8 matches found
Cross site scripting
The Zone-Based Firewall ZBFW functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access restrictions via spoofed traffic that matches one of these...
Design/Logic Flaw
Cisco Identity Services Engine ISE before 2.0 allows remote authenticated users to bypass intended web-resource access restrictions via a direct request, aka Bug ID CSCuu45926...
CVE-2015-6317
Cisco Identity Services Engine (ISE) versions prior to 2.0 are vulnerable to an unauthorized access flaw where a low-privileged, authenticated user can bypass web-resource access restrictions by requesting resources directly. The root cause is improper filtering of web resources for administrativ...
CVE-2015-0694
Cisco ASR 9000 devices with software 5.3.0.BASE do not recognize that certain ACL entries have a single-host constraint, which allows remote attackers to bypass intended network-resource access restrictions by using an address that was not supposed to have been allowed, aka Bug ID CSCur28806...
Design/Logic Flaw
Cisco ASR 9000 devices with software 5.3.0.BASE do not recognize that certain ACL entries have a single-host constraint, which allows remote attackers to bypass intended network-resource access restrictions by using an address that was not supposed to have been allowed, aka Bug ID CSCur28806...
CVE-2015-0694
Cisco ASR 9000 devices with software 5.3.0.BASE do not recognize that certain ACL entries have a single-host constraint, which allows remote attackers to bypass intended network-resource access restrictions by using an address that was not supposed to have been allowed, aka Bug ID CSCur28806...
Authentication flaw
Cisco Adaptive Security Appliance ASA Software 9.2.3 and earlier, when challenge-response authentication is used, does not properly select tunnel groups, which allows remote authenticated users to bypass intended resource-access restrictions via a crafted tunnel-group parameter, aka Bug ID...
CVE-2014-8023
Cisco Adaptive Security Appliance ASA Software 9.2.3 and earlier, when challenge-response authentication is used, does not properly select tunnel groups, which allows remote authenticated users to bypass intended resource-access restrictions via a crafted tunnel-group parameter, aka Bug ID...