5226 matches found
Multiple Cisco Products Snort Memory Leak Denial of Service Vulnerability
Multiple Cisco products are affected by a vulnerability in the way the Snort detection engine processes ICMP traffic that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper memory resource manageme...
Cisco Tetration Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Tetration could allow an authenticated, remote attacker to perform a stored cross-site scripting XSS attack on an affected system. This vulnerability exists because the web-based management interface does not sufficiently validate...
Cisco Secure Email and Web Manager Spam Quarantine Unauthorized Access Vulnerability
A vulnerability in the spam quarantine feature of Cisco Secure Email and Web Manager, formerly Cisco Security Management Appliance SMA, could allow an authenticated, remote attacker to gain unauthorized access and modify the spam quarantine settings of another user. This vulnerability exists...
ConfD CLI Secure Shell Server Privilege Escalation Vulnerability
A vulnerability in ConfD could allow an authenticated, local attacker to execute arbitrary commands at the level of the account under which ConfD is running, which is commonly root. To exploit this vulnerability, an attacker must have a valid account on the affected device. The vulnerability exis...
Cisco Small Business 100, 300, and 500 Series Wireless Access Points Vulnerabilities
Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to obtain sensitive information from or inject arbitrary commands on an affected device. For more informatio...
Cisco IOS XR Software Command Injection Vulnerability
A vulnerability in the CLI of Cisco IOS XR 64-Bit Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges on the underlying Linux operating system OS of an affected device. This vulnerability is due to insufficient input validation...
Cisco IOS XE SD-WAN Software vDaemon Denial of Service Vulnerability
A vulnerability in the vDaemon process of Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a device to reload, resulting a denial of service DoS condition. This vulnerability is due to insufficient handling of malformed packets. An attacker could exploit this...
Cisco IOS XE Software Web UI OS Command Injection Vulnerability
A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary code with root privileges on the underlying operating system of an affected device. The vulnerability exists because the affected software improperly sanitizes values that are...
Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers Remote Code Execution Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP...
Cisco SD-WAN Software Packet Filtering Bypass Vulnerability
A vulnerability in the packet filtering features of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to bypass L3 and L4 traffic filters. The vulnerability is due to improper traffic filtering conditions on an affected device. An attacker could exploit this vulnerability by...
Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient validation of certain elements with a Webex...
Cisco Identity Services Engine Information Disclosure Vulnerability
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE Software could allow an unauthenticated, remote attacker read tcpdump files generated on an affected device. The vulnerability is due an issue in the authentication logic of the web-based management...
Cisco Enterprise NFV Infrastructure Software Web Portal Arbitrary File Read Vulnerability
A vulnerability in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system OS of an affected device. The vulnerability is due to the improper input validation of tar packages uploaded through the W...
Cisco Application Policy Infrastructure Controller Privilege Escalation Vulnerability
A vulnerability in the FUSE filesystem functionality for Cisco Application Policy Infrastructure Controller APIC software could allow an authenticated, local attacker to escalate privileges to root on an affected device. The vulnerability is due to insufficient input validation for certain comman...
Cisco IOS Software Catalyst 6500 Series 802.1x Authentication Bypass Vulnerability
A vulnerability in 802.1x function of Cisco IOS Software on the Catalyst 6500 Series Switches could allow an unauthenticated, adjacent attacker to access the network prior to authentication. The vulnerability is due to how the 802.1x packets are handled in the process path. An attacker could...
Cisco IOS Software Precision Time Protocol Denial of Service Vulnerability
A vulnerability in the Precision Time Protocol PTP subsystem of Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition of the Precision Time Protocol. The vulnerability is due to insufficient processing of PTP packets. An attacker could explo...
Cisco AMP for Endpoints Mac Connector Software Denial of Service Vulnerability
A vulnerability in Cisco AMP for Endpoints Mac Connector Software installed on Apple macOS 10.12 could allow an unauthenticated, remote attacker to cause a kernel panic on an affected system, resulting in a denial of service DoS condition. The vulnerability exists if the affected software is...
Cisco Webex Teams Remote Code Execution Vulnerability
A vulnerability in Cisco Webex Teams could allow an unauthenticated, remote attacker to execute arbitrary code on the user’s device, possibly with elevated privileges. The vulnerability occurs because Cisco Webex Teams does not properly sanitize input. An attacker could exploit the vulnerability ...
Cisco Unified Communications Manager Cross-Site Scripting Vulnerability
A vulnerability in the web framework of the Cisco Unified Communications Manager Unified CM software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability is due to insufficient...
Cisco IOS and IOS XE Software Forwarding Information Base Denial of Service Vulnerability
A vulnerability in the Forwarding Information Base FIB code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, network attacker to cause a denial of service DoS condition. The vulnerability is due to a limitation in the way the FIB is internally representing recursive...
Cisco Firepower Management Center SQL Injection Vulnerability
A vulnerability in the web framework of the Cisco Firepower Management Center could allow an authenticated, remote attacker to perform SQL injection on the affected device. The vulnerability is due to a lack of input validation. An attacker could exploit this vulnerability by sending a crafted SQ...
Vulnerability in GNU glibc Affecting Cisco Products: February 2016
On February 16, 2016, an industry-wide, critical vulnerability in the GNU C library glibc was publicly disclosed. Multiple Cisco products incorporate a version of glibc that may be affected by the vulnerability. The vulnerability could allow an unauthenticated, remote attacker to trigger a buffer...
Cisco IP Phone SIP INVITE Message Denial of Service Vulnerability
Cisco 7940 and 7960 IP phones with firmware version 7.4 contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability exists due to an error within the handling of malformed SIP INVITE messages. An attacker could exploit...
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Application Level Gateway Bypass Vulnerabilities
Multiple vulnerabilities in the Application Level Gateway ALG for the Network Address Translation NAT feature of Cisco Adaptive Security Appliance ASA Software and Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass the ALG and open unauthorized...
Cisco Webex Software Application Authorization Bypass Vulnerability
A vulnerability in the application integration feature of Cisco Webex Software could allow an unauthenticated, remote attacker to authorize an external application to integrate with and access a user's account without that user's express consent. This vulnerability is due to improper validation o...
Cisco NX-OS Software MPLS OAM Denial of Service Vulnerability
A vulnerability in the MPLS Operation, Administration, and Maintenance OAM feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper input validation when an affected devi...
Cisco Webex Meetings and Webex Meetings Server File Redirect Vulnerability
A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to redirect users to a malicious file. This vulnerability is due to improper validation of URL paths in the application interface. An attacker could exploit this vulnerability b...
Cisco Content Security Management Appliance Privilege Escalation Vulnerability
A vulnerability in the user account management system of Cisco AsyncOS for Cisco Content Security Management Appliance SMA could allow an authenticated, local attacker to elevate their privileges to root. This vulnerability is due to a procedural flaw in the password generation algorithm. An...
Cisco SD-WAN Software Privilege Escalation Vulnerability
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with Administrator privileges on the underlying operating system. This vulnerability is due to insufficient input validation on certain CLI commands. An...
Cisco SD-WAN vManage XML External Entity Vulnerability
A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. This vulnerability is due to improper handling of XML External Entity XXE entries when the affected...
Cisco Access Point Software Arbitrary Code Execution Vulnerability
A vulnerability in the boot logic of Cisco Access Points Software could allow an authenticated, local attacker to execute unsigned code at boot time. The vulnerability is due to an improper check that is performed by the area of code that manages system startup processes. An attacker could exploi...
Cisco IOS XE Software DNS NAT Protocol Application Layer Gateway Denial of Service Vulnerability
A vulnerability in the DNS application layer gateway ALG functionality used by Network Address Translation NAT in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a logic error that occurs when an affected...
Cisco IOS XE Software Web UI Denial of Service Vulnerabilities
Multiple vulnerabilities in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to cause the web UI software to become unresponsive and consume vty line instances, resulting in a denial of service DoS condition. These vulnerabilities are due...
Cisco SD-WAN Denial of Service Vulnerabilities
Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service DoS attacks against an affected device. For more information about these vulnerabilities, see the Details "details" section of this advisory. Cisco has released software...
Cisco SD-WAN vManage Authorization Bypass Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information that they are not...
Cisco IOS and IOS XE Software Session Initiation Protocol Denial of Service Vulnerability
A vulnerability in the Session Initiation Protocol SIP library of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service DoS condition. The vulnerability is due to insufficient sanity...
Multiple Cisco Analog Telephone Adapters Remote Code Execution Vulnerabilities
Multiple vulnerabilities in Cisco SPA Analog Telephone Adapters ATAs could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker cou...
Cisco Enterprise NFV Infrastructure Software Cross-site Scripting Vulnerability
A vulnerability in the web portal framework of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface. The vulnerability is due to improper input validation of log file...
Cisco IoT Field Network Director TLS Renegotiation Denial of Service Vulnerability
A vulnerability in the web interface of Cisco IoT Field Network Director could allow an unauthenticated, remote attacker to trigger high CPU usage, resulting in a denial of service DoS condition on an affected device. The vulnerability is due to improper handling of Transport Layer Security TLS...
Cisco Nexus 3000 Series and 9000 Series Switches in NX-OS Mode CLI Command Software Image Signature Verification Vulnerability
A vulnerability in the Image Signature Verification feature used in an NX-OS CLI command in Cisco Nexus 3000 Series and 9000 Series Switches could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The...
Cisco Elastic Services Controller REST API Authentication Bypass Vulnerability
A vulnerability in the REST API of Cisco Elastic Services Controller ESC could allow an unauthenticated, remote attacker to bypass authentication on the REST API. The vulnerability is due to improper validation of API requests. An attacker could exploit this vulnerability by sending a crafted...
Cisco IOS XE Software Arbitrary File Upload Vulnerability
A vulnerability in the web UI framework of Cisco IOS XE Software could allow an authenticated, remote attacker to make unauthorized changes to the filesystem of the affected device. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by crafting a...
Cisco NX-OS Software Image Signature Verification Vulnerability
A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability is due to improper verification of digital signature...
Cisco Prime Infrastructure Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient...
Cisco Enterprise NFV Infrastructure Software Denial of Service Vulnerability
A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to cause an affected system to reboot or shut down. The vulnerability is due to insufficient server-side authorization checks. An attacker who ...
Cisco NX-OS Software Role-Based Access Control Elevated Privileges Vulnerability
A vulnerability in role-based access control RBAC for Cisco NX-OS Software could allow an authenticated, remote attacker to execute CLI commands that should be restricted for a nonadministrative user. The attacker would have to possess valid user credentials for the device. The vulnerability is d...
Cisco Prime Collaboration Provisioning Access Control Deficiency in Batch Function Privilege Escalation Vulnerability
A vulnerability in the batch provisioning feature of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to escalate privileges to the Administrator level. The vulnerability is due to insufficient authorization enforcement on batch processing. An attacker could...
Cisco Prime Collaboration Provisioning Tool User Provisioning Tab Cross-Site Scripting Vulnerability
A vulnerability in the User Provisioning tab in the Cisco Prime Collaboration Provisioning Tool could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by...
Network Time Protocol Daemon Symmetric Mode Packet Processing Denial of Service Vulnerability
A vulnerability in ntpd could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected system. The vulnerability is due to improper processing of Network Time Protocol NTP packets when handling symmetric key authentication failures. An attacker could...
Cisco IOS Software and IOS XE Software TCP Packet Memory Leak Vulnerability
A vulnerability in the TCP input module of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak and eventual reload of the affected device. The vulnerability is due to improper handling of certain crafted packet sequences used in establishing ...