70 matches found
Cisco NX-OS Software Unauthenticated Arbitrary File Actions Vulnerability
A vulnerability in the implementation of an internal file management service for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode that are running Cisco NX-OS Software could allow an unauthenticated, remote attacker to create, delete, or overwrite...
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services File Upload Denial of Service Vulnerability
Update from October 22nd, 2020: Cisco has become aware of a new Cisco Adaptive Security Appliance vulnerability that could affect the fixed releases recommended for code trains 9.13 and 9.14 in the Fixed Software "fs" section of this advisory. See the Cisco Adaptive Security Appliance Software...
Cisco IOS XE Software Arbitrary Code Execution Vulnerability
A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to execute persistent code at boot time and break the chain of trust. This vulnerability is due to incorrect validations by boot scripts when specific ROM monitor ROMMON variables are set. An attacker could...
Cisco IOS XE Software Web UI Authorization Bypass Vulnerability
A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to utilize parts of the web UI for which they are not authorized. The vulnerability is due to insufficient authorization of web UI access requests. An attacker could exploit this...
Cisco IOS XE Software Common Open Policy Service Engine Denial of Service Vulnerability
A vulnerability in the Common Open Policy Service COPS engine of Cisco IOS XE Software on Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to crash a device. The vulnerability is due to insufficient input validation. An attacker could exploit this...
Cisco IOS and IOS XE Software Simple Network Management Protocol Denial of Service Vulnerability
A vulnerability in the Simple Network Management Protocol SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software on Catalyst 4500 Series Switches could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient input...
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SSL/TLS Denial of Service Vulnerability
A vulnerability in the Secure Sockets Layer SSL/Transport Layer Security TLS handler of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to exhaust memory resources on the affected device, leading to a...
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software OSPF Packets Processing Memory Leak Vulnerability
A vulnerability in the Open Shortest Path First OSPF implementation in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. The vulnerability is due to incorrect...
Cisco Releases Security Updates
Cisco has released security updates to address vulnerabilities affecting multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to...
Cisco IOS XE Software Web UI Command Injection Vulnerabilities
Multiple vulnerabilities in the web-based user interface Web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands with elevated privileges on the affected device. For more information about these vulnerabilities, see the Details "details" section of this...
Power-Response Path Traversal Vulnerability
Power-Response is a modular PowerShell framework for event response . A path traversal vulnerability exists in versions of Power-Response prior to 2019-02-02, which can be exploited by an attacker to access locations outside of a restricted directory...
Cisco NX-OS Software Privilege Escalation Vulnerability
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to escalate lower-level privileges to the administrator level. The vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by authenticating to the...
Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1609)
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker coul...
Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1606)
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker coul...
Cisco IOS and IOS XE Software Cluster Management Protocol Denial of Service Vulnerability
A vulnerability in the implementation of the cluster feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service DoS condition on an affected device. The vulnerability is due to improper input validation when handling...
Cisco FXOS and NX-OS Software Cisco Fabric Services Denial of Service Vulnerability
A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on the affected device. The vulnerability exists because the affected software insufficiently validates...
Cisco NX-OS Software CLI Arbitrary Command Injection Vulnerability
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to perform a command-injection attack on an affected device. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting...
Cisco NX-OS Software Border Gateway Protocol Denial of Service Vulnerability
A vulnerability in the Border Gateway Protocol BGP implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition due to the device unexpectedly reloading. The vulnerability is due to incomplete input validation of the BGP update...
Cisco IOS XE Software Network Address Translation Denial of Service Vulnerability
A vulnerability in the processing of IPv4 packets that require Network Address Translation NAT and Multiprotocol Label Switching MPLS services of Cisco IOS XE Software for Cisco ASR 1000 Series, Cisco ISR 4300 Series, Cisco ISR 4400 Series, and Cisco Cloud Services 1000v Series Routers could allo...
Cisco IOS Software RSVP Vulnerability
A vulnerability in the implementation of the Resource Reservation Protocol RSVP in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker cause the device to reload. This vulnerability could be exploited repeatedly to cause an extended denial of service DoS...