Multiple Vulnerabilities in Cisco TelePresence TC and TE Software

Cisco TelePresence TC and TE Software are affected by the following vulnerabilities: Six Session Initiation Protocol SIP denial of service vulnerabilities Cisco TelePresence TC and TE Software DNS Buffer Overflow Vulnerability Cisco TelePresence TC and TE Software Input Validation Vulnerability...

Cisco Adaptive Security Device Manager Remote Code Execution Vulnerability

A vulnerability in the Cisco Adaptive Security Device Manager ASDM Launcher could allow an unauthenticated, remote attacker to execute arbitrary code on a user's operating system. This vulnerability is due to a lack of proper signature verification for specific code exchanged between the ASDM and...

Multiple Vulnerabilities in Cisco ASA Software

Cisco Adaptive Security Appliance ASA Software is affected by the following vulnerabilities: Cisco ASA ASDM Privilege Escalation Vulnerability Cisco ASA SSL VPN Privilege Escalation Vulnerability Cisco ASA SSL VPN Authentication Bypass Vulnerability Cisco ASA SIP Denial of Service Vulnerability...

Cisco Meraki Local Status Page Privilege Escalation Vulnerability

A vulnerability in the local status page functionality of the Cisco Meraki MR, MS, MX, Z1, and Z3 product lines could allow an authenticated, remote attacker to modify device configuration files. The vulnerability occurs when handling requests to the local status page. An exploit could allow the...

libssh Authentication Bypass Vulnerability Affecting Cisco Products: October 2018

A vulnerability in libssh could allow an unauthenticated, remote attacker to bypass authentication on a targeted system. The vulnerability is due to improper authentication operations by the server-side state machine of the affected software. An attacker could exploit this vulnerability by...

Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software Denial of Service Vulnerability

A vulnerability in the Session Initiation Protocol SIP inspection engine of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause an affected device to reload or trigger high CPU, resulting in a deni...

Cisco Immunet and Cisco AMP for Endpoints System Scan Denial of Service Vulnerability

A vulnerability in the system scanning component of Cisco Immunet and Cisco Advanced Malware Protection AMP for Endpoints running on Microsoft Windows could allow a local attacker to disable the scanning functionality of the product. This could allow executable files to be launched on the system...

Cisco Small Business Switches Privileged Access Vulnerability

A vulnerability in the Cisco Small Business Switches software could allow an unauthenticated, remote attacker to bypass the user authentication mechanism of an affected device. The vulnerability exists because under specific circumstances, the affected software enables a privileged user account...

Cisco Prime Infrastructure Arbitrary File Upload and Command Execution Vulnerability

A vulnerability in which the HTTP web server for Cisco Prime Infrastructure PI has unrestricted directory permissions could allow an unauthenticated, remote attacker to upload an arbitrary file. This file could allow the attacker to execute commands at the privilege level of the user prime. This...

Cisco Webex Meetings Desktop App Update Service Command Injection Vulnerability

A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user. The vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this...

Apache Struts Commons FileUpload Library Remote Code Execution Vulnerability Affecting Cisco Products: November 2018

On November 5, 2018, the Apache Struts Team released a security announcement urging an upgrade of the Commons FileUpload library to version 1.3.3 on systems using Struts 2.3.36 or earlier releases. Systems using earlier versions of this library may be exposed to attacks that could allow execution...

Texas Instruments Bluetooth Low Energy Denial of Service and Remote Code Execution Vulnerability

On November 1st, 2018, Armis announced the presence of a Remote Code Execution RCE or Denial of Service DoS vulnerability in the Bluetooth Low Energy BLE Stack on Texas Instruments TI chips CC2640 and CC2650. This vulnerability has been assigned the Common Vulnerabilities and Exposures CVE ID of...

Cisco Prime Service Catalog Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplie...

Cisco Stealthwatch Management Console Authentication Bypass Vulnerability

A vulnerability in the Stealthwatch Management Console SMC of Cisco Stealthwatch Enterprise could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected system. The vulnerability is due to an insecure system...

Cisco Video Surveillance Media Server Denial of Service Vulnerability

A vulnerability in the web-based management interface of Cisco Video Surveillance Media Server could allow an unauthenticated, remote attacker to cause a denial of service DoS of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of...

Cisco Unity Express Arbitrary Command Execution Vulnerability

A Java deserialization vulnerability in Cisco Unity Express CUE could allow an unauthenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An...

Cisco Registered Envelope Service Information Disclosure Vulnerability

A vulnerability in the user management functions of Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to discover sensitive user information. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to an insecu...

Cisco Content Security Management Appliance Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Content Security Management Appliance SMA Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface. The vulnerability is due to...

Cisco Prime Collaboration Assurance File Overwrite Vulnerability

A vulnerability in the web-based UI of Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to overwrite files on the file system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using a specific UI input fiel...

Cisco Webex Network Recording Player and Cisco Webex Player Remote Code Execution Vulnerabilities

Multiple vulnerabilities in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly validates Advance...

Cisco Meeting Server Information Disclosure Vulnerability

A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper protections on data that is returned from user meeting requests when the Guest access via ID and passcode option is set to Legacy...

Cisco Energy Management Suite XML External Entity Vulnerability

A vulnerability in the web-based user interface of Cisco Energy Management Suite Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity XXE entri...

Cisco Firepower Detection Engine TCP Intrusion Prevention System Rule Bypass Vulnerability

A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a configured Intrusion Prevention System IPS rule that inspects certain types of TCP traffic. The vulnerability is due to incorrect TCP retransmission handling. An...

Cisco Energy Management Suite Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Energy Management Suite Software could allow an authenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF...

Cisco Integrated Management Controller Supervisor SQL Injection Vulnerability

A vulnerability in the web framework code of Cisco Integrated Management Controller IMC Supervisor could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation of user-supplied input in SQL queries. An attacker could...

Cisco Adaptive Security Appliance Access Control List Bypass Vulnerability

A vulnerability in the per-user-override feature of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass an access control list ACL that is configured for an interface of an affected device. The...

Multiple Cisco Unified Communications Products Open Redirect Vulnerability

A vulnerability in the web interface of Cisco Emergency Responder, Cisco Unified Communications Manager, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an authenticated, remote attacker to redirect a user to a malicious web page. The vulnerabili...

Cisco Integrated Management Controller Supervisor and Cisco UCS Director Authenticated Web Interface Information Disclosure Vulnerability

A vulnerability in the web interface for specific feature sets of Cisco Integrated Management Controller IMC Supervisor and Cisco UCS Director could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to an authorization check that does not properly...

Cisco Wireless LAN Controller Software Control and Provisioning of Wireless Access Points Protocol Information Disclosure Vulnerability

A vulnerability in the Control and Provisioning of Wireless Access Points CAPWAP protocol component of Cisco Wireless LAN Controller WLC Software could allow an unauthenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information. The...

Cisco Small Business RV Series Routers Vulnerabilities

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned softwa...

Cisco Wireless LAN Controller Software Cross-Site Scripting Vulnerability

A vulnerability in the web-based interface of Cisco Wireless LAN Controller WLC Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web-based interface of an affected system. The vulnerability is due to insufficient validatio...

Cisco Integrated Management Controller Supervisor and Cisco UCS Director System Resources Denial of Service Vulnerability

A vulnerability in the web interface of Cisco Integrated Management Controller IMC Supervisor and Cisco UCS Director could allow an authenticated, remote attacker to cause a denial of service DoS condition on an affected system. The vulnerability is due to insufficient restrictions on the size or...

Cisco Cloud Services Platform 2100 Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Cloud Services Platform 2100 could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...

Apache Struts Remote Code Execution Vulnerability Affecting Cisco Products: August 2018

A vulnerability in Apache Struts could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability exists because the affected software insufficiently validates user-supplied input, allowing the use of results with no namespace value and the use of...

Cisco Wireless LAN Controller Software Privilege Escalation Vulnerability

A vulnerability in the authentication and authorization checking mechanisms of Cisco Wireless LAN Controller WLC Software could allow an authenticated, adjacent attacker to gain network access to a Cisco TrustSec domain. Under normal circumstances, this access should be prohibited. The...

Cisco NX-OS Software Authenticated Simple Network Management Protocol Denial of Service Vulnerability

A vulnerability in the Simple Network Management Protocol SNMP input packet processor of Cisco NX-OS Software could allow an authenticated, remote attacker to cause the SNMP application of an affected device to restart unexpectedly. The vulnerability is due to improper validation of SNMP protocol...

Cisco Industrial Network Director Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Industrial Network Director could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF...

Cisco Unified IP Phone 7900 Series Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified IP Phone 7900 Series could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...

Cisco NX-OS Software for Nexus 5500, 5600, and 6000 Series Switches Precision Time Protocol Denial of Service Vulnerability

A vulnerability in the Precision Time Protocol PTP feature of Cisco Nexus 5500, 5600, and 6000 Series Switches running Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to a lack of...

Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability

Update August 20, 2025: Cisco is aware of continued exploitation activity of the vulnerability that is described in this advisory and strongly recommends that customers assess their systems and upgrade to a fixed software release as soon as possible. A vulnerability in the Smart Install feature o...

Cisco Enterprise NFV Infrastructure Software Cross-Site Request Forgery Vulnerability

A vulnerability in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an unauthenticated, remote attacker to conduct cross-site request forgery CSRF attacks. The vulnerability is due to improper validation of Origin headers on HTTP requests within the management interface. An attacker...

Cisco Wireless LAN Controller Software Information Disclosure Vulnerability

A vulnerability in the web-based interface of Cisco Wireless LAN Controller WLC Software could allow an unauthenticated, remote attacker to view system information that under normal circumstances should be prohibited. The vulnerability is due to incomplete input and validation checking mechanisms...

Cisco Wireless LAN Controller Software Control and Provisioning of Wireless Access Points Protocol Denial of Service Vulnerability

A vulnerability in the Control and Provisioning of Wireless Access Points CAPWAP protocol component of Cisco Wireless LAN Controller WLC Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to improper input validation on...

Cisco Wireless LAN Controller Software GUI Privilege Escalation Vulnerability

A vulnerability in TACACS authentication with Cisco Wireless LAN Controller WLC Software could allow an authenticated, local attacker to perform certain operations within the GUI that are not normally available to that user on the CLI. The vulnerability is due to incorrect parsing of a specific...

Cisco Advanced Malware Protection for Endpoints on Windows DLL Preloading Vulnerability

A vulnerability in the DLL loading component of Cisco Advanced Malware Protection AMP for Endpoints on Windows could allow an authenticated, local attacker to disable system scanning services or take other actions to prevent detection of unauthorized intrusions. To exploit this vulnerability, the...

Cisco Prime Collaboration Assurance Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF...

Cisco IOS Access Points Software 802.11r Fast Transition Denial of Service Vulnerability

A vulnerability in the 802.11r Fast Transition feature set of Cisco IOS Access Points APs Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to a corruption of certain timer mechanisms triggered by...

Cisco FXOS and NX-OS Software Link Layer Discovery Protocol Denial of Service Vulnerability

A vulnerability in the Link Layer Discovery Protocol LLDP implementation for Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition when the device unexpectedly reloads. The vulnerability is due to improper input...

Cisco SocialMiner Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco SocialMiner could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied...

Cisco Wireless LAN Controller Software Directory Traversal Vulnerability

A vulnerability in the web-based interface of Cisco Wireless LAN Controller Software could allow an authenticated, remote attacker to view sensitive information. The issue is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames and pathnames. An...