Cisco ASR 5500 Series with DPC2 Cards SESSMGR Denial of Service Vulnerability

A vulnerability in the Slowpath of StarOS for Cisco ASR 5500 Series routers with Data Processing Card 2 DPC2 could allow an unauthenticated, remote attacker to cause a subset of the subscriber sessions to be disconnected, resulting in a partial denial of service DoS condition. The vulnerability i...

Cisco Unified Communications Manager iFrame Data Clickjacking Vulnerability

The Cisco Unified Communications Manager CUCM may be vulnerable to data that can be displayed inside an iframe within a web page, which in turn could lead to a clickjacking attack. Protection mechanisms should be used to prevent this type of attack. The vulnerability is due to a lack of proper...

Cisco ACE30 Application Control Engine Module and Cisco ACE 4710 Application Control Engine Denial of Service Vulnerability

A vulnerability in the SSL/TLS functions of the Cisco ACE30 Application Control Engine Module and the Cisco ACE 4700 Series Application Control Engine Appliances could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on the affected device. The vulnerability is...

Cisco IOS XR Software Command Injection Vulnerability

A vulnerability in the command-line utility of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands on the host operating system with elevated privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this...

Cisco Prime Network Analysis Module Unauthenticated Remote Code Execution Vulnerability

A vulnerability in the web interface of Cisco Network Analysis Modules could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of the affected device with the privileges of the web server. The vulnerability is due to a failure to properly...

Cisco IOS XR for Cisco ASR 9000 Series Aggregation Services Routers Interface Flap Vulnerability

A vulnerability in packet processing functions of Cisco IOS XR Software running on Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause cyclic redundancy check CRC and symbol errors on the receiving interface of an affected device, which may...

Cisco IOS XR Software SCP and SFTP Modules Denial of Service Vulnerability

A vulnerability in the Secure Copy Protocol SCP and Secure FTP SFTP modules of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite system files and cause a denial of service DoS condition. The vulnerability is due to improper setting of permissions on the filesystem f...

Cisco IOS and IOS XE Software DHCPv6 Relay Denial of Service Vulnerability

A vulnerability in the DHCP version 6 DHCPv6 relay feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient validation of DHCPv6 relay messages. An attacker could exploit this...

Cisco Cloud Services Router 1000V Command Injection Vulnerability

A vulnerability in the event manager environment and publish-event function of the Cisco Cloud Services Router 1000V Series could allow an authenticated, local attacker to perform a command injection attack with root-level privileges. The vulnerability is due to a lack of proper input validation ...

Cisco ASA Software VPN ISAKMP Denial of Service Vulnerability

A vulnerability in the Internet Key Exchange IKE version 1 v1 code of Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to cause an affected system to reload. The vulnerability is due to improper handling of Internet Security Association and Key...

Cisco TelePresence Video Communication Server (VCS) Expressway Privilege Escalation Vulnerability

A vulnerability in the process management code of the Cisco TelePresence Video Communication Server VCS Expressway could allow an authenticated, local attacker to run arbitrary programs with elevated privileges. The vulnerability is due to the failure to protect a supervised process. An attacker...

Multiple Vulnerabilities in Cisco TelePresence TC and TE Software

Cisco TelePresence TC and TE Software contains the following vulnerabilities: Cisco TelePresence TC and TE Software Authentication Bypass Vulnerability Cisco TelePresence TC and TE Software Crafted Packets Denial of Service Vulnerability Successful exploitation of the Cisco TelePresence TC and TE...

Multiple Vulnerabilities in Cisco IOS XE Software for Cisco ASR 1000 Series, Cisco ISR 4400 Series, and Cisco Cloud Services 1000v Series Routers

Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers ASR, Cisco 4400 Series Integrated Services Routers ISR, and Cisco Cloud Services Routers CSR 1000v Series contains the following vulnerabilities: Cisco IOS XE Software Fragmented Packet Denial of Service Vulnerability...

Multiple Vulnerabilities in Cisco IOS Software Common Industrial Protocol

The Cisco IOS Software implementation of the Common Industrial Protocol CIP feature contains the following vulnerabilities when processing crafted CIP packets that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition: Cisco IOS Software UDP CIP Denial of...

Cisco IOS Software DHCP Version 6 Denial of Service Vulnerability

A vulnerability in the DHCP version 6 DHCPv6 server implementation of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to improper parsing of malformed DHCPv6 packets. An attacker coul...

Cisco ONS 15454 Controller Card Denial of Service Vulnerability

A vulnerability in the web interface of Cisco ONS15454 controller cards could allow an unauthenticated, remote attacker to cause the control card to reset. The vulnerability is due to incorrect parsing of the HTTP URI. An attacker could exploit this vulnerability by sending specific HTTP requests...

Cisco Unified Communications Manager Java Class File Availability Vulnerability

A vulnerability in the administration interface of Cisco Unified Communications Manager Cisco Unified CM could allow an unauthenticated, remote attacker to access Java class files. The vulnerability is due to insufficient authentication enforcement. An attacker could exploit this vulnerability by...

Multiple Vulnerabilities in Cisco Firewall Services Module Software

Cisco Firewall Services Module FWSM Software for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers is affected by the following vulnerabilities: Cisco FWSM Command Authorization Vulnerability SQLNet Inspection Engine Denial of Service Vulnerability These vulnerabilities are...

Cisco IOS Software Network Address Translation Vulnerabilities

The Cisco IOS Software network address translation NAT feature contains multiple denial of service DoS vulnerabilities in the translation of the following protocols: NetMeeting Directory Lightweight Directory Access Protocol, LDAP Session Initiation Protocol. Multiple vulnerabilities H.323 protoc...

Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities

Multiple vulnerabilities exist in the Session Initiation Protocol SIP implementation in Cisco IOS® Software that could allow an unauthenticated, remote attacker to cause a reload of an affected device when SIP operation is enabled. Cisco has released software updates that address these...

Cisco 7600 Series Router Session Border Controller Denial of Service Vulnerability

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

Multiple Cisco Products Snort 3 HTTP Intrusion Prevention System Rule Bypass Vulnerability

Multiple Cisco products are affected by a vulnerability in the Snort Intrusion Prevention System IPS rule engine that could allow an unauthenticated, remote attacker to bypass the configured rules on an affected system. This vulnerability is due to incorrect HTTP packet handling. An attacker coul...

Cisco IOS XR Software MPLS and Pseudowire Interfaces Access Control List Bypass Vulnerabilities

Multiple vulnerabilities in the IP access control list ACL processing in the ingress direction on MPLS and Pseudowire PW interfaces of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. For more information about these vulnerabilities, see the Detail...

Cisco Expressway Series Cross-Site Request Forgery Vulnerabilities

Multiple vulnerabilities in the Cisco Expressway Series could allow an unauthenticated, remote attacker to conduct cross-site request forgery CSRF attacks, which could allow the attacker to perform arbitrary actions on an affected device. Note: Cisco Expressway Series refers to Cisco Expressway...

Cisco IOS XE Software for ASR 1000 Series Aggregation Services Routers IPv6 Multicast Denial of Service Vulnerability

A vulnerability in the Multicast Leaf Recycle Elimination mLRE feature of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service DoS condition. This...

Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against a user of the web-based management interface of an affected...

Cisco Expressway Series and Cisco TelePresence Video Communication Server Privilege Escalation Vulnerabilities

Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated attacker with Administrator-level read-only credentials to elevate their privileges to Administrator with read-write credentials on an affected system. Note: "Cis...

Cisco IOS XE Software for Wireless LAN Controllers HTTP Client Profiling Denial of Service Vulnerability

A vulnerability in the HTTP-based client profiling feature of Cisco IOS XE Software for Wireless LAN Controllers WLCs could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to insufficient input validation of...

Cisco BroadWorks Application Delivery Platform, Application Server, and Xtended Services Platform Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform, Cisco BroadWorks Application Server, and Cisco BroadWorks Xtended Services Platform could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user ...

Cisco Small Business RV160 and RV260 Series VPN Routers Remote Command Execution Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business RV160 and RV260 Series VPN Routers could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validati...

Cisco SD-WAN Software Privilege Escalation Vulnerabilities

Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. These vulnerabilities are due to improper access controls on commands within the application CLI. An attacker could exploit these vulnerabilities by running a...

Cisco Wireless LAN Controller AireOS Software FIPS Mode Denial of Service Vulnerability

A vulnerability in the authentication functionality of Cisco Wireless LAN Controller WLC AireOS Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to insufficient error validation. An attacker coul...

Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability

A vulnerability in the External RESTful Services ERS API of Cisco Identity Services Engine ISE Software could allow an authenticated, remote attacker to obtain sensitive information. This vulnerability is due to excessive verbosity in a specific REST API output. An attacker could exploit this...

Cisco Email Security Appliance and Cisco Secure Email and Web Manager External Authentication Bypass Vulnerability

A vulnerability in the external authentication functionality of Cisco Secure Email and Web Manager, formerly known as Cisco Security Management Appliance SMA, and Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass authentication and log in to the web...

Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability exists because administrative privilege levels for sensitive data are not properly...

Cisco IOS XE Software for Cisco Catalyst 9000 Family Switches and Catalyst 9000 Family Wireless Controllers Privilege Escalation Vulnerability

May 12, 2022 Update: The information in the Cisco Software Checker "https://sec.cloudapps.cisco.com/security/center/softwarechecker.x" was not complete when this advisory was first published. Customers should use the form in the Fixed Software "fs" section of this advisory to get the latest...

Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure Privilege Escalation Vulnerability

A vulnerability in the Common Execution Environment CEE ConfD CLI of Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure SMI software could allow an authenticated, local attacker to escalate privileges on an affected device. This vulnerability is due to insufficient access control in...

Cisco Policy Suite Static SSH Keys Vulnerability

A vulnerability in the key-based SSH authentication mechanism of Cisco Policy Suite could allow an unauthenticated, remote attacker to log in to an affected system as the root user. This vulnerability is due to a weakness in the SSH subsystem of an affected system. An attacker could exploit this...

Cisco Email Security Appliance Denial of Service Vulnerability

A vulnerability in the email scanning algorithm of Cisco AsyncOS software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to perform a denial of service DoS attack against an affected device. This vulnerability is due to insufficient input validation of...

Cisco IOS XE Software Interface Queue Wedge Denial of Service Vulnerability

A vulnerability in the Layer 2 punt code of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a queue wedge on an interface that receives specific Layer 2 frames, resulting in a denial of service DoS condition. This vulnerability is due to improper handling of certa...

Cisco NX-OS Software Protocol Independent Multicast Denial of Service Vulnerability

A vulnerability in the Protocol Independent Multicast PIM feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this...

Cisco AnyConnect Secure Mobility Client Arbitrary File Read Vulnerability

A vulnerability in the upgrade component of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker with low privileges to read arbitrary files on the underlying operating system OS of an affected device. The vulnerability is due to insufficient file permission...

Cisco StarOS for Cisco ASR 5000 Series Routers Arbitrary File Read Vulnerability

A vulnerability in the Secure FTP SFTP of Cisco StarOS for Cisco ASR 5000 Series Routers could allow an authenticated, remote attacker to read arbitrary files on an affected device. To exploit this vulnerability, the attacker would need to have valid credentials on the affected device. The...

Cisco Identity Services Engine Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting XSS attack against a user of the interface. The vulnerability exists because the web-based...

Cisco Adaptive Security Appliance Software SSL/TLS Denial of Service Vulnerability

A vulnerability in the SSL/TLS handler of Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to cause the affected device to reload unexpectedly, leading to a denial of service DoS condition. The vulnerability is due to improper error handling on...

Cisco Firepower Threat Defense Software Hidden Commands Vulnerability

A vulnerability in the CLI of Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to access hidden commands. The vulnerability is due to the presence of undocumented configuration commands. An attacker could exploit this vulnerability by performing specific...

Cisco Catalyst 9200 Series Switches Jumbo Frame Denial of Service Vulnerability

A vulnerability in the Polaris kernel of Cisco Catalyst 9200 Series Switches could allow an unauthenticated, remote attacker to crash the device. The vulnerability is due to insufficient packet size validation. An attacker could exploit this vulnerability by sending jumbo frames or frames larger...

Cisco IOS XE Software Web UI Remote Code Execution Vulnerability

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code with root privileges on the underlying Linux shell. The vulnerability is due to improper validation of user-supplied input. An attacker cou...

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software IPv6 DNS Denial of Service Vulnerability

A vulnerability in DNS over IPv6 packet processing for Cisco Adaptive Security Appliance ASA Software and Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause the device to unexpectedly reload, resulting in a denial of service DoS condition. The...