5226 matches found
Cisco Firepower Management Center Persistent Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected system. The vulnerability is due to...
Cisco Wireless LAN Controller Software IAPP Message Handling Denial of Service Vulnerabilities
Multiple vulnerabilities in the handling of Inter-Access Point Protocol IAPP messages by Cisco Wireless LAN Controller WLC Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition. The vulnerabilities exist because the software improperly validates inp...
Cisco StarOS CLI Command Injection Vulnerability
A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to perform a command injection attack on an affected system. The vulnerability is due to insufficient validation of commands that are...
Cisco StarOS CLI Command Injection Vulnerability
A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected host operating system. The vulnerability is due to insufficient validation of...
Cisco Meeting Server H.264 Decoding Denial of Service Vulnerability
A vulnerability in the H.264 decoder function of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a Cisco Meeting Server media process to restart unexpectedly when it receives an illegal H.264 frame. The vulnerability is triggered by an H.264 frame that has an invalid...
Cisco Application Policy Infrastructure Controller Enterprise Module Unauthorized Access Vulnerability
A vulnerability within the firewall configuration of the Cisco Application Policy Infrastructure Controller Enterprise Module APIC-EM could allow an unauthenticated, adjacent attacker to gain privileged access to services only available on the internal network of the device. The vulnerability is...
Cisco Aironet 1800, 2800, and 3800 Series Access Points MAC Authentication Bypass Vulnerability
A vulnerability in the implementation of Protected Extensible Authentication Protocol PEAP functionality for standalone configurations of Cisco Aironet 1800, 2800, and 3800 Series Access Points could allow an unauthenticated, adjacent attacker to bypass authentication and connect to an affected...
Vulnerability in Samba Affecting Cisco Products: May 2017
On May 24, 2017, the Samba team disclosed a vulnerability in Samba server software that could allow an authenticated attacker to execute arbitrary code remotely on a targeted system. This vulnerability has been assigned CVE ID CVE-2017-7494 This advisory is available at the following link:...
Cisco IOS and IOS XE Software Smart Install Denial of Service Vulnerability
The Smart Install client feature in Cisco IOS and IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to incorrect handling of image list parameters. An attacker...
Cisco Nexus 3000 Series and 3500 Platform Switches Insecure Default Credentials Vulnerability
A vulnerability in Cisco NX-OS Software running on Cisco Nexus 3000 Series Switches and Cisco Nexus 3500 Platform Switches could allow an unauthenticated, remote attacker to log in to the device with the privileges of the root user with bash shell access. The vulnerability is due to a user accoun...
Cisco DPC3939 (XB3) Router Administrative Web Interface Command Injection Vulnerability
A vulnerability in the administrative web interface of the Cisco DPC3939 XB3 router could allow an authenticated, remote attacker to execute arbitrary commands on the affected system and on the devices managed by the system. The vulnerability is due to improper user input validation. An attacker...
Cisco Videoscape Distribution Suite Service Manager Information Disclosure Vulnerability
A vulnerability in the Representational State Transfer REST Application Programming Interface API that is used by Cisco Videoscape Distribution Suite Service Manager could allow an unauthenticated, remote attacker to cause an affected device to disclose sensitive information. The vulnerability is...
Multiple Vulnerabilities in Cisco TelePresence Video Communication Server and Cisco Expressway Software
Cisco TelePresence Video Communication Server VCS and Cisco Expressway Software includes the following vulnerabilities: Cisco TelePresence VCS and Cisco Expressway Crafted Packets Denial of Service Vulnerability Cisco TelePresence VCS and Cisco Expressway SIP IX Filter Denial of Service...
Cisco Adaptive Security Appliance SSL VPN Authentication Bypass Vulnerability
A vulnerability in the SSL VPN code could allow an unauthenticated, remote attacker to access the SSL VPN portal web page. The vulnerability is due to improper handling of authentication cookies when the Cisco ASA SSL VPN feature is enabled. An attacker could exploit this vulnerability by manuall...
Cisco WebEx Meetings Server Enterprise License Manager Administrative Password Disclosure Vulnerability
A vulnerability in the Cisco WebEx Meetings Server Enterprise License Manager web portal could allow an authenticated, remote attacker to view the administrative password for Cisco WebEx Meetings Server in clear text. The vulnerability is due to the inclusion of the Cisco WebEx Meetings Server...
Cisco ISE Unprivileged Support Bundle Download Vulnerability
A vulnerability in the role-based access control code of the Cisco Identity Services Engine ISE could allow an authenticated, but unprivileged, remote attacker to access support bundle information. The vulnerability is due to a failure to check the user privileges correctly when downloading the...
Multiple Vulnerabilities in Cisco IOS XE Software for 1000 Series Aggregation Services Routers
Cisco IOS XE Software for 1000 Series Aggregation Services Routers ASR contains the following denial of service DoS vulnerabilities: Cisco IOS XE Software IPv6 Multicast Traffic Denial of Service Vulnerability Cisco IOS XE Software MVPNv6 Traffic Denial of Service Vulnerability Cisco IOS XE...
Multiple Vulnerabilities in Cisco Unified MeetingPlace Solution
Cisco Unified MeetingPlace Application Server contains an authentication bypass vulnerability and Cisco Unified MeetingPlace Web Conferencing Server contains an arbitrary login vulnerability. For both vulnerabilities, successful exploitation could allow an unauthenticated, remote attacker to...
Multiple Vulnerabilities in Cisco ASA Software
Cisco ASA Software is affected by the following vulnerabilities: IKE Version 1 Denial of Service Vulnerability Crafted URL Denial of Service Vulnerability Denial of Service During Validation of Crafted Certificates DNS Inspection Denial of Service Vulnerability These vulnerabilities are independe...
Cisco IOS Software Network Address Translation Denial of Service Vulnerability
Cisco IOS Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a reload of a vulnerable device. The vulnerability is due to improper translation of valid Session Initiation Protocol SIP packets across a Network Address Translation NAT boundary. An attack...
Cisco IOS Software Smart Install Remote Code Execution Vulnerability
A vulnerability exists in the Smart Install feature of Cisco Catalyst Switches running Cisco IOS Software that could allow an unauthenticated, remote attacker to perform remote code execution on the affected device. Cisco has released software updates that address this vulnerability. There are no...
Cisco Unified Communications Disaster Recovery Framework Command Execution Vulnerability
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Cisco IOS XE Software Auxiliary Asynchronous Port Denial of Service Vulnerability
A vulnerability in auxiliary asynchronous port AUX functions of Cisco IOS XE Software could allow an authenticated, local attacker to cause an affected device to reload or stop responding. This vulnerability is due to the incorrect handling of specific ingress traffic when flow control hardware i...
Cisco IOS Software for Catalyst 6000 Series Switches Denial of Service Vulnerability
A vulnerability in Cisco IOS Software for Cisco Catalyst 6000 Series Switches could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly. This vulnerability is due to improper handling of process-switched traffic. An attacker could exploit this...
Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to perform a stored cross-site scripting XSS attack against a user of the interface on an affected device. This vulnerability exists because the web-based...
Cisco NX-OS Software TACACS+ or RADIUS Remote Authentication Directed Request Denial of Service Vulnerability
A vulnerability in TACACS+ and RADIUS remote authentication for Cisco NX-OS Software could allow an unauthenticated, local attacker to cause an affected device to unexpectedly reload. This vulnerability is due to incorrect input validation when processing an authentication attempt if the directed...
Cisco Webex Meetings Web UI Vulnerabilities
Multiple vulnerabilities in the web UI of Cisco Webex Meetings could allow a remote attacker to conduct stored cross-site scripting XSS or cross-site request forgery CSRF attacks. For more information about these vulnerabilities, see the Details "details" section of this advisory. Cisco has...
Cisco Unified Communications Manager IM & Presence Service Denial of Service Vulnerability
A vulnerability in the XCP Authentication Service of the Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P could allow an unauthenticated, remote attacker to cause a temporary service outage for all Cisco Unified CM IM&P users who are attempting to authenticate to the...
Cisco Identity Services Engine Privilege Escalation Vulnerabilities
Multiple vulnerabilities in specific Cisco Identity Services Engine ISE CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid...
Cisco FirePOWER Software for ASA FirePOWER Module, Firepower Management Center Software, and NGIPS Software SNMP Default Credential Vulnerability
A vulnerability in the Simple Network Management Protocol SNMP access controls for Cisco FirePOWER Software for Adaptive Security Appliance ASA FirePOWER module, Cisco Firepower Management Center FMC Software, and Cisco Next-Generation Intrusion Prevention System NGIPS Software could allow an...
Cisco IOS XE Software Web UI Command Injection Vulnerability
A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input...
Cisco Adaptive Security Appliance and Cisco Firepower Threat Defense Software AnyConnect SSL VPN Denial of Service Vulnerability
A vulnerability in the implementation of the Datagram TLS DTLS protocol in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause high CPU utilization, resulting in a denial of service DoS condition...
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software IKEv2 Site-to-Site VPN Denial of Service Vulnerability
A vulnerability in the Internet Key Exchange Version 2 IKEv2 implementation of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, remote attacker to trigger a denial of service DoS condition on an affected device. This...
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Denial of Service Vulnerabilities
Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to trigger a denial of service DoS condition. These vulnerabilities are due to improper input...
Cisco IOS XE SD-WAN Software Privilege Escalation Vulnerability
A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an authenticated, local attacker to elevate privileges and execute arbitrary code on the underlying operating system as the root user. An attacker must be authenticated on an affected device as a PRIV15 user. This vulnerability i...
Cisco SD-WAN Information Disclosure Vulnerability
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information on an affected device. The vulnerability is due to insufficient input validation of requests that are sent to the iperf tool. An attacker could exploit this vulnerabili...
Cisco Unified Communications Products Information Disclosure Vulnerability
A vulnerability in the audit logging component of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, Cisco Unity Connection, Cisco Emergency Responder, and Cisco Prime License Manager...
Cisco Connected Mobile Experiences User Enumeration Vulnerability
A vulnerability in Cisco Connected Mobile Experiences CMX API authorizations could allow an authenticated, remote attacker to enumerate what users exist on the system. The vulnerability is due to a lack of authorization checks for certain API GET requests. An attacker could exploit this...
Cisco Enterprise NFV Infrastructure Software Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface. The vulnerability is due to improper input...
Cisco Proximity Desktop for Windows DLL Hijacking Vulnerability
A vulnerability in the loading process of specific DLLs in Cisco Proximity Desktop for Windows could allow an authenticated, local attacker to load a malicious library. To exploit this vulnerability, the attacker must have valid credentials on the Windows system. This vulnerability is due to...
Cisco Webex Meetings and Cisco Webex Meetings Server Host Key Brute Forcing Vulnerability
A vulnerability in the reclaim host role feature of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an authenticated, remote attacker to take over the host role during a meeting. This vulnerability is due to a lack of protection against brute forcing of the host key. An attacker...
Cisco Secure Web Appliance Privilege Escalation Vulnerability
A vulnerability in the log subscription subsystem of Cisco AsyncOS for the Cisco Secure Web Appliance formerly Web Security Appliance could allow an authenticated, local attacker to perform command injection and elevate privileges to root. This vulnerability is due to insufficient validation of...
Cisco Webex Meetings and Cisco Webex Meetings Server Information Disclosure Vulnerability
A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to view sensitive information from the meeting room lobby. This vulnerability is due to insufficient protection of sensitive participant information. An attacker could exploit...
Cisco IOS XE Software Web Management Framework Vulnerabilities
Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to gain unauthorized read access to sensitive data or cause the web management software to hang or crash, resulting in a denial of service DoS...
Cisco NX-OS Software Border Gateway Protocol Multicast VPN Denial of Service Vulnerability
A vulnerability in the Border Gateway Protocol BGP Multicast VPN MVPN implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service DoS condition. The vulnerability is due to incomplete...
Cisco AMP for Endpoints and ClamAV Privilege Escalation Vulnerability
A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. The vulnerability is due to a race condition that could occur when scanning malicious files. A...
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Malformed OSPF Packets Processing Denial of Service Vulnerability
A vulnerability in the Open Shortest Path First OSPF implementation of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause the reload of an affected device, resulting in a denial of service DoS...
Cisco Email Security Appliance Denial of Service Vulnerability
A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to cause the CPU utilization to increase to 100 percent, causing a denial of service DoS condition on an affected device. The...
Cisco Webex Network Recording Admin Page Privilege Escalation Vulnerability
A vulnerability in the Webex Network Recording Admin page of Cisco Webex Meetings could allow an authenticated, remote attacker to elevate privileges in the context of the affected page. To exploit this vulnerability, the attacker must be logged in as a low-level administrator. The vulnerability ...
Cisco Application Policy Infrastructure Controller Recoverable Encryption Key Vulnerability
A vulnerability in Cisco Application Policy Infrastructure Controller APIC Software could allow an unauthenticated, local attacker with physical access to obtain sensitive information from an affected device. The vulnerability is due to insecure removal of cleartext encryption keys stored on loca...