5226 matches found
Cisco Unified Contact Center Express HTTP Response Splitting Vulnerability
A vulnerability in Cisco Unified Contact Center Express UCCX Software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system...
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software IKEv1 Denial of Service Vulnerability
A vulnerability in the Internet Key Exchange version 1 IKEv1 feature of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service DoS...
Cisco Unified Communications Manager IM&P Service, Cisco TelePresence VCS, and Cisco Expressway Series Denial of Service Vulnerability
A vulnerability in the authentication service of the Cisco Unified Communications Manager IM and Presence Unified CM IM&P Service, Cisco TelePresence Video Communication Server VCS, and Cisco Expressway Series could allow an unauthenticated, remote attacker to cause a service outage for users...
Apache HTTP Server Vulnerabilities: October 2021
On October 5, 2021 and October 7, 2021, the Apache Software Foundation released two security announcements for the Apache HTTP Server that disclosed the following vulnerabilities: CVE-2021-41524: Null Pointer Dereference Vulnerability CVE-2021-41773: Path Traversal and Remote Code Execution...
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities
Multiple vulnerabilities in the Universal Plug and Play UPnP service and the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow a remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. For more...
Cisco IOS, IOS XE, and IOS XR Software Link Layer Discovery Protocol Buffer Overflow Vulnerabilities
Multiple vulnerabilities in the Link Layer Discovery Protocol LLDP subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition or execute arbitrary code with elevated privileges on a...
Cisco Firepower Management Center Remote Code Execution Vulnerability
A vulnerability in the web UI of the Cisco Firepower Management Center FMC could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted...
Cisco IoT Field Network Director Resource Exhaustion Denial of Service Vulnerability
A vulnerability in the UDP protocol implementation for Cisco IoT Field Network Director IoT-FND could allow an unauthenticated, remote attacker to exhaust system resources, resulting in a denial of service DoS condition. The vulnerability is due to improper resource management for UDP ingress...
Cisco Identity Services Engine Multiple Cross-Site Scripting Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting XSS attack or a reflected cross-site scripting XSS attack against a user of the web-based management...
Cisco IOS XE Software Arbitrary Code Execution Vulnerability
A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to execute persistent code at boot time and break the chain of trust. This vulnerability is due to incorrect validations by boot scripts when specific ROM monitor ROMMON variables are set. An attacker could...
Cisco Firepower Threat Defense Software Command Injection Vulnerability
A vulnerability in the command line interface CLI of Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker with administrative privileges to execute commands on the underlying operating system with root privileges. The vulnerability is due to insufficient input...
Cisco Firepower System Software Intelligent Application Bypass Vulnerability
A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass configured file action policies if an Intelligent Application Bypass IAB with a drop percentage threshold is also configured. The vulnerability is due to incorrect...
CPU Side-Channel Information Disclosure Vulnerabilities
On January 3, 2018, researchers disclosed three vulnerabilities that take advantage of the implementation of speculative execution of instructions on many modern microprocessor architectures to perform side-channel information disclosure attacks. These vulnerabilities could allow an unprivileged...
Sudo Privilege Escalation Vulnerability Affecting Cisco Products: January 2021
A vulnerability in the command line parameter parsing code of Sudo could allow an authenticated, local attacker to execute commands or binaries with root privileges. The vulnerability is due to improper parsing of command line parameters that may result in a heap-based buffer overflow. An attacke...
Cisco FTD, FMC, and FXOS Software Pluggable Authentication Module Denial of Service Vulnerability
A vulnerability in the configuration of the Pluggable Authentication Module PAM used in Cisco Firepower Threat Defense FTD Software, Cisco Firepower Management Center FMC Software, and Cisco FXOS Software could allow an authenticated, remote attacker to cause a denial of service DoS condition. Th...
Cisco Unified Communications Manager SQL Injection Vulnerability
A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition SME could allow an authenticated, remote attacker to impact the confidentiality of an affected system by executing arbitrary SQL queries. The...
Cisco SD-WAN Solution Privilege Escalation Vulnerability
A vulnerability in the user group configuration of the Cisco SD-WAN Solution could allow an authenticated, local attacker to gain elevated privileges on an affected device. The vulnerability is due to a failure to properly validate certain parameters included within the group configuration. An...
Cisco FirePOWER Software for ASA FirePOWER Module Command Injection Vulnerability
A vulnerability in the CLI parser of Cisco FirePOWER Software for Adaptive Security Appliance ASA FirePOWER module could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected ASA FirePOWER module as the root user. This vulnerabilit...
Cisco Firepower Management Center Command Injection Vulnerability
A vulnerability in the web UI of the Cisco Firepower Management Center FMC could allow an authenticated, remote attacker to inject arbitrary commands that are executed with the privileges of the root user of the underlying operating system. The vulnerability is due to insufficient validation of...
Multiple Vulnerabilities in OpenSSL (March 2015) Affecting Cisco Products
Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition or corrupt portions of OpenSSL process memory. On March 19, 2015, the OpenSSL Project releas...
Cisco Prime Infrastructure Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of the affected software. The vulnerability is due to insufficient...
Lasso SAML Implementation Vulnerability Affecting Cisco Products: June 2021
On June 1, 2021, Lasso disclosed a security vulnerability in the Lasso Security Assertion Markup Language SAML Single Sign-On SSO library. This vulnerability could allow an authenticated attacker to impersonate another authorized user when interacting with an application. For a description of thi...
Cisco FXOS Software and Firepower Threat Defense Software Command Injection Vulnerabilities
Multiple vulnerabilities in the CLI of Cisco FXOS Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to execute commands on the underlying operating system OS with root privileges. These vulnerabilities are due to insufficient input validation. A...
Cisco IOS XE Software NAT Session Initiation Protocol Application Layer Gateway Denial of Service Vulnerability
A vulnerability in the Network Address Translation NAT Session Initiation Protocol SIP Application Layer Gateway ALG of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper processing of SIP packets in...
Cisco IC3000 Industrial Compute Gateway Denial of Service Vulnerability
A vulnerability in the web-based management interface of Cisco IC3000 Industrial Compute Gateway could allow an authenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability exists because the affected software improperly manages system...
Cisco IOS XE Software NETCONF and RESTCONF Authentication Bypass Vulnerability
A vulnerability in the authentication, authorization, and accounting AAA function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass NETCONF or RESTCONF authentication and do either of the following: Install, manipulate, or delete the configuration of an affected...
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerability
A vulnerability in the Universal Plug-and-Play UPnP service of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service DoS...
Cisco Unified Communications Manager Cross-Site Scripting Vulnerability
A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition SME could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface. The...
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software FTP Inspection Denial of Service Vulnerability
A vulnerability in the FTP inspection engine of Cisco Adaptive Security ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to insufficient validatio...
Cisco Data Center Network Manager Arbitrary File Upload and Remote Code Execution Vulnerability
A vulnerability in the web-based management interface of Cisco Data Center Network Manager DCNM could allow an unauthenticated, remote attacker to upload arbitrary files on an affected device. The vulnerability is due to incorrect permission settings in affected DCNM software. An attacker could...
Cisco SD-WAN Solution Buffer Overflow Vulnerability
A vulnerability in the vContainer of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to cause a denial of service DoS condition and execute arbitrary code as the root user. The vulnerability is due to improper bounds checking by the vContainer. An attacker could exploit th...
Cisco Data Center Network Manager Authentication Bypass Vulnerability
A vulnerability in the web-based management interface of Cisco Data Center Network Manager DCNM could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability is due to improper session...
Cisco IOS and IOS XE Software Network Plug-and-Play Agent Certificate Validation Vulnerability
A vulnerability in the Cisco Network Plug-and-Play PnP agent of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability exists because the affected software insufficiently validates certificates...
Cisco NX-OS Software ICMP Version 6 Memory Leak Denial of Service Vulnerability
A vulnerability in ICMP Version 6 ICMPv6 processing in Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a slow system memory leak, which over time could lead to a denial of service DoS condition. This vulnerability is due to improper error handling when an...
Cisco Wireless LAN Controller Secure Shell Denial of Service Vulnerability
A vulnerability in the Secure Shell SSH session management for Cisco Wireless LAN Controller WLC Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability exists because the SSH process is not properly deleted when...
Cisco SD-WAN Solution Arbitrary File Overwrite Vulnerability
A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the save command in the CLI of the affected software. An...
BlackBerry QNX-2021-001 Vulnerability Affecting Cisco Products: August 2021
On August 17, 2021, BlackBerry released a security advisory, QNX-2021-001 "https://support.blackberry.com/kb/articleDetail?articleNumber=000082334", that disclosed an integer overflow vulnerability in the following BlackBerry software releases: QNX Software Development Platform SDP – 6.5.0SP1 and...
Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II
On October 16, 2017, a research paper with the title “Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2” was made publicly available. This paper discusses seven vulnerabilities affecting session key negotiation in both the Wi-Fi Protected Access WPA and the Wi-Fi Protected Access II WPA2...
Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: January 2016
Multiple Cisco products incorporate a version of the Network Time Protocol daemon ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service DoS condition or modify the time being advertised...
Cisco Application Policy Infrastructure Controller Arbitrary File Read and Write Vulnerability
A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller APIC and Cisco Cloud Application Policy Infrastructure Controller Cloud APIC could allow an unauthenticated, remote attacker to read or write arbitrary files on an affected system. This vulnerability is due t...
Cisco NX-OS Software system login block-for Denial of Service Vulnerability
A vulnerability in the implementation of the system login block-for command for Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a login process to unexpectedly restart, causing a denial of service DoS condition. This vulnerability is due to a logic error in the...
Cisco IOS, IOS XE, and NX-OS Software Security Group Tag Exchange Protocol Denial of Service Vulnerability
A vulnerability in Security Group Tag Exchange Protocol SXP in Cisco IOS Software, Cisco IOS XE Software, and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service DoS condition. The vulnerability exists becau...
Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools Update Service Command Injection Vulnerability
A vulnerability in the update service of Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user. The vulnerability is due to insufficient validation of user-supplied parameters...
Vulnerability in Spring Framework Affecting Cisco Products: March 2022
On March 31, 2022, the following critical vulnerability in the Spring Framework affecting Spring MVC and Spring WebFlux applications running on JDK 9+ was released: CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+ For a description of this vulnerability, see VMware Spring Framework...
Cisco Firepower Threat Defense Software Multi-instance Container Escape Vulnerabilities
Multiple vulnerabilities in the multi-instance feature of Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to escape the container for their FTD instance and execute commands with root privileges in the host namespace. These vulnerabilities are due to...
Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability
A vulnerability in the Session Initiation Protocol SIP protocol implementation of Cisco Unified Communications Manager and Unified Communications Manager Session Management Edition could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due...
Cisco TelePresence VCS and Expressway High CPU Utilization Vulnerability
A vulnerability in the SIP code of Cisco TelePresence Video Communication Server VCS and Cisco Expressway could allow an unauthenticated, remote attacker to cause high memory consumption and CPU utilization, which could cause some services to become unavailable and degrade performance. The...
Cisco DNA Center Authentication Bypass Vulnerability
A vulnerability in Cisco Digital Network Architecture DNA Center could allow an unauthenticated, adjacent attacker to bypass authentication and access critical internal services. The vulnerability is due to insufficient access restriction to ports necessary for system operation. An attacker could...
Multiple Cisco Products Snort 3 Denial of Service Vulnerabilities
Multiple Cisco products are affected by vulnerabilities in the Snort 3 Detection Engine that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart, resulting in an interruption of packet inspection. For more information about these vulnerabilities, see t...
Cisco FXOS and NX-OS Software Unidirectional Link Detection Denial of Service and Arbitrary Code Execution Vulnerability
A vulnerability in the Unidirectional Link Detection UDLD feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with administrative privileges or cause a denial of service DoS condition on an affected device. This...