Cisco Cloud Network Automation Provisioner SQL Injection Vulnerability

A vulnerability in the web framework of Cisco Cloud Network Automation Provisioner CNAP could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. The vulnerability is due to a failure to validate user-supplied input in SQL...

OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products

On July 9, 2015, the OpenSSL Project released a security advisory detailing a vulnerability affecting applications that verify certificates, including SSL/Transport Layer Security TLS/Datagram Transport Layer Security DTLS clients and SSL/TLS/DTLS servers using client authentication. Multiple Cis...

Cisco ISB8320-E High-Definition IP-Only DVR Remote Unauthenticated Access Vulnerability

An issue in Disaster Recovery DRA mode of the Cisco ISB8320-E High-Definition IP-Only DVR could allow an unauthenticated, remote attacker to access the device via telnet without authentication for the duration of the recovery boot. The issue is due to the disaster recovery process. An attacker...

Cisco Email Security Appliance URL Filtering Bypass Vulnerability

On January 18, 2023, Cisco disclosed the following: A vulnerability in the URL filtering mechanism of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. This vulnerability is due...

Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities

Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series Software and Cisco TelePresence Video Communication Server VCS Software could allow a remote attacker to bypass certificate validation or conduct cross-site request forgery attacks on an...

Cisco Application Policy Infrastructure Controller App Privilege Escalation Vulnerability

A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller APIC and Cisco Cloud Application Policy Infrastructure Controller Cloud APIC could allow an authenticated, remote attacker with Administrator read-only credentials to elevate privileges on an affected system...

Cisco Nexus 9000 Series Fabric Switches ACI Mode Queue Wedge Denial of Service Vulnerability

A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure ACI Mode could allow an unauthenticated, remote attacker to cause a queue wedge on a leaf switch, which could result in critical control plane traffic to the device being dropped. This could result in...

Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Local Privilege Escalation Vulnerability

A vulnerability in the internal message processing of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, local attacker to run arbitrary commands with root privileges on the underlying operating system OS. This vulnerability exists because an interna...

Cisco SD-WAN vEdge Software Buffer Overflow Vulnerabilities

Multiple vulnerabilities in Cisco SD-WAN vEdge Software could allow an attacker to execute arbitrary code as the root user or cause a denial of service DoS condition on an affected device. For more information about these vulnerabilities, see the Details "details" section of this advisory. Cisco...

Cisco SD-WAN vManage Command Injection Vulnerability

A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to inject arbitrary commands on an affected system and cause a denial of service DoS condition. This vulnerability is due to improper input validation of user-supplied input to the device...

Cisco Webex Meetings HTML Injection Vulnerability

A vulnerability in certain web pages of Cisco Webex Meetings could allow an unauthenticated, remote attacker to modify a web page in the context of a user's browser. The vulnerability is due to improper checks on parameter values in affected pages. An attacker could exploit this vulnerability by...

Cisco IOS XE Software Active Debug Code Vulnerability

A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker with high privileges or an unauthenticated attacker with physical access to the device to open a debugging console. The vulnerability is due to insufficient command authorization restrictions. An attacker could...

Cisco ACI Multi-Site Orchestrator Application Services Engine Deployment Authentication Bypass Vulnerability

A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator MSO installed on the Application Services Engine could allow an unauthenticated, remote attacker to bypass authentication on an affected device. The vulnerability is due to improper token validation on a specific API endpoint...

Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers Remote Code Execution Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP...

Cisco SD-WAN vManage SQL Injection Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities exist because the web-based management interface improperly validates value...

Cisco Data Center Network Manager Authorization Bypass Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. For more information about these vulnerabilities, see the Details "details" section...

Cisco Security Manager Static Credential Vulnerability

A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to insufficient protection of static credentials in the affected software. An attacker could exploit this vulnerability by...

Cisco IOS XE Software Digital Signature Verification Bypass Vulnerability

A vulnerability in software image verification in Cisco IOS XE Software could allow an unauthenticated, physical attacker to install and boot a malicious software image or execute unsigned binaries on an affected device. The vulnerability is due to an improper check on the area of code that manag...

Cisco DNA Spaces: Connector Command Injection Vulnerability

A vulnerability in Cisco DNA Spaces: Connector could allow an authenticated, local attacker to perform a command injection attack and execute arbitrary commands on the underlying operating system as root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI...

Cisco HyperFlex Software Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected...

Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1783)

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments...

Cisco IOS XE Software Command Injection Vulnerability

A vulnerability in Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attacker who has...

Cisco IOS XE Software Encrypted Traffic Analytics Denial of Service Vulnerability

A vulnerability in the Cisco Encrypted Traffic Analytics ETA feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to a logic error that exists when handling a malformed incoming packet, leading to...

Cisco Webex Teams Remote Code Execution Vulnerability

A vulnerability in Cisco Webex Teams could allow an unauthenticated, remote attacker to execute arbitrary code on the user’s device, possibly with elevated privileges. The vulnerability occurs because Cisco Webex Teams does not properly sanitize input. An attacker could exploit the vulnerability ...

Cisco Registered Envelope Service Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of the Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of the affected service. The vulnerability is due to...

Cisco Elastic Services Controller Service Portal Unauthorized Access Vulnerability

A vulnerability in the use of JSON web tokens by the web-based service portal of Cisco Elastic Services Controller Software could allow an unauthenticated, remote attacker to gain administrative access to an affected system. The vulnerability is due to the presence of static default credentials f...

Cisco Registered Envelope Service Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are due to insufficient...

Cisco IOS XR Software Denial of Service Vulnerability

A vulnerability in the gRPC code of Cisco IOS XR Software for Cisco Network Convergence System NCS 5500 Series Routers could allow an unauthenticated, remote attacker to cause a denial of service DoS condition when the emsd service stops. The vulnerability is due to the software's inability to...

Cisco RV110W, RV130W, and RV215W Routers Command Shell Injection Vulnerability

A vulnerability in the command-line interface CLI command parser of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an authenticated, local attacker to inject arbitrary shell commands that are executed ...

CiscoWorks Common Services Arbitrary Command Execution Vulnerability

CiscoWorks Common Services for Microsoft Windows contains a vulnerability that could allow an authenticated, remote attacker to execute arbitrary commands on the affected system with the privileges of a system administrator. Cisco has released software updates that address this vulnerability. The...

Cisco Unified Communications Products Remote Code Execution Vulnerability

A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory...

Cisco IOS XE Software Web UI Command Injection Vulnerability

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the...

Cisco TelePresence Management Suite Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco TelePresence Management Suite TMS Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient input validation by the...

Cisco Application Policy Infrastructure Controller Privilege Escalation Vulnerability

A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller APIC and Cisco Cloud Application Policy Infrastructure Controller Cloud APIC could allow an authenticated, remote attacker to elevate privileges to Administrator on an affected device. This vulnerability is d...

Cisco Video Surveillance 7000 Series IP Cameras Cisco Discovery Protocol and Link Layer Discovery Protocol Memory Leak Vulnerabilities

Multiple vulnerabilities in the implementation of the Cisco Discovery Protocol and Link Layer Discovery Protocol LLDP for Cisco Video Surveillance 7000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service DoS condition...

Cisco ASR 5000 Series Software Authorization Bypass Vulnerabilities

Multiple vulnerabilities in the authorization process of Cisco ASR 5000 Series Software StarOS could allow an authenticated, remote attacker to bypass authorization and execute a subset of CLI commands on an affected device. For more information about these vulnerabilities, see the Details...

Cisco DNA Spaces Connector Privilege Escalation Vulnerabilities

Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an authenticated, local attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root. These vulnerabilities are due to insufficient restrictions during the execution of affected CLI...

Cisco Wide Area Application Services Software Information Disclosure Vulnerability

A vulnerability in Cisco Wide Area Application Services WAAS Software could allow an authenticated, local attacker to gain access to sensitive information on an affected device. The vulnerability is due to improper input validation and authorization of specific commands that a user can execute...

Cisco BroadWorks Messaging Server XML External Entity Injection Vulnerability

A vulnerability in the web-based management interface of Cisco BroadWorks Messaging Server Software could allow an authenticated, remote attacker to access sensitive information or cause a partial denial of service DoS condition on an affected system. This vulnerability is due to improper handlin...

Cisco Unified Communications Manager Information Disclosure Vulnerability

A vulnerability in Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper inclusion...

Cisco IOx Application Framework Denial of Service Vulnerability

A vulnerability in the Cisco IOx Application Framework of Cisco 809 Industrial Integrated Services Routers Industrial ISRs, Cisco 829 Industrial ISRs, Cisco CGR 1000 Compute Module, and Cisco IC3000 Industrial Compute Gateway could allow an unauthenticated, remote attacker to cause a denial of...

Cisco NX-OS Software Unauthenticated Arbitrary File Actions Vulnerability

A vulnerability in the implementation of an internal file management service for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode that are running Cisco NX-OS Software could allow an unauthenticated, remote attacker to create, delete, or overwrite...

Cisco Webex Meetings Desktop App and Webex Productivity Tools for Windows Shared Memory Information Disclosure Vulnerability

A vulnerability in Cisco Webex Meetings Desktop App and Webex Productivity Tools for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system. This vulnerability is due to the unsafe usage of shared memory by the affected software. An...

Cisco Webex Meetings and Cisco Webex Meetings Server Unauthorized Audio Information Exposure Vulnerability

A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to maintain bidirectional audio despite being expelled from an active Webex session. The vulnerability is due to a synchronization issue between meeting and media services on a...

Cisco Prime Network Registrar Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based interface of Cisco Prime Network Registrar CPNR could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. The vulnerability is due to insufficient CSRF protections in the web-based interface. An...

Cisco Web Security Appliance Management Interface Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface of an affected device. The vulnerability is due to insufficient validation of...

Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The attacker must have...

Cisco Small Business Smart and Managed Switches Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. The vulnerability is due to insufficient CSRF protections for the...

Cisco Wireless LAN Controller Path Traversal Vulnerability

A vulnerability in the CLI of Cisco Wireless LAN Controller WLC Software could allow an authenticated, local attacker to view system files that should be restricted. This vulnerability is due to improper sanitization of user-supplied input in command-line parameters that describe filenames. An...

Cisco Firepower Management Center Persistent Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficien...