CVE-2019-12638 Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the web-based management interface. The vulnerability is due to insufficient validation of...

CVE-2019-12637 Cisco Identity Services Engine Multiple Stored Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the web-based management interface. The vulnerabilities are due to insufficient validati...

CVE-2019-12636

Cisco CVE-2019-12636 is a CSRF vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches (250, 350, 550X series). The issue stems from insufficient CSRF protections, enabling an unauthenticated, remote attacker to trick a user into visiting a malicious...

Cisco SPA122 ATA with Router Devices DHCP Services Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco SPA122 ATA with Router Devices could allow an unauthenticated, adjacent attacker to conduct cross-site scripting attacks. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface...

Multiple Cisco Analog Telephone Adapters Remote Code Execution Vulnerabilities

Multiple vulnerabilities in Cisco SPA Analog Telephone Adapters ATAs could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker cou...

Cisco SPA100 Series Analog Telephone Adapters Running Configuration Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters ATAs could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper restrictions on configuration information. An...

Cisco SPA100 Series Analog Telephone Adapters Web-Based Management Interface File Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters ATAs could allow an authenticated, remote attacker to view the contents of arbitrary files on an affected device. The vulnerability is due to improper input validation in the web-based managemen...

Cisco SPA100 Series Analog Telephone Adapters Administrative Credentials Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters ATAs could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to unsafe handling of user credentials. An attacker could explo...

CVE-2019-12695

A vulnerability in the Clientless SSL VPN WebVPN portal of Cisco Adaptive Security Appliance ASA and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an...

CVE-2019-12684

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could...

Input validation

A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system of an affected device. The vulnerability is due to insufficient input validation. An...

Cross site scripting

A vulnerability in the web-based guest portal of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-suppli...

Sql injection

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could...

CVE-2019-12714 Cisco IC3000 Industrial Compute Gateway Denial of Service Vulnerability

A vulnerability in the web-based management interface of Cisco IC3000 Industrial Compute Gateway could allow an authenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability exists because the affected software improperly manages system...

CVE-2019-12689 Cisco Firepower Management Center Remote Code Execution Vulnerability

A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system of an affected device. The vulnerability is due to insufficient input validation. An...

CVE-2019-12685

Cisco Firepower Management Center (FMC) web-based management interface contains multiple SQL injection vulnerabilities due to improper input validation. An authenticated, remote attacker could craft SQL queries to view or modify data and potentially execute commands in the underlying OS, impactin...

CVE-2019-12683 Cisco Firepower Management Center SQL Injection Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could...

CVE-2019-12680 Cisco Firepower Management Center SQL Injection Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could...

CVE-2019-12631 Cisco Identity Services Engine Cross-Site Scripting Vulnerability

A vulnerability in the web-based guest portal of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-suppli...

Cisco Data Center Network Manager Information Disclosure Vulnerability

An information disclosure vulnerability exists in the web-based management interface of Cisco Data Center Network Manager DCNM due to improper access controls for certain URLs on affected DCNM software. An unauthenticated, remote attacker can exploit this, by connecting to the web-based managemen...