5226 matches found
Cisco Firepower Management Center Software and Firepower Threat Defense Software sftunnel Pass the Hash Vulnerability
A vulnerability in the sftunnel functionality of Cisco Firepower Management Center FMC Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to obtain the device registration hash. The vulnerability is due to insufficient sftunnel negotiation...
Cisco IOS and IOS XE Software Secure Shell Denial of Service Vulnerability
A vulnerability in the Secure Shell SSH server code of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. The vulnerability is due to an internal state not being represented correctly in the SSH state machine, which...
Cisco Aironet Access Points and Catalyst 9100 Access Points CAPWAP Denial of Service Vulnerability
A vulnerability in the Control and Provisioning of Wireless Access Points CAPWAP protocol implementation of Cisco Aironet and Catalyst 9100 Access Points APs could allow an unauthenticated, adjacent attacker to cause an affected device to restart unexpectedly, resulting in a denial of service DoS...
Cisco Small Business Smart and Managed Switches Cross-Site Scripting Vulnerability
A vulnerability in the web-based interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplie...
Cisco Jabber Client Framework for Mac Code Execution Vulnerability
A vulnerability in Cisco Jabber Client Framework JCF for Mac Software, installed as part of the Cisco Jabber for Mac client, could allow an authenticated, local attacker to execute arbitrary code on an affected device The vulnerability is due to improper file level permissions on an affected devi...
Cisco Security Manager XML Entity Expansion Vulnerability
A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information or cause a denial of service DoS condition. The vulnerability is due to improper restrictions on XML entities. An attacker could exploit this vulnerability by sending maliciou...
Cisco Small Business RV320 and RV325 Routers Online Help Reflected Cross-Site Scripting Vulnerability
A vulnerability in the Online Help web service of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the service. The vulnerability exists because the Online Hel...
Cisco HyperFlex Software Unauthenticated Root Access Vulnerability
A vulnerability in the hxterm service of Cisco HyperFlex Software could allow an unauthenticated, local attacker to gain root access to all nodes in the cluster. The vulnerability is due to insufficient authentication controls. An attacker could exploit this vulnerability by connecting to the...
Cisco Firepower 9000 Series Firepower 2-Port 100G Double-Width Network Module Queue Wedge Denial of Service Vulnerability
A vulnerability in field-programmable gate array FPGA ingress buffer management for the Cisco Firepower 9000 Series with the Cisco Firepower 2-port 100G double-width network module PID: FPR9K-DNM-2X100G could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition...
Cisco Umbrella API Unauthorized Access Vulnerability
A vulnerability in the Cisco Umbrella API could allow an authenticated, remote attacker to view and modify data across their organization and other organizations. The vulnerability is due to insufficient authentication configurations for the API interface of Cisco Umbrella. An attacker could...
Cisco 550X Series Stackable Managed Switches SNMP Denial of Service Vulnerability
A vulnerability in the Simple Network Management Protocol SNMP subsystem communication channel through the Cisco 550X Series Stackable Managed Switches could allow an authenticated, remote attacker to cause the device to reload unexpectedly, causing a denial of service DoS condition. The device n...
Cisco WebEx Browser Extension Remote Code Execution Vulnerability
A vulnerability in Cisco WebEx browser extensions could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server and Cisco WebEx Centers...
Cisco Unified Communications Manager Arbitrary File Read Vulnerability
A vulnerability in the command-line interface CLI of Cisco Unified Communications Manager Cisco UCM could allow an authenticated, local attacker to read the contents of arbitrary files. The vulnerability is due to incomplete input validation. An attacker could exploit this vulnerability by issuin...
Malformed SNMP Message-Handling Vulnerabilities for Cisco Non-IOS Products
...
Remote Unauthenticated Code Execution Vulnerability in OpenSSH Server (regreSSHion): July 2024
On July 1, 2024, the Qualys Threat Research Unit TRU disclosed an unauthenticated, remote code execution vulnerability that affects the OpenSSH server sshd in glibc-based Linux systems. CVE-2024-6387: A signal handler race condition was found in sshd, where a client does not authenticate within...
HTTP/2 Rapid Reset Attack Affecting Cisco Products: October 2023
On October 10, 2023, the following HTTP/2 protocol-level weakness, which enables a novel distributed denial of service DDoS attack technique, was disclosed: CVE-2023-44487: HTTP/2 Rapid Reset For a description of this vulnerability, see the following publications: How it works: The novel HTTP/2...
Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities
Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker with read/write privileges to the application to write files or execute arbitrary code on the...
Cisco IOS XE SD-WAN Software Command Injection Vulnerability
A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root privileges on the underlying operating system. This vulnerability is due to insufficient input validation on certain CLI commands. An...
Cisco Jabber Desktop and Mobile Client Software Vulnerabilities
Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system OS with elevated privileges or gain access to sensitive information. For more information about these...
Cisco Content Security Management Appliance and Cisco Email Security Appliance Information Disclosure Vulnerability
A vulnerability in the authorization module of Cisco Content Security Management Appliance SMA Software and Cisco Email Security Appliance ESA could allow an authenticated, remote attacker to gain out-of-scope access to email. The vulnerability exists because the affected software does not...
Cisco Webex Meetings Mobile (iOS) SSL Certificate Validation Vulnerability
A vulnerability in Cisco Webex Meetings Mobile iOS could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data by using an invalid Secure Sockets Layer SSL certificate. The vulnerability is due to insufficient SSL certificate validation by the affected...
Cisco Adaptive Security Appliance Smart Tunnel Vulnerabilities
Multiple vulnerabilities in the smart tunnel functionality of Cisco Adaptive Security Appliance ASA could allow an authenticated, local attacker to elevate privileges to the root user or load a malicious library file while the tunnel is being established. For more information about these...
Cisco IoT Field Network Director XML External Entity Vulnerability
A vulnerability in the web-based user interface of Cisco Internet of Things Field Network Director IoT-FND Software could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External...
Cisco IOS XE Software Command Injection Vulnerabilities
Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerabilities exist because the affected software improperly sanitizes command...
Cisco Prime Network Services Controller Arbitrary Command Execution Vulnerability
A vulnerability in the management of local commands of Cisco Prime Network Services Controller could allow an authenticated, local attacker to perform arbitrary command execution. The vulnerability is due to insufficient validation of local commands. An attacker could exploit this vulnerability b...
Transport Layer Security Renegotiation Remote Man-in-the-Middle Attack Vulnerability
Multiple Transport Layer Security TLS implementations contain a vulnerability when renegotiating a TLS session that could allow an unauthenticated, remote attacker to conduct a man-in-the-middle attack. The vulnerability exists during a TLS renegotiation process. If an attacker can intercept...
Cisco IOS XE Software for Cisco Catalyst 9300 Series Switches Secure Boot Bypass Vulnerability
A vulnerability in Cisco IOS XE Software for Cisco Catalyst 9300 Series Switches could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to the device to execute persistent code at boot time and break the chain of trust. This...
Cisco IP Phone 6800, 7800, and 8800 Series Web UI Vulnerabilities
Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service DoS condition. For more information about these vulnerabilities, see the Details "details" section of th...
Cisco Unified Communications Manager SQL Injection Vulnerability
A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This...
Cisco Firepower Device Manager On-Box Software Remote Code Execution Vulnerability
A vulnerability in the REST API of Cisco Firepower Device Manager FDM On-Box Software could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system of an affected device. This vulnerability is due to insufficient sanitization of user input on specific...
Cisco Intersight Virtual Appliance IPv4 and IPv6 Forwarding Vulnerabilities
Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access sensitive internal services from an external interface. These vulnerabilities are due to insufficient restrictions for IPv4 or IPv6 packets that are received on the external...
Cisco Small Business 220 Series Smart Switches Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary commands as a root user on the underlying operating system Conduct a cross-site scripting XSS attac...
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Command Injection Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerabilities are due to improper validation of...
Cisco Small Business 220 Series Smart Switches Command Injection Vulnerability
A vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this...
Cisco Enterprise Chat and Email Attachment Download Vulnerability
A vulnerability in the HTTP API of Cisco Enterprise Chat and Email could allow an unauthenticated, remote attacker to download files attached through chat sessions. The vulnerability is due to insufficient authentication mechanisms on the file download function of the API. An attacker could explo...
Cisco NX-OS Software SSH Key Information Disclosure Vulnerability
A vulnerability in the SSH CLI key management functionality of Cisco NX-OS Software could allow an authenticated, local attacker to expose a user's private SSH key to all authenticated users on the targeted device. The attacker must authenticate with valid administrator device credentials. The...
Cisco NX-OS Software CLI Arbitrary Command Injection Vulnerability
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to perform a command-injection attack on an affected device. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting...
Cisco Adaptive Security Appliance Clientless SSL VPN Cross-Site Scripting Vulnerability
A vulnerability in the Web Server Authentication Required screen of the Clientless Secure Sockets Layer SSL VPN portal of Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of that portal on an...
Cisco Umbrella Dashboard Session Expiration Issue
Cisco Umbrella uses the internet infrastructure to block connections to malicious destinations before any connections to those destinations can be established. Cisco Umbrella also provides visibility into internet activity across all devices and all ports, even when users are no longer connected ...
Vulnerability in Linux Kernel Affecting Cisco Products: October 2016
On October 19, 2016, a new vulnerability related to a race condition in the memory manager of the Linux Kernel was disclosed. This vulnerability could allow unprivileged, local users to gain write access to otherwise read-only memory mappings to increase their privileges on the system. Cisco has...
OpenSSH Server Vulnerabilities
...
Cisco Adaptive Security Device Manager and Adaptive Security Appliance Software Client-side Arbitrary Code Execution Vulnerability
A vulnerability in the packaging of Cisco Adaptive Security Device Manager ASDM images and the validation of those images by Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker with administrative privileges to upload an ASDM image that contains malicious...
Cisco Smart Software Manager Satellite Web UI Command Injection Vulnerabilities
Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. For more information about these vulnerabilities, see the Details "details" section of this advisory...
Cisco Security Manager Path Traversal Vulnerability
A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to gain access to and modify sensitive information on the affected device. The vulnerability is due to improper validation of directory traversal character sequences within requests to an affected device. An...
Cisco Wireless LAN Controller HTTP Parsing Engine Denial of Service Vulnerability
A vulnerability in the web interface of Cisco Wireless LAN Controller Software could allow a low-privileged, authenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability exists due to a failure of the HTTP parsing engine to handle specially...
Cisco Small Business RV016, RV042, RV042G, and RV082 Routers Issues
Cisco firmware for certain Cisco Small Business RV Series Routers is affected by the following issues: Certificate and key issued to QNO Technology Hardcoded password hashes Multiple vulnerabilities in third-party software TPS components Certificate and Key Issued to QNO Technology An X.509...
Cisco Industrial Network Director Configuration Data Information Disclosure Vulnerability
A vulnerability in the “plug-and-play” services component of Cisco Industrial Network Director IND could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper access restrictions on the web-based management interface...
Cisco NX-OS Software Cisco Fabric Services over IP Denial of Service Vulnerability
A vulnerability in the Cisco Fabric Services component of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause process crashes, which can result in a denial of service DoS condition on an affected system. The vulnerability is due to insufficient validation of TCP packets...
Cisco Integrated Management Controller Command Injection Vulnerability
A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on an affected device. An attacker would need to have valid administrator...
Cisco ASA and FTD Software Cryptographic TLS and SSL Driver Denial of Service Vulnerability
A vulnerability in the cryptographic driver for Cisco Adaptive Security Appliance Software ASA and Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause the device to reboot unexpectedly. The vulnerability is due to incomplete input validation of a Secure...