EUVD-2018-1021

Malware in sbrugna...

Cisco Unified IP Phone Software Denial of Service (CVE-2018-0332)

A vulnerability in the Session Initiation Protocol SIP ingress packet processing of Cisco Unified IP Phone software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to a lack of flow-control mechanisms in the software. An attacke...

Cisco NX-OS Software Python Parser Escape (CVE-2017-12301)

A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and gain unauthorized access to the underlying operating system of the device. The vulnerability exists due to insufficient sanitization of...

Cisco Nexus 9000 Series Fabric Switches Application-Centric Infrastructure Mode DHCP Version 6 Denial of Service (CVE-2018-0372)

A vulnerability in the DHCPv6 feature of the Cisco Nexus 9000 Series Fabric Switches in Application-Centric Infrastructure ACI Mode could allow an unauthenticated, remote attacker to cause the device to run low on system memory, which could result in a Denial of Service DoS condition on an affect...

Cisco FXOS Software and UCS Fabric Interconnect Arbitrary Code Execution (CVE-2018-0302)

A vulnerability in the CLI parser of Cisco FXOS Software and Cisco UCS Fabric Interconnect Software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to incorrect input validation in the CLI parser subsystem. An attacker could...

Cisco NX-OS Software Border Gateway Protocol Denial of Service (CVE-2018-0295)

A vulnerability in the Border Gateway Protocol BGP implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition due to the device unexpectedly reloading. The vulnerability is due to incomplete input validation of the BGP update...

Cisco NX-OS Software CLI Arbitrary Command Injection (CVE-2018-0307)

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to perform a command-injection attack on an affected device. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting...

Cisco NX-OS Software Role-Based Access Control Elevated Privileges (CVE-2018-0293)

A vulnerability in role-based access control RBAC for Cisco NX-OS Software could allow an authenticated, remote attacker to execute CLI commands that should be restricted for a nonadministrative user. The attacker would have to possess valid user credentials for the device. The vulnerability is d...

Cisco FXOS Software and UCS Fabric Interconnect Web UI Denial of Service (CVE-2018-0298)

A vulnerability in the web UI of Cisco FXOS and Cisco UCS Fabric Interconnect Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected system. The vulnerability is due to incorrect input validation in the web UI. An attacker could exploit this vulnerabili...

Cisco Integrated Management Controller Authorization Bypass (cisco-sa-cimc-auth-zWkppJxL)

According to its self-reported version, Cisco Unified Computing System Management Software is affected by an authorization bypass vulnerability due to improper authorization checks on API endpoints. An authenticate, remote attacker can exploit this issue, by sending malicious requests to an API...

Cisco Small Business RV Series RCE (cisco-sa-rv-rce-m4FEEGWX)

According to its self-reported version, Cisco Small Business RV Series Router Firmware is affected by an remote command execution RCE vulnerability due to improper validation of user data. An authenticated remote attacker can exploit this, via HTTP requests, to execute arbitrary code with high...

Cisco Firepower Threat Defense (FTD) Software Command Injection Vulnerability (cisco-sa-20200226-fxos-ucs-cli-cmdinj)

According to its self-reported version, Cisco FTD Software is affected by a command injection vulnerability within the local management local-mgmt CLI of Cisco FTD Software due to insufficient input validation. An authenticated, local attacker can exploit this to execute arbitrary commands on the...

Cisco Webex Centers CVE-2020-3116 Denial of Service Vulnerability

Description Cisco Webex Centers is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. This issue is being tracked by Cisco Bug IDs CSCvr16379, CSCvr16383 and CSCvr16386. Technologies Affected Cisco WebEx Event Center Cisco WebEx...

Cisco Data Center Network Manager Multiple SQL Injection Vulnerabilities

Description Cisco Data Center Network Manager is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data or...

Cisco Data Center Network Manager Multiple Authentication Bypass Vulnerabilities

Description Cisco Data Center Network Manager is prone to multiple authentication-bypass vulnerabilities. An attacker can exploit these issues to bypass authentication mechanism and perform unauthorized actions with administrative privileges. This may lead to further attacks. These issues are bei...

Cisco Data Center Network Manager Multiple Directory Traversal Vulnerabilities

Description Cisco Data Center Network Manager is prone to a multiple directory-traversal vulnerabilities because it fails to sufficiently sanitize user-supplied input. Remote attackers may use a specially crafted request with directory-traversal sequences '../' to retrieve arbitrary files from th...

Cisco Data Center Network Manager XML External Entity Information Disclosure Vulnerability

Description Cisco Data Center Network Manager is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may lead to further attacks. This issue is being tracked by Cisco bug IDs CSCvr79188, CSCvr88730 and CSCvr88737. Cisco...

Cisco Webex Centers CVE-2019-15987 Information Disclosure Vulnerability

Description Cisco Webex Centers are prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. This issue is being tracked by Cisco Bug IDs CSCvq81213 and CSCvq81230. Cisco Webex Event Center, Cisco Webex...

Cisco Ios Improper Input Validation

A vulnerability in the Cisco IOS Software and Cisco IOS XE Software function that restores encapsulated option 82 information in DHCP Version 4 DHCPv4 packets could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a Relay Reply denial of service DoS...

Cisco Small Business RV Series Routers CVE-2019-15957 Remote Command Injection Vulnerability

Description Cisco Small Business RV Series Routers are prone to a remote command injection vulnerability. Successfully exploiting this issue may allow an attacker to execute arbitrary commands with root privileges in the context of the affected device. This issue is being tracked by Cisco Bug IDs...