5223 matches found
Cisco Tetration Analytics Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Tetration Analytics could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient...
Cisco Unified Communications Domain Manager Reflected Cross-Site Scripting Vulnerability
A vulnerability in Cisco Unified Communications Domain Manager Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack on an affected system. The vulnerability is due to improper validation of input that is passed to the affected software. An attacker...
Cisco Small Business 100 Series and 300 Series Wireless Access Points Denial of Service Vulnerability
A vulnerability in the implementation of Extensible Authentication Protocol over LAN EAPOL functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an authenticated, adjacent attacker to cause a denial of servic...
Cisco Policy Suite World-Readable Sensitive Data Vulnerability
A vulnerability in the CLI of Cisco Policy Suite could allow an authenticated, local attacker to access files owned by another user. The vulnerability is due to insufficient access control permissions. An attacker could exploit this vulnerability by logging in to the CLI. An exploit could allow t...
Cisco Wide Area Application Services Software Static SNMP Credentials Vulnerability
A vulnerability in the default configuration of the Simple Network Management Protocol SNMP feature of Cisco Wide Area Application Services WAAS Software could allow an unauthenticated, remote attacker to read data from an affected device via SNMP. The vulnerability is due to a hard-coded,...
Cisco Unified Communications Manager and Cisco Unified Presence Cross-Site Scripting Vulnerability
A vulnerability in the web framework of Cisco Unified Communications Manager and Cisco Unified Presence could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient...
Cisco StarOS CLI Command Injection Vulnerability
A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected operating system. The vulnerability is due to insufficient validati...
Cisco UCS Central Arbitrary Command Execution Vulnerability
A vulnerability in an operations script of Cisco UCS Central could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the daemon user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by posting...
Cisco Unified Communications Manager Information Disclosure Vulnerability
A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables. An attacker could exploit this vulnerability by browsing to a specific URL. ...
Cisco Prime Service Catalog SQL Injection Vulnerability
A vulnerability in the web framework of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to execute unauthorized Structured Query Language SQL queries. The vulnerability is due to a failure to validate user-supplied input that is used in SQL queries. An attacker could...
Multiple Vulnerabilities in Cisco WebEx Recording Format and Advanced Recording Format Players
Multiple vulnerabilities exist in Cisco WebEx Network Recording Player for Advanced Recording Format ARF and WebEx Recording Format WRF files. A remote attacker could exploit these vulnerabilities by providing a user with a malicious ARF or WRF file via email or URL and convincing the user to...
Cisco IOS Software Common Industrial Protocol Request Denial of Service Vulnerabilities
Multiple vulnerabilities in the implementation of the Common Industrial Protocol CIP feature in Cisco IOS Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. The vulnerabilities are due to the improper...
Cisco Yes Set-Top Box Denial of Service vulnerability
A vulnerability in the HTTP remote procedure call RPC service of set-top box STB receivers manufactured by Cisco for Yes could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability exists because the firmware of an affected...
Cisco SocialMiner XML External Entity Injection Vulnerability
A vulnerability in the web-based user interface of Cisco SocialMiner could allow an unauthenticated, remote attacker to have read and write access to information stored in the affected system. The vulnerability is due to improper handling of XML External Entity XXE entries when parsing an XML fil...
Cisco Meeting Server Command Injection and Privilege Escalation Vulnerability
A vulnerability in the CLI command-parsing code of Cisco Meeting Server could allow an authenticated, local attacker to perform command injection and escalate their privileges to root. The attacker must first authenticate to the application with valid administrator credentials. The vulnerability ...
Cisco Ultra Services Framework AutoVNF Arbitrary Direction Creation Vulnerability
A vulnerability in the AutoVNF logging function of Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to create arbitrary directories on the affected system. The vulnerability is due to insufficient checks when creating directories on the system. An attacker could...
Cisco CVR100W Wireless-N VPN Router Universal Plug-and-Play Buffer Overflow Vulnerability
A vulnerability in the Universal Plug-and-Play UPnP implementation in the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, Layer 2–adjacent attacker to execute arbitrary code or cause a denial of service DoS condition. The remote code execution could occur with root privileges...
Cisco Prime Infrastructure API Credentials Management Vulnerability
A vulnerability in the APIs for Cisco Prime Infrastructure could allow an authenticated, remote attacker to access an API that should be restricted to a privileged user. The attacker needs to have valid credentials. The vulnerability is due to a lack of proper role-based access control RBAC for...
Cisco AsyncOS Software for Cisco ESA Filtering Bypass Vulnerability
A vulnerability in the Multipurpose Internet Mail Extensions MIME scanner of Cisco AsyncOS Software for Cisco Email Security Appliances ESA could allow an unauthenticated, remote attacker to bypass configured user filters on the device. The vulnerability is due to improper error handling of a...
Cisco Expressway Series and TelePresence VCS Denial of Service Vulnerability
A vulnerability in the received packet parser of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS software could allow an unauthenticated, remote attacker to cause a reload of the affected system, resulting in a denial of service DoS condition. The vulnerability is du...
Cisco ASR 5000 Series IPv6 Packet Processing Denial of Service Vulnerability
A vulnerability in IPv6 packet fragment reassembly of StarOS for Cisco Aggregation Services Router ASR 5000 Series Switch could allow an unauthenticated, remote attacker to cause an unexpected reload of the Network Processing Unit NPU process. The vulnerability is due to lack of proper input...
Cisco Identity Services Engine Cross-Site Scripting Vulnerability
Cisco Identity Services Engine ISE contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input validation of some parameters...
Cisco IP Interoperability and Collaboration System Cross-Site Scripting Vulnerability
A vulnerability in the web framework code of the Cisco IP Interoperability and Collaboration System IPICS could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. The vulnerability is due to insufficient input validation of some parameters passed to the web...
Cisco Firepower Management Center Console Authentication Bypass Vulnerability
A vulnerability in the web console of Cisco Firepower Management Center could allow an authenticated, local attacker to bypass authentication and access sensitive information. The vulnerability is due to the use of static credentials by the database on an affected system. An authenticated user wh...
Cisco IOS XR Software for NCS 6000 Series Devices OSPF Packet Processing Denial of Service Vulnerability
A vulnerability in the OSPFv3 processing of Cisco IOS XR Software for Cisco Network Convergence System NCS 6000 Series devices could allow an unauthenticated, remote attacker to cause a reload of the OSPFv3 process and result in a limited denial of service DoS condition on an affected device. The...
Cisco Small Business SPA3x/5x Series Denial of Service Vulnerability
A vulnerability in the HTTP framework of Cisco Small Business SPA300 Series IP Phones, Cisco Small Business SPA500 Series IP Phones, and Cisco SPA51x IP Phones could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is du...
Cisco Videoscape Session Resource Manager Denial of Service Vulnerability
A vulnerability in system resource management in the Cisco Videoscape Session Resource Manager VSRM could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition because the device unexpectedly restarts. The vulnerability occurs because the VSRM is not installed usi...
Cisco AMP Threat Grid Unauthorized Clean IP Access Vulnerability
A vulnerability in the virtual network stack of the Cisco AMP Threat Grid Appliance could allow an unauthenticated, remote attacker to access internal interfaces within the appliance. The vulnerability is due to insufficient isolation between the sandbox and other internal components. An attacker...
Cisco Prime Network Analysis Module Unauthenticated Remote Code Execution Vulnerability
A vulnerability in the web interface of Cisco Network Analysis Modules could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of the affected device with the privileges of the web server. The vulnerability is due to a failure to properly...
Cisco Wireless LAN Controller Management Interface Denial of Service Vulnerability
A vulnerability in the web-based management interface of Cisco Wireless LAN Controller WLC devices running Cisco AireOS Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. The vulnerability is due to the...
Multiple Cisco Products libSRTP Denial of Service Vulnerability
Cisco released version 1.5.3 of the Secure Real-Time Transport Protocol SRTP library libSRTP, which addresses a denial of service DoS vulnerability. Multiple Cisco products incorporate a vulnerable version of the libSRTP library. The vulnerability is in the encryption processing subsystem of...
Cisco Unified Computing System Central Software Arbitrary Command Execution Vulnerability
A vulnerability in the web framework of Cisco Unified Computing System UCS Central Software could allow an unauthenticated, remote attacker to execute arbitrary commands on a targeted system. The vulnerability is due to improper input validation by the affected software. An attacker could exploit...
Cisco FirePOWER Management Center Unauthenticated Information Disclosure Vulnerability
A vulnerability in the Cisco FirePOWER Management Center could allow an unauthenticated, remote attacker to obtain information about the Cisco FirePOWER Management Center software version from the device login page. The vulnerability is due to verbose output returned when HTML files are retrieved...
Cisco Small Business SG300 Managed Switch Web Framework GUI Function Denial of Service Vulnerability
A vulnerability in the GUI function in the web framework code of Cisco Small Business SG300 Managed Switches could allow an unauthenticated, remote attacker to cause the HTTPS process to become unresponsive, resulting in a partial denial of service DoS condition. The vulnerability is due to...
Cisco Web Security Appliance Security Bypass Vulnerability
A vulnerability in the proxy engine of the Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to bypass security restrictions. The vulnerability is due to improper handling of malformed HTTP methods. An attacker could exploit this vulnerability by crafting an imprope...
Cisco Videoscape Distribution Suite Service Manager Unauthorized Access Vulnerability
A vulnerability in the role-based access control RBAC for certain users of the Cisco Videoscape Distribution Suite Service Manager VDS-SM could allow an authenticated, remote attacker read and write access to an internal database that contains sensitive information. The vulnerability is due to la...
Cisco Cloud Services Router 1000V Command Injection Vulnerability
A vulnerability in the event manager environment and publish-event function of the Cisco Cloud Services Router 1000V Series could allow an authenticated, local attacker to perform a command injection attack with root-level privileges. The vulnerability is due to a lack of proper input validation ...
Cisco Firepower 9000 Persistent Cross-Site Scripting Vulnerability
A vulnerability in the HTTP web-based management interface of Cisco Firepower 9000 devices could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the affected system. The vulnerability is due to insufficient input validation of a user-suppli...
Cisco Web Security Appliance Range Request Denial of Service Vulnerability
A vulnerability in the file-range request functionality of Cisco AsyncOS for Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an appliance because the appliance runs out of system memory. The vulnerability is due to a...
Cisco Videoscape Policy Resource Manager Denial of Service Vulnerability
A vulnerability in the TCP module of the Cisco Videoscape Policy Resource Manager PRM product could allow an unauthenticated, remote attacker to disable TCP ports and cause an increase in CPU and memory usage. The vulnerability is due to a lack of rate limiting in the TCP listening application. A...
Cisco Nexus Devices Python Subsystem Local Privilege Escalation Vulnerabilities
Multiple privilege escalation vulnerabilities in the Python subsystem of Cisco Nexus devices running Cisco NX-OS Software could allow an authenticated, local attacker to gain elevated privileges. The vulnerabilities are due to insufficient hardening of the operating system on which NX-OS is...
Cisco uBR10000 Series Universal Broadband Routers Information Disclosure Vulnerability
A vulnerability in the processing of IP Detail Record IPDR packets on Cisco uBR10000 devices could allow an unauthenticated, remote attacker to gather a limited amount of IPDR data from the affected device. The vulnerability is due to the inability of Cisco Cable Modem Termination Systems CMTS to...
Cisco TelePresence Video Communication Server SDP Over SIP Denial of Service Vulnerability
A vulnerability in the Session Description Protocol SDP parser of the Cisco TelePresence Video Communication Server VCS could allow an unauthenticated, remote attacker to cause the Cisco VCS device to become unreachable due to a denial of service DoS attack caused by high CPU utilization. The...
Cisco Unified Communications Manager Interactive Voice Response Interface SQL Injection Vulnerability
A vulnerability in the Interactive Voice Response IVR interface of Cisco Unified Communications Manager UCM could allow an unauthenticated, remote attacker to conduct SQL injection attacks. The vulnerability is due to a lack of input validation on user-supplied input within SQL queries. An attack...
Cisco Identity Services Engine Periodic Backup Password Disclosure Vulnerability
A vulnerability in the periodic backup functionality of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to discover the password used to encrypt the backup on the system. The vulnerability is due to improper processing of certain client requests by the affected...
Cisco IronPort ESA Subject Header Length Denial of Service Vulnerability
A vulnerability in Subject header length processing on Cisco IronPort Email Security Appliance ESA could allow an unauthenticated, remote attacker to cause a limited denial of service DoS condition on an affected platform. The vulnerability occurs because the appliance does not limit the length o...
Cisco Enterprise Content Delivery System Web Directory Traversal and Arbitrary File Access Vulnerability
A vulnerability in Cisco Enterprise Content Delivery System ECDS could allow an unauthenticated, remote attacker to conduct directory traversal attacks on a targeted system. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could...
Cisco IOS Software DLSw Information Disclosure Vulnerability
A vulnerability in the DLSw feature of Cisco IOS could allow an unauthenticated, remote attacker to extract information from previously processed packets. The vulnerability is due to the lack of initialization of packet buffers. An attacker could exploit this vulnerability by connecting to the DL...
Multiple Vulnerabilities in Cisco Small Business RV Series Routers
The Cisco RV120W Wireless-N VPN Firewall, Cisco RV180 VPN Router, Cisco RV180W Wireless-N Multifunction VPN Router, and Cisco RV220W Wireless Network Security Firewall are affected by the following vulnerabilities: Cisco RV Series Routers Command Injection Vulnerability Cisco RV Series Routers HT...
Cisco Adaptive Security Appliance Software WebVPN Information Disclosure Vulnerability
A vulnerability in the WebVPN portal of Cisco Adaptive Security Appliance ASA could allow an authenticated, remote attacker to view sensitive information from the affected system. The vulnerability is due to improper input validation in the WebVPN portal. An attacker could exploit this...