5226 matches found
Cisco SD-WAN vManage Software Cluster Mode Cross-Site Request Forgery Vulnerability
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software when it is operating in cluster mode could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. This vulnerability is due to insufficient CSRF...
Cisco Meeting Server Call Bridge Denial of Service Vulnerability
A vulnerability in an API of the Call Bridge feature of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. This vulnerability is due to improper handling of large series of message requests. An attacker could exploit this vulnerability...
Cisco Packet Tracer for Windows DLL Injection Vulnerability
A vulnerability in Cisco Packet Tracer for Windows could allow an authenticated, local attacker to perform a DLL injection attack on an affected device. To exploit this vulnerability, the attacker must have valid credentials on the Windows system. This vulnerability is due to incorrect handling o...
Cisco SD-WAN vEdge Software Buffer Overflow Vulnerabilities
Multiple vulnerabilities in Cisco SD-WAN vEdge Software could allow an attacker to execute arbitrary code as the root user or cause a denial of service DoS condition on an affected device. For more information about these vulnerabilities, see the Details "details" section of this advisory. Cisco...
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software for Firepower 1000 and 2100 Series Appliances Command Injection Vulnerability
A vulnerability in the upgrade process of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to inject commands that could be executed with root privileges on the underlying operating system OS. This...
Cisco Aironet Access Points FlexConnect Upgrade Information Disclosure Vulnerability
A vulnerability in the FlexConnect Upgrade feature of Cisco Aironet Series Access Points Software could allow an unauthenticated, remote attacker to obtain confidential information from an affected device. This vulnerability is due to an unrestricted Trivial File Transfer Protocol TFTP...
Cisco ACI Multi-Site Orchestrator Application Services Engine Deployment Authentication Bypass Vulnerability
A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator MSO installed on the Application Services Engine could allow an unauthenticated, remote attacker to bypass authentication on an affected device. The vulnerability is due to improper token validation on a specific API endpoint...
Cisco SD-WAN Command Injection Vulnerabilities
Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see...
Cisco Security Manager Static Credential Vulnerability
A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to insufficient protection of static credentials in the affected software. An attacker could exploit this vulnerability by...
Cisco Email Security Appliance URL Filtering Bypass Vulnerability
A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. The vulnerability is due to insufficient input validation of URLs. An...
Cisco Firepower Management Center Software Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web-based management interface. The vulnerability is due to insufficient...
Cisco Enterprise NFV Infrastructure Software Path Traversal Vulnerability
A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to overwrite or read arbitrary files. The attacker would need valid administrator privilege-level credentials. This vulnerability is due to improper input validation of CL...
Cisco Enterprise NFV Infrastructure Software Password Recovery Vulnerability
A vulnerability in the web portal of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to view a password in clear text. The vulnerability is due to incorrectly logging the admin password when a user is forced to modify the default password when...
Cisco IOS and IOS XE Software Short Message Service Denial of Service Vulnerability
A vulnerability in the implementation of the Short Message Service SMS handling functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a denial of service DoS condition on an affected device. The vulnerability is due to improper...
Cisco Nexus 5600 and 6000 Series Switches Fibre Channel over Ethernet Denial of Service Vulnerability
A vulnerability in the Fibre Channel over Ethernet FCoE protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to an incorrect allocation of an internal interface...
Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1607)
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker coul...
Cisco SD-WAN Solution Unauthorized Access Vulnerability
A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, adjacent attacker to bypass authentication and have direct unauthorized access to other vSmart containers. The vulnerability is due to an insecure default configuration of the affected system. An attacker could exploit thi...
Cisco IOS XE Software and Cisco ASA 5500-X Series Adaptive Security Appliance IPsec Denial of Service Vulnerability
A vulnerability in the IPsec driver code of multiple Cisco IOS XE Software platforms and the Cisco ASA 5500-X Series Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to improper processing of malformed IPsec...
Cisco Secure Access Control Server XML External Entity Injection Vulnerability
A vulnerability in the web-based UI of Cisco Secure Access Control Server could allow an authenticated, remote attacker to gain read access to certain information in an affected system. The vulnerability is due to improper handling of XML External Entities XXEs when parsing an XML file. An attack...
Cisco IOS and IOS XE Software Internet Key Exchange Memory Leak Vulnerability
A vulnerability in the Internet Key Exchange Version 2 IKEv2 module of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak or a reload of an affected device that leads to a denial of service DoS condition. The vulnerability is due to...
Cisco Registered Envelope Service Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of the Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of the affected service. The vulnerability is due to...
Cisco WebEx Network Recording Player Buffer Overflow Vulnerability
A vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format ARF files could allow a local attacker to execute arbitrary code on the system of a user. The attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file an...
Cisco AMP for Endpoints Static Key Vulnerability
On October 20th, 2017, Cisco PSIRT was notified by the internal product team of a security vulnerability in the Cisco AMP For Endpoints application that would allow an authenticated, local attacker to access a static key value stored in the local application software. The vulnerability is due to...
Cisco ASR 5000 Series Aggregation Services Routers GGSN Gateway Redirect Vulnerability
A vulnerability in the gateway GPRS support node GGSN of Cisco ASR 5000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to redirect HTTP traffic sent to an affected device. The vulnerability exists because the affected device does not sufficiently validate HTTP...
Cisco Cloud Network Automation Provisioner SQL Injection Vulnerability
A vulnerability in the web framework of Cisco Cloud Network Automation Provisioner CNAP could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. The vulnerability is due to a failure to validate user-supplied input in SQL...
OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products
On July 9, 2015, the OpenSSL Project released a security advisory detailing a vulnerability affecting applications that verify certificates, including SSL/Transport Layer Security TLS/Datagram Transport Layer Security DTLS clients and SSL/TLS/DTLS servers using client authentication. Multiple Cis...
Cisco ISB8320-E High-Definition IP-Only DVR Remote Unauthenticated Access Vulnerability
An issue in Disaster Recovery DRA mode of the Cisco ISB8320-E High-Definition IP-Only DVR could allow an unauthenticated, remote attacker to access the device via telnet without authentication for the duration of the recovery boot. The issue is due to the disaster recovery process. An attacker...
CiscoWorks Common Services Arbitrary Command Execution Vulnerability
CiscoWorks Common Services for Microsoft Windows contains a vulnerability that could allow an authenticated, remote attacker to execute arbitrary commands on the affected system with the privileges of a system administrator. Cisco has released software updates that address this vulnerability. The...
Cisco Unified Communications Products Remote Code Execution Vulnerability
A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory...
Cisco Firepower Management Center Software Log API Denial of Service Vulnerability
A vulnerability in a logging API in Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to cause the device to become unresponsive or trigger an unexpected reload. This vulnerability could also allow an attacker with valid user credentials, but not...
Cisco Email Security Appliance URL Filtering Bypass Vulnerability
On January 18, 2023, Cisco disclosed the following: A vulnerability in the URL filtering mechanism of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. This vulnerability is due...
Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities
Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series Software and Cisco TelePresence Video Communication Server VCS Software could allow a remote attacker to bypass certificate validation or conduct cross-site request forgery attacks on an...
Cisco AnyConnect Secure Mobility Client for Windows with Network Access Manager Module Privilege Escalation Vulnerability
A vulnerability in the Network Access Manager NAM module of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to escalate privileges on an affected device. This vulnerability is due to incorrect privilege assignment to scripts executed before user...
Cisco TelePresence Management Suite Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco TelePresence Management Suite TMS Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient input validation by the...
Cisco Application Policy Infrastructure Controller App Privilege Escalation Vulnerability
A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller APIC and Cisco Cloud Application Policy Infrastructure Controller Cloud APIC could allow an authenticated, remote attacker with Administrator read-only credentials to elevate privileges on an affected system...
Cisco Nexus 9000 Series Fabric Switches ACI Mode Queue Wedge Denial of Service Vulnerability
A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure ACI Mode could allow an unauthenticated, remote attacker to cause a queue wedge on a leaf switch, which could result in critical control plane traffic to the device being dropped. This could result in...
Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Local Privilege Escalation Vulnerability
A vulnerability in the internal message processing of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, local attacker to run arbitrary commands with root privileges on the underlying operating system OS. This vulnerability exists because an interna...
Cisco SD-WAN vManage Command Injection Vulnerability
A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to inject arbitrary commands on an affected system and cause a denial of service DoS condition. This vulnerability is due to improper input validation of user-supplied input to the device...
Cisco Webex Meetings HTML Injection Vulnerability
A vulnerability in certain web pages of Cisco Webex Meetings could allow an unauthenticated, remote attacker to modify a web page in the context of a user's browser. The vulnerability is due to improper checks on parameter values in affected pages. An attacker could exploit this vulnerability by...
Cisco IOx Application Framework Denial of Service Vulnerability
A vulnerability in the Cisco IOx Application Framework of Cisco 809 Industrial Integrated Services Routers Industrial ISRs, Cisco 829 Industrial ISRs, Cisco CGR 1000 Compute Module, and Cisco IC3000 Industrial Compute Gateway could allow an unauthenticated, remote attacker to cause a denial of...
Cisco IOS XE Software Active Debug Code Vulnerability
A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker with high privileges or an unauthenticated attacker with physical access to the device to open a debugging console. The vulnerability is due to insufficient command authorization restrictions. An attacker could...
Cisco Webex Meetings Desktop App and Webex Productivity Tools for Windows Shared Memory Information Disclosure Vulnerability
A vulnerability in Cisco Webex Meetings Desktop App and Webex Productivity Tools for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system. This vulnerability is due to the unsafe usage of shared memory by the affected software. An...
Cisco Data Center Network Manager Authorization Bypass Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. For more information about these vulnerabilities, see the Details "details" section...
Cisco SD-WAN vManage SQL Injection Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities exist because the web-based management interface improperly validates value...
Cisco AnyConnect Secure Mobility Client for Windows Profile Modification Vulnerability
A vulnerability in the interprocess communication IPC channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to overwrite VPN profiles on an affected device. To exploit this vulnerability, the attacker would need to have valid credentials on th...
Cisco IOS XE Software Digital Signature Verification Bypass Vulnerability
A vulnerability in software image verification in Cisco IOS XE Software could allow an unauthenticated, physical attacker to install and boot a malicious software image or execute unsigned binaries on an affected device. The vulnerability is due to an improper check on the area of code that manag...
Cisco DNA Spaces: Connector Command Injection Vulnerability
A vulnerability in Cisco DNA Spaces: Connector could allow an authenticated, local attacker to perform a command injection attack and execute arbitrary commands on the underlying operating system as root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI...
Cisco HyperFlex Software Cross-Site Request Forgery Vulnerability
A vulnerability in the web-based management interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected...
Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1783)
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments...
Cisco Small Business Switches Secure Shell Certificate Authentication Bypass Vulnerability
A vulnerability in the Secure Shell SSH authentication process of Cisco Small Business Switches software could allow an attacker to bypass client-side certificate authentication and revert to password authentication. The vulnerability exists because OpenSSH mishandles the authentication process. ...