4, 2025This vulnerability allows authenticated local attackers with administrative credentials to execute arbitrary commands as root on affected Cisco Unifie...
Jun 4, 2025This vulnerability allows unauthenticated remote attackers to impersonate Cisco NDFC-managed devices via SSH man-in-the-middle attacks due to insuffic...
Jun 4, 2025An unauthenticated remote attacker can exploit improper HTTP request sanitization in Cisco Customer Collaboration Platform's web chat interface to red...
Jun 4, 2025This vulnerability allows authenticated administrators on Cisco Secure Network Analytics Manager and Virtual Manager to execute arbitrary commands as ...
May 21, 2025An unauthenticated remote attacker can inject arbitrary commands into emails sent by Cisco Duo's self-service portal due to insufficient input validat...
May 21, 2025An unauthenticated remote attacker can send specially crafted RADIUS authentication requests to cause Cisco Identity Services Engine (ISE) to reload, ...
May 21, 2025An unauthenticated remote attacker can exploit this cross-site scripting (XSS) vulnerability in Cisco Webex by tricking a user into clicking a malicio...
May 21, 2025An unauthenticated remote attacker can exploit this cross-site scripting (XSS) vulnerability in Cisco Webex by tricking users into clicking malicious ...
May 21, 2025This vulnerability allows authenticated remote attackers to elevate privileges to Administrator level for limited functions in Cisco Unified Intellige...
May 21, 2025This vulnerability in Cisco Catalyst Center (formerly DNA Center) allows authenticated remote attackers to bypass access controls and read/modify data...
May 7, 2025An unauthenticated attacker on the same network segment can send a malicious Cisco Discovery Protocol packet to an access point, causing the wireless ...
May 7, 2025This vulnerability allows authenticated local attackers with read-only CLI access to overwrite arbitrary files on Cisco Catalyst SD-WAN Manager device...
May 7, 2025This vulnerability allows unauthenticated remote attackers to inject HTML content into authenticated users' browsers via the Cisco Catalyst SD-WAN Man...
May 7, 2025This vulnerability allows authenticated local attackers with privilege level 15 access on Cisco IOS XE devices to elevate their privileges to root on ...
May 7, 2025This vulnerability allows authenticated local attackers with privilege level 15 access on Cisco IOS XE devices to escalate privileges to root on the u...
May 7, 2025This vulnerability allows authenticated local attackers with privilege level 15 access on Cisco IOS XE devices to escalate privileges to root on the u...
May 7, 2025This vulnerability allows authenticated low-privileged remote attackers to perform OS command injection through Cisco IOS XE's web management interfac...
May 7, 2025This CSRF vulnerability in Cisco IOS XE web management interface allows unauthenticated remote attackers to trick authenticated users into executing C...
May 7, 2025An unauthenticated remote attacker can cause affected Cisco network devices to crash and reload by sending specially crafted IKEv2 protocol messages. ...
May 7, 2025This vulnerability in Cisco Catalyst SD-WAN Manager allows authenticated remote attackers to write arbitrary files via API requests due to improper in...
May 7, 2025This critical vulnerability in Cisco IOS XE Wireless LAN Controllers allows unauthenticated remote attackers to upload arbitrary files and execute com...
May 7, 2025This vulnerability in Cisco IOS XE Wireless Controller Software allows authenticated lobby ambassador users to delete arbitrary user accounts, includi...
May 7, 2025This vulnerability allows authenticated SNMPv3 users to poll Cisco IOS/IOS XE devices even when their access should be denied by configuration. The fl...
May 7, 2025An out-of-bounds array access vulnerability in Cisco's TWAMP server implementation allows unauthenticated remote attackers to cause device reloads (Do...
May 7, 2025An improper certificate validation vulnerability in Cisco Catalyst SD-WAN Manager (formerly vManage) allows attackers to intercept Smart Licensing tra...
May 7, 2025A vulnerability in Cisco IOS XE Software's DHCP snooping feature allows unauthenticated remote attackers to cause a denial of service by sending DHCP ...
May 7, 2025This vulnerability allows authenticated local attackers with privilege level 15 or unauthenticated attackers with physical access to execute persisten...
May 7, 2025This vulnerability allows authenticated local attackers with read-only privileges on Cisco Catalyst SD-WAN Manager to escalate to root privileges on t...
May 7, 2025An unauthenticated adjacent wireless attacker can cause denial of service on Cisco IOS XE WLCs by sending crafted IPv6 packets that trigger memory exh...
May 7, 2025This CVE describes a critical vulnerability in Erlang/OTP's SSH server that allows unauthenticated remote code execution. Attackers can exploit a flaw...
Apr 16, 2025A vulnerability in Cisco Webex App's URL parser allows unauthenticated remote attackers to trick users into downloading malicious files via crafted me...
Apr 16, 2025An unauthenticated remote attacker can enumerate valid LDAP usernames on vulnerable Cisco Nexus Dashboard systems by sending authentication requests. ...
Apr 16, 2025An unauthenticated remote attacker can send specially crafted chat messages to Cisco Enterprise Chat and Email (ECE) to trigger a denial of service co...
Apr 2, 2025An unauthenticated remote attacker can inject malicious scripts into Cisco EPNM and Prime Infrastructure web interfaces, which then execute in victims...
Apr 2, 2025This vulnerability allows unauthenticated remote attackers to bypass egress ACLs on Cisco IOS XR devices when traffic flows between different line car...
Mar 12, 2025An unauthenticated remote attacker can cause denial of service on affected Cisco routers by sending crafted IPv4 multicast packets to line cards with ...
Mar 12, 2025This vulnerability allows authenticated local attackers with root-system privileges on Cisco IOS XR devices to bypass image signature verification dur...
Mar 12, 2025An unauthenticated remote attacker can send malformed IKEv2 packets to Cisco IOS XR devices, causing them to stop processing all control plane UDP pac...
Mar 12, 2025A memory corruption vulnerability in Cisco IOS XR's BGP confederation implementation allows unauthenticated remote attackers to cause denial of servic...
Mar 12, 2025This vulnerability in Cisco IOS XR Software allows an authenticated, low-privileged local attacker to execute arbitrary commands as root on the underl...
Mar 12, 2025An unauthenticated adjacent attacker can send specially crafted packets to Cisco IOS XR devices, causing control plane traffic to stop working. This a...
Mar 12, 2025This vulnerability in Cisco IOS XR Software allows unauthenticated remote attackers to cause line card resets by sending crafted IPv4 packets to inter...
Mar 12, 2025This vulnerability allows authenticated local attackers with root-system privileges on Cisco IOS XR devices to bypass Secure Boot integrity checks and...
Mar 12, 2025This vulnerability allows authenticated local attackers on Windows systems with Cisco Secure Client and Secure Firewall Posture Engine installed to pe...
Mar 5, 2025A cross-site scripting (XSS) vulnerability in Cisco TelePresence Management Suite (TMS) web interface allows low-privileged remote attackers to inject...
Mar 5, 2025Why Monitor Cisco Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 508+ known vulnerabilities affecting Cisco products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Cisco packages in under 60 seconds. No agents required - completely agentless scanning that works across Cisco deployments.
Free vulnerability database: Access detailed information about every Cisco CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Cisco CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
