5226 matches found
Cisco Adaptive Security Appliance Clientless SSL VPN Cross-Site Scripting Vulnerability
A vulnerability in the Web Server Authentication Required screen of the Clientless Secure Sockets Layer SSL VPN portal of Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of that portal on an...
Vulnerability in Linux Kernel Affecting Cisco Products: October 2016
On October 19, 2016, a new vulnerability related to a race condition in the memory manager of the Linux Kernel was disclosed. This vulnerability could allow unprivileged, local users to gain write access to otherwise read-only memory mappings to increase their privileges on the system. Cisco has...
Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products
On December 3, 2015, the OpenSSL Project released a security advisory detailing five vulnerabilities. Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service DoS...
Cisco ASA Software Version Information Disclosure Vulnerability
A vulnerability in the SSL VPN code of Cisco ASA Software could allow an unauthenticated, remote attacker to obtain information about the Cisco ASA Software version. This information could be used for reconnaissance attacks. The vulnerability is due to verbose output returned when a specific URL ...
Cisco Adaptive Security Device Manager and Adaptive Security Appliance Software Client-side Arbitrary Code Execution Vulnerability
A vulnerability in the packaging of Cisco Adaptive Security Device Manager ASDM images and the validation of those images by Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker with administrative privileges to upload an ASDM image that contains malicious...
Cisco SD-WAN vManage Software Vulnerabilities
Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For...
Cisco ASR 920 Series Aggregation Services Router Model 12SZ-IM SNMP Denial of Service Vulnerability
A vulnerability in the Simple Network Management Protocol SNMP implementation in Cisco ASR 920 Series Aggregation Services Router model ASR920-12SZ-IM could allow an authenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect handling of data that is return...
Cisco Integrated Management Controller Command Injection Vulnerability
A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on an affected device. The vulnerability is due to insufficient validation...
Cisco Firepower Threat Defense Software Information Disclosure Vulnerability
A vulnerability in the application policy configuration of the Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data. The vulnerability is due to insufficient application identification. An attacker could...
Cisco Firepower Management Center Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected system. The vulnerability is due to...
Cisco Web Security Appliance Reflected and Document Object Model-Based Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to conduct a reflected or Document Object Model–based DOM-based cross-site scripting XSS attack against a user of the web-based management interface of an...
Cisco Firepower Management Center Cross-Site Request Forgery Vulnerability
A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF...
Cisco Integrated Management Controller Supervisor and Cisco UCS Director DOM Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Integrated Management Controller Supervisor Software and Cisco UCS Director Software could allow an authenticated, remote attacker to conduct a Document Object Model-based DOM-based, stored cross-site scripting XSS attack against a us...
Cisco Identity Services Engine Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...
Cisco FXOS and NX-OS System Software Authentication, Authorization, and Accounting Denial of Service Vulnerability
A vulnerability in the authentication, authorization, and accounting AAA implementation of Cisco Firepower Extensible Operating System FXOS and NX-OS System Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability occurs because AAA process...
Cisco WebEx Meetings Server Multiple Cross-Site Scripting Vulnerabilities
A vulnerability in the web framework code of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input validation of some...
Cisco Application Policy Infrastructure Controller and Cisco Cloud Network Controller Cross-Site Request Forgery Vulnerability
A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller APIC and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system...
Cisco Small Business RV Series Routers Vulnerabilities
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service DoS condition on an affected device. For more information about these vulnerabilities, see the...
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Transparent Mode Denial of Service Vulnerability
A vulnerability in the TCP Normalizer of Cisco Adaptive Security Appliance ASA Software and Firepower Threat Defense FTD Software operating in transparent mode could allow an unauthenticated, remote attacker to poison MAC address tables, resulting in a denial of service DoS vulnerability. This...
Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities
Multiple vulnerabilities exist in the Link Layer Discovery Protocol LLDP implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database...
Cisco SD-WAN vManage SQL Injection Vulnerability
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to improper input validation of SQL queries to an affected system. An attacker cou...
Cisco Webex Teams Logging Feature Command Execution Vulnerability
A vulnerability in the Cisco Webex Teams client for Windows could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. This vulnerability is due to improper restrictions on software logging features used by the application on Windows operating systems. An...
Cisco Integrated Management Controller Privilege Escalation Vulnerability
A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC Software could allow an authenticated, remote attacker to make unauthorized changes to the system configuration. The vulnerability is due to insufficient authorization enforcement. An attacker coul...
Cisco Enterprise Network Functions Virtualization Infrastructure Software File Enumeration Vulnerability
A vulnerability in the web server functionality of Cisco Enterprise Network Functions Virtualization Infrastructure Software NFVIS could allow an authenticated, remote attacker to perform file enumeration on an affected system. The vulnerability is due to the web server responding with different...
Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers MPLS OAM Denial of Service Vulnerability
A vulnerability in the Multiprotocol Label Switching MPLS Operations, Administration, and Maintenance OAM implementation of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to trigger a denial of service DoS condition o...
Cisco Nexus 9000 Series Fabric Switches Application-Centric Infrastructure Mode Privilege Escalation Vulnerability
A vulnerability in the controller authorization functionality of Cisco Nexus 9000 Series ACI Mode Switch Software could allow an authenticated, local attacker to escalate standard users with root privilege on an affected device. The vulnerability is due to a misconfiguration of certain sudoers...
Cisco HyperFlex Unauthenticated Statistics Retrieval Vulnerability
A vulnerability in the Graphite service of Cisco HyperFlex software could allow an unauthenticated, remote attacker to retrieve data from the Graphite service. The vulnerability is due to insufficient authentication controls. An attacker could exploit this vulnerability by sending crafted request...
Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF...
Cisco Firepower System Software SSL Denial of Service Vulnerability
A vulnerability in the detection engine parsing of Security Socket Layer SSL protocol packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition due to the Snort process unexpectedly restarting. The vulnerability is due t...
Cisco IOS and IOS XE Software DHCP Version 4 Relay Reply Denial of Service Vulnerability
A vulnerability in the Cisco IOS Software and Cisco IOS XE Software function that restores encapsulated option 82 information in DHCP Version 4 DHCPv4 packets could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. The...
Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF...
Cisco IOS and IOS XE Software Autonomic Networking Infrastructure Denial of Service Vulnerability
A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause autonomic nodes of an affected system to reload, resulting in a denial of service DoS condition. The vulnerability is due to an unknown...
Cisco ASA Unicast Reverse Path Forwarding (uRPF) Bypass Vulnerability
A vulnerability in the Unicast Reverse Path Forwarding uRPF feature in the Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to bypass the uRPF validation checks. The vulnerability is due to incorrect uRPF validation where IP packets from an outside interface,...
Cisco Firepower Management Center Software SQL Injection Vulnerability
A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface does not adequately...
Vulnerabilities in Layer 2 Network Security Controls Affecting Cisco Products: September 2022
On September 27, 2022, the following vulnerabilities affecting Cisco products were disclosed by Cert/CC as part of VU855201, titled L2 network security controls can be bypassed using VLAN 0 stacking and/or 802.3 headers "https://kb.cert.org/vuls/id/855201": CVE-2021-27853: Layer 2 network filteri...
Cisco IOS XE SD-WAN Software Command Injection Vulnerability
A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation by the system CLI. An attacker could exploit this vulnerability by authenticating t...
Cisco Webex Network Recording Player and Webex Player Memory Corruption Vulnerability
A vulnerability in Cisco Webex Network Recording Player for Windows and MacOS and Cisco Webex Player for Windows and MacOS could allow an attacker to execute arbitrary code on an affected system. The vulnerability is due to insufficient validation of values within Webex recording files formatted ...
Cisco SD-WAN Software Privilege Escalation Vulnerability
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges on an affected system. This vulnerability exists because the affected software does not properly restrict access to privileged processes. An attacker could exploit this...
Cisco Firepower Management Center Software Cross-Site Scripting Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. These vulnerabilities are due to insufficient validation o...
Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Authenticated Remote Code Execution Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code with elevated privileges equivalent to the web service process on an affected device. These...
Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco IOS XE Wireless Controller software for the Catalyst 9000 Family of switches could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against another user of the web-based management interface of an...
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Code Execution Vulnerability
A vulnerability in the implementation of the Lua interpreter integrated in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, remote attacker to execute arbitrary code with root privileges on the underlying Linux operating...
Cisco Managed Services Accelerator Open Redirect Vulnerability
A vulnerability in the web interface of Cisco Managed Services Accelerator MSX could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this...
Cisco Integrated Management Controller Command Injection Vulnerability
A vulnerability in the Intelligent Platform Management Interface IPMI of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on the underlying operating system OS. The vulnerability is due to...
Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Default SSH Key Vulnerability
A vulnerability in the SSH key management for the Cisco Nexus 9000 Series Application Centric Infrastructure ACI Mode Switch Software could allow an unauthenticated, remote attacker to connect to the affected system with the privileges of the root user. The vulnerability is due to the presence of...
Cisco Webex Meetings for Android Cross-Site Scripting Vulnerability
A vulnerability in Cisco Webex Meetings for Android could allow an unauthenticated, local attacker to perform a cross-site scripting attack against the application. The vulnerability is due to insufficient validation of the application input parameters. An attacker could exploit this vulnerabilit...
Cisco IOS XE Software Shell Access Authentication Bypass Vulnerability
A vulnerability in the shell access request mechanism of Cisco IOS XE Software could allow an authenticated, local attacker to bypass authentication and gain unrestricted access to the root shell of an affected device. The vulnerability exists because the affected software has insufficient...
Cisco Small Business 300 Series Managed Switches Persistent Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Small Business 300 Series Sx300 Managed Switches could allow an authenticated, remote attacker to conduct a persistent cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The...
Cisco MATE Collector Cross-Site Request Forgery Vulnerability
A vulnerability in the web-based management interface of Cisco MATE Collector could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the...
Cisco Identity Services Engine Authenticated CLI Denial of Service Vulnerability
A vulnerability in specific CLI commands for the Cisco Identity Services Engine could allow an authenticated, local attacker to cause a denial of service DoS condition. The device may need to be manually rebooted to recover. The vulnerability is due to lack of proper input validation of the CLI...