Cisco TelePresence Collaboration Endpoint Software Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint CE Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by...

Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the web-based management interface. The vulnerability is due to insufficient validation of...

Cisco FXOS and NX-OS Software Authenticated Simple Network Management Protocol Denial of Service Vulnerability

A vulnerability in the Simple Network Management Protocol SNMP input packet processor of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, remote attacker to cause the SNMP application on an affected device to restart unexpectedly. The vulnerability is due to improper...

Cisco Enterprise NFV Infrastructure Software Arbitrary File Read Vulnerabilities

Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to read arbitrary files on the underlying operating system OS of an affected device. For more information about these vulnerabilities, see the Details "details" section of...

Cisco Small Business 220 Series Smart Switches Authentication Bypass Vulnerability

A vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an unauthenticated, remote attacker to upload arbitrary files. The vulnerability is due to incomplete authorization checks in the web management interface. An attacker could exploit this...

Cisco NX-OS Software Remote Package Manager Command Injection Vulnerability

A vulnerability in the Remote Package Manager RPM subsystem of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to leverage a time-of-check, time-of-use TOCTOU race condition to corrupt local variables, which could lead to arbitrary command injectio...

Cisco NX-OS Software Patch Signature Verification Bypass Vulnerability

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signature...

Cisco FXOS and NX-OS Software Unauthorized Administrator Account Vulnerability

A vulnerability in the write-erase feature of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to configure an unauthorized administrator account for an affected device. The vulnerability exists because the affected software does not properly delete...

Cisco Prime Collaboration Provisioning Access Control Deficiency in Batch Function Privilege Escalation Vulnerability

A vulnerability in the batch provisioning feature of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to escalate privileges to the Administrator level. The vulnerability is due to insufficient authorization enforcement on batch processing. An attacker could...

Cisco Aironet 1800, 2800, and 3800 Series Access Points Secure Shell Privilege Escalation Vulnerability

A vulnerability in the assignment and management of default user accounts for Secure Shell SSH access to Cisco Aironet 1800, 2800, and 3800 Series Access Points that are running Cisco Mobility Express Software could allow an authenticated, remote attacker to gain elevated privileges on an affecte...

Cisco Virtualized Packet Core-Distributed Instance Denial of Service Vulnerability

A vulnerability in the ingress packet processing functionality of the Cisco Virtualized Packet Core-Distributed Instance VPC-DI Software could allow an unauthenticated, remote attacker to cause both control function CF instances on an affected system to reload, resulting in a denial of service Do...

Cisco Unified Communications Manager Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to perform a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...

Cisco IOS Software for Cisco Aironet Access Points Information Disclosure Vulnerability

A vulnerability in the packet processing code of Cisco IOS Software for Cisco Aironet Access Points could allow an unauthenticated, adjacent attacker to retrieve content from memory on an affected device, which could lead to the disclosure of confidential information. The vulnerability is due to...

Cisco AnyConnect Secure Mobility Client for Windows SBL Privileges Escalation Vulnerability

A vulnerability in the Start Before Logon SBL module of Cisco AnyConnect Secure Mobility Client Software for Windows could allow an unauthenticated, local attacker to open Internet Explorer with the privileges of the SYSTEM user. The vulnerability is due to insufficient implementation of the acce...

OSPF LSA Manipulation Vulnerability in Multiple Cisco Products

Multiple Cisco products are affected by a vulnerability involving the Open Shortest Path First OSPF Routing Protocol Link State Advertisement LSA database. This vulnerability could allow an unauthenticated attacker to take full control of the OSPF Autonomous System AS domain routing table,...

Cisco IronPort Appliances Telnet Remote Code Execution Vulnerability

Cisco AsyncOS Software for Cisco Web Security Appliance WSA, Cisco Email Security Appliance ESA, and Cisco Content Security Management Appliance SMA contain a vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code with elevated privileges. Cisco has released...

Heap Overflow in Solaris cachefs Daemon

...

Cisco Prime Collaboration Deployment Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Prime Collaboration Deployment could allow an unauthenticated, remote attacker to conduct a cross-site scripting attack against a user of the interface. This vulnerability exists because the web-based management interface does not...

Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Remote Code Execution and Denial of Service Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code or cause the web-based management process on the device to restart unexpectedly,...

Cisco Firepower Threat Defense Software Denial of Service Vulnerability

A vulnerability in the connection handling function in Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper traffic handling when platform limits are...

Cisco AnyConnect Secure Mobility Client for Windows with Network Access Manager Module Privilege Escalation Vulnerability

A vulnerability in the Network Access Manager NAM module of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to escalate privileges on an affected device. This vulnerability is due to incorrect privilege assignment to scripts executed before user...

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SNMP Access Control Vulnerability

A vulnerability in the Simple Network Management Protocol version 3 SNMPv3 access control functionality of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to query SNMP data. This vulnerability is due t...

Cisco Smart Software Manager Privilege Escalation Vulnerability

A vulnerability in the web UI of Cisco Smart Software Manager On-Prem SSM On-Prem could allow an authenticated, remote attacker to elevate privileges and create, read, update, or delete records and settings in multiple functions. This vulnerability is due to insufficient authorization of the Syst...

Cisco IOS and IOS XE Software IKEv2 AutoReconnect Feature Denial of Service Vulnerability

A vulnerability in the Internet Key Exchange Version 2 IKEv2 support for the AutoReconnect feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to exhaust the free IP addresses from the assigned local pool. This vulnerability occurs because the cod...

Cisco Nexus 9500 Series Switches Access Control List Bypass Vulnerability

A vulnerability in the EtherChannel port subscription logic of Cisco Nexus 9500 Series Switches could allow an unauthenticated, remote attacker to bypass access control list ACL rules that are configured on an affected device. This vulnerability is due to oversubscription of resources that occurs...

Cisco Intersight Virtual Appliance Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to conduct a path traversal or command injection attack on an affected system. These vulnerabilities are due to insufficient input validation. An...

Cisco Unified Customer Voice Portal Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Customer Voice Portal CVP could allow an unauthenticated, remote attacker to perform a cross-site scripting XSS attack against a user. This vulnerability is due to insufficient input validation of a parameter that is used by t...

Cisco TelePresence Collaboration Endpoint and RoomOS Software Arbitrary File Read Vulnerability

A vulnerability in the video endpoint API xAPI of Cisco TelePresence Collaboration Endpoint CE Software and Cisco RoomOS Software could allow an authenticated, remote attacker to read arbitrary files from the underlying operating system. This vulnerability is due to insufficient path validation o...

Cisco Web Security Appliance Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an affected device. This vulnerability is due to improper...

Cisco Firepower Threat Defense Software Command File Overwrite Vulnerability

A vulnerability in the CLI of Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to overwrite files on the file system of an affected device by using directory traversal techniques. A successful exploit could cause system instability if important system files...

Cisco IOS XE SD-WAN Software Console Privilege Escalation Vulnerability

A vulnerability in the role-based access control of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker with read-only privileges to obtain administrative privileges by using the console port when the device is in the default SD-WAN configuration. This vulnerability occurs...

Cisco Smart Software Manager Satellite Open Redirect Vulnerability

A vulnerability in the web management interface of Cisco Smart Software Manager satellite could allow an authenticated, remote attacker to redirect a user to an undesired web page. The vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an...

Cisco DNA Center Privilege Escalation Vulnerability

A vulnerability in the user management roles of Cisco DNA Center could allow an authenticated, remote attacker to execute unauthorized commands on an affected device. The vulnerability is due to improper enforcement of actions for assigned user roles. An attacker could exploit this vulnerability ...

Cisco TelePresence Collaboration Endpoint Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint CE Software could allow an authenticated, local attacker to perform command injections. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating as an...

Cisco SPA100 Series Analog Telephone Adapters Administrative Credentials Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters ATAs could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to unsafe handling of user credentials. An attacker could explo...

Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1778)

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI comman...

Cisco Small Business SPA514G IP Phones SIP Denial of Service Vulnerability

A vulnerability in the implementation of Session Initiation Protocol SIP processing in Cisco Small Business SPA514G IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service DoS condition. The vulnerability is du...

Cisco Aironet Access Points Central Web Authentication FlexConnect Client ACL Bypass Vulnerability

A vulnerability in Central Web Authentication CWA with FlexConnect Access Points APs for Cisco Aironet 1560, 1810, 1810w, 1815, 1830, 1850, 2800, and 3800 Series APs could allow an authenticated, adjacent attacker to bypass a configured FlexConnect access control list ACL. The vulnerability is du...

Cisco Unified Communications Manager LDAP Information Disclosure Vulnerability

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, local attacker to view sensitive data that should be restricted. This could include LDAP credentials. The vulnerability is due to insufficient protection of database tables over the web...

Cisco Adaptive Security Appliance Virtual Private Network SSL Client Certificate Bypass Vulnerability

A vulnerability in the Secure Sockets Layer SSL Virtual Private Network VPN Client Certificate Authentication feature for Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to establish an SSL VPN connection and bypass certain SSL certificate verification steps...

Cisco Firepower 2100 Series Security Appliances IP Fragmentation Denial of Service Vulnerability

A vulnerability in the internal packet-processing functionality of Cisco Firepower Threat Defense FTD Software for Cisco Firepower 2100 Series Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of servi...

Cisco IOS XE Software Web UI Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based user interface web UI of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web UI of the affected software. The vulnerabilities are due to insufficient input validation...

Cisco Prime Service Catalog Cross-Site Scripting Vulnerability

A vulnerability in the web-based interface of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web-based interface of an affected product. The vulnerability is due to insufficient validation of...

Cisco Data Center Analytics Framework Cross-Site Request Forgery Vulnerability

A vulnerability in the Cisco Data Center Analytics Framework application could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. The vulnerability is due to improper CSRF protection by the affected application. An attacker could...

Cisco Small Business 300 and 500 Series Managed Switches HTTP Response Splitting Vulnerability

A vulnerability in the web framework of Cisco Small Business Managed Switches software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation ...

Cisco WebEx Network Recording Player Buffer Overflow Vulnerability

A vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format ARF files could allow a local attacker to execute arbitrary code on the system of a user. The attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file an...

Cisco IOS and IOS XE Software Internet Key Exchange Denial of Service Vulnerability

A vulnerability in the Internet Key Exchange Version 2 IKEv2 module of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, or a reload of an affected device that leads to a denial of service DoS condition...

Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability

A vulnerability in the Internet Key Exchange IKE version 1 v1 and IKE version 2 v2 code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. The vulnerability is due to a buffer overflow in the affected code...

Cisco Enterprise Content Delivery System Manager HTTP TRACK Vulnerability

A vulnerability in the HTTP TRACK/TRACE method of the Cisco Enterprise Content Delivery System ECDS could allow an unauthenticated, remote attacker read access to some information stored in the affected system. The vulnerability is due to an affected web server. An attacker could exploit this...

Transport Layer Security Renegotiation Vulnerability

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...