19065 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.
The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2016-9205 | Cisco IOS XR Software 拒绝服务漏洞 — Cisco IOS XR | 7.5 | - | 2016-12-14 |
| CVE-2016-9206 | Cisco Unified Communications Manager 跨站脚本漏洞 — Cisco Unified Communications Manager (CUCM) | 6.1 | - | 2016-12-14 |
| CVE-2016-9207 | 多款Cisco产品安全漏洞 — Cisco Expressway | 6.5 | - | 2016-12-14 |
| CVE-2016-9209 | Cisco Firepower System Software 安全漏洞 — Cisco FirePOWER | 7.5 | - | 2016-12-14 |
| CVE-2016-9210 | Cisco Unified Communications Manager 路径遍历漏洞 — Cisco Unified Reporting | 7.5 | - | 2016-12-14 |
| CVE-2016-9211 | Cisco ONS 15454 Series Multiservice Provisioning Platforms 安全漏洞 — Cisco ONS 15454 Series Multiservice Provisioning | 7.5 | - | 2016-12-14 |
| CVE-2016-9212 | Cisco Web Security Appliance 安全漏洞 — Cisco Web Security Appliance | - | - | 2016-12-14 |
| CVE-2016-9214 | Cisco Identity Services Engine 跨站脚本漏洞 — Cisco Identity Services Engine (ISE) | 6.1 | - | 2016-12-14 |
| CVE-2016-9938 | Digium Asterisk Open Source 安全漏洞 — n/a | 7.1 | - | 2016-12-12 |
| CVE-2016-6622 | phpMyAdmin 安全漏洞 — n/a | 5.9 | - | 2016-12-11 |
| CVE-2016-9860 | phpMyAdmin 输入验证漏洞 — n/a | 5.9 | - | 2016-12-11 |
| CVE-2016-9157 | Siemens SICAM PAS 安全漏洞 — Siemens SICAM PAS through V8.08 | 9.8 | - | 2016-12-05 |
| CVE-2016-5765 | 多款Micro Focus产品信息泄露漏洞 — Micro Focus MSS, RWeb, ZFE, RSG 1.x, 2.x, 12.x | 7.5 | - | 2016-11-29 |
| CVE-2016-6457 | Cisco Nexus 9000 Series Platform Leaf Switches for Application Centric Infrastructure 拒绝服务漏洞 — Cisco Nexus 9000 Series Platform Leaf Switches for Application Centric Infrastructure (ACI) 11.2(2x) through 12.0(1x) | 6.5 | - | 2016-11-19 |
| CVE-2016-6458 | Cisco AsyncOS for Cisco Email Security Appliances 安全绕过漏洞 — Cisco AsyncOS 10.0.0-125 and 9.7.1-066 | 5.3 | - | 2016-11-19 |
| CVE-2016-6460 | Cisco Firepower System Software 安全绕过漏洞 — Cisco Firepower System Software 5.4.0.2 through 6.2.0 | 9.1 | - | 2016-11-19 |
| CVE-2016-6461 | Cisco Adaptive Security Appliance 命令注入漏洞 — Cisco Adaptive Security Appliance (ASA) 9.1(6.10) | 7.5 | - | 2016-11-19 |
| CVE-2016-6462 | Cisco AsyncOS for Cisco Email Security Appliances 远程安全绕过漏洞 — Cisco AsyncOS 9.7.1-066 through 10.0.0-125 | 5.3 | - | 2016-11-19 |
| CVE-2016-6463 | Cisco AsyncOS for Cisco Email Security Appliances 安全绕过漏洞 — Cisco AsyncOS 9.7.1-066 through 10.0.0-082 | 5.3 | - | 2016-11-19 |
| CVE-2016-6466 | Cisco ASR 5000 Series routers 拒绝服务漏洞 — Cisco StarOS 20.0.0 through 21.0.M0.64246 | 5.3 | - | 2016-11-19 |
| CVE-2016-6472 | Cisco Unified Communications Manager 跨站脚本漏洞 — Cisco Unified Communication Manager 11.5(1.2) | 6.1 | - | 2016-11-19 |
| CVE-2016-6429 | Cisco IP Interoperability and Collaboration System 跨站脚本漏洞 — Cisco IP Interoperability and Collaboration System 4.10(1) | 6.1 | - | 2016-11-03 |
| CVE-2016-6441 | Cisco ASR 900 Series 缓冲区溢出漏洞 — Cisco IOS XE 3.17 and 3.18 | 9.8 | - | 2016-11-03 |
| CVE-2016-6447 | 多款Cisco产品缓冲区溢出漏洞 — Cisco Meeting Server before 2.0.1, Acano Server before 1.9.3, Cisco Meeting App before 1.9.8, Acano Meeting Apps before 1.8.35 | 9.8 | - | 2016-11-03 |
| CVE-2016-6448 | Cisco Meeting Server和Acano Server 缓冲区溢出漏洞 — Cisco Meeting Server before 2.0.3 and Acano Server before 1.9.5 | 9.8 | - | 2016-11-03 |
| CVE-2016-6451 | Cisco Prime Collaboration Provisioning 跨站脚本漏洞 — Cisco Prime Collaboration Provisioning 10.6 | 6.1 | - | 2016-11-03 |
| CVE-2016-6452 | Cisco Prime Home 身份验证绕过漏洞 — Cisco Prime Home before 6.0 | 9.8 | - | 2016-11-03 |
| CVE-2016-6454 | Cisco Hosted Collaboration Mediation Fulfillment 跨站请求伪造漏洞 — Cisco Hosted Collaboration Mediation Fulfillment before 11.5(0.98000.216) | 6.5 | - | 2016-11-03 |
| CVE-2016-6455 | Cisco ASR 5500 Series routers 拒绝服务漏洞 — Cisco StarOS 18.x through 21.x | 5.3 | - | 2016-11-03 |
| CVE-2016-7965 | DokuWiki 安全漏洞 — n/a | 6.5 | - | 2016-10-31 |
Vulnerabilities classified as access:pre-auth represent 19065 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.