5226 matches found
Cisco AnyConnect Profile Editor XML External Entity Injection Vulnerability
A vulnerability in the Profile Editor of the Cisco AnyConnect Secure Mobility Client could allow an unauthenticated, local attacker to have read and write access to information stored in the affected system. The vulnerability is due to improper handling of the XML External Entity XXE entries when...
Cisco Jabber for Windows Client Information Disclosure Vulnerability
A vulnerability in the web interface of Cisco Jabber for Windows Client could allow an authenticated, local attacker to retrieve user profile information, which could lead to the disclosure of confidential information. The vulnerability is due to a lack of input- and validation-checking mechanism...
Cisco Workload Automation and Tidal Enterprise Scheduler Client Manager Server Arbitrary File Read Vulnerability
A vulnerability in the Client Manager Server of Cisco Workload Automation and Cisco Tidal Enterprise Scheduler could allow an unauthenticated, remote attacker to retrieve any file from the Client Manager Server. The vulnerability is due to insufficient input validation. An attacker could exploit...
Cisco Connected Streaming Analytics Unauthorized Access Vulnerability
A vulnerability in the administrative web interface of Cisco Connected Streaming Analytics could allow an authenticated, remote attacker to obtain sensitive information. The vulnerability is due to the inclusion of sensitive information in a server response when certain pages of the administrativ...
Cisco ASA Content Security and Control Security Services Module Denial of Service Vulnerability
A vulnerability in the HTTPS inspection engine of the Cisco ASA Content Security and Control Security Services Module CSC-SSM could allow an unauthenticated, remote attacker to cause exhaustion of available memory, system instability, and a reload of the affected system. The vulnerability is due ...
Portable SDK for UPnP Devices Contains Buffer Overflow Vulnerabilities
The Portable Software Developer Kit SDK for Universal Plug-n-Play UPnP Devices contains a libupnp library, originally known as the Intel SDK for UPnP Devices, which is vulnerable to multiple stack-based buffer overflows when handling malicious Simple Service Discovery Protocol SSDP requests. This...
ConfD CLI Privilege Escalation and Arbitrary File Read and Write Vulnerabilities
Multiple vulnerabilities in the ConfD CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root or elevate privileges to root on the underlying operating system. For more information about these vulnerabilities, see the Details "details" section of...
Cisco Prime Collaboration Deployment Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Prime Collaboration Deployment could allow an unauthenticated, remote attacker to conduct a cross-site scripting attack against a user of the interface. This vulnerability exists because the web-based management interface does not...
Cisco Access Points VLAN Bypass from Native VLAN Vulnerability
A vulnerability in the client forwarding code of multiple Cisco Access Points APs could allow an unauthenticated, adjacent attacker to inject packets from the native VLAN to clients within nonnative VLANs on an affected device. This vulnerability is due to a logic error on the AP that forwards...
Cisco FXOS and NX-OS Software Cisco Discovery Protocol Service Denial of Service Vulnerability
A vulnerability in the Cisco Discovery Protocol service of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause the service to restart, resulting in a denial of service DoS condition. This vulnerability is due to improper handling of Cisco...
Cisco AnyConnect Secure Mobility Client for Linux and Mac OS with VPN Posture (HostScan) Module Shared Library Hijacking Vulnerability
A vulnerability in the shared library loading mechanism of Cisco AnyConnect Secure Mobility Client for Linux and Mac OS could allow an authenticated, local attacker to perform a shared library hijacking attack on an affected device if the VPN Posture HostScan Module is installed on the AnyConnect...
Cisco IOS and IOS XE Software IKEv2 AutoReconnect Feature Denial of Service Vulnerability
A vulnerability in the Internet Key Exchange Version 2 IKEv2 support for the AutoReconnect feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to exhaust the free IP addresses from the assigned local pool. This vulnerability occurs because the cod...
Multiple Cisco Products Server Name Identification Data Exfiltration Vulnerability
A vulnerability in the web filtering features of multiple Cisco products could allow an unauthenticated, remote attacker to bypass web reputation filters and threat detection mechanisms on an affected device and exfiltrate data from a compromised host to a blocked external server. This...
Cisco SD-WAN vManage Information Disclosure Vulnerability
A vulnerability in the cluster management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. To be affected by this vulnerability, the Cisco SD-WAN vManage Software must be in cluster mode. This...
Cisco Firepower Management Center Software Policy Vulnerability
A vulnerability in an access control mechanism of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to access services beyond the scope of their authorization. This vulnerability is due to insufficient enforcement of access control in the affected...
Cisco IOS XE Software for Network Convergence System 520 Routers Denial of Service Vulnerability
A vulnerability in the ingress traffic manager of Cisco IOS XE Software for Cisco Network Convergence System NCS 520 Routers could allow an unauthenticated, remote attacker to cause a denial of service DoS condition in the web management interface of an affected device. This vulnerability is due ...
Cisco IOS XE SD-WAN Software Path Traversal Vulnerability
A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system. This vulnerability is due to insufficient validation of user-supplied input. An attacker could...
Cisco Integrated Management Controller Multiple Remote Code Execution Vulnerabilities
Multiple vulnerabilities in the API subsystem of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to execute arbitrary code with root privileges. The vulnerabilities are due to improper boundary checks for certain user-supplied input. An attacker could...
Cisco IOS XR Software Standby Route Processor Gigabit Ethernet Management Interface Access Control List Bypass Vulnerability
A vulnerability in the access control list ACL functionality of the standby route processor management interface of Cisco IOS XR Software could allow an unauthenticated, remote attacker to reach the configured IP addresses on the standby route processor management Gigabit Ethernet Management...
Cisco IOS and IOS XE Software Tcl Denial of Service Vulnerability
A vulnerability in the Tool Command Language Tcl interpreter of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, unprivileged, and local attacker to cause a denial of service DoS condition on an affected system. The vulnerability is due to insufficient input validation o...
Cisco Small Business Routers RV016, RV042, RV042G, and RV082 Information Disclosure Vulnerability
A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an unauthenticated, remote attacker to view information displayed in the web-based management interface. The vulnerability is due to improper authorization of HTTP requests. An...
Cisco TelePresence Collaboration Endpoint Software Privilege Escalation Vulnerability
A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint CE Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by...
Cisco TelePresence Collaboration Endpoint Software Privilege Escalation Vulnerability
A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint CE Software could allow an authenticated, local attacker to execute code with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating as the...
Cisco FXOS and NX-OS Software Authenticated Simple Network Management Protocol Denial of Service Vulnerability
A vulnerability in the Simple Network Management Protocol SNMP input packet processor of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, remote attacker to cause the SNMP application on an affected device to restart unexpectedly. The vulnerability is due to improper...
Cisco NX-OS Software NX-API Denial of Service Vulnerability
A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an NX-API system process to unexpectedly restart. The vulnerability is due to incorrect validation of the HTTP header of a request that is sent to the NX-API. An attacker could...
Cisco Enterprise NFV Infrastructure Software Arbitrary File Read Vulnerabilities
Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to read arbitrary files on the underlying operating system OS of an affected device. For more information about these vulnerabilities, see the Details "details" section of...
Cisco Small Business 220 Series Smart Switches Authentication Bypass Vulnerability
A vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an unauthenticated, remote attacker to upload arbitrary files. The vulnerability is due to incomplete authorization checks in the web management interface. An attacker could exploit this...
Cisco NX-OS Software Patch Signature Verification Bypass Vulnerability
A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signature...
Cisco Small Business SPA514G IP Phones SIP Denial of Service Vulnerability
A vulnerability in the implementation of Session Initiation Protocol SIP processing in Cisco Small Business SPA514G IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service DoS condition. The vulnerability is du...
Cisco IOS XE Software Errdisable Denial of Service Vulnerability
A vulnerability in the errdisable per VLAN feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause the device to crash, leading to a denial of service DoS condition. The vulnerability is due to a race condition that occurs when the VLAN and port enter an...
Cisco FXOS and NX-OS Software Unauthorized Administrator Account Vulnerability
A vulnerability in the write-erase feature of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to configure an unauthorized administrator account for an affected device. The vulnerability exists because the affected software does not properly delete...
Cisco Aironet 1800, 2800, and 3800 Series Access Points Secure Shell Privilege Escalation Vulnerability
A vulnerability in the assignment and management of default user accounts for Secure Shell SSH access to Cisco Aironet 1800, 2800, and 3800 Series Access Points that are running Cisco Mobility Express Software could allow an authenticated, remote attacker to gain elevated privileges on an affecte...
Cisco DNA Center Cross Origin Resource Sharing Vulnerability
A vulnerability in the web framework of the Cisco Digital Network Architecture Center DNA Center could allow an unauthenticated, remote attacker to communicate with the Kong API server without restriction. The vulnerability is due to an overly permissive Cross Origin Resource Sharing CORS policy...
Cisco IOS Software Login Enhancements Login Block Denial of Service Vulnerabilities
Multiple vulnerabilities in the Login Enhancements Login Block feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, resulting in a denial of service DoS condition. For more information about these vulnerabilities, see the Details...
Cisco Virtualized Packet Core-Distributed Instance Denial of Service Vulnerability
A vulnerability in the ingress packet processing functionality of the Cisco Virtualized Packet Core-Distributed Instance VPC-DI Software could allow an unauthenticated, remote attacker to cause both control function CF instances on an affected system to reload, resulting in a denial of service Do...
Cisco Unified Communications Manager Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to perform a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...
Cisco Meeting Server Denial of Service Vulnerability
A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient bound checks performed by the affected software. An attacker could exploit this vulnerability by...
Cisco IronPort Appliances Telnet Remote Code Execution Vulnerability
Cisco AsyncOS Software for Cisco Web Security Appliance WSA, Cisco Email Security Appliance ESA, and Cisco Content Security Management Appliance SMA contain a vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code with elevated privileges. Cisco has released...
Transport Layer Security Renegotiation Vulnerability
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Heap Overflow in Solaris cachefs Daemon
...
Cisco Small Business SPA300 Series and SPA500 Series IP Phones Web UI Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an attacker to execute arbitrary commands on the underlying operating system or cause a denial of service DoS condition. For...
Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Remote Code Execution and Denial of Service Vulnerability
A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code or cause the web-based management process on the device to restart unexpectedly,...
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Dynamic Access Policies Denial of Service Vulnerability
A vulnerability in dynamic access policies DAP functionality of Cisco Adaptive Security Appliance ASA Software and Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. This...
Cisco Firepower Threat Defense Software Denial of Service Vulnerability
A vulnerability in the connection handling function in Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper traffic handling when platform limits are...
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SNMP Access Control Vulnerability
A vulnerability in the Simple Network Management Protocol version 3 SNMPv3 access control functionality of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to query SNMP data. This vulnerability is due t...
Cisco Smart Software Manager Privilege Escalation Vulnerability
A vulnerability in the web UI of Cisco Smart Software Manager On-Prem SSM On-Prem could allow an authenticated, remote attacker to elevate privileges and create, read, update, or delete records and settings in multiple functions. This vulnerability is due to insufficient authorization of the Syst...
Cisco Nexus 9500 Series Switches Access Control List Bypass Vulnerability
A vulnerability in the EtherChannel port subscription logic of Cisco Nexus 9500 Series Switches could allow an unauthenticated, remote attacker to bypass access control list ACL rules that are configured on an affected device. This vulnerability is due to oversubscription of resources that occurs...
Cisco Intersight Virtual Appliance Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to conduct a path traversal or command injection attack on an affected system. These vulnerabilities are due to insufficient input validation. An...
Cisco Unified Customer Voice Portal Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Unified Customer Voice Portal CVP could allow an unauthenticated, remote attacker to perform a cross-site scripting XSS attack against a user. This vulnerability is due to insufficient input validation of a parameter that is used by t...
Cisco TelePresence Collaboration Endpoint and RoomOS Software Arbitrary File Read Vulnerability
A vulnerability in the video endpoint API xAPI of Cisco TelePresence Collaboration Endpoint CE Software and Cisco RoomOS Software could allow an authenticated, remote attacker to read arbitrary files from the underlying operating system. This vulnerability is due to insufficient path validation o...