70 matches found
Cisco Identity Services Engine Sensitive Information Disclosure (cisco-sa-ise-info-exp-vdF8Jbyk)
According to its self-reported version, Cisco Identity Services Engine Sensitive Information Disclosure is affected by an information disclosure vulnerability. - A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attack...
Cisco Identity Services Engine 3.x < 3.2P1 Arbitrary File Download (cisco-sa-ise-file-dwnld-Srcdnkd2)
According to its self-reported version, Cisco Identity Services is affected by a vulnerability in the web-based management interface. These allow an authenticated, remote attacker to download arbitrary files from the file system of an affected device. These vulnerabilities are due to insufficient...
Cisco Firepower Threat Defense Software SSL Decryption Policy Bleichenbacher Attack (cisco-sa-ftd-tls-bb-rCgtmY2)
A vulnerability in the TLS handler of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability is due to improper implementation of countermeasures against a Bleichenbacher attack on a device that uses...
Cisco IOS XE Software Rate Limiting Network Address Translation DoS (cisco-sa-ratenat-pYVLA7wM) Unpatched Commands
According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. - A vulnerability in the Rate Limiting Network Address Translation NAT feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause high CPU utilization in the Cisco...
Cisco Identity Services Engine XSS (cisco-sa-ise-xss-twLnpy3M)
According to its self-reported version, Cisco Identity Services Engine is affected by a cross-site scripting XSS vulnerability due to insufficient input validation in the External RESTful Services ERS API. An attacker could exploit this vulnerability by persuading an authenticated administrator o...
Cisco Unified Intelligence Center Log4j RCE
According to its self-reported version, Cisco Unified Intelligence Center is affected by a remote code execution vulnerability. - Apache Log4j2 2.0-beta9 through 2.15.0 excluding security releases 2.12.2, 2.12.3, and 2.3.1 JNDI features used in configuration, log messages, and parameters do not...
Cisco Firepower Threat Defense Software DoS (cisco-sa-ftd-dos-JnnJm4wB)
A vulnerability in the connection handling function in Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper traffic handling when platform limits are...
Cisco Firepower Threat Defense Software Local Malware Analysis DoS (cisco-sa-ftd-amp-local-dos-CUfwRJXT)
A vulnerability in the local malware analysis process of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on the affected device. This vulnerability is due to insufficient error handling in the local malware...
Cisco Firepower Threat Defense Software Snort Out of Memory DoS (cisco-sa-ftd-snort-dos-hd2hFgM)
A vulnerability in the Snort detection engine integration for Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause unlimited memory consumption, which could lead to a denial of service DoS condition on an affected device. This vulnerability is due t...
Cisco Unified Communications Products XSRF (cisco-sa-ucm-csrf-jrKP4eNT)
According to its self-reported version number, the web-based management interface of the Cisco Unified Communications Manager Unified CM and Cisco Unified CM Session Management Edition is affected by a cross-site request forgery vulnerability. An authenticated, remote attacker can exploit this...
Cisco IOS XR Software Border Gateway Protocol DoS (cisco-sa-20090818-bgp)
According to its self-reported version, Cisco IOS XR Software with BGP enabled is affected by the following vulnerabilities: - Cisco IOS XR 3.8.1 and earlier allows remote attackers to cause a denial of service process crash via a long BGP UPDATE message, as demonstrated by a message with many AS...
Cisco Adaptive Security Appliance Software Identity-Based Rule Bypass (cisco-sa-asaftd-rule-bypass-ejjOgQEY)
According to its self-reported version, Cisco ASA Software is affected by a vulnerability. Please see the included Cisco BIDs and Cisco Security Advisory for more information. TRUSTED...
Cisco IOS XE Software DNS NAT Protocol Application Layer Gateway DoS (cisco-sa-alg-dos-hbBS7SZE)
According to its self-reported version, Cisco IOS-XE Software is affected by a denial of service vulnerability in the DNS Application Layer Gateway ALG functionality used by Network Address Translation NAT. The vulnerability is due to a logic error that occurs when an affected device inspects...
Cisco Identity Services Engine Stored XSS (cisco-sa-ise-stored-xss-TWwjVPdL)
According to its self-reported version, Cisco Identity Services Engine is affected by multiple stored cross-site scripting XSS vulnerabilities due to improper validation of user-supplied input before returning it to users. An unauthenticated, remote attacker can exploit this, by convincing a user...
Cisco Nexus 9000 Series Fabric Switches ACI Mode Link Layer Discovery Protocol Port DoS (cisco-sa-apic-lldap-dos-WerV9CFj)
According to its self-reported version, Cisco NX-OS Software is affected by a denial of service DoS vulnerability. The vulnerability exists in the Link Layer Discovery Protocol LLDP due to incorrect processing of LLDP on packets on an SFP interface. An unauthenticated, adjacent attacker can explo...
Cisco Firepower Threat Defense Software WebVPN CRLF Injection (cisco-sa-asa-ftd-crlf-inj-BX9uRwSn)
According to its self-reported version, the Clientless SSL VPN WebVPN of Cisco Firepower Threat Defense FTD Software is affected by an CRLF injection vulnerability due to improper input sanitization. An unauthenticated, remote attacker can exploit this by persuading a user of the interface to cli...
Cisco Adaptive Security Appliance Software WebVPN CRLF Injection (cisco-sa-asa-ftd-crlf-inj-BX9uRwSn)
According to its self-reported version, the Clientless SSL VPN WebVPN of Cisco Adaptive Security Appliance ASA Software is affected by an CRLF injection vulnerability due to improper input sanitization. An unauthenticated, remote attacker can exploit this by persuading a user of the interface to...
Cisco Adaptive Security Appliance Software Bleichenbacher Attack (cisco-sa-asaftd-tls-bb-2g9uWkP)
According to its self-reported version, the TLS handler of Cisco Adaptive Security Appliance ASA Software for Cisco Firepower 1000 is affected by the Bleichenbacher attack vulnerability due to improper implementation of countermeasures against the Bleichenbacher attack for cipher suites that rely...
Cisco Firepower Threat Defense Software TCP Flood DoS (cisco-sa-ftd-tcp-dos-GDcZDqAf)
According to its self-reported version, the packet processing functionality of Cisco Firepower Threat Defense FTD Software is affected by TCP flood denial of service vulnerability due to inefficient memory management. An unauthenticated, remote attacker can exploit this by sending a large number ...
Cisco SD-WAN vManage HTTP Authentication User Enumeration (cisco-sa-vmanage-enumeration-64eNnDKy)
According to its self-reported version, Cisco SD-WAN Viptela Software is affected by an information disclosure vulnerability due to improper handling of HTTP headers. An unauthenticated, remote attacker can exploit this, via HTTP, to determine which accounts are valid user accounts. Please see th...