5224 matches found
Malformed SNMP Message-Handling Vulnerabilities for Cisco Non-IOS Products
...
Multiple Cisco Products Snort 3 MIME Denial of Service Vulnerabilities
Multiple Cisco products are affected by vulnerabilities in the HTTP Multipurpose Internet Mail Extensions MIME Decoder that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to leak possible sensitive information or to restart. For more information about these...
Remote Unauthenticated Code Execution Vulnerability in OpenSSH Server (regreSSHion): July 2024
On July 1, 2024, the Qualys Threat Research Unit TRU disclosed an unauthenticated, remote code execution vulnerability that affects the OpenSSH server sshd in glibc-based Linux systems. CVE-2024-6387: A signal handler race condition was found in sshd, where a client does not authenticate within...
HTTP/2 Rapid Reset Attack Affecting Cisco Products: October 2023
On October 10, 2023, the following HTTP/2 protocol-level weakness, which enables a novel distributed denial of service DDoS attack technique, was disclosed: CVE-2023-44487: HTTP/2 Rapid Reset For a description of this vulnerability, see the following publications: How it works: The novel HTTP/2...
Cisco Email Security Appliance DNS Verification Denial of Service Vulnerability
A vulnerability in the DNS-based Authentication of Named Entities DANE email verification component of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability...
Cisco IOS XE SD-WAN Software Command Injection Vulnerability
A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root privileges on the underlying operating system. This vulnerability is due to insufficient input validation on certain CLI commands. An...
Multiple Cisco Products Snort Ethernet Frame Decoder Denial of Service Vulnerability
Multiple Cisco products are affected by a vulnerability in the Ethernet Frame Decoder of the Snort detection engine that could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition. The vulnerability is due to improper handling of error conditions when processing...
Cisco Jabber Desktop and Mobile Client Software Vulnerabilities
Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system OS with elevated privileges or gain access to sensitive information. For more information about these...
Cisco Content Security Management Appliance and Cisco Email Security Appliance Information Disclosure Vulnerability
A vulnerability in the authorization module of Cisco Content Security Management Appliance SMA Software and Cisco Email Security Appliance ESA could allow an authenticated, remote attacker to gain out-of-scope access to email. The vulnerability exists because the affected software does not...
Cisco Webex Meetings Mobile (iOS) SSL Certificate Validation Vulnerability
A vulnerability in Cisco Webex Meetings Mobile iOS could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data by using an invalid Secure Sockets Layer SSL certificate. The vulnerability is due to insufficient SSL certificate validation by the affected...
Cisco Adaptive Security Appliance Smart Tunnel Vulnerabilities
Multiple vulnerabilities in the smart tunnel functionality of Cisco Adaptive Security Appliance ASA could allow an authenticated, local attacker to elevate privileges to the root user or load a malicious library file while the tunnel is being established. For more information about these...
Cisco Security Manager XML Entity Expansion Vulnerability
A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information or cause a denial of service DoS condition. The vulnerability is due to improper restrictions on XML entities. An attacker could exploit this vulnerability by sending maliciou...
Cisco IoT Field Network Director XML External Entity Vulnerability
A vulnerability in the web-based user interface of Cisco Internet of Things Field Network Director IoT-FND Software could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External...
Cisco IOS XE Software Command Injection Vulnerabilities
Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerabilities exist because the affected software improperly sanitizes command...
Cisco Prime Network Services Controller Arbitrary Command Execution Vulnerability
A vulnerability in the management of local commands of Cisco Prime Network Services Controller could allow an authenticated, local attacker to perform arbitrary command execution. The vulnerability is due to insufficient validation of local commands. An attacker could exploit this vulnerability b...
Cisco IOS XE Software Challenge/Response Bypass Vulnerability
A vulnerability in the request system shell command supported by specific Cisco IOS XE platforms WS-C3850, WS-C3650, AIR-CT5760, and WS-C4500X could allow an authenticated, local attacker with administrative privilege 15 to access the underlying Linux root shell. The vulnerability is due to...
Transport Layer Security Renegotiation Remote Man-in-the-Middle Attack Vulnerability
Multiple Transport Layer Security TLS implementations contain a vulnerability when renegotiating a TLS session that could allow an unauthenticated, remote attacker to conduct a man-in-the-middle attack. The vulnerability exists during a TLS renegotiation process. If an attacker can intercept...
Cisco IOS XE Software for Cisco Catalyst 9300 Series Switches Secure Boot Bypass Vulnerability
A vulnerability in Cisco IOS XE Software for Cisco Catalyst 9300 Series Switches could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to the device to execute persistent code at boot time and break the chain of trust. This...
Cisco IP Phone 6800, 7800, and 8800 Series Web UI Vulnerabilities
Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service DoS condition. For more information about these vulnerabilities, see the Details "details" section of th...
Cisco Intersight Virtual Appliance IPv4 and IPv6 Forwarding Vulnerabilities
Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access sensitive internal services from an external interface. These vulnerabilities are due to insufficient restrictions for IPv4 or IPv6 packets that are received on the external...
Cisco Small Business 220 Series Smart Switches Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary commands as a root user on the underlying operating system Conduct a cross-site scripting XSS attac...
Cisco Small Business Smart and Managed Switches Cross-Site Scripting Vulnerability
A vulnerability in the web-based interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplie...
Cisco Enterprise Chat and Email Attachment Download Vulnerability
A vulnerability in the HTTP API of Cisco Enterprise Chat and Email could allow an unauthenticated, remote attacker to download files attached through chat sessions. The vulnerability is due to insufficient authentication mechanisms on the file download function of the API. An attacker could explo...
Cisco Small Business RV320 and RV325 Routers Online Help Reflected Cross-Site Scripting Vulnerability
A vulnerability in the Online Help web service of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the service. The vulnerability exists because the Online Hel...
Cisco NX-OS Software CLI Arbitrary Command Injection Vulnerability
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to perform a command-injection attack on an affected device. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting...
Cisco Umbrella Dashboard Session Expiration Issue
Cisco Umbrella uses the internet infrastructure to block connections to malicious destinations before any connections to those destinations can be established. Cisco Umbrella also provides visibility into internet activity across all devices and all ports, even when users are no longer connected ...
Cisco Secure Access Control System Java Deserialization Vulnerability
A vulnerability in Java deserialization used by Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An...
Cisco UCS Director and Cisco Integrated Management Controller Supervisor Cross-Site Request Forgery Vulnerability
A vulnerability in the web-based management interface of Cisco UCS Director Software and Cisco Integrated Management Controller IMC Supervisor Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected...
OpenSSH Server Vulnerabilities
...
Cisco Unified Communications Manager SQL Injection Vulnerability
A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This...
Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities
Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker with read/write privileges to the application to write files or execute arbitrary code on the...
Cisco Smart Software Manager Satellite Web UI Command Injection Vulnerabilities
Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. For more information about these vulnerabilities, see the Details "details" section of this advisory...
Cisco Data Center Network Manager SQL Injection Vulnerabilities
Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. To exploit these vulnerabilities, an attacker would need administrative privileges on the DC...
Cisco Wireless LAN Controller HTTP Parsing Engine Denial of Service Vulnerability
A vulnerability in the web interface of Cisco Wireless LAN Controller Software could allow a low-privileged, authenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability exists due to a failure of the HTTP parsing engine to handle specially...
Cisco Small Business RV016, RV042, RV042G, and RV082 Routers Issues
Cisco firmware for certain Cisco Small Business RV Series Routers is affected by the following issues: Certificate and key issued to QNO Technology Hardcoded password hashes Multiple vulnerabilities in third-party software TPS components Certificate and Key Issued to QNO Technology An X.509...
Cisco Industrial Network Director Configuration Data Information Disclosure Vulnerability
A vulnerability in the āplug-and-playā services component of Cisco Industrial Network Director IND could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper access restrictions on the web-based management interface...
Cisco NX-OS Software Cisco Fabric Services over IP Denial of Service Vulnerability
A vulnerability in the Cisco Fabric Services component of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause process crashes, which can result in a denial of service DoS condition on an affected system. The vulnerability is due to insufficient validation of TCP packets...
Cisco Integrated Management Controller Command Injection Vulnerability
A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on an affected device. An attacker would need to have valid administrator...
Cisco Small Business 220 Series Smart Switches Command Injection Vulnerability
A vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this...
Cisco ASA and FTD Software Cryptographic TLS and SSL Driver Denial of Service Vulnerability
A vulnerability in the cryptographic driver for Cisco Adaptive Security Appliance Software ASA and Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause the device to reboot unexpectedly. The vulnerability is due to incomplete input validation of a Secure...
Cisco IOS and IOS XE Software IP Service Level Agreement Denial of Service Vulnerability
A vulnerability in the processing of IP Service Level Agreement SLA packets by Cisco IOS Software and Cisco IOS XE software could allow an unauthenticated, remote attacker to cause an interface wedge and an eventual denial of service DoS condition on the affected device. The vulnerability is due ...
Multiple Privilege Escalation Vulnerabilities in Cisco SD-WAN Solution
Multiple vulnerabilities in the local CLI of the Cisco SD-WAN Solution could allow an authenticated, local attacker to escalate privileges and modify device configuration files. The vulnerabilities exist because user input is not properly sanitized for certain commands at the CLI. An attacker cou...
Cisco Adaptive Security Appliance Clientless SSL VPN Cross-Site Scripting Vulnerability
A vulnerability in the Web Server Authentication Required screen of the Clientless Secure Sockets Layer SSL VPN portal of Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of that portal on an...
Vulnerability in Linux Kernel Affecting Cisco Products: October 2016
On October 19, 2016, a new vulnerability related to a race condition in the memory manager of the Linux Kernel was disclosed. This vulnerability could allow unprivileged, local users to gain write access to otherwise read-only memory mappings to increase their privileges on the system. Cisco has...
Cisco ASA Software Version Information Disclosure Vulnerability
A vulnerability in the SSL VPN code of Cisco ASA Software could allow an unauthenticated, remote attacker to obtain information about the Cisco ASA Software version. This information could be used for reconnaissance attacks. The vulnerability is due to verbose output returned when a specific URL ...
Cisco Adaptive Security Device Manager and Adaptive Security Appliance Software Client-side Arbitrary Code Execution Vulnerability
A vulnerability in the packaging of Cisco Adaptive Security Device Manager ASDM images and the validation of those images by Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker with administrative privileges to upload an ASDM image that contains malicious...
Cisco Firepower Device Manager On-Box Software Remote Code Execution Vulnerability
A vulnerability in the REST API of Cisco Firepower Device Manager FDM On-Box Software could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system of an affected device. This vulnerability is due to insufficient sanitization of user input on specific...
Cisco SD-WAN vManage Software Vulnerabilities
Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For...
Cisco Integrated Management Controller Command Injection Vulnerability
A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on an affected device. The vulnerability is due to insufficient validation...
Cisco Firepower Threat Defense Software Information Disclosure Vulnerability
A vulnerability in the application policy configuration of the Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data. The vulnerability is due to insufficient application identification. An attacker could...