CVE-2019-1620 Cisco Data Center Network Manager Arbitrary File Upload and Remote Code Execution Vulnerability

A vulnerability in the web-based management interface of Cisco Data Center Network Manager DCNM could allow an unauthenticated, remote attacker to upload arbitrary files on an affected device. The vulnerability is due to incorrect permission settings in affected DCNM software. An attacker could...

CVE-2019-1622 Cisco Data Center Network Manager Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco Data Center Network Manager DCNM could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device. The vulnerability is due to improper access controls for certain URLs on affected DCNM softwar...

Cisco Data Center Network Manager Arbitrary File Upload and Remote Code Execution Vulnerability

A vulnerability in the web-based management interface of Cisco Data Center Network Manager DCNM could allow an unauthenticated, remote attacker to upload arbitrary files on an affected device. The vulnerability is due to incorrect permission settings in affected DCNM software. An attacker could...

Cross site request forgery (csrf)

A vulnerability in the web-based management interface of Cisco Prime Service Catalog Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. The vulnerability is due to insufficient CSRF protection mechanisms on the...

CVE-2019-1898

CVE-2019-1898 affects Cisco RV110W, RV130W, and RV215W routers. The issue is an information-disclosure vulnerability in the web-based management interface where improper HTTP authorization allows an unauthenticated, remote attacker to access the syslog file, exposing sensitive data. Impact is par...

CVE-2019-1874

CVE-2019-1874 affects Cisco Prime Service Catalog and is a CSRF vulnerability in the web-based management interface caused by insufficient CSRF protection. An unauthenticated, remote attacker could lure a user to a malicious link and perform arbitrary actions with the privileges of the affected u...

CVE-2019-1874 Cisco Prime Service Catalog Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Prime Service Catalog Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. The vulnerability is due to insufficient CSRF protection mechanisms on the...

CVE-2019-1875

Cisco Prime Service Catalog’s web-based management interface is vulnerable to cross-site scripting (XSS) due to insufficient validation of user-supplied input. An authenticated, remote attacker can craft strings added to multiple configuration fields to execute arbitrary script code within the in...

Cisco Integrated Management Controller Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to access potentially sensitive system usage information. The vulnerability is due to a lack of proper data protection mechanisms. An attacker could...

CVE-2019-1881 Cisco Industrial Network Director Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Industrial Network Director IND could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF...

Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Enterprise Chat and Email ECE Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...

Design/Logic Flaw

A vulnerability in the web-based management interface of Cisco Prime Infrastructure PI and Cisco Evolved Programmable Network EPN Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because t...

CVE-2019-1823 Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerabilities

A vulnerability in the web-based management interface of Cisco Prime Infrastructure PI and Cisco Evolved Programmable Network EPN Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because t...

CVE-2019-1717 Cisco Video Surveillance Manager Web-Based Management Interface Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco Video Surveillance Manager could allow an unauthenticated, remote attacker to access sensitive information. The vulnerability is due to improper validation of parameters handled by the web-based management interface. An attacker could...

CVE-2019-1717

Cisco CVE-2019-1717 affects the Cisco Video Surveillance Manager web-based management interface. The root cause is improper validation of parameters in the web interface, enabling an unauthenticated, remote attacker to download arbitrary files from the affected device (information disclosure). Th...

Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL Injection Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure PI and Cisco Evolved Programmable Network EPN Manager could allow an authenticated, remote attacker to execute arbitrary SQL queries. These vulnerabilities exist because the software improperly validates...

CVE-2019-1857

The CVE-2019-1857 entry concerns Cisco HyperFlex HX-Series, where the web-based management interface is vulnerable to CSRF due to insufficient protection. An unauthenticated, remote attacker can coerce a logged-in user to perform arbitrary actions in the interface, using the user’s browser and pr...

CVE-2019-1857 Cisco HyperFlex HX-Series Web-Based Management Interface Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco HyperFlex HX-Series could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for...

CVE-2019-1838 Cisco Application Policy Infrastructure Controller Web-Based Management Interface Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller APIC could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability...

CVE-2019-1713

CVE-2019-1713 is a CSRF vulnerability in the Cisco ASA web-based management interface. It arises from insufficient CSRF protections, enabling an unauthenticated, remote attacker to coax a logged-in user into following a malicious link and perform arbitrary actions with that user’s privileges. If ...