Cisco Enterprise NFV Infrastructure Software CLI Command Injection Vulnerability

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, high-privileged, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command parameters in the CLI parser. An attacker coul...

Cisco WebEx Advanced Recording Format Remote Code Execution Vulnerability

A vulnerability in the Cisco WebEx Network Recording Player for Advanced Recording Format ARF files could allow an unauthenticated, remote attacker to execute arbitrary code on the system of a targeted user. An attacker could exploit this vulnerability by sending the user a link or email attachme...

Cisco AMP for Endpoints macOS Connector DMG File Malware Bypass Vulnerability

A vulnerability in the file type detection mechanism of the Cisco Advanced Malware Protection AMP for Endpoints macOS Connector could allow an unauthenticated, remote attacker to bypass malware detection. The vulnerability occurs because the software relies on only the file extension for detectin...

Cisco IOS Software Integrated Services Module for VPN Denial of Service Vulnerability

A vulnerability in the crypto engine of the Cisco Integrated Services Module for VPN ISM-VPN running Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to insufficient handling of VPN traffi...

Cisco Secure Access Control Server XML External Entity Injection Vulnerability

A vulnerability in the web-based user interface of the Cisco Secure Access Control Server could allow an unauthenticated, remote attacker to gain read access to certain information in the affected system. The vulnerability is due to improper handling of XML External Entities XXEs when parsing an...

Cisco Firepower System Software BitTorrent File Policy Bypass Vulnerability

A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass file policies that are configured to block files transmitted to an affected device via the BitTorrent protocol. The vulnerability exists because the affected softwa...

Cisco NX-OS System Software Patch Installation Arbitrary File Write Vulnerability

A vulnerability in Cisco NX-OS System Software patch installation could allow an authenticated, local attacker to write a file to arbitrary locations. The vulnerability is due to insufficient restrictions in the patch installation process. An attacker could exploit this vulnerability by installin...

Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones SIP Denial of Service Vulnerability

A vulnerability in the implementation of Session Initiation Protocol SIP functionality in Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service DoS...

Cisco IOS Software for Cisco Catalyst 6800 Series Switches VPLS Denial of Service Vulnerability

A vulnerability in the Virtual Private LAN Service VPLS code of Cisco IOS Software for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, adjacent attacker to cause a C6800-16P10G or C6800-16P10G-XL type line card to crash, resulting in a denial of service DoS condition. The...

Cisco Emergency Responder Blind SQL Injection Vulnerability

A vulnerability in the SQL database interface for Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a blind SQL injection attack. The vulnerability is due to a failure to validate user-supplied input used in SQL queries that bypass protection filters. An attacker...

Cisco Prime Infrastructure HTML Injection Vulnerability

A vulnerability in the administrative web interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to modify a page in the web interface of the affected application. The vulnerability is due to improper sanitization of parameter values by the affected application. An...

Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based application interface of the Cisco Identity Services Engine ISE portal could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to...

Cisco Ultra Services Framework UAS Unauthenticated Access Vulnerability

A vulnerability in the Ultra Automation Service UAS of the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to gain unauthorized access to a targeted device. The vulnerability is due to an insecure default configuration of the Apache ZooKeeper service used by the...

Cisco UCS C-Series Rack Servers TCP Port Denial of Service Vulnerability

A vulnerability in the TCP throttling process of Cisco UCS C-Series Rack Servers could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to insufficient rate-limiting protection. An attacker could exploit this...

Cisco FindIT Network Probe Information Disclosure Vulnerability

A vulnerability in the file-download feature of the web user interface for Cisco FindIT Network Probe Software could allow an authenticated, remote attacker to download and view any system file by using the affected software. The vulnerability is due to the absence of role-based access control RB...

Cisco Email Security Appliance Malformed MIME Header Filtering Bypass Vulnerability

A vulnerability in the Multipurpose Internet Mail Extensions MIME scanner of Cisco AsyncOS Software for Cisco Email Security Appliances ESA could allow an unauthenticated, remote attacker to bypass configured user filters on the device. The vulnerability is due to improper error handling of a...

Cisco ASR 5000 Software ipsecmgr Process IKE Packet Parsing Denial of Service Vulnerability

A vulnerability in the ipsecmgr process of Cisco ASR 5000 Software could allow an unauthenticated, remote attacker to cause the ipsecmgr process to reload. The vulnerability is due to a logical error while parsing IKE packets. An attacker could exploit this vulnerability by submitting malformed I...

Cisco ONS 15454 Series Multiservice Provisioning Platforms TCP Port Management Denial of Service Vulnerability

A vulnerability in TCP port management in Cisco ONS 15454 Series Multiservice Provisioning Platforms could allow an unauthenticated, remote attacker to cause the controller card to unexpectedly reload. The vulnerability is due to a specific TCP port listening on the local management port when it...

Cisco ASR 5000 Series ipsecmgr Service Denial of Service Vulnerability

A vulnerability in the IPsec component of StarOS for Cisco ASR 5000 Series routers could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from establishing, resulting in a denial of service DoS condition. The vulnerability is due to...

Cisco ASA Input Validation File Injection Vulnerability

A vulnerability in the HTTP web-based management interface of the Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to inject arbitrary XML commands on the affected system. The vulnerability is due to improper user input validation. An attacker could exploit th...

Cisco TelePresence Endpoints Local Command Injection Vulnerability

Cisco TelePresence endpoints running either CE or TC software contain a vulnerability that could allow an authenticated, local attacker to execute a local shell command injection. The vulnerability is due to incomplete input sanitization of some commands. An attacker could exploit this...

Cisco Finesse Cross-Site Request Forgery Vulnerability

A vulnerability in Cisco Finesse Agent and Supervisor Desktop Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against the user of the web interface. The vulnerability is due to insufficient CSRF protections. An attacker could exploit th...

Cisco Firepower Management Center and FireSIGHT System Software Malware Bypass Vulnerability

A vulnerability in the malicious file detection and blocking features of Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system. The vulnerability is due to improper input...

Cisco Firepower Management Center Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation for some of t...

Cisco Configuration Assistant Request Processing Unauthorized Access Vulnerability

A vulnerability in Cisco Configuration Assistant CCA could allow an unauthenticated, remote attacker to access sensitive file systems and administrative endpoints without user authentication. The vulnerability is due to lack of controller mechanisms and input validation checks. An attacker could...

Cisco ESA and WSA AMP ClamAV Denial of Service Vulnerability

A vulnerability in the Clam AntiVirus ClamAV software that is used by Cisco Advance Malware Protection AMP for Cisco Email Security Appliances ESAs and Cisco Web Security Appliances WSAs could allow an unauthenticated, remote attacker to cause the AMP process to restart. The vulnerability is due ...

Cisco IOS Software for Cisco Industrial Ethernet 2000 Series Switches Denial of Service Vulnerability

A vulnerability in the processing of Cisco Discovery Protocol CDP packets by Cisco IOS Software for Cisco Industrial Ethernet 2000 Series Switches could allow an unauthenticated, adjacent attacker to cause an affected device to reload. The vulnerability is due to improper processing of crafted CD...

Cisco Adaptive Security Appliance Information Disclosure Vulnerability

A vulnerability in the Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to access sensitive data, including the ASA Software version that is currently running on the appliance. The vulnerability occurs because the Cisco ASA does not sufficiently protect...

Cisco Emergency Responder Tools Menu Directory Traversal Vulnerability

A vulnerability in the Tools menu of Cisco Emergency Responder could allow an authenticated, remote attacker to put files in arbitrary locations on an affected device. The vulnerability is due to a failure to properly sanitize user-supplied input that is provided to the Tools menu as part of a...

Cisco Wireless Residential Unauthorized Command Vulnerability

A vulnerability with web interface access authentication of the Cisco EPC3928 Wireless Residential Gateway could allow an unauthenticated, remote attacker to issue a subset of commands as the administrator without authenticating to the device. The vulnerability is due to lack of authentication...

Cisco Firepower 9000 Series Switch Clickjacking Vulnerability

A vulnerability in the web interface of the Cisco Firepower 9000 Series Switch could allow an unauthenticated, remote attacker to affect the integrity of the device though a clickjacking or phishing attack. The vulnerability is due to the lack of proper input sanitization of iFrame data in the HT...

Cisco Unified Computing System Blade Server Information Disclosure Vulnerability

A vulnerability in the web interface of the Cisco Unified Computing System UCS Blade Server could allow an unauthenticated, remote attacker to obtain information about the UCS software version. The vulnerability is due to the verbose output that is returned when a specific URL is submitted to an...

Cisco Unified Border Element Denial of Service Vulnerability

A vulnerability in the Session Initiation Protocol SIP functionality of Cisco Unified Border Element CUBE could allow an unauthenticated, remote attacker to trigger a denial of service DoS condition. The vulnerability is due to incorrect processing of SIP messages. An attacker could exploit this...

Cisco IOS Software RADIUS Client Denial of Service Vulnerability

A vulnerability in the RADIUS client feature of Cisco IOS Software could allow an authenticated, remote attacker to cause a reload of the affected device. The vulnerability is due to improper parsing of malformed RADIUS packets returned by a RADIUS server. An attacker could exploit this...

Cisco IOS and IOS XE Software SSH Version 2 RSA-Based User Authentication Bypass Vulnerability

A vulnerability in the SSH version 2 SSHv2 protocol implementation of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to bypass user authentication. Successful exploitation could allow the attacker to log in with the privileges of the user or the privileges configure...

Cisco Nexus and Cisco Multilayer Director Switches MOTD Telnet Login Reset Vulnerability

A vulnerability in the Message of the Day MOTD or banner functionality of the NX-OS Software could allow an unauthenticated, remote attacker to cause the login process to reset. The vulnerability is due to the MOTD display handling when a certain type of terminal session is requested via Telnet...

Cisco IP Phone 7861 Denial of Service Vulnerability

A vulnerability in the Cisco IP Phone 7861 could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper boundary restrictions when user-supplied input to the affected application is processed. An...

Cisco Access Control Server File Inclusion Vulnerability

A vulnerability in Cisco Access Control Server ACS could allow an unauthenticated, remote attacker to perform a file inclusion attack. The vulnerability is due to improper input validation of certain parameters passed to an affected device. An attacker could exploit this vulnerability by convinci...

Multiple Vulnerabilities in Cisco Unity Connection

Cisco Unity Connection contains multiple vulnerabilities, when it is configured with Session Initiation Protocol SIP trunk integration. The vulnerabilities described in this advisory are denial of service vulnerabilities impacting the availability of Cisco Unity Connection for processing SIP...

Cisco IOS Software Virtual Routing and Forwarding ICMP Queue Wedge Vulnerability

A vulnerability within the virtual routing and forwarding VRF subsystem of Cisco IOS software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to a failure to properly process malicious ICMP version 4 ICMPv4 messages received on ...

Cisco Unity Connection Information Disclosure Vulnerability

A vulnerability in the Unified Messaging Service UMS of Cisco Unity Connection, could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to the inclusion of sensitive information in the logs. An attacker could exploit this vulnerability by viewing th...

Cisco ASA Clientless SSL VPN Portal Customization Integrity Vulnerability

A vulnerability in the Clientless SSL VPN portal customization framework could allow an unauthenticated, remote attacker to modify the content of the Clientless SSL VPN portal, which could lead to several attacks including the stealing of credentials, cross-site scripting XSS, and other types of...

Cisco Secure ACS Portal Session Management Vulnerability

A vulnerability in the portal interface of Cisco Secure Access Control System ACS could allow an authenticated, remote attacker to access the portal with the access capabilities of another user. The vulnerability is due to insufficient session management in the portal. An attacker could exploit...

Cisco TelePresence Video Communication Server Expressway Default SSL Certificate Vulnerability

A vulnerability in the Cisco TelePresence Video Communication Server VCS Expressway could allow an unauthenticated, remote attacker to execute a man-in-the-middle MITM attack between one or more affected devices. The vulnerability occurs because the same default SSL certificate is used across all...

Cisco TelePresence ISDN Gateway D-Channel Denial of Service Vulnerability

Cisco TelePresence ISDN Gateway contains a vulnerability that could allow an unauthenticated, remote attacker to trigger the drop of the data channel D-channel, causing all calls to be terminated and preventing users from making new calls. Cisco has released software updates that address this...

Undocumented Test Interface in Cisco Small Business Devices

A vulnerability in the Cisco WAP4410N Wireless-N Access Point, Cisco WRVS4400N Wireless-N Gigabit Security Router, and the Cisco RVS4000 4-port Gigabit Security Router could allow an unauthenticated, remote attacker to gain root-level access to an affected device. Note: Additional research...

Multiple Vulnerabilities in Cisco Web Security Appliance

Cisco IronPort AsyncOS Software for Cisco Web Security Appliance is affected by the following vulnerabilities: Two authenticated command injection vulnerabilities Management GUI Denial of Service Vulnerability These vulnerabilities are independent of each other; a release that is affected by one ...

Cisco ISM Malformed Authentication Header Packet Denial of Service Vulnerability

A vulnerability in authentication header packets processing on the Cisco ISM module for ISR G2 could allow an authenticated, remote attacker to cause a reload of the affected module. The vulnerability is due to improper processing of malformed authentication header packets. An attacker could...

Cisco IOS Software Network Address Translation Vulnerability

The Cisco IOS Software implementation of the virtual routing and forwarding VRF aware network address translation NAT feature contains a vulnerability when translating IP packets that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. Cisco has released...

Cisco ASA 5500 Series Adaptive Security Appliance Clientless VPN ActiveX Control Remote Code Execution Vulnerability

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...