Cisco Unified Communications Manager Self Care Portal Authorization Bypass Vulnerability

A vulnerability in the Self Care Portal of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an authenticated, remote attacker to modify data on an affected system without proper authorization. The...

Cisco IOS XE Software Hardware Initialization Routines Arbitrary Code Execution Vulnerability

A vulnerability in the hardware initialization routines of Cisco IOS XE Software for Cisco 1100 Series Industrial Integrated Services Routers and Cisco ESR6300 Embedded Series Routers could allow an authenticated, local attacker to execute unsigned code at system boot time. This vulnerability is...

Cisco IOx Application Environment Path Traversal Vulnerability

A vulnerability in the Cisco IOx application hosting environment of multiple Cisco platforms could allow an authenticated, remote attacker to conduct directory traversal attacks and read and write files on the underlying operating system or host system. This vulnerability occurs because the devic...

Cisco IOS XE SD-WAN Software Arbitrary Command Execution Vulnerability

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as the root user. The attacker must be authenticated on the affected device as a low-privileged user to exploit this...

Cisco Advanced Malware Protection for Endpoints and Immunet for Windows DLL Hijacking Vulnerability

A vulnerability in the loading mechanism of specific DLLs of Cisco Advanced Malware Protection AMP for Endpoints for Windows and Immunet for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need valid...

Cisco SD-WAN Buffer Overflow Vulnerabilities

Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against an affected device. For more information about these vulnerabilities, see the Details "details" section of this advisory. Cisco has released software updates that address...

Cisco TelePresence Collaboration Endpoint, TelePresence Codec, and RoomOS Software Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint CE, Cisco TelePresence Codec TC, and Cisco RoomOS Software could allow an authenticated, remote attacker to escalate privileges to an unrestricted user of the restricted shell. The vulnerability is due to insufficient input...

Cisco Enterprise NFV Infrastructure Software Privilege Escalation Vulnerability

A vulnerability the Cisco Enterprise NFV Infrastructure Software NFVIS restricted CLI could allow an authenticated, local attacker with valid administrator-level credentials to elevate privileges and execute arbitrary commands on the underlying operating system as root. The vulnerability is due t...

Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1791)

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands with elevated privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of...

Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Privilege Escalation Vulnerability

A vulnerability in the background operations functionality of Cisco Nexus 9000 Series Application Centric Infrastructure ACI Mode Switch Software could allow an authenticated, local attacker to gain elevated privileges as root on an affected device. The vulnerability is due to insufficient...

Cisco IOS XE Software Command Injection Vulnerability

A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with elevated privileges. The vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability b...

Cisco TelePresence Management Suite Web Services

Cisco TelePresence Management Suite TMS software implements a Simple Object Access Protocol SOAP interface that by design allows unauthenticated access to web services designed to provide management features to devices. At first publication of the advisory, the management feature was not document...

Cisco Aironet Active Sensor Static Credentials Vulnerability

A vulnerability in the default configuration of the Cisco Aironet Active Sensor could allow an unauthenticated, remote attacker to restart the sensor. The vulnerability is due to a default local account with a static password. The account has privileges only to reboot the device. An attacker coul...

Cisco Unified Communications Manager Reflected Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due...

Cisco Small Business 300 Series Managed Switches Authenticated Reflected Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business 300 Series Sx300 Managed Switches could allow an authenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The...

Cisco Unified Customer Voice Portal Interactive Voice Response Connection Denial of Service Vulnerability

A vulnerability in the Interactive Voice Response IVR management connection interface for Cisco Unified Customer Voice Portal CVP could allow an unauthenticated, remote attacker to cause the IVR connection to disconnect, creating a system-wide denial of service DoS condition. The vulnerability is...

Cisco Spark Hybrid Calendar Service Information Disclosure Vulnerability

A vulnerability in the auto discovery phase of Cisco Spark Hybrid Calendar Service could allow an unauthenticated, remote attacker to view sensitive information in the unencrypted headers of an HTTP method request. The attacker could use this information to conduct additional reconnaissance attac...

Cisco Adaptive Security Appliance Software HREF Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due...

Multiple Vulnerabilities in ntpd Affecting Cisco Products

Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code or create a denial of service DoS condition. On December 19, 2014, NTP.org and...

Cisco IOS Software Crafted TCP Packet Denial of Service Vulnerability

Cisco IOS® Software is affected by a denial of service vulnerability that may allow a remote unauthenticated attacker to cause an affected device to reload or hang. The vulnerability may be triggered by a TCP segment containing crafted TCP options that is received during the TCP session...

Cisco Catalyst SD-WAN Controller, Catalyst SD-WAN Manager, and Catalyst SD-WAN Validator Authenticated Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly SD-WAN vBond, could allow an authenticated, local attacker to execute arbitrary commands as root by supplyi...

Cisco IOS and IOS XE Software SNMP Extended Named Access Control List Bypass Vulnerability

A vulnerability in the implementation of the Simple Network Management Protocol SNMP IPv4 access control list ACL feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform SNMP polling of an affected device, even if it is configured to deny...

Cisco IOS and IOS XE Software Internet Key Exchange Version 1 Fragmentation Denial of Service Vulnerabilities

Multiple vulnerabilities in the Internet Key Exchange version 1 IKEv1 fragmentation feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap overflow or corruption on an affected system. For more information about these vulnerabilitie...

Multiple Cisco Products Snort Memory Leak Denial of Service Vulnerability

Multiple Cisco products are affected by a vulnerability in the way the Snort detection engine processes ICMP traffic that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper memory resource manageme...

Cisco Integrated Management Controller GUI Denial of Service Vulnerability

A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC Software could allow an unauthenticated, remote attacker to cause the web-based management interface to unexpectedly restart. The vulnerability is due to insufficient input validation on the...

Cisco Secure Email and Web Manager Spam Quarantine Unauthorized Access Vulnerability

A vulnerability in the spam quarantine feature of Cisco Secure Email and Web Manager, formerly Cisco Security Management Appliance SMA, could allow an authenticated, remote attacker to gain unauthorized access and modify the spam quarantine settings of another user. This vulnerability exists...

ConfD CLI Secure Shell Server Privilege Escalation Vulnerability

A vulnerability in ConfD could allow an authenticated, local attacker to execute arbitrary commands at the level of the account under which ConfD is running, which is commonly root. To exploit this vulnerability, an attacker must have a valid account on the affected device. The vulnerability exis...

Cisco AnyConnect Secure Mobility Client for Windows Denial of Service Vulnerability

A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to cause a denial of service DoS condition on an affected system. This vulnerability is due to uncontrolled memory allocation. An attacker could exploit this vulnerability by copyin...

Cisco Small Business 100, 300, and 500 Series Wireless Access Points Vulnerabilities

Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to obtain sensitive information from or inject arbitrary commands on an affected device. For more informatio...

Cisco IOS XR Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco IOS XR 64-Bit Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges on the underlying Linux operating system OS of an affected device. This vulnerability is due to insufficient input validation...

Cisco IOS XE SD-WAN Software vDaemon Denial of Service Vulnerability

A vulnerability in the vDaemon process of Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a device to reload, resulting a denial of service DoS condition. This vulnerability is due to insufficient handling of malformed packets. An attacker could exploit this...

Cisco IOS XE Software Web UI OS Command Injection Vulnerability

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary code with root privileges on the underlying operating system of an affected device. The vulnerability exists because the affected software improperly sanitizes values that are...

Cisco SD-WAN Software Packet Filtering Bypass Vulnerability

A vulnerability in the packet filtering features of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to bypass L3 and L4 traffic filters. The vulnerability is due to improper traffic filtering conditions on an affected device. An attacker could exploit this vulnerability by...

Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities

Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient validation of certain elements with a Webex...

Cisco Identity Services Engine Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE Software could allow an unauthenticated, remote attacker read tcpdump files generated on an affected device. The vulnerability is due an issue in the authentication logic of the web-based management...

Cisco Enterprise NFV Infrastructure Software Web Portal Arbitrary File Read Vulnerability

A vulnerability in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system OS of an affected device. The vulnerability is due to the improper input validation of tar packages uploaded through the W...

Cisco Enterprise NFV Infrastructure Software VNC Authentication Bypass Vulnerability

A vulnerability in the Virtual Network Computing VNC console implementation of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an unauthenticated, remote attacker to access the VNC console session of an administrative user on an affected device. The vulnerability is due to an...

Cisco Application Policy Infrastructure Controller Privilege Escalation Vulnerability

A vulnerability in the FUSE filesystem functionality for Cisco Application Policy Infrastructure Controller APIC software could allow an authenticated, local attacker to escalate privileges to root on an affected device. The vulnerability is due to insufficient input validation for certain comman...

Cisco IOS Software Catalyst 6500 Series 802.1x Authentication Bypass Vulnerability

A vulnerability in 802.1x function of Cisco IOS Software on the Catalyst 6500 Series Switches could allow an unauthenticated, adjacent attacker to access the network prior to authentication. The vulnerability is due to how the 802.1x packets are handled in the process path. An attacker could...

Cisco Network Assurance Engine CLI Access with Default Password Vulnerability

A vulnerability in the management web interface of Cisco Network Assurance Engine NAE could allow an unauthenticated, local attacker to gain unauthorized access or cause a Denial of Service DoS condition on the server. The vulnerability is due to a fault in the password management system of NAE. ...

Cisco AMP for Endpoints Mac Connector Software Denial of Service Vulnerability

A vulnerability in Cisco AMP for Endpoints Mac Connector Software installed on Apple macOS 10.12 could allow an unauthenticated, remote attacker to cause a kernel panic on an affected system, resulting in a denial of service DoS condition. The vulnerability exists if the affected software is...

Cisco Unified Communications Manager Cross-Site Scripting Vulnerability

A vulnerability in the web framework of the Cisco Unified Communications Manager Unified CM software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability is due to insufficient...

Cisco IOS XR Software UDP Broadcast Forwarding Denial of Service Vulnerability

A vulnerability in the UDP broadcast forwarding function of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on the affected device. The vulnerability is due to improper handling of UDP broadcast packets that are forwarded to an IP...

Cisco Identity Services Engine Guest Portal Login Limit Bypass Vulnerability

A vulnerability in the Guest Portal login page of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. The vulnerability is due to insufficient server-side login attempt limit...

Cisco IOS and IOS XE Software Multicast Routing Denial of Service Vulnerabilities

Multiple vulnerabilities in the multicast subsystem of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to create a denial of service DoS condition. The issues are in IPv4 Multicast Source Discovery Protocol MSDP and IPv6 Protocol Independent Multicast PIM. The first...

Vulnerability in GNU glibc Affecting Cisco Products: February 2016

On February 16, 2016, an industry-wide, critical vulnerability in the GNU C library glibc was publicly disclosed. Multiple Cisco products incorporate a version of glibc that may be affected by the vulnerability. The vulnerability could allow an unauthenticated, remote attacker to trigger a buffer...

Cisco IP Phone SIP INVITE Message Denial of Service Vulnerability

Cisco 7940 and 7960 IP phones with firmware version 7.4 contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability exists due to an error within the handling of malformed SIP INVITE messages. An attacker could exploit...

Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of...

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Application Level Gateway Bypass Vulnerabilities

Multiple vulnerabilities in the Application Level Gateway ALG for the Network Address Translation NAT feature of Cisco Adaptive Security Appliance ASA Software and Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass the ALG and open unauthorized...

Cisco Tetration Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Tetration could allow an authenticated, remote attacker to perform a stored cross-site scripting XSS attack on an affected system. This vulnerability exists because the web-based management interface does not sufficiently validate...