5226 matches found
Cisco Integrated Management Controller Command Injection Vulnerability
A vulnerability in the Intelligent Platform Management Interface IPMI of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on the underlying operating system OS. The vulnerability is due to...
Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Default SSH Key Vulnerability
A vulnerability in the SSH key management for the Cisco Nexus 9000 Series Application Centric Infrastructure ACI Mode Switch Software could allow an unauthenticated, remote attacker to connect to the affected system with the privileges of the root user. The vulnerability is due to the presence of...
Cisco Webex Meetings for Android Cross-Site Scripting Vulnerability
A vulnerability in Cisco Webex Meetings for Android could allow an unauthenticated, local attacker to perform a cross-site scripting attack against the application. The vulnerability is due to insufficient validation of the application input parameters. An attacker could exploit this vulnerabilit...
Cisco Small Business 300 Series Managed Switches Persistent Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Small Business 300 Series Sx300 Managed Switches could allow an authenticated, remote attacker to conduct a persistent cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The...
Cisco MATE Collector Cross-Site Request Forgery Vulnerability
A vulnerability in the web-based management interface of Cisco MATE Collector could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the...
Cisco Identity Services Engine Authenticated CLI Denial of Service Vulnerability
A vulnerability in specific CLI commands for the Cisco Identity Services Engine could allow an authenticated, local attacker to cause a denial of service DoS condition. The device may need to be manually rebooted to recover. The vulnerability is due to lack of proper input validation of the CLI...
Cisco Unified Communications Domain Manager Remote Code Execution Vulnerability
A vulnerability in Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to bypass security protections, gain elevated privileges, and execute arbitrary code. The vulnerability is due to insecure key generation during application configuration. An attacker...
Cisco IOS and IOS XE Software DHCP Client Denial of Service Vulnerability
A vulnerability in the DHCP client implementation of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability occurs during the parsing of a crafted DHCP packet. An attacker could exploit this vulnerability b...
Cisco RV110W, RV130W, and RV215W Routers Command Shell Injection Vulnerability
A vulnerability in the command-line interface CLI command parser of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an authenticated, local attacker to inject arbitrary shell commands that are executed ...
SNMP Version 3 Authentication Vulnerabilities
Multiple Cisco products contain either of two authentication vulnerabilities in the Simple Network Management Protocol version 3 SNMPv3 feature. These vulnerabilities can be exploited when processing a malformed SNMPv3 message. These vulnerabilities could allow the disclosure of network informati...
Cisco SD-WAN vManage Authorization Bypass Vulnerability
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization checking and gain access to sensitive information on an affected system. This vulnerability is due to insufficient authorization checks. An...
Cisco SD-WAN vManage Software Vulnerabilities
Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see the Details...
Cisco IOS XE Software Web UI Cross-Site WebSocket Hijacking Vulnerability
A vulnerability in the web UI feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site WebSocket hijacking CSWSH attack and cause a denial of service DoS condition on an affected device. This vulnerability is due to insufficient HTTP protections in...
Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerability
A vulnerability in the Control and Provisioning of Wireless Access Points CAPWAP protocol processing of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service DoS condition of a...
Cisco Smart Software Manager Satellite SQL Injection Vulnerability
A vulnerability in the web-based management interface of Cisco Smart Software Manager Satellite could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates values...
Cisco Small Business 220 Series Smart Switches Remote Code Execution Vulnerabilities
Multiple vulnerabilities in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an unauthenticated, remote attacker to overflow a buffer, which then allows the execution of arbitrary code with root privileges on the underlying operating system. The...
Cisco IOS and IOS XE Software Network-Based Application Recognition Denial of Service Vulnerabilities
Multiple vulnerabilities in the Network-Based Application Recognition NBAR feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. These vulnerabilities are due to a parsing issue on DNS packets. An attacker...
Cisco Web Security Appliance Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...
Cisco IOS for Catalyst 2960X and 3750X Switches Denial of Service Vulnerability
A vulnerability in the Cisco IOS Software forwarding queue of Cisco 2960X and 3750X switches could allow an unauthenticated, adjacent attacker to cause a memory leak in the software forwarding queue that would eventually lead to a partial denial of service DoS condition. The vulnerability is due ...
Cisco Prime Infrastructure XML External Entity Denial of Service Vulnerability
A vulnerability in the web-based user interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to have read access to confidential information stored in the affected system. In addition, the attacker could cause a partial denial of service DoS condition due to...
Network Time Protocol Daemon MAC Checking Failure Authentication Bypass Vulnerability
A vulnerability in the Network Time Protocol NTP daemon could allow an unauthenticated, adjacent attacker to bypass authentication mechanisms and access an affected system. The vulnerability is due to incorrect validation of the message authentication code MAC field. An attacker could exploit thi...
Multiple Vulnerabilities in Cisco PIX and Cisco ASA
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
SSH Malformed Packet Vulnerabilities
...
Cisco Identity Services Engine Vulnerabilities
Multiple vulnerabilities in Cisco Identity Services Engine ISE could allow an attacker to upload arbitrary files or disable Cisco Discovery Protocol CDP processing on an affected device. For more information about these vulnerabilities, see the Details "details" section of this advisory. Cisco ha...
Cisco FXOS and NX-OS Software Cisco Discovery Protocol Denial of Service and Arbitrary Code Execution Vulnerability
A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with root privileges or cause a denial of service DoS condition on an affected device. This vulnerability is due to...
Cisco Business Process Automation Privilege Escalation Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Business Process Automation BPA could allow an authenticated, remote attacker to elevate privileges to Administrator. These vulnerabilities are due to improper authorization enforcement for specific features and for access to...
Cisco Webex Network Recording Player and Webex Player Memory Corruption Vulnerability
A vulnerability in Cisco Webex Network Recording Player for Windows and MacOS and Cisco Webex Player for Windows and MacOS could allow an attacker to execute arbitrary code on an affected system. This vulnerability is due to insufficient validation of values in Webex recording files that are in...
Cisco Umbrella Link and CSV Formula Injection Vulnerabilities
Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote attacker to perform formula and link injection attacks on an affected device. For more information about these vulnerabilities, see the Details...
Cisco Data Center Network Manager SQL Injection Vulnerabilities
Multiple vulnerabilities in certain REST API endpoints of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. For more information about these vulnerabilities, see the Details "details" section of this...
Cisco IoT Field Network Director Unauthenticated REST API Vulnerability
A vulnerability in the REST API of Cisco IoT Field Network Director FND could allow an unauthenticated, remote attacker to access the back-end database of an affected system. The vulnerability exists because the affected software does not properly authenticate REST API calls. An attacker could...
Cisco Jabber for Windows Message Handling Arbitrary Code Execution Vulnerability
A vulnerability in Cisco Jabber for Windows could allow an authenticated, remote attacker to execute arbitrary code. The vulnerability is due to improper validation of message contents. An attacker could exploit this vulnerability by sending specially crafted Extensible Messaging and Presence...
Cisco SPA122 ATA with Router Devices DHCP Services Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco SPA122 ATA with Router Devices could allow an unauthenticated, adjacent attacker to conduct cross-site scripting attacks. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface...
Cisco Firepower Threat Defense Software Packet Inspection and Enforcement Bypass Vulnerability
A vulnerability in the data acquisition DAQ component of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass configured access control policies or cause a denial of service DoS condition. The vulnerability exists because the affected software...
CPU Side-Channel Information Disclosure Vulnerabilities: May 2018
On May 21, 2018, researchers disclosed two vulnerabilities that take advantage of the implementation of speculative execution of instructions on many modern microprocessor architectures to perform side-channel information disclosure attacks. These vulnerabilities could allow an unprivileged, loca...
Cisco IOS XR Software UDP Broadcast Forwarding Denial of Service Vulnerability
A vulnerability in the UDP broadcast forwarding function of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on the affected device. The vulnerability is due to improper handling of UDP broadcast packets that are forwarded to an IP...
Cisco IOS Software RSVP Vulnerability
A vulnerability in the implementation of the Resource Reservation Protocol RSVP in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker cause the device to reload. This vulnerability could be exploited repeatedly to cause an extended denial of service DoS...
Cisco IOS and IOS XE Software FXO Interface Destination Pattern Bypass Vulnerability
A vulnerability in the Voice Telephony Service Provider VTSP service of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured destination patterns and dial arbitrary numbers. This vulnerability is due to insufficient validation of dial...
Cisco Enterprise NFV Infrastructure Software Authentication Bypass Vulnerability
A vulnerability in the TACACS+ authentication, authorization and accounting AAA feature of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an unauthenticated, remote attacker to bypass authentication and log in to an affected device as an administrator. This vulnerability is due to...
Cisco NX-OS Software VXLAN OAM (NGOAM) Denial of Service Vulnerability
A vulnerability in the VXLAN Operation, Administration, and Maintenance OAM feature of Cisco NX-OS Software, known as NGOAM, could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper handling of specific...
Cisco Nexus 9000 Series Fabric Switches ACI Mode Privilege Escalation Vulnerability
A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure ACI mode could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient restrictions during the execution of a specific CLI command...
Cisco Nexus 9000 Series Fabric Switches ACI Mode Multi-Pod and Multi-Site TCP Denial of Service Vulnerability
February 23, 2022 Update: After further investigation, Cisco determined that an additional fix was necessary to completely address this vulnerability. The initial fix allowed an attacker to cause high CPU utilization on an affected device, which could impact user traffic. See the Fixed Software...
Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software SIP Denial of Service Vulnerability
A vulnerability in the SIP inspection engine of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a crash and reload of an affected device, resulting in a denial of service DoS condition. The...
Cisco IOS XE Software Web UI Command Injection Vulnerability
A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to inject arbitrary commands that can be executed as the root user. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted...
Cisco StarOS Denial of Service Vulnerability
A vulnerability in the SSH service of the Cisco StarOS operating system could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service DoS condition. The vulnerability is due to a logic error that may occur under specific...
Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers Arbitrary File Write Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to conduct directory traversal attacks and overwrite certain files that should be restricted on an affected...
Cisco DNA Center Cross-Site Request Forgery Vulnerability
A vulnerability in the web-based management interface of Cisco DNA Center Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack to manipulate an authenticated user into executing malicious actions without their awareness or consent. The...
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Denial of Service Vulnerability
Update from October 22nd, 2020: Cisco has become aware of a new Cisco Adaptive Security Appliance vulnerability that could affect the fixed releases recommended for code trains 9.13 and 9.14 in the Fixed Software "fs" section of this advisory. See the Cisco Adaptive Security Appliance Software...
Cisco FXOS and NX-OS Software Cisco Fabric Services Denial of Service Vulnerability
A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated attacker to cause process crashes, which could result in a denial of service DoS condition on an affected device. The attack vector is configuration dependent and...
Cisco Integrated Management Controller Information Disclosure Vulnerability
A vulnerability in the Intelligent Platform Management Interface IPMI implementation of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to view sensitive system information. The vulnerability is due to insufficient security restrictions imposed by the...
Cisco Integrated Management Controller Unauthenticated Denial of Service Vulnerability
A vulnerability in the web server of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to cause the web server process to crash, causing a denial of service DoS condition on an affected system. The vulnerability is due to insufficient validation of...