Information Disclosure in the PAN-OS Management Web Interface

A local privilege escalation vulnerability exists in the PAN-OS management web interface that allows the administrator to access the password hashes of local users by manipulating the HTML markup. Ref. PAN-91564; CVE-2018-9334 Successful exploitation of this issue requires the attacker to be...

Cross site request forgery (csrf)

A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service formerly CUPS could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The...

Cross site request forgery (csrf)

A vulnerability in the web-based management interface of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CS...

Session fixation

A vulnerability in the session identification management functionality of the web-based management interface for Cisco Meeting Server could allow an unauthenticated, local attacker to hijack a valid user session identifier, aka Session Fixation. The vulnerability exists because the affected...

CVE-2018-0363

CVE-2018-0363 affects Cisco Unified Communications Manager IM & Presence Service (CUCM/IM & Presence). The issue is a CSRF vulnerability due to insufficient protections in the web-based management interface, allowing an unauthenticated remote attacker to convince a user to click a crafted link an...

CVE-2018-0365

A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF...

CVE-2018-0364

A vulnerability in the web-based management interface of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CS...

CVE-2018-0359

Cisco Meeting Server web-based management interface is affected by a Session Fixation vulnerability (CVE-2018-0359). Root cause: the app does not refresh the session identifier upon user authentication, enabling a local attacker to hijack an authenticated user’s browser session via a hijacked ses...

Cisco Meeting Server Session Fixation Vulnerability

A vulnerability in the session identification management functionality of the web-based management interface for Cisco Meeting Server could allow an unauthenticated, local attacker to hijack a valid user session identifier. The vulnerability exists because the affected application does not assign...

Cisco Identity Services Engine Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface. The vulnerability is due to insufficient input validation of some...

Cross site request forgery (csrf)

A vulnerability in the web-based management interface of Cisco IoT Field Network Director IoT-FND could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and alter the data of existing users and groups on an affected device. The vulnerability is due to...

CVE-2018-0259

The CVE-2018-0259 issue affects Cisco MATE Collector’s web-based management interface, arising from inadequate CSRF protections. An unauthenticated, remote attacker could induce a logged-in user to click a malicious link, enabling the attacker to perform arbitrary actions on the device via the us...

CVE-2018-0259

A vulnerability in the web-based management interface of Cisco MATE Collector could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the...

Cross site scripting

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...

Cross site scripting

A vulnerability in the web-based management interface of Cisco Unified Computing System UCS Director could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...

Cross site request forgery (csrf)

A vulnerability in the web-based management interface of Cisco Data Center Network Manager could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF...

Cross site scripting

A vulnerability in the web-based management interface of the cloud based Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of the affected service. The vulnerability is...

CVE-2018-0210

A vulnerability in the web-based management interface of Cisco Data Center Network Manager could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF...

CVE-2018-0212

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...

CVE-2018-0208

A vulnerability in the web-based management interface of the cloud based Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of the affected service. The vulnerability is...