Cisco Identity Services Engine Cross-Site Scripting Vulnerability

A vulnerability in the External RESTful Services ERS API of Cisco Identity Services Engine ISE Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an affected device. This vulnerability is due to insufficient input...

Cisco ACI Multi-Site Orchestrator Privilege Escalation Vulnerability

A vulnerability in the API implementation of Cisco ACI Multi-Site Orchestrator MSO could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability is due to improper authorization on specific APIs. An attacker could exploit this vulnerability by sendi...

Cisco Secure Web Appliance Privilege Escalation Vulnerability

A vulnerability in the web management interface of Cisco AsyncOS for Cisco Secure Web Appliance, formerly Cisco Web Security Appliance WSA, could allow an authenticated, remote attacker to perform a command injection and elevate privileges to root. This vulnerability is due to insufficient...

Cisco Unified Communications Products Arbitrary File Read Vulnerability

A vulnerability in the database user privileges of Cisco Unified Communications Manager Unified CM, Cisco Unified Communications Manager Session Management Edition Unified CM SME, and Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P could allow an authenticated, remote...

Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about...

Cisco FXOS Software for Firepower 4100/9300 Series Appliances Secure Boot Bypass Vulnerability

A vulnerability in the secure boot process of Cisco FXOS Software could allow an authenticated, local attacker to bypass the secure boot mechanisms. The vulnerability is due to insufficient protections of the secure boot process. An attacker could exploit this vulnerability by injecting code into...

Cisco Jabber for Windows Information Disclosure Vulnerability

A vulnerability in Cisco Jabber software could allow an authenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of message contents. An attacker could exploit this vulnerability by sending specially crafted messages to a targeted...

Cisco AnyConnect Secure Mobility Client for Windows Denial of Service Vulnerability

A vulnerability in the interprocess communication IPC channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to cause a denial of service DoS condition on an affected device. To exploit this vulnerability, the attacker would need to have valid...

Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers Management Interface Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands. For more information about these vulnerabilities, see the Details...

Cisco IOS XE Software Web UI Unauthenticated Proxy Service Vulnerability

A vulnerability in the web-based user interface web UI of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to bypass access control restrictions on an affected device. The vulnerability is due to the presence of a proxy service at a specific endpoint of the web UI. An...

Cisco Firepower Threat Defense Software VPN System Logging Denial of Service Vulnerability

A vulnerability in the VPN System Logging functionality for Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a memory leak that can deplete system memory over time, which can cause unexpected system behaviors or device crashes. The vulnerability...

Cisco SD-WAN vManage Command Injection Vulnerability

A vulnerability in the WebUI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. The vulnerability is due to insufficient input validation of data parameters for certain fields in t...

Cisco Prime Collaboration Assurance Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance PCA could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to the...

Cisco UCS B-Series Blade Servers Local Management CLI Arbitrary File Creation or CLI Parameter Injection Vulnerability

A vulnerability in the local management CLI implementation for specific commands on the Cisco UCS B-Series Blade Servers could allow an authenticated, local attacker to overwrite an arbitrary file on disk. It is also possible the attacker could inject CLI command parameters that should not be...

Cisco Registered Envelope Service Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based interface of the Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against another user of the service. The vulnerability is due to insufficient validation of user-supplied input by the...

Cisco Expressway Series and Cisco TelePresence Video Communication Server Denial of Service Vulnerability

A vulnerability in the phone book feature of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker to cause the CPU to increase to 100% utilization, causing a denial of service DoS condition on an affected system. The...

Cisco Email Security Appliance Content Filter Bypass Vulnerability

A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass configured content filters on the device. The vulnerability is due to improper input validation of the email body. An attacker...

Cisco Prime Access Registrar Denial of Service Vulnerability

A vulnerability in TCP connection management in Cisco Prime Access Registrar could allow an unauthenticated, remote attacker to cause a denial of service DoS condition when the application unexpectedly restarts. The vulnerability is due to incorrect handling of incoming TCP SYN packets to specifi...

Cisco Unified Communications Manager IM & Presence Service Denial of Service Vulnerability

A vulnerability in the XCP Router service of the Cisco Unified Communications Manager IM & Presence Service CUCM IM&P and the Cisco TelePresence Video Communication Server VCS and Expressway could allow an unauthenticated, remote attacker to cause a temporary service outage for all IM&P users,...

Cisco NX-OS Software NX-API Privilege Escalation Vulnerability

A vulnerability in the NX-API management application programming interface API in devices running, or based on, Cisco NX-OS Software could allow an authenticated, remote attacker to execute commands with elevated privileges. The vulnerability is due to a failure to properly validate certain...

Cisco TelePresence IX5000 Series and TelePresence TX9000 Series Cross-Frame Scripting Vulnerability

A vulnerability in the web UI of Cisco TelePresence IX5000 Series Software and Cisco TelePresence TX9000 Series Software could allow an unauthenticated, remote attacker to conduct a cross-frame scripting XFS attack against a user of the web UI of the affected software. The vulnerability is due to...

Cisco IOS Software Simple Network Management Protocol GET MIB Object ID Denial of Service Vulnerability

A vulnerability in the Simple Network Management Protocol SNMP subsystem of Cisco IOS Software running on certain models of Cisco Catalyst Switches could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to a condition that could occur wh...

Cisco Unified Communications Manager SQL Injection Vulnerability

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct an SQL injection attack against an affected system. The vulnerability exists because the affected software fails to validate user-supplied input in certain SQL...

Cisco IOS Software for Industrial Ethernet 4010 Series Switches Test Command Arbitrary Code Execution and Denial of Service Vulnerability

A vulnerability in one of the diagnostic test CLI commands on Cisco Industrial Ethernet 4010 Series Switches running Cisco IOS Software could allow an authenticated, local attacker to impact the stability of the device. This could result in arbitrary code execution or a denial of service DoS...

Cisco NX-OS System Software Unauthorized User Account Deletion Vulnerability

A vulnerability in the network-operator user role implementation for Cisco NX-OS System Software could allow an authenticated, local attacker to improperly delete valid user accounts. The network-operator role should not be able to delete other configured users on the device. The vulnerability is...

Cisco Nexus Series Switches Open Agent Container Code Execution Vulnerability

A vulnerability in the Open Agent Container OAC feature of Cisco Nexus Series Switches could allow an unauthenticated, local attacker to read and send packets outside the scope of the OAC. The vulnerability is due to insufficient internal security measures in the OAC feature. An attacker could...

Cisco Unified Communications Manager Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...

Cisco Immunet Antimalware Installer DLL Preloading Vulnerability

An untrusted search path vulnerability in the Cisco Immunet antimalware installer could allow an authenticated, local attacker to execute arbitrary code via DLL hijacking if a local user with administrative privileges executes the installer in the current working directory where a crafted DLL has...

Cisco Aironet 1560, 2800, and 3800 Series Access Point Platforms Extensible Authentication Protocol Denial of Service Vulnerability

A vulnerability in Extensible Authentication Protocol EAP ingress frame processing for the Cisco Aironet 1560, 2800, and 3800 Series Access Points could allow an unauthenticated, Layer 2 radio frequency RF adjacent attacker to cause the Access Point AP to reload, resulting in a denial of service...

Cisco WebEx Meetings Server Information Disclosure Vulnerability

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The vulnerability is due to the HTTP header...

Cisco Aironet 3800 Series Access Points Protected Management Frames User Denial of Service Vulnerability

A vulnerability in the handling of 802.11w Protected Management Frames PAF by Cisco Aironet 3800 Series Access Points could allow an unauthenticated, adjacent attacker to terminate a valid user connection to an affected device. The vulnerability exists because the affected device does not properl...

Cisco License Manager Directory Traversal Information Disclosure Vulnerability

A vulnerability in the web interface of Cisco License Manager software could allow an unauthenticated, remote attacker to download and view files within the application which should be restricted. The issue is due to improper sanitization of user-supplied input in HTTP request parameters that...

Cisco Identity Services Engine Authentication Bypass Vulnerability

A vulnerability in the authentication module of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to bypass local authentication. The vulnerability is due to improper handling of authentication requests and policy assignment for externally authenticated users. An...

Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Web Interface Information Disclosure Vulnerability

A vulnerability in the web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network EPN Manager could allow an authenticated, remote attacker to access sensitive data. The attacker does not need administrator credentials and could use this information to conduct additional...

Cisco Firepower Detection Engine HTTP Denial of Service Vulnerability

A vulnerability in the detection engine reassembly of HTTP packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition due to the Snort process unexpectedly restarting. The vulnerability is due to improper handling of an...

Cisco Meeting Server Client Authentication Bypass Vulnerability

A vulnerability in the Extensible Messaging and Presence Protocol XMPP service of the Cisco Meeting Server CMS could allow an unauthenticated, remote attacker to masquerade as a legitimate user. This vulnerability is due to the XMPP service incorrectly processing a deprecated authentication schem...

Cisco ASR 5000 Series SNMP Community String Disclosure Vulnerability

A vulnerability in SNMP configuration management in the Cisco ASR 5000 Series could allow an unauthenticated, remote attacker to read and modify the device configuration using an SNMP read-write community string. The vulnerability occurs because the configured SNMP community string is not...

Cisco Web Security Appliance HTTPS Packet Processing Denial of Service Vulnerability

A vulnerability in the web proxy framework of the Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker with the ability to negotiate a secure connection from within the trusted network to cause a denial of service DoS condition on the affected device. The vulnerability...

Cisco TelePresence Video Communication Server Expressway Command Injection Vulnerability

A vulnerability in the administrator web interface of the Cisco TelePresence Video Communication Server VCS Expressway could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of a targeted device. The vulnerability is due to insufficient inpu...

Cisco Application and Content Networking System URL Page Return Cross-Site Scripting Vulnerability

A vulnerability in Cisco Application and Content Networking System ACNS could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks. The vulnerability is due to insufficient validation of the URL of pages that are not accessible to the end user that could be return...

Cisco Wireless LAN Controller HTML Help Cross-Site Scripting Vulnerability

A vulnerability in the HTML help system of Cisco Wireless LAN Controller WLC devices could allow an unauthenticated, remote attacker conduct cross-site scripting attacks. An unauthenticated, remote attacker who can convince a user of an affected system to follow a malicious link or visit an...

Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability

A vulnerability in the Session Initiation Protocol SIP implementation in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device. To exploit this vulnerability, affected devices must be configured to process SIP messages...

Cisco TelePresence System MXP Series Software Denial of Service Vulnerability

A vulnerability in Cisco TelePresence System MXP Series Software could allow an unauthenticated, remote attacker to cause an affected system to become unresponsive to management session requests via Telnet. The vulnerability is due to a memory leak when management flows are created. An attacker...

Cisco ASR 5000 Series Gateway GPRS Support Node Traffic Bypass Vulnerability

A vulnerability in the Wireless Session Protocol WSP function of Cisco ASR 5000 Series Gateway GPRS Support Node GGSN could allow an unauthenticated, remote attacker to browse free of charge instead of being redirected to a Top-Up portal. The vulnerability is due to incorrect processing of certai...

Cisco NX-OS Local Write Redirection Vulnerability

A vulnerability in the command-line interface CLI parser of Cisco NX-OS Software could allow an authenticated, local attacker to create files in any location that they have access. The vulnerability is due to improper input filtering of file name input. An attacker could exploit this vulnerabilit...

Cisco IOS Software DHCP Denial of Service Vulnerability

A vulnerability in the DHCP implementation of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability occurs during the parsing of crafted DHCP packets. An attacker could exploit this vulnerability ...

Apache HTTP Server mod_rewrite Log File Manipulation Vulnerability

A vulnerability in the dorewritelog function of Apache HTTP Server could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper handling of certain escape sequences by the affected software. An unauthenticated, remote attacker could...

Cisco TelePresence System t-shell Denial of Service Vulnerability

A vulnerability in the t-shell implementation of Cisco TelePresence System Software could allow an authenticated, remote attacker to exhaust the available memory and create a denial of service DoS condition. The vulnerability is due to improper handling of orphaned t-shell sessions. An attacker...

Multiple Vulnerabilities in Cisco Unified Computing System

Managed and standalone Cisco Unified Computing System UCS deployments contain one or more of the vulnerabilities: Cisco Unified Computing System LDAP User Authentication Bypass Vulnerability Cisco Unified Computing System IPMI Buffer Overflow Vulnerability Cisco Unified Computing Management API...

Cisco IOS Software Internet Group Management Protocol Denial of Service Vulnerability

A vulnerability in the Internet Group Management Protocol IGMP version 3 implementation of Cisco IOS® Software and Cisco IOS XE Software allows a remote unauthenticated attacker to cause a reload of an affected device. Repeated attempts to exploit this vulnerability could result in a sustained...