5226 matches found
Cisco Unified Communications Manager IM & Presence Service CSRF Vulnerability
A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service formerly CUPS could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The...
Cisco UCS Director and Cisco Integrated Management Controller Supervisor Cross-Site Request Forgery Vulnerability
A vulnerability in the web-based management interface of Cisco UCS Director Software and Cisco Integrated Management Controller IMC Supervisor Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected...
Cisco IOS XE Software Challenge/Response Bypass Vulnerability
A vulnerability in the request system shell command supported by specific Cisco IOS XE platforms WS-C3850, WS-C3650, AIR-CT5760, and WS-C4500X could allow an authenticated, local attacker with administrative privilege 15 to access the underlying Linux root shell. The vulnerability is due to...
Cisco Expressway Series and TelePresence Video Communication Server Remote Code Execution Vulnerability
A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system as the root user. This vulnerability is due to incorrec...
Cisco Adaptive Security Appliance Software Release 9.16.1 and Cisco Firepower Threat Defense Software Release 7.0.0 IPsec Denial of Service Vulnerability
A vulnerability in the software cryptography module of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, remote attacker or an unauthenticated attacker in a man-in-the-middle position to cause an unexpected reload of the...
Cisco Video Surveillance 7000 Series IP Cameras Link Layer Discovery Protocol Memory Leak Vulnerabilities
Multiple vulnerabilities in the Link Layer Discovery Protocol LLDP implementation for Cisco Video Surveillance 7000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service DoS condition on an affected device. These...
Cisco Unified Communications Manager SQL Injection Vulnerability
A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates SQL values. ...
Cisco IOS XE Software ISDN Data Leak Vulnerability
A vulnerability in the Dialer interface feature for ISDN connections in Cisco IOS XE Software for Cisco 4000 Series Integrated Services Routers ISRs could allow an unauthenticated, adjacent attacker to pass IPv4 traffic through an ISDN channel prior to successful PPP authentication. The...
Cisco NX-OS Software Network Time Protocol Denial of Service Vulnerability
A vulnerability in the Network Time Protocol NTP feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to excessive use of system resources when the affected device is logging a dr...
Cisco Integrated Management Controller Denial of Service Vulnerability
A vulnerability in the firmware signature checking program of Cisco Integrated Management Controller IMC could allow an authenticated, local attacker to cause a buffer overflow, resulting in a denial of service DoS condition. The vulnerability is due to insufficient checking of an input buffer. A...
Cisco Integrated Management Controller Information Disclosure Vulnerability
A vulnerability in the Server Utilities of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker to gain unauthorized access to sensitive user information from the configuration data that is stored on the affected system. The vulnerability is due to insufficient...
Cisco Webex Network Recording Players Remote Code Execution Vulnerabilities
Multiple vulnerabilities exist in the Cisco Webex Network Recording Player for Advanced Recording Format ARF and Webex Recording Format WRF files. An attacker could exploit these vulnerabilities by providing a user with a malicious .arf or .wrf file via email or URL and convincing the user to...
Cisco Firepower System Software Detection Engine Denial of Service Vulnerability
A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause one of the detection engine processes to run out of memory and thus slow down traffic processing. The vulnerability is due to improper handling of traffic when the...
NVIDIA TX1 Boot ROM Vulnerability
On April 24, 2018, researchers disclosed a vulnerability that takes advantage of a buffer overflow vulnerability in NVIDIA TX1 BootROM when Recovery Mode RCM is active. This vulnerability could allow an unprivileged, local attacker to bypass secure boot and execute unverified code on an affected...
Cisco IOS XE Software User EXEC Mode Root Shell Access Vulnerabilities
Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerabilities are due to the affected softwa...
Cisco Secure Access Control System Java Deserialization Vulnerability
A vulnerability in Java deserialization used by Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An...
Cisco IOS Software DHCPv6 Server Implementation Denial of Service Vulnerability
A vulnerability in the DHCP version 6 DHCPv6 server implementation of Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to improper handling of crafted DHCPv6 packets. An attacker could exploit this vulnerabilit...
Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Command Injection Vulnerability
A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Evolved Programmable Network EPN Manager could allow an authenticated, remote attacker to execute arbitrary commands on an affected system. The vulnerability is due to insufficient validation of user-supplied...
Cisco IOS XE Software ASIC Register Write Vulnerability
A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to write values to the underlying memory of an affected device. The vulnerability is due to improper input validation and authorization of specific commands that a user can execute within the CLI. An...
Cisco Integrated Management Controller Denial of Service Vulnerability
A vulnerability in the web server of Cisco Integrated Management Controller IMC could allow an authenticated, local attacker to cause a buffer overflow, resulting in a denial of service DoS condition on an affected device. The vulnerability is due to incorrect bounds checking. An attacker could...
Cisco Firepower Threat Defense Software SSL or TLS Denial of Service Vulnerability
A vulnerability in the detection engine of Cisco Firepower Threat Defense Software could allow an unauthenticated, remote attacker to cause the unexpected restart of the SNORT detection engine, resulting in a denial of service DoS condition. The vulnerability is due to the incomplete error handli...
IKEv1 Information Disclosure Vulnerability in Multiple Cisco Products
A vulnerability in Internet Key Exchange version 1 IKEv1 packet processing code in Cisco IOS, Cisco IOS XE, and Cisco IOS XR Software could allow an unauthenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information. The vulnerability is d...
Cisco Identity Services Engine Cross-Site Scripting Vulnerability
A vulnerability in the Cisco Identity Services Engine ISE Infra Admin UI could allow an unauthenticated, remote attacker to perform a cross-site scripting XSS attack. The vulnerability is due to insufficient input validation of some parameters passed via HTTP GET or POST methods. An attacker coul...
Multiple Vulnerabilities in Cisco TelePresence System MXP Series
Cisco TelePresence System MXP Series Software contains the following vulnerabilities: Three SIP denial of service vulnerabilities Three H.225 denial of service vulnerabilities Successful exploitation of these vulnerabilities may allow an attacker to cause system instability and the affected syste...
Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Arbitrary File Upload Vulnerability
A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement...
Multiple Vulnerabilities in Apache HTTP Server Affecting Cisco Products: November 2021
On September 16, 2021, the Apache Software Foundation disclosed five vulnerabilities affecting the Apache HTTP Server httpd 2.4.48 and earlier releases. For a description of these vulnerabilities, see the Apache HTTP Server 2.4.49 section...
Cisco Aironet Access Points FlexConnect Multicast DNS Denial of Service Vulnerability
A vulnerability in the multicast DNS mDNS gateway feature of Cisco Aironet Series Access Points Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to insufficient input validation of incoming mDNS...
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Cross-Site Scripting Vulnerabilities
Update June 28, 2021: Cisco has become aware that public exploit code exists for CVE-2020-3580, and this vulnerability is being actively exploited. Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD...
Cisco IOS XE Software Virtualization Manager CLI Command Injection Vulnerability
A vulnerability in a Virtualization Manager VMAN related CLI command of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root. The vulnerability is due to insufficient validation of...
Cisco Integrated Management Controller CSR Generation Command Injection Vulnerability
A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker to inject arbitrary commands and obtain root privileges. The vulnerability is due to insufficient validation of user-supplied input in the Certificate...
Cisco Integrated Management Controller Arbitrary File Write Vulnerability
A vulnerability in the configuration import utility of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to have write access and upload arbitrary data to the filesystem. The vulnerability is due to a failure to delete temporarily uploaded files. An attack...
Cisco Webex Network Recording Player Arbitrary Code Execution Vulnerabilities
Multiple vulnerabilities in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly validates Advance...
Cisco HyperFlex Arbitrary Statistics Write Vulnerability
A vulnerability in the Graphite interface of Cisco HyperFlex software could allow an authenticated, local attacker to write arbitrary data to the Graphite interface. The vulnerability is due to insufficient authorization controls. An attacker could exploit this vulnerability by connecting to the...
Cisco Meeting Server Denial of Service Vulnerability
A vulnerability in Cisco Meeting Server could allow an authenticated, remote attacker to cause a partial denial of service DoS to Cisco Meetings application users who are paired with a Session Initiation Protocol SIP endpoint. The vulnerability is due to improper validation of coSpaces...
Cisco TelePresence Management Suite Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco TelePresence Management Suite TMS could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...
Cisco Industrial Ethernet Switches Device Manager Cross-Site Request Forgery Vulnerability
A vulnerability in the device manager web interface of Cisco Industrial Ethernet Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against a user of an affected system. The vulnerability is due to insufficient CSRF protection by the devic...
Cisco Firepower System Software Server Message Block File Policy Bypass Vulnerability
A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a configured file action policy that is intended to drop the Server Message Block Version 2 SMB2 and SMB Version 3 SMB3 protocols if malware is detected. The...
Multiple Cisco Products OSPF LSA Manipulation Vulnerability
Multiple Cisco products are affected by a vulnerability involving the Open Shortest Path First OSPF Routing Protocol Link State Advertisement LSA database. This vulnerability could allow an unauthenticated, remote attacker to take full control of the OSPF Autonomous System AS domain routing table...
Cisco Advance Notification for Publication of July 1, 2026, Security Advisories
On July 1, 2026, the Cisco Product Security Incident Response Team PSIRT published the following advisories: Cisco Security Advisory CVE-ID Security Impact Rating CVSS Base Score Cisco Catalyst Center Arbitrary File Read Vulnerability...
Cisco Identity Services Engine Cross-Site Scripting Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ISE Software could allow an attacker to conduct a cross-site scripting XSS attack against a user of the interface. For more information about these vulnerabilities, see the Details "details" section o...
Cisco Network Services Orchestrator CLI Secure Shell Server Privilege Escalation Vulnerability
A vulnerability in Cisco Network Services Orchestrator NSO could allow an authenticated, local attacker to execute arbitrary commands at the level of the account under which Cisco NSO is running, which is root by default. To exploit this vulnerability, an attacker must have a valid account on an...
Cisco Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities
Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper...
Multiple Cisco Products Snort Ethernet Frame Decoder Denial of Service Vulnerability
Multiple Cisco products are affected by a vulnerability in the Ethernet Frame Decoder of the Snort detection engine that could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition. The vulnerability is due to improper handling of error conditions when processing...
Cisco Firepower Management Center Software and Firepower Threat Defense Software sftunnel Pass the Hash Vulnerability
A vulnerability in the sftunnel functionality of Cisco Firepower Management Center FMC Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to obtain the device registration hash. The vulnerability is due to insufficient sftunnel negotiation...
Cisco Integrated Management Controller Command Injection Vulnerability
A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on an affected device. The vulnerability is due to insufficient validation...
Cisco Integrated Management Controller Substring Comparison Privilege Escalation Vulnerability
A vulnerability in the web server of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker to set sensitive configuration values and gain elevated privileges. The vulnerability is due to improper handling of substring comparison operations that are performed by...
Cisco Email Security Appliance GZIP Content Filter Bypass Vulnerability
A vulnerability in the GZIP decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass configured content filters on the device. The vulnerability is due to improper validation of GZIP-formatted files. An attacke...
Cisco IP Phone 8800 Series Arbitrary Script Injection Vulnerability
A vulnerability in the Cisco IP Phone 8800 Series Software could allow an unauthenticated, remote attacker to conduct an arbitrary script injection attack on an affected device. The vulnerability exists because the software running on an affected device insufficiently validates user-supplied data...
Cisco Network Services Orchestrator Arbitrary Command Execution Vulnerability
A vulnerability in the CLI parser of Cisco Network Services Orchestrator NSO could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this...
Cisco Identity Services Engine Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...