Cisco TelePresence Multipoint Switch Media Snapshot Denial of Service Vulnerability

A vulnerability in the Media Snapshot code of Cisco TelePresence Multipoint Switch CTMS could allow an authenticated, remote attacker to cause the reload of the affected system, creating a denial of service DoS condition. The vulnerability is due to a failure in handling requests for Media Snapsh...

Cisco Unified Computing System FTP User Vulnerability

A vulnerability in the FTP server of the Cisco Unified Computing System could allow an unauthenticated, adjacent attacker to view and modify files. The vulnerability is due to an undocumented user account with a hard-coded password. An attacker could exploit this vulnerability by accessing the FT...

Cisco Unified Computing System Arbitrary Command Execution Vulnerability

A vulnerability in the remote debug shell in Cisco Unified Computing System PALO adapter cards could allow an authenticated, local attacker to execute commands on the underlying operating system with elevated privileges. The vulnerability is due to insufficient handling of special characters. An...

Cisco Unified Computing System Fabric Interconnect Devices Arbitrary Command Execution Vulnerability

A vulnerability in the initial setup script of Cisco Unified Computing System fabric interconnect FI devices could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. The vulnerability is due to unfiltered input in the cluster initial...

Cisco Unified Computing System Fabric Interconnect Denial of Service Vulnerability

A vulnerability in Smart Call Home functionality in the fabric interconnect FI of Cisco Unified Computing System could allow an unauthenticated, remote attacker to create a denial of service DoS condition. The vulnerability is due to a buffer overflow in the Smart Call Home function. An attacker...

Cisco Unified Computing System Baseboard Management Controller Privilege Escalation Vulnerability

A vulnerability in the Baseboard Management Controller BMC of Cisco Unified Computing System could allow an authenticated, remote attacker to access services with elevated privileges. The vulnerability is due to improper filtering of SSH escape sequences. An attacker could exploit this...

Cisco Unified Computing System Fabric Interconnect Devices Arbitrary Command Execution Vulnerability

A vulnerability in the initial setup script of Cisco Unified Computing System fabric interconnect devices could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. The vulnerability is due to unfiltered input in the initial configuration...

Cisco Unified Computing System Baseboard Management Controller Arbitrary Command Execution Vulnerability

A vulnerability in the fabric interconnect FI of Cisco Unified Computing System could allow an authenticated, local attacker to execute arbitrary commands on the Baseboard Management Controller BMC with elevated privileges. The vulnerability is due to improper input validation in the MCTOOLS...

Cisco Unified Computing System Blade Management Controller Information Disclosure Vulnerability

A vulnerability in the Intelligent Platform Management Interface IPMI of the Cisco Unified Computing System Blade Management Controller could allow an unauthenticated, remote attacker to discover valid usernames. The vulnerability is due to a requirement defined in the IPMI specification. An...

Oil, Energy Watering Hole Attacks Linked to DOL attack

A string of watering hole attacks targeting oil and energy companies dating back to May could be linked to similar attacks against the U.S. Department of Labor website. Researchers at Cisco discovered the compromised domains of 10 oil and energy companies worldwide, including hydroelectric plants...

Cisco Unified Computing System Cisco Management Controller Denial of Service Vulnerability

A vulnerability in the Cisco Management Controller of the Cisco Unified Computing System could allow an authenticated, local attacker to trigger a denial of service DoS condition. The vulnerability is due to improper parameter input validation. An attacker could exploit this vulnerability by...

Cisco NX-OS Software BGP Regex Vulnerability

A vulnerability in the Border Gateway Protocol BGP code of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the affected device to reload. The vulnerability is due to an issue with the regex engine used when processing complex regular expressions. An attacker could...

Cisco Open Network Environment Platform Unvalidated Pointer Vulnerability

A vulnerability in the Open Network Environment Platform ONEP could allow an authenticated, remote attacker to cause the network element to reload. The vulnerability is due to insufficient pointer validation. An attacker could exploit this vulnerability by sending a crafted packet to an ONEP...

Cisco Unified MeetingPlace Application Server Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Unified MeetingPlace Application Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface on the affected system. The vulnerability is due to insufficient input validation ...

Cisco Unified MeetingPlace Solution Cross-Site Request Forgery Vulnerability

A vulnerability in the web framework code of Cisco Unified MeetingPlace Solution could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against the user of the web interface. The vulnerability is due to insufficient CSRF protections. An attacker could...

Cisco Virtualization Experience Client Series 6000 Local Arbitrary Command Execution Vulnerability

A vulnerability in the diagnostic module of the Cisco Virtualization Experience Client 6000 Series could allow an authenticated, non-privileged, local attacker to execute arbitrary commands on the underlying operating system. The vulnerability is due to lack of input validation in the diagnostic...

Cisco Prime LAN Management Solution Cross-Frame Scripting Vulnerability

A vulnerability in Cisco Prime LAN Management Solution could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack. The vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerability by directing a user to an...

Multiple Cisco Products Common Services ActiveMQ Denial of Service Vulnerability

A vulnerability in the integration of the ActiveMQ component used in products based on Common Services could allow an unauthenticated, remote attacker to consume available memory and cause a denial of service DoS condition. The vulnerability is due to improper handling of multiple TCP requests...

Cisco Jabber for Windows Certificate Validation Vulnerability

A vulnerability in Cisco Jabber for Windows could allow an unauthenticated, remote attacker to gain a man-in-the-middle position. The vulnerability is due to a failure to validate server certificates when negotiating a connection over Secure Sockets Layer SSL. An attacker could exploit this...

Cisco Mobility Services Engine Anonymous Login Vulnerability

A vulnerability in Cisco Mobility Services Engine could allow an unauthenticated, remote attacker to connect to a database replication port anonymously via Secure Sockets Layer SSL. The vulnerability is due to the misconfiguration of the Oracle SSL service. An attacker could exploit this...