Multiple Cisco Products Snort SMB2 Detection Engine Policy Bypass and Denial of Service Vulnerabilities

Multiple vulnerabilities in the Server Message Block Version 2 SMB2 processor of the Snort detection engine on multiple Cisco products could allow an unauthenticated, remote attacker to bypass the configured policies or cause a denial of service DoS condition on an affected device. These...

Cisco Firepower Threat Defense Software Command Injection Vulnerabilities

Multiple vulnerabilities in the CLI of Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details "details" section of this advisory. Cisco has...

Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers Simple Network Management Protocol Denial of Service Vulnerability

A vulnerability in the Simple Network Management Protocol SNMP punt handling function of Cisco cBR-8 Converged Broadband Routers could allow an authenticated, remote attacker to overload a device punt path, resulting in a denial of service DoS condition. This vulnerability is due to the punt path...

Cisco IOS XR Software Enf Broker Denial of Service Vulnerability

Multiple vulnerabilities in the ingress packet processing function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. For more information about these vulnerabilities, see the Details "details" section of this...

Cisco SD-WAN vManage Information Disclosure Vulnerability

A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to read sensitive database files on an affected system. The vulnerability is due to insufficient user authorization. An attacker could exploit this vulnerability by accessing the vshell of an...

Cisco StarOS IPv4 Denial of Service Vulnerability

A vulnerability in the IPv4 protocol handling of Cisco StarOS could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to a memory leak that occurs during packet processing. An attacker could exploit this...

Cisco DNA Spaces Connector Command Injection Vulnerability

A vulnerability in the web-based management interface of Cisco DNA Spaces Connector could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insufficient validation of user-supplied input in the web-based management interface...

Cisco DNA Center Information Disclosure Vulnerability

A vulnerability in Cisco DNA Center software could allow an unauthenticated remote attacker access to sensitive information on an affected system. The vulnerability is due to improper handling of authentication tokens by the affected software. An attacker could exploit this vulnerability by sendi...

Cisco IOS, IOS XE, IOS XR, and NX-OS Software One Platform Kit Remote Code Execution Vulnerability

A vulnerability in the Topology Discovery Service of Cisco One Platform Kit onePK in Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a denial of service DoS condition on...

Cisco Identity Services Engine Arbitrary Client Certificate Creation Vulnerability

A vulnerability in the External RESTful Services ERS API of the Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to generate arbitrary certificates signed by the Internal Certificate Authority CA Services on ISE. This vulnerability is due to an incorrect...

Cisco IP Phone 7800 Series and 8800 Series Session Initiation Protocol XML Denial of Service Vulnerability

A vulnerability in the call-handling functionality of Session Initiation Protocol SIP Software for Cisco IP Phone 7800 Series and 8800 Series could allow an unauthenticated, remote attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of service DoS condition...

Cisco Wireless LAN Controller Software Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Wireless LAN Controller WLC Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on the device with the privileges of the user, including modifying...

Cisco Aironet Series Access Points Denial of Service Vulnerability

A vulnerability in the internal packet processing of Cisco Aironet Series Access Points APs could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected AP if the switch interface where the AP is connected has port security configured. The...

Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Enterprise Chat and Email could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of the affected software. The vulnerabilities are due...

Cisco FXOS, NX-OS, and UCS Manager Software Cisco Discovery Protocol Denial of Service Vulnerability

A vulnerability in the Cisco Discovery Protocol formerly known as CDP subsystem of devices running, or based on, Cisco NX-OS Software contain a vulnerability that could allow an unauthenticated, adjacent attacker to create a denial of service DoS condition. The vulnerability is due to a failure t...

Cisco DNA Center Cross Origin Resource Sharing Vulnerability

A vulnerability in the web framework of the Cisco Digital Network Architecture Center DNA Center could allow an unauthenticated, remote attacker to communicate with the Kong API server without restriction. The vulnerability is due to an overly permissive Cross Origin Resource Sharing CORS policy...

Cisco WebEx Connect IM Cross-Site Scripting Vulnerability

A vulnerability in Cisco WebEx Connect IM could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affect...

Cisco Identity Services Engine Command Injection to Underlying Operating System Vulnerability

A vulnerability in specific CLI commands for the Cisco Identity Services Engine ISE could allow an authenticated, local attacker to perform command injection to the underlying operating system or cause a hang or disconnect of the user session. The attacker needs valid administrator credentials fo...

Cisco HyperFlex System Authenticated Information Disclosure Vulnerability

A vulnerability in system logging when replication is being configured with the Cisco HyperFlex System could allow an authenticated, local attacker to view sensitive information that should be restricted in the system log files. The attacker would have to be authenticated as an administrative use...

Cisco Meeting App Local Privilege Escalation Vulnerability

A vulnerability in the routine that loads DLL files in Cisco Meeting App for Windows could allow an authenticated, local attacker to run an executable file with privileges equivalent to those of Cisco Meeting App. The vulnerability is due to incomplete input validation of the path name for DLL...

Cisco IOS Software for Cisco Integrated Services Routers Generation 2 Denial of Service Vulnerability

A vulnerability in the implementation of a protocol in Cisco Integrated Services Routers Generation 2 ISR G2 Routers running Cisco IOS Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload, resulting in a denial of service DoS condition. The vulnerabilit...

Cisco Adaptive Security Appliance Username Enumeration Information Disclosure Vulnerability

A vulnerability in the web interface of the Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to determine valid usernames. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to the interaction between...

Cisco FirePOWER System Software SSL Logging Denial of Service Vulnerability

A vulnerability in the logging configuration of Secure Sockets Layer SSL policies for Cisco FirePOWER System Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition due to high consumption of system resources. The vulnerability is due to the logging of...

Cisco Web Security Appliance URL Filtering Bypass Vulnerability

A vulnerability in the URL filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to bypass a configured URL filter rule. The vulnerability is due to incomplete validation of the HTTP request. An attacker could exploit this...

Cisco IOS and IOS XE Software IPv6 First Hop Security Denial of Service Vulnerabilities

Two vulnerabilities in the IPv6 first hop security feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. Cisco has released software updates that address these vulnerabilities. There are no workarounds to mitigate these...

Cisco Jabber for Windows Web-Based User Interface Information Disclosure Vulnerability

A vulnerability in the web-based user interface of Cisco Jabber for Windows could allow an unauthenticated, remote attacker to have read access to information stored in the affected system. The vulnerability is due to insufficient validation of specific values passed via HTTP GET methods by the...

Cisco ASA Software SharePoint RAMFS Integrity and Lua Injection Vulnerability

A vulnerability in the SSL VPN code of Cisco ASA Software could allow an authenticated, remote attacker to overwrite arbitrary files present on the RAMFS file system or inject Lua scripts. The vulnerability is due to insufficient validation of the code that handles session information for the SSL...

Cisco NX-OS Software BGP Regex Vulnerability

A vulnerability in the Border Gateway Protocol BGP code of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the affected device to reload. The vulnerability is due to an issue with the regex engine used when processing complex regular expressions. An attacker could...

Cisco IOS XR Software Image Verification Vulnerability

A vulnerability in Cisco IOS XR Software image verification checks could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system. This vulnerability is due to a time-of-check, time-of-use TOCTOU race condition when an install query regarding an ISO imag...

Cisco Expressway Series and Cisco TelePresence Video Communication Server Command Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker with read-write privileges on the application to perform a command injection attack that could result in remote code...

Cisco Enterprise NFV Infrastructure Software Vulnerabilities

Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an attacker to escape from the guest virtual machine VM to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these...

Cisco Firepower Threat Defense Software Security Intelligence DNS Feed Bypass Vulnerability

A vulnerability in the Security Intelligence feed feature of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass the Security Intelligence DNS feed. This vulnerability is due to incorrect feed update processing. An attacker could exploit this...

Cisco Identity Services Engine RADIUS Service Denial of Service Vulnerability

A vulnerability in the RADIUS feature of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to cause the affected system to stop processing RADIUS packets. This vulnerability is due to improper handling of certain RADIUS requests. An attacker could exploit this...

Cisco Unified Communications Products Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM, Cisco Unified Communications Manager Session Management Edition Unified CM SME, and Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P could allow an unauthenticated,...

Cisco Intersight Virtual Appliance Command Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to perform a command injection attack on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this...

Cisco IOS XE Software Protection Against Distributed Denial of Service Attacks Feature Vulnerability

A vulnerability in the Protection Against Distributed Denial of Service Attacks feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct denial of service DoS attacks to or through the affected device. This vulnerability is due to incorrect programming of the...

Cisco Finesse Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the...

Cisco SD-WAN vDaemon Buffer Overflow Vulnerability

A vulnerability in the vDaemon service of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to cause a buffer overflow on an affected system, resulting in a denial of service DoS condition. The vulnerability is due to incomplete bounds checks for data that is provided to...

Cisco IOS XR and Cisco NX-OS Software IPv6 Access Control List Bypass Vulnerability

A vulnerability in the IPv6 traffic processing of Cisco IOS XR Software and Cisco NX-OS Software for certain Cisco devices could allow an unauthenticated, remote attacker to bypass an IPv6 access control list ACL that is configured for an interface of an affected device. The vulnerability is due ...

Cisco IOS XR Software SNMP Management Plane Protection ACL Bypass Vulnerability

A vulnerability in the Local Packet Transport Services LPTS programming of the SNMP with the management plane protection feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to allow connections despite the management plane protection that is configured to deny access ...

Cisco IOS XR Software for Cisco 8000 Series Routers and Network Convergence System 540 Series Routers Privilege Escalation Vulnerability

A vulnerability in a CLI command of Cisco IOS XR Software for the Cisco 8000 Series Routers and Network Convergence System 540 Series Routers running NCS540L software images could allow an authenticated, local attacker to elevate their privilege to root. To exploit this vulnerability, an attacker...

Cisco Firepower Management Center XML Entity Expansion Vulnerability

A vulnerability in the dashboard widget of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper restrictions on XML entities. An attacker could exploit th...

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software FTP Inspection Bypass Vulnerability

Update from October 22nd, 2020: Cisco has become aware of a new Cisco Adaptive Security Appliance vulnerability that could affect the fixed releases recommended for code trains 9.13 and 9.14 in the Fixed Software "fs" section of this advisory. See the Cisco Adaptive Security Appliance Software...

Cisco IOS XE Software IP Service Level Agreements Denial of Service Vulnerability

A vulnerability in the IP Service Level Agreement SLA responder feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the IP SLA responder to reuse an existing port, resulting in a denial of service DoS condition. The vulnerability exists because the IP SLA...

Cisco IOS XE Software Arbitrary Code Execution Vulnerability

A vulnerability in the implementation of the Lua interpreter that is integrated in Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary code with root privileges on the underlying Linux operating system OS of an affected device. The vulnerability is due to...

Cisco UCS Director Information Disclosure Vulnerability

A vulnerability in the REST API of Cisco UCS Director could allow an authenticated, remote attacker with administrative privileges to obtain confidential information from an affected device. The vulnerability exists because confidential information is returned as part of an API response. An...

Cisco MDS 9700 Series Multilayer Directors and Nexus 7000/7700 Series Switches Software Patch Signature Verification Vulnerability

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signature...

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Low-Entropy Keys Vulnerability

A vulnerability in the Deterministic Random Bit Generator DRBG, also known as Pseudorandom Number Generator PRNG, used in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a cryptographic...

Cisco ASR 9000 Series Aggregation Services Routers ACL Bypass Vulnerability

A vulnerability in the TCP flags inspection feature for access control lists ACLs on Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass protection offered by a configured ACL on an affected device. The vulnerability is due to incorrect...

Cisco Unified Communications Manager Denial of Service Vulnerability

A vulnerability in the User Data Services UDS API of Cisco Unified Communications Manager Unified CM could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on the management GUI. The vulnerability is due to improper validation of input parameters in the UDS API...