14 matches found
CVE-2025-20257
A vulnerability in an API subsystem of Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager could allow an authenticated, remote attacker with low privileges to generate fraudulent findings that are used to generate alarms and alerts on an affected product. Th...
CVE-2021-1132 Cisco Network Services Orchestrator Path Traversal Vulnerability
A vulnerability in the API subsystem and in the web-management interface of Cisco Network Services Orchestrator NSO could allow an unauthenticated, remote attacker to access sensitive data. This vulnerability exists because the web-management interface and certain HTTP-based APIs do not properly...
PT-2022-1436 · Cisco · Cisco Tetration
Name of the Vulnerable Software and Affected Versions: Cisco Tetration affected versions not specified Description: The issue is related to insufficient input validation in the web-based management interface and API subsystem, allowing an authenticated, remote attacker to inject arbitrary command...
PT-2021-2251 · Cisco · Cisco Network Services Orchestrator
Name of the Vulnerable Software and Affected Versions: Cisco Network Services Orchestrator NSO affected versions not specified Description: A vulnerability in the API subsystem and web-management interface of Cisco Network Services Orchestrator NSO could allow an unauthenticated, remote attacker ...
Cisco Integrated Management Controller RCE (cisco-sa-ucs-api-rce-UXwpeDHd)
According to its self-reported version, Cisco Unified Computing System E-Series Software UCSE is affected by multiple remote code execution RCE vulnerabilities in the API subsystem due to improper boundary checks for certain user-supplied input. An unauthenticated, remote attacker can exploit...
Cisco Integrated Management Controller Remote Code Execution Vulnerability
The Cisco Integrated Management Controller IMC is a baseboard management controller that provides embedded server management for Cisco UCS C-Series rackmount servers and Cisco S-Series storage servers. A remote code execution vulnerability exists in the API subsystem of the Cisco Integrated...
CVE-2020-3470
Multiple vulnerabilities in the API subsystem of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to execute arbitrary code with root privileges. The vulnerabilities are due to improper boundary checks for certain user-supplied input. An attacker could...
Buffer overflow
Multiple vulnerabilities in the API subsystem of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to execute arbitrary code with root privileges. The vulnerabilities are due to improper boundary checks for certain user-supplied input. An attacker could...
Cross site scripting
A vulnerability in the API subsystem of Cisco Meetings App could allow an unauthenticated, remote attacker to retain and reuse the Traversal Using Relay NAT TURN server credentials that are configured in an affected system. The vulnerability is due to insufficient protection mechanisms for the TU...
CVE-2020-3197 Cisco Meetings App Missing TURN Server Credentials Expiration Vulnerability
A vulnerability in the API subsystem of Cisco Meetings App could allow an unauthenticated, remote attacker to retain and reuse the Traversal Using Relay NAT TURN server credentials that are configured in an affected system. The vulnerability is due to insufficient protection mechanisms for the TU...
CVE-2020-3197
The CVE-2020-3197 entry concerns Cisco Meetings App: an API subsystem vulnerability that allows an unauthenticated, remote attacker to obtain and reuse TURN server credentials by intercepting legitimate traffic due to insufficient protection of those credentials. Impact described: attacker could ...
CVE-2020-3267
A vulnerability in the API subsystem of Cisco Unified Contact Center Express Unified CCX could allow an authenticated, remote attacker to change the availability state of any agent. The vulnerability is due to insufficient authorization enforcement on an affected system. An attacker could exploit...
Authorization
A vulnerability in the API subsystem of Cisco Unified Contact Center Express Unified CCX could allow an authenticated, remote attacker to change the availability state of any agent. The vulnerability is due to insufficient authorization enforcement on an affected system. An attacker could exploit...
CVE-2019-1614 Cisco NX-OS Software NX-API Command Injection Vulnerability
A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The vulnerability is due to incorrect input validation of user-supplied data by the NX-API subsystem. An attacker could exploit this...