5226 matches found
Cisco Firepower Management Center Software Cross-Site Scripting Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. These vulnerabilities are due to insufficient validation of...
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Software-Based SSL/TLS Denial of Service Vulnerability
A vulnerability in the software-based SSL/TLS message handler of Cisco Adaptive Security Appliance ASA Software and Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. This...
Cisco IOS XE Software Rate Limiting Network Address Translation Denial of Service Vulnerability
A vulnerability in the Rate Limiting Network Address Translation NAT feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause high CPU utilization in the Cisco QuantumFlow Processor of an affected device, resulting in a denial of service DoS condition. This...
Cisco Aironet Access Points Arbitrary File Overwrite Vulnerability
A vulnerability in the implementation of a CLI command in Cisco Aironet Access Points AP could allow an authenticated, local attacker to overwrite files in the flash memory of the device. This vulnerability is due to insufficient input validation for a specific command. An attacker could exploit...
Cisco IP Phones Buffer Overflow and Denial of Service Vulnerabilities
Multiple vulnerabilities in the Cisco Discovery Protocol and Link Layer Discovery Protocol LLDP implementations for Cisco IP Phone Series 68xx/78xx/88xx could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP phone. These vulnerabilities are...
Cisco SD-WAN Buffer Overflow Vulnerabilities
Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against an affected device. For more information about these vulnerabilities, see the Details "details" section of this advisory. Cisco has released software updates that address...
Cisco Advanced Malware Protection for Endpoints and Immunet for Windows DLL Hijacking Vulnerability
A vulnerability in the loading mechanism of specific DLLs of Cisco Advanced Malware Protection AMP for Endpoints for Windows and Immunet for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need valid...
Cisco AnyConnect Secure Mobility Client for Windows DLL Injection Vulnerability
A vulnerability in the Network Access Manager and Web Security Agent components of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL injection attack. To exploit this vulnerability, the attacker would need to have valid credentials o...
Cisco TelePresence Collaboration Endpoint and RoomOS Audio Eavesdropping Vulnerability
A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint CE and Cisco RoomOS Software could allow an authenticated, local attacker to enable audio recording without notifying users. The vulnerability is due to the presence of unnecessary debug commands. An attacker could exploit th...
Cisco Expressway Series and TelePresence Video Communication Server Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected...
Cisco Firepower Threat Defense Software File Policy Bypass Vulnerability
A vulnerability in the Secure Sockets Layer SSL/Transport Layer Security TLS protocol inspection engine of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass the configured file policies on an affected system. The vulnerability is due to errors...
Cisco Small Business 300 Series Managed Switches Authenticated Reflected Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Small Business 300 Series Sx300 Managed Switches could allow an authenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The...
Cisco Unified Communications Manager IM And Presence Service Cross-Site Scripting Vulnerability
A vulnerability in the web framework of the Cisco Unified Communications Manager IM and Presence Service software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to...
Cisco Webex Network Recording Players Denial of Service Vulnerabilities
Multiple vulnerabilities exist in the Cisco Webex Network Recording Player for Advanced Recording Format ARF and Webex Recording Format WRF files. An attacker could exploit these vulnerabilities by providing a user with a malicious .arf or .wrf file via email or URL and convincing the user to...
Cisco SD-WAN Solution Remote Code Execution Vulnerability
A vulnerability in the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary code with vmanage user privileges or cause a denial of service DoS condition on an affected system. The vulnerability is due to insufficient...
Cisco Firepower System Software Server Message Block File Policy Bypass Vulnerability
A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a configured file action policy to drop the Server Message Block SMB protocol if a malware file is detected. The vulnerability is due to how the SMB protocol handle...
Cisco IOS and IOS XE Software Internet Key Exchange Version 1 Denial of Service Vulnerability
A vulnerability in the implementation of Internet Key Exchange Version 1 IKEv1 functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. The vulnerability is...
Cisco Registered Envelope Service Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of the Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of the affected service. The vulnerability is due to...
Multiple Cisco Unified Communications Products Reflected Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Emergency Responder and Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web-based management interface of an affected...
Cisco Registered Envelope Service Cross-Site Scripting Vulnerabilities
Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are due to insufficient...
Cisco IOS and IOS XE Software Multicast Routing Denial of Service Vulnerabilities
Multiple vulnerabilities in the multicast subsystem of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to create a denial of service DoS condition. The issues are in IPv4 Multicast Source Discovery Protocol MSDP and IPv6 Protocol Independent Multicast PIM. The first...
Cisco Unified Computing System Manager and Cisco Firepower 9000 Remote Command Execution Vulnerability
A vulnerability in a CGI script in the Cisco Unified Computing System UCS Manager and the Cisco Firepower 9000 Series appliance could allow an unauthenticated, remote attacker to execute arbitrary commands on the Cisco UCS Manager or the Cisco Firepower 9000 Series appliance. The vulnerability is...
OSPF LSA Manipulation Vulnerability in Multiple Cisco Products
Multiple Cisco products are affected by a vulnerability involving the Open Shortest Path First OSPF Routing Protocol Link State Advertisement LSA database. This vulnerability could allow an unauthenticated attacker to take full control of the OSPF Autonomous System AS domain routing table,...
Multiple Vulnerabilities in Cisco PIX and Cisco ASA
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Cisco ThousandEyes Recorder Information Disclosure Vulnerability
A vulnerability in the installer software of Cisco ThousandEyes Recorder could allow an unauthenticated, local attacker to access sensitive information that is contained in the ThousandEyes Recorder installer software. This vulnerability exists because sensitive information is included in the...
Cisco Hosted Collaboration Mediation Fulfillment Denial of Service Vulnerability
A vulnerability in the Java Management Extensions JMX component of Cisco Hosted Collaboration Mediation Fulfillment HCM-F could allow an authenticated, remote attacker to cause a denial of service DoS condition on an affected system. This vulnerability is due to an unsecured TCP/IP port. An...
Cisco Unified Communications Manager Self Care Portal Authorization Bypass Vulnerability
A vulnerability in the Self Care Portal of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an authenticated, remote attacker to modify data on an affected system without proper authorization. The...
Cisco IOS XE Software Hardware Initialization Routines Arbitrary Code Execution Vulnerability
A vulnerability in the hardware initialization routines of Cisco IOS XE Software for Cisco 1100 Series Industrial Integrated Services Routers and Cisco ESR6300 Embedded Series Routers could allow an authenticated, local attacker to execute unsigned code at system boot time. This vulnerability is...
Cisco IOx Application Environment Path Traversal Vulnerability
A vulnerability in the Cisco IOx application hosting environment of multiple Cisco platforms could allow an authenticated, remote attacker to conduct directory traversal attacks and read and write files on the underlying operating system or host system. This vulnerability occurs because the devic...
Cisco IOS XE SD-WAN Software Arbitrary Command Execution Vulnerability
A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as the root user. The attacker must be authenticated on the affected device as a low-privileged user to exploit this...
Cisco TelePresence Collaboration Endpoint, TelePresence Codec, and RoomOS Software Privilege Escalation Vulnerability
A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint CE, Cisco TelePresence Codec TC, and Cisco RoomOS Software could allow an authenticated, remote attacker to escalate privileges to an unrestricted user of the restricted shell. The vulnerability is due to insufficient input...
Cisco Wireless LAN Controller Path Traversal Vulnerability
A vulnerability in the CLI of Cisco Wireless LAN Controller WLC Software could allow an authenticated, local attacker to view system files that should be restricted. This vulnerability is due to improper sanitization of user-supplied input in command-line parameters that describe filenames. An...
Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The attacker must have...
Cisco SPA100 Series Analog Telephone Adapters Running Configuration Information Disclosure Vulnerability
A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters ATAs could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper restrictions on configuration information. An...
Cisco Enterprise NFV Infrastructure Software Privilege Escalation Vulnerability
A vulnerability the Cisco Enterprise NFV Infrastructure Software NFVIS restricted CLI could allow an authenticated, local attacker with valid administrator-level credentials to elevate privileges and execute arbitrary commands on the underlying operating system as root. The vulnerability is due t...
Cisco Enterprise NFV Infrastructure Software VNC Authentication Bypass Vulnerability
A vulnerability in the Virtual Network Computing VNC console implementation of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an unauthenticated, remote attacker to access the VNC console session of an administrative user on an affected device. The vulnerability is due to an...
Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1791)
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands with elevated privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of...
Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Privilege Escalation Vulnerability
A vulnerability in the background operations functionality of Cisco Nexus 9000 Series Application Centric Infrastructure ACI Mode Switch Software could allow an authenticated, local attacker to gain elevated privileges as root on an affected device. The vulnerability is due to insufficient...
Cisco IOS XE Software Command Injection Vulnerability
A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with elevated privileges. The vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability b...
Cisco Network Assurance Engine CLI Access with Default Password Vulnerability
A vulnerability in the management web interface of Cisco Network Assurance Engine NAE could allow an unauthenticated, local attacker to gain unauthorized access or cause a Denial of Service DoS condition on the server. The vulnerability is due to a fault in the password management system of NAE. ...
Cisco TelePresence Management Suite Web Services
Cisco TelePresence Management Suite TMS software implements a Simple Object Access Protocol SOAP interface that by design allows unauthenticated access to web services designed to provide management features to devices. At first publication of the advisory, the management feature was not document...
Cisco Aironet Active Sensor Static Credentials Vulnerability
A vulnerability in the default configuration of the Cisco Aironet Active Sensor could allow an unauthenticated, remote attacker to restart the sensor. The vulnerability is due to a default local account with a static password. The account has privileges only to reboot the device. An attacker coul...
Cisco Unified Communications Manager Reflected Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due...
Cisco Unified Customer Voice Portal Interactive Voice Response Connection Denial of Service Vulnerability
A vulnerability in the Interactive Voice Response IVR management connection interface for Cisco Unified Customer Voice Portal CVP could allow an unauthenticated, remote attacker to cause the IVR connection to disconnect, creating a system-wide denial of service DoS condition. The vulnerability is...
Cisco Identity Services Engine Guest Portal Login Limit Bypass Vulnerability
A vulnerability in the Guest Portal login page of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. The vulnerability is due to insufficient server-side login attempt limit...
Cisco Spark Hybrid Calendar Service Information Disclosure Vulnerability
A vulnerability in the auto discovery phase of Cisco Spark Hybrid Calendar Service could allow an unauthenticated, remote attacker to view sensitive information in the unencrypted headers of an HTTP method request. The attacker could use this information to conduct additional reconnaissance attac...
Cisco Adaptive Security Appliance Software HREF Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due...
Cisco Nexus 7000 and 7700 Series Switches Overlay Transport Virtualization Buffer Overflow Vulnerability
A vulnerability in the Overlay Transport Virtualization OTV generic routing encapsulation GRE implementation of the Cisco Nexus 7000 and 7700 Series Switches could allow an unauthenticated, adjacent attacker to cause a reload of the affected system or to remotely execute code. The vulnerability i...
Cisco Firepower Management Center SQL Injection Vulnerability
A vulnerability in the web framework of the Cisco Firepower Management Center could allow an authenticated, remote attacker to perform SQL injection on the affected device. The vulnerability is due to a lack of input validation. An attacker could exploit this vulnerability by sending a crafted SQ...
Cisco IOS and IOS XE Software SNMP Extended Named Access Control List Bypass Vulnerability
A vulnerability in the implementation of the Simple Network Management Protocol SNMP IPv4 access control list ACL feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform SNMP polling of an affected device, even if it is configured to deny...