Cisco Nexus Dashboard Fabric Controller Remote Code Execution Vulnerability

A vulnerability in Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, remote attacker with low privileges to execute arbitrary code on an affected device. This vulnerability is due to improper path validation. An attacker could exploit this vulnerability by using the Secur...

Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Arbitrary File Upload Vulnerability

A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement...

Lasso SAML Implementation Vulnerability Affecting Cisco Products: June 2021

On June 1, 2021, Lasso disclosed a security vulnerability in the Lasso Security Assertion Markup Language SAML Single Sign-On SSO library. This vulnerability could allow an authenticated attacker to impersonate another authorized user when interacting with an application. For a description of thi...

Cisco Unified Communications Products Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to...

Cisco Webex Meetings Mobile (iOS) SSL Certificate Validation Vulnerability

A vulnerability in Cisco Webex Meetings Mobile iOS could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data by using an invalid Secure Sockets Layer SSL certificate. The vulnerability is due to insufficient SSL certificate validation by the affected...

Cisco SocialMiner Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco SocialMiner could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied...

Cisco Enterprise NFV Infrastructure Software Denial of Service Vulnerability

A vulnerability in the user management functionality of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to perform a denial of service DoS attack against an affected system. The vulnerability is due to insufficient validation of user-provided input...

Cisco Firepower 4100 Series Next-Generation Firewall and Firepower 9300 Security Appliance Path Traversal Vulnerability

A vulnerability in the process of uploading new application images to the Cisco Firepower 4100 Series Next-Generation Firewall NGFW and Firepower 9300 Security Appliance could allow an authenticated, remote attacker using path traversal techniques to create or overwrite arbitrary files on an...

Cisco WebEx Connect IM Cross-Site Scripting Vulnerability

A vulnerability in Cisco WebEx Connect IM could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affect...

Cisco IOS XE Software Diagnostic Shell Path Traversal Vulnerability

A vulnerability in the diagnostic shell for Cisco IOS XE Software could allow an authenticated, local attacker to use certain diagnostic shell commands that can overwrite system files. These system files may be sensitive and should not be able to be overwritten by a user of the diagnostic shell...

Cisco NX-OS System Software Unauthorized User Account Deletion Vulnerability

A vulnerability in the network-operator user role implementation for Cisco NX-OS System Software could allow an authenticated, local attacker to improperly delete valid user accounts. The network-operator role should not be able to delete other configured users on the device. The vulnerability is...

Cisco Identity Services Engine GUI Denial of Service Vulnerability

A vulnerability in the TCP throttling process for the GUI of the Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device where the ISE GUI may fail to respond to new or established connection requests. The...

Cisco Prime Infrastructure API Credentials Management Vulnerability

A vulnerability in the APIs for Cisco Prime Infrastructure could allow an authenticated, remote attacker to access an API that should be restricted to a privileged user. The attacker needs to have valid credentials. The vulnerability is due to a lack of proper role-based access control RBAC for...

Cisco Wireless Residential Gateway Information Disclosure Vulnerability

A vulnerability in the web-based administration interface of the Cisco Wireless Residential Gateway could allow an unauthenticated, remote attacker to access sensitive information on the affected device. The vulnerability is caused by improper access restrictions implemented on the affected...

Cisco TelePresence Video Communication Server Expressway File Modification Vulnerability

A vulnerability in the symbolic link operation of the Cisco TelePresence Video Communication Server VCS Expressway could allow an authenticated, local attacker to perform a symbolic link attack on the affected system. The vulnerability is due to insufficient protection of files. An attacker could...

Information Leakage Using IPv6 Routing Header in Cisco IOS and Cisco IOS-XR

Cisco IOS and Cisco IOS XR contain a vulnerability when processing specially crafted IPv6 packets with a Type 0 Routing Header present. Exploitation of this vulnerability can lead to information leakage on affected IOS and IOS XR devices, and may also result in a crash of the affected IOS device...