522 matches found
Cisco UCS 6300 Series Fabric Interconnects SNMP DoS (cisco-sa-fp-ucsfi-snmp-dos-qtv69NAO)
A vulnerability in the Simple Network Management Protocol SNMP service of Cisco UCS 6300 Series Fabric Interconnects could allow an authenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to the improper handling of specific SNMP...
Cisco APIC Unauthorized Policy Actions (cisco-sa-apic-uapa-F4TAShk)
A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller APIC could allow an authenticated, remote attacker to read, modify, or delete non-tenant policies for example, access policies created by users associated with a different securi...
Cisco Nexus 3000 9000 Series Switches SFTP Server File Access (cisco-sa-nxos-sftp-xVAp5Hfd)
According to its self-reported version, Cisco NX-OS Software is affected by a vulnerability. Please see the included Cisco BIDs and Cisco Security Advisory for more information. TRUSTED...
Credential Information Disclosure Vulnerability(cisco-sa-ise-credentials-tkTO3h3)
According to its self-reported version, Cisco Identity Services Engine is affected by a vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to access sensitive information. This vulnerability is due to the imprope...
Cisco Identity Services Engine Command Injection Vulnerabilities (cisco-sa-adeos-MLAyEcvk)
According to its self-reported version, Cisco Identity Services Engine is affected by multiple command injection vulnerabilities: - A vulnerability in the restricted shell of Cisco ISE could allow an authenticated, local attacker to escape the restricted shell and gain root privileges on the...
Cisco SD-WAN vManage Unauthenticated REST API Access (cisco-sa-vmanage-unauthapi-sphCLYPA)
According to its self-reported version, Cisco SD-WAN Viptela Software is affected by a vulnerability. - A vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to gain read permissions or limited...
Cisco Firepower Threat Defense Software SNMP DoS (cisco-sa-asaftd-snmp-dos-qsqBNM6x)
According to its self-reported version, Cisco ASA Software is affected by a denial of service DoS vulnerability in the Simple Network Management Protocol SNMP feature of Cisco Firepower Threat Defense Software. Due to insufficient input validation, an authenticated, remote attacker could exploit...
Cisco Expressway Series / Cisco TelePresence VCS 14.x < 14.3.0 Privilege Escalation (cisco-sa-expressway-priv-esc-Ls2B9t7b)
The Cisco Expressway Series or Cisco TelePresence Video Communication Server VCS running on the remote host is 14.x prior to 14.3.0. It is, therefore, affected by a privilege escalation vulnerability as described in the cisco-sa-expressway-priv-esc-Ls2B9t7b advisory. Due to an incorrect...
Upgraded Q -> 2 from #327 [1686724891862]
Judge has assessed an item in Issue 327 as 2 risk. The relevant finding follows: L-04 addBid does not increment the endBlock of the auction when it is close to the end, preventing the protocol from capturing extra value When an Auction is created, it sets a lotItem.endBlock. This value remains...
Cisco Identity Services Engine Path Traversal Vulnerability (cisco-sa-ise-traversal-ZTUgMYhu) (CSCwd07350)
According to its self-reported version, Cisco Identity Services Engine Path Traversal Vulnerabilities is affected by a path traversal vulnerability. A vulnerability in the CLI of Cisco ISE could allow an authenticated, local attacker to perform a path traversal attack to escape the restricted she...
Cisco IOS XE Software Fragmented Tunnel Protocol Packet DoS (cisco-sa-ios-gre-crash-p6nE5Sq5)
According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. Please see the included Cisco BIDs and Cisco Security Advisory for more information. TRUSTED...
Cisco Identity Services Engine Command Injection Vulnerabilities (cisco-sa-ise-injection-2XbOg9Dg)
According to its self-reported version, Cisco Identity Services Engine is affected by multiple command injection vulnerabilities. Multiple vulnerabilities in specific Cisco Identity Services Engine ISE CLI commands could allow an authenticated, local attacker to perform command injection attacks ...
Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Remote Command Execution (cisco-sa-sb-rv01x_rv32x_rce-nzAGWWDD)
According to its self-reported version, the Cisco Small Business Router is by a vulnerability. A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary...
Cisco Small Business RV016, RV042, RV042G, RV082 , RV320, and RV325 Routers XSS Vulnerabilities (cisco-sa-rv-stored-xss-vqz7gC8W)
According to its self-reported version, Cisco Small Business RV016, RV042, RV042G, RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities is affected by multiple vulnerabilities: - Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042,...
Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers Command Injection Vulnerabilities (cisco-sa-sb-rv32x-cmdinject-cKQsZpxL)
According to its self-reported version, Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers are affected by multiple command injection vulnerabilities. Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers...
Cisco Adaptive Security Appliance Software Low Entropy Keys (cisco-sa-asa5500x-entropy-6v9bHVYP)
A vulnerability in the deterministic random bit generator DRBG, also known as pseudorandom number generator PRNG in Cisco Adaptive Security Appliance ASA Software for Cisco ASA 5506-X, ASA-5508-X and ASA 5516-X Firewalls could allow an unauthenticated, remote attacker to cause a cryptographic...
Cisco Firepower Threat Defense Software Low Entropy Keys (cisco-sa-asa5500x-entropy-6v9bHVYP)
A vulnerability in the deterministic random bit generator DRBG, also known as pseudorandom number generator PRNG in Cisco Firepower Threat Defense FTD Software for Cisco ASA 5506-X, ASA-5508-X and ASA 5516-X Firewalls could allow an unauthenticated, remote attacker to cause a cryptographic...
Cisco IOS XE Software Privilege Escalation (cisco-sa-iosxe-priv-esc-sABD8hcU)
According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. - A vulnerability in the Meraki onboarding feature of Cisco IOS XE Software could allow an authenticated, local attacker to gain root level privileges on an affected device. This vulnerability is due to...
Cisco UCS Fabric Interconnects Command Injection (cisco-sa-nxfp-cmdinj-XXBZjtR)
According to its self-reported version, Cisco Unified Computing System UCS Fabric Interconnect is affected by a command injection vulnerability. Due to insufficient input validation of commands supplied by the user, an authenticated attacker can execute unauthorized commands within the CLI. On...
Cisco Email Security Appliance PrivEsc (cisco-sa-esa-sma-privesc-9DVkFpJ8)
According to its self-reported version, Cisco Email Security Appliance is affected by a vulnerability in the web UI and CLI of Cisco ESA could allow an authenticated, remote attacker web UI or authenticated, local attacker CLI to elevate privileges to root. The attacker must have valid user...