5226 matches found
Cisco NX-OS Software Bash Shell Role-Based Access Control Bypass Privilege Escalation Vulnerability
A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to escalate their privilege level by executing commands authorized to other user roles. The attacker must authenticate with valid user credentials. The vulnerability is due to th...
Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1610)
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker coul...
Cisco Email Security and Content Security Management Appliance Privilege Escalation Vulnerability
A vulnerability in the administrative shell of the Cisco Email Security Appliance ESA and Content Security Management Appliance SMA could allow an authenticated, local attacker to escalate their privilege level and gain root access. The attacker has to have a valid user credential with at least a...
Multiple Vulnerabilities in Cisco Data Center Network Manager Software
Multiple vulnerabilities in Cisco Data Center Network Manager DCNM Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting...
Cisco Wireless LAN Controller Simple Network Management Protocol Memory Leak Denial of Service Vulnerability
A vulnerability in the Simple Network Management Protocol SNMP subsystem of Cisco Wireless LAN Controllers could allow an authenticated, remote attacker to cause an affected device to restart, resulting in a denial of service DoS condition. The vulnerability is due to a memory leak that occurs on...
Cisco Spark Messaging Stored Cross-Site Scripting Vulnerability
A vulnerability in the web UI of Cisco Spark Messaging Software could allow an authenticated, remote attacker to perform a stored cross-site scripting XSS attack. The vulnerability is due to insufficient input validation by the web UI of the affected software. An attacker could exploit this...
Cisco IOS XE Software for Cisco ASR 1000 Series and cBR-8 Routers Line Card Console Access Vulnerability
A vulnerability in motherboard console ports of line cards for Cisco ASR 1000 Series Aggregation Services Routers and Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, physical attacker to access an affected device's operating system. The vulnerability exists because an...
Cisco Adaptive Security Appliance Username Enumeration Information Disclosure Vulnerability
A vulnerability in the web interface of the Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to determine valid usernames. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to the interaction between...
Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance Debug Plug-in Privilege Escalation Vulnerability
A vulnerability in the debug plug-in functionality of the Cisco Unified Computing System UCS Manager, Cisco Firepower 4100 Series Next-Generation Firewall NGFW, and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to execute arbitrary commands. The vulnerabilit...
Cisco Firepower System Software FTP Malware Vulnerability
A vulnerability in the FTP Representational State Transfer Application Programming Interface REST API for Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass FTP malware detection rules and download malware over an FTP connection. The vulnerability is due to ...
Cisco Catalyst Switches Network Mobility Services Protocol Port Information Disclosure Vulnerability
Cisco Catalyst Switches running Cisco IOS Software releases prior to 15.22E1 may allow an unauthenticated, remote attacker to retrieve version information about the software release running on the device by accessing the Network Mobility Services Protocol NMSP port. The vulnerability is due to a...
Cisco Identity Services Engine Guest Portal Unauthorized Access Vulnerability
A vulnerability in the Cisco Identity Services Engine ISE guest portal could allow an unauthenticated, remote attacker to view a customized page on the guest portal. The vulnerability is due to lack of access control for the uploaded HTML files. An attacker could exploit this vulnerability by...
Multiple Vulnerabilities in Cisco IOS XE Software for 1000 Series Aggregation Services Routers
Cisco IOS XE Software for 1000 Series Aggregation Services Routers ASR contains the following denial of service DoS vulnerabilities: Cisco IOS XE Software IPv6 Multicast Traffic Denial of Service Vulnerability Cisco IOS XE Software MVPNv6 Traffic Denial of Service Vulnerability Cisco IOS XE...
Multiple Vulnerabilities in the Cisco Wireless LAN Controller and Cisco Lightweight Access Points
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software AnyConnect Access Control List Bypass Vulnerabilities
Multiple vulnerabilities in the per-user-override feature of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass a configured access control list ACL and allow traffic that should be denied to flo...
Cisco IOS and IOS XE Software Cisco Group Encrypted Transport VPN Software Out-of-Bounds Write Vulnerability
A vulnerability in the Cisco Group Encrypted Transport VPN GET VPN feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute arbitrary code on an affected device or cause...
Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Request Forgery Vulnerability
A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against a user of the web-based management interface of an affected...
Cisco Webex Meetings Web UI Vulnerabilities
Multiple vulnerabilities in the web UI of Cisco Webex Meetings could allow a remote attacker to conduct stored cross-site scripting XSS or cross-site request forgery CSRF attacks. For more information about these vulnerabilities, see the Details "details" section of this advisory. Cisco has...
Cisco Identity Services Engine Authentication Bypass Vulnerability
A vulnerability in the login page of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to log in without credentials and access all roles without any restrictions. This vulnerability is due to exposed sensitive Security Assertion Markup Language SAML metadata. An...
Cisco IP Phone Software Arbitrary File Read Vulnerability
A vulnerability in the debug shell of Cisco IP Phone software could allow an authenticated, local attacker to read any file on the device file system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by providing crafted input to a debug she...
Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers EoGRE Denial of Service Vulnerability
A vulnerability in Ethernet over GRE EoGRE packet processing of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9800 Family Wireless Controller, Embedded Wireless Controller, and Embedded Wireless on Catalyst 9000 Series Switches could allow an unauthenticated, remote attacker to...
Cisco IOS XE Software for Catalyst 9000 Family Wireless Controllers CAPWAP Remote Code Execution Vulnerability
A vulnerability in the Control and Provisioning of Wireless Access Points CAPWAP protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to execute arbitrary code with administrative privileges or cause a...
Cisco Unified Intelligence Center Reflected Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not...
Cisco Webex Player Memory Corruption Vulnerability
A vulnerability in Cisco Webex Player for Windows and MacOS could allow an attacker to cause the affected software to terminate or to gain access to memory state information that is related to the vulnerable application. The vulnerability is due to insufficient validation of values in Webex...
Cisco Email Security Appliance, Cisco Content Security Management Appliance, and Cisco Web Security Appliance Information Disclosure Vulnerability
A vulnerability in the authentication for the general purpose APIs implementation of Cisco Email Security Appliance ESA, Cisco Content Security Management Appliance SMA, and Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to access general system information and...
Cisco IoT Field Network REST API Insufficient Input Validation Vulnerability
A vulnerability in the REST API of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to gain access to the back-end database of an affected device. The vulnerability is due to insufficient input validation of REST API requests that are made to an affected device. ...
Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities
Multiple vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements of a Webex recording that is stored i...
Cisco Adaptive Security Appliance Software Kerberos Authentication Bypass Vulnerability
A vulnerability in the Kerberos authentication feature of Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to impersonate the Kerberos key distribution center KDC and bypass authentication on an affected device that is configured to perform Kerberos...
Cisco TelePresence Collaboration Endpoint and RoomOS Software Denial of Service Vulnerabilities
Multiple vulnerabilities in the video service of Cisco TelePresence Collaboration Endpoint CE and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerabilities are due to insufficient input validation. A...
Cisco NX-OS Software IPv6 Denial of Service Vulnerability
A vulnerability in the IPv6 traffic processing of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an unexpected restart of the netstack process on an affected device. The vulnerability is due to improper validation of IPv6 traffic sent through an affected device. An...
Cisco FXOS and NX-OS Software Secure Configuration Bypass Vulnerability
A vulnerability in the Secure Configuration Validation functionality of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to run arbitrary commands at system boot time with the privileges of root. The vulnerability is due to a lack of proper validation of...
Cisco NX-OS CLI Command Software Image Signature Verification Vulnerabilities
Multiple vulnerabilities in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerabilities exist because software digital signatures...
Cisco NX-OS Software Arbitrary File Overwrite Vulnerability
A vulnerability in the CLI implementation of a specific command used for image maintenance for Cisco NX-OS Software could allow an authenticated, local attacker to overwrite any file on the file system including system files. These file overwrites by the attacker are accomplished at the root...
Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1784)
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI comman...
Cisco Expressway Series Directory Traversal Vulnerability
A vulnerability in the management web interface of Cisco Expressway Series could allow an authenticated, remote attacker to perform a directory traversal attack against an affected device. The vulnerability is due to insufficient input validation on the web interface. An attacker could exploit th...
Cisco Wireless LAN Controller Software GUI Configuration Denial of Service Vulnerabilities
Multiple vulnerabilities in the administrative GUI configuration feature of Cisco Wireless LAN Controller WLC Software could allow an authenticated, remote attacker to cause the device to reload unexpectedly during device configuration when the administrator is using this GUI, causing a denial of...
Cisco IOS Software NAT64 Denial of Service Vulnerability
A vulnerability in the Network Address Translation 64 NAT64 functions of Cisco IOS Software could allow an unauthenticated, remote attacker to cause either an interface queue wedge or a device reload. The vulnerability is due to the incorrect handling of certain IPv4 packet streams that are sent...
Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Web UI Command Injection Vulnerability
A vulnerability in the web-based UI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an authenticated, remote attacker to perform a command injection and execute commands with the privileges of the web server. The vulnerability is due to insufficient input...
Cisco Prime File Upload Servlet Path Traversal and Remote Code Execution Vulnerability
A vulnerability in the Cisco Prime File Upload servlet affecting multiple Cisco products could allow a remote attacker to upload arbitrary files to any directory of a vulnerable device and execute those files. For more information about this vulnerability per Cisco product, see the Details...
Cisco Data Center Analytics Framework Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of the Cisco Data Center Analytics Framework application could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the interface of an affected system. The vulnerability is due to...
Cisco WebEx Advanced Recording Format Player Remote Code Execution Vulnerability
A vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format ARF files could allow a remote attacker to execute arbitrary code on the system of a targeted user. The attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious A...
Cisco Firepower System Software Server Message Block Version 2 File Policy Bypass Vulnerability
A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a file policy that is configured to block the Server Message Block Version 2 SMB2 protocol. The vulnerability is due to the incorrect detection of an SMB2 file when...
Cisco IP Phone 8800 Series Command Injection Vulnerability in Debug Shell
A vulnerability in the debug interface of Cisco IP Phone 8800 series could allow an authenticated, local attacker to execute arbitrary commands. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting...
Cisco Email Security Appliance and Content Security Management Appliance HTTP Response Splitting Vulnerability
A vulnerability in the Cisco Email Security Appliance ESA and Content Security Management Appliance SMA software could allow an unauthenticated, remote attacker to conduct a HTTP response splitting attack. The vulnerability is due to the failure of the application or its environment to properly...
Cisco Wireless LAN Controller 802.11v Basic Service Set Transition Management Denial of Service Vulnerability
A vulnerability in the implementation of 802.11v Basic Service Set BSS Transition Management functionality in Cisco Wireless LAN Controllers could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service DoS condition. The...
Cisco WebEx Meetings Server Cross-Site Scripting Vulnerability
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the...
Cisco ASR 1000 Series Aggregation Services Routers SNMP High CPU Denial of Service Vulnerability
A vulnerability in Simple Network Management Protocol SNMP functions of Cisco ASR 1000 Series Aggregation Services Routers running Cisco IOS XE Software Release 3.13.6S, 3.16.2S, or 3.17.1S could allow an authenticated, remote attacker to cause high CPU usage on an affected device, resulting in a...
Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016
Multiple Cisco products incorporate a version of the Network Time Protocol daemon ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition or modify the time being advertised ...
Multiple Vulnerabilities in Cisco ASA Software
2015-July-08 UPDATE: Cisco PSIRT is aware of disruption to some Cisco customers with Cisco ASA devices affected by CVE-2014-3383, the Cisco ASA VPN Denial of Service Vulnerability that was disclosed in this Security Advisory. Traffic causing the disruption was isolated to a specific source IPv4...
Cisco IOS Internet Key Exchange Vulnerability
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...