Cisco UCS Director Information Disclosure Vulnerability

A vulnerability in the REST API of Cisco UCS Director could allow an authenticated, remote attacker with administrative privileges to obtain confidential information from an affected device. The vulnerability exists because confidential information is returned as part of an API response. An...

Cisco SPA100 Series Analog Telephone Adapters Web Management Interface Denial of Service Vulnerability

A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters ATAs could allow an authenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper validation of user-supplied requests to the...

Cisco MDS 9700 Series Multilayer Directors and Nexus 7000/7700 Series Switches Software Patch Signature Verification Vulnerability

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signature...

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Low-Entropy Keys Vulnerability

A vulnerability in the Deterministic Random Bit Generator DRBG, also known as Pseudorandom Number Generator PRNG, used in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a cryptographic...

Cisco ASR 9000 Series Aggregation Services Routers ACL Bypass Vulnerability

A vulnerability in the TCP flags inspection feature for access control lists ACLs on Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass protection offered by a configured ACL on an affected device. The vulnerability is due to incorrect...

Cisco Unified Communications Manager Denial of Service Vulnerability

A vulnerability in the User Data Services UDS API of Cisco Unified Communications Manager Unified CM could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on the management GUI. The vulnerability is due to improper validation of input parameters in the UDS API...

Cisco Firepower Management Center Persistent Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected system. The vulnerability is due to...

Cisco Wireless LAN Controller Software IAPP Message Handling Denial of Service Vulnerabilities

Multiple vulnerabilities in the handling of Inter-Access Point Protocol IAPP messages by Cisco Wireless LAN Controller WLC Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition. The vulnerabilities exist because the software improperly validates inp...

Multiple Vulnerabilities in Cisco Packaged Contact Center Enterprise

Multiple vulnerabilities in the web-based management interface of Cisco Packaged Contact Center Enterprise could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface or conduct a cross-site request forgery CSRF attack. For more...

Cisco Prime Collaboration Provisioning Unauthenticated Remote Method Invocation Vulnerability

A vulnerability in Cisco Prime Collaboration Provisioning PCP could allow an unauthenticated, remote attacker to access the Java Remote Method Invocation RMI system. The vulnerability is due to an open port in the Network Interface and Configuration Engine NICE service. An attacker could exploit...

Cisco IOS XE Software Internet Group Management Protocol Memory Leak Vulnerability

A vulnerability in the Internet Group Management Protocol IGMP packet-processing functionality of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust buffers on an affected device, resulting in a denial of service DoS condition. The vulnerability is due to the...

Cisco StarOS CLI Command Injection Vulnerability

A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to perform a command injection attack on an affected system. The vulnerability is due to insufficient validation of commands that are...

Cisco StarOS CLI Command Injection Vulnerability

A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected host operating system. The vulnerability is due to insufficient validation of...

Cisco Firepower System Software Server Message Block Version 2 File Policy Bypass Vulnerability

A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a file policy that is configured to block the Server Message Block Version 2 SMB2 protocol. The vulnerability is due to the incorrect detection of an SMB2 file when...

Cisco Identity Services Engine Privilege Escalation Vulnerability

A vulnerability in the restricted shell of the Cisco Identity Services Engine ISE that is accessible via SSH could allow an authenticated, local attacker to run arbitrary CLI commands with elevated privileges. The vulnerability is due to incomplete input validation of the user input for CLI...

Cisco Firepower 4100 Series NGFW and Firepower 9300 Security Appliance Smart Licensing Command Injection Vulnerability

A vulnerability in the Smart Licensing Manager service of the Cisco Firepower 4100 Series Next-Generation Firewall NGFW and Firepower 9300 Security Appliance could allow an authenticated, remote attacker to inject arbitrary commands that could be executed with root privileges. The vulnerability i...

Cisco Application Policy Infrastructure Controller Enterprise Module Unauthorized Access Vulnerability

A vulnerability within the firewall configuration of the Cisco Application Policy Infrastructure Controller Enterprise Module APIC-EM could allow an unauthenticated, adjacent attacker to gain privileged access to services only available on the internal network of the device. The vulnerability is...

Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance Command Injection Vulnerability

A vulnerability in the Cisco Unified Computing System UCS Manager, Cisco Firepower 4100 Series Next-Generation Firewall NGFW, and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to obtain root shell privileges on the device. The vulnerability is due to imprope...

Cisco StarOS CLI Command Injection Vulnerability

A vulnerability in the CLI command-parsing code of the Cisco StarOS operating system for Cisco ASR 5000 Series, 5500 Series, and 5700 Series devices and Cisco Virtualized Packet Core VPC Software could allow an authenticated, local attacker to break from the StarOS CLI of an affected system and...

Vulnerability in Samba Affecting Cisco Products: May 2017

On May 24, 2017, the Samba team disclosed a vulnerability in Samba server software that could allow an authenticated attacker to execute arbitrary code remotely on a targeted system. This vulnerability has been assigned CVE ID CVE-2017-7494 This advisory is available at the following link:...

Cisco Unified Communications Manager Web Interface Cross-Site Scripting Vulnerability

Cisco Unified Communications Manager CUCM contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to a failure to properly call XSS filter...

Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: November 2016

On November 10, 2016, the OpenSSL Software Foundation released a security advisory that describes three vulnerabilities. Of these vulnerabilities, the OpenSSL Software Foundation classifies one as “Critical Severity,” one as “Moderate Severity,” and one as “Low Severity.” Two of the vulnerabiliti...

Cisco Nexus 3000 Series and 3500 Platform Switches Insecure Default Credentials Vulnerability

A vulnerability in Cisco NX-OS Software running on Cisco Nexus 3000 Series Switches and Cisco Nexus 3500 Platform Switches could allow an unauthenticated, remote attacker to log in to the device with the privileges of the root user with bash shell access. The vulnerability is due to a user accoun...

Cisco Videoscape Distribution Suite Service Manager Information Disclosure Vulnerability

A vulnerability in the Representational State Transfer REST Application Programming Interface API that is used by Cisco Videoscape Distribution Suite Service Manager could allow an unauthenticated, remote attacker to cause an affected device to disclose sensitive information. The vulnerability is...

Multiple Vulnerabilities in Cisco TelePresence Video Communication Server and Cisco Expressway Software

Cisco TelePresence Video Communication Server VCS and Cisco Expressway Software includes the following vulnerabilities: Cisco TelePresence VCS and Cisco Expressway Crafted Packets Denial of Service Vulnerability Cisco TelePresence VCS and Cisco Expressway SIP IX Filter Denial of Service...

Cisco TelePresence Video Communication Server SIP Denial of Service Vulnerability

Cisco TelePresence Video Communication Server VCS contains a vulnerability that could allow an unauthenticated, remote attacker to trigger the failure of several critical processes which may cause active call to be dropped and prevent users from making new calls until the affected system is...

Cisco ISE Unprivileged Support Bundle Download Vulnerability

A vulnerability in the role-based access control code of the Cisco Identity Services Engine ISE could allow an authenticated, but unprivileged, remote attacker to access support bundle information. The vulnerability is due to a failure to check the user privileges correctly when downloading the...

Multiple Vulnerabilities in Cisco IOS XE Software for 1000 Series Aggregation Services Routers

Cisco IOS XE Software for 1000 Series Aggregation Services Routers ASR contains the following denial of service DoS vulnerabilities: Cisco IOS XE Software IPv6 Multicast Traffic Denial of Service Vulnerability Cisco IOS XE Software MVPNv6 Traffic Denial of Service Vulnerability Cisco IOS XE...

Cisco IOS Software Network Address Translation Denial of Service Vulnerability

Cisco IOS Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a reload of a vulnerable device. The vulnerability is due to improper translation of valid Session Initiation Protocol SIP packets across a Network Address Translation NAT boundary. An attack...

Cisco IOS Software Internet Key Exchange Vulnerability

The Cisco IOS Software Internet Key Exchange IKE feature contains a denial of service DoS vulnerability. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link:...

Cisco Wireless Control System Tomcat mod_jk.so Vulnerability

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

Cisco IOS Software for Cisco Catalyst 2960X, 2960XR, 2960CX, and 3560CX Series Switches Secure Boot Bypass Vulnerability

A vulnerability in Cisco IOS Software for Cisco Catalyst 2960X, 2960XR, 2960CX, and 3560CX Series Switches could allow an authenticated, local attacker with privilege level 15 or an unauthenticated attacker with physical access to the device to execute persistent code at boot time and break the...

Cisco IOS XE Software Auxiliary Asynchronous Port Denial of Service Vulnerability

A vulnerability in auxiliary asynchronous port AUX functions of Cisco IOS XE Software could allow an authenticated, local attacker to cause an affected device to reload or stop responding. This vulnerability is due to the incorrect handling of specific ingress traffic when flow control hardware i...

Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to perform a stored cross-site scripting XSS attack against a user of the interface on an affected device. This vulnerability exists because the web-based...

Apache Struts Vulnerability Affecting Cisco Products: December 2023

On December 7, 2023, the following vulnerability in Apache Struts was disclosed: CVE-2023-50164: An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. For...

Cisco NX-OS Software TACACS+ or RADIUS Remote Authentication Directed Request Denial of Service Vulnerability

A vulnerability in TACACS+ and RADIUS remote authentication for Cisco NX-OS Software could allow an unauthenticated, local attacker to cause an affected device to unexpectedly reload. This vulnerability is due to incorrect input validation when processing an authentication attempt if the directed...

Cisco Unified Communications Manager IM & Presence Service Denial of Service Vulnerability

A vulnerability in the XCP Authentication Service of the Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P could allow an unauthenticated, remote attacker to cause a temporary service outage for all Cisco Unified CM IM&P users who are attempting to authenticate to the...

Cisco DNA Center Software API Vulnerabilities

Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more information about these...

Cisco IOS XE Software Web UI Path Traversal Vulnerability

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform a directory traversal and access resources that are outside the filesystem mountpoint of the web UI. This vulnerability is due to an insufficient security configuration. An attacker cou...

Cisco Identity Services Engine Privilege Escalation Vulnerabilities

Multiple vulnerabilities in specific Cisco Identity Services Engine ISE CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid...

Cisco Meraki MX and Z3 Teleworker Gateway VPN Denial of Service Vulnerability

A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z3 Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to insufficient validation of...

Cisco Enterprise Chat and Email Stored Cross-Site Scripting Vulnerability

A vulnerability in the web interface of Cisco Enterprise Chat and Email ECE could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input that is processed by...

Cisco Adaptive Security Appliance and Cisco Firepower Threat Defense Software AnyConnect SSL VPN Denial of Service Vulnerability

A vulnerability in the implementation of the Datagram TLS DTLS protocol in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause high CPU utilization, resulting in a denial of service DoS condition...

Cisco IOS XR Software for ASR 9000 Series Routers Lightspeed-Plus Line Cards Denial of Service Vulnerability

A vulnerability in the data plane microcode of Lightspeed-Plus line cards for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers could allow an unauthenticated, remote attacker to cause the line card to rese...

Cisco Wireless LAN Controller Management Interface Authentication Bypass Vulnerability

A vulnerability in the authentication functionality of Cisco Wireless LAN Controller WLC Software could allow an unauthenticated, remote attacker to bypass authentication controls and log in to the device through the management interface This vulnerability is due to the improper implementation of...

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Denial of Service Vulnerabilities

Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to trigger a denial of service DoS condition. These vulnerabilities are due to improper input...

Cisco IOS XE SD-WAN Software Privilege Escalation Vulnerability

A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an authenticated, local attacker to elevate privileges and execute arbitrary code on the underlying operating system as the root user. An attacker must be authenticated on an affected device as a PRIV15 user. This vulnerability i...

Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers Common Open Policy Service Denial of Service Vulnerability

A vulnerability in the Common Open Policy Service COPS of Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause resource exhaustion, resulting in a denial of service DoS condition. This vulnerability is due to a deadlock conditi...

Cisco ASR 5000 Series Software (StarOS) ipsecmgr Process Denial of Service Vulnerability

A vulnerability in the ipsecmgr process of Cisco ASR 5000 Series Software StarOS could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. This vulnerability is due to insufficient validation of incoming Internet Key Exchange Version 2 IKEv2 packets. An attacker...

Cisco DNA Center Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco DNA Center software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an affected device. The vulnerability exists because the web-based management interface...