Cisco Adaptive Security Appliance Software WebVPN Information Disclosure Vulnerability

A vulnerability in the WebVPN portal of Cisco Adaptive Security Appliance ASA could allow an authenticated, remote attacker to view sensitive information from the affected system. The vulnerability is due to improper input validation in the WebVPN portal. An attacker could exploit this...

Cisco IOS Software and Cisco IOS XE Software IKE Main Mode Vulnerability

A vulnerability in the Internet Key Exchange IKE module of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to delete established security associations on an affected device. The vulnerability is due to improper handling of rogue IKE Main Mode packets. ...

Cisco 7600 Series Route Switch Processor 720 with 10 Gigabit Ethernet Uplinks Denial of Service Vulnerability

A vulnerability in the Cisco 7600 Series Route Switch Processor 720 with 10 Gigabit Ethernet Uplinks models RSP720-3C-10GE and RSP720-3CXL-10GE could allow an unauthenticated, remote attacker to cause the route processor to reboot or stop forwarding traffic. The vulnerability is due to an issue i...

Cisco Adaptive Security Appliance Identity Firewall NetBIOS Logout Probe Auth State Change Vulnerability

A vulnerability in the NetBIOS logout probe feature of the Identity Firewall IDFW feature of the Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to impact the authorization status of users authorized via this feature. The vulnerability is due to insufficient...

Cisco WebEx Collaboration Partner Access Console Cross-Site Scripting Vulnerability

A vulnerability in the Collaboration Partner Access Console CPAC of Cisco WebEx Business Suite could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this...

Cisco Unified Computing System Fabric Interconnect Information Disclosure Vulnerability

A vulnerability in the Fabric Interconnect of Cisco Unified Computing System could allow an unauthenticated, remote attacker to capture or modify KVM virtual media traffic. The vulnerability is due to improperly securing the KVM virtual media traffic between the server and the client. An attacker...

Cisco IOS Software OSPF Opaque LSA Denial of Service Vulnerability

A vulnerability in the OSPF implementation of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a reload of the affected device. The vulnerability is due to improper parsing of certain options in OSPF link-state advertisement LSA type 11...

Cisco Prime Central for HCS Portal Credentials Access Vulnerability

A vulnerability in Cisco Prime Central for HCS portal could allow an authenticated, local attacker to retrieve the credentials for accounts. The vulnerability is due to plaintext logging of credentials to temporary files with inadequate permissions. An attacker could exploit this vulnerability by...

Cisco SocialMiner Cross-Site Scripting Vulnerability

A vulnerability in the bookmarklet.jsp page of Cisco SocialMiner could allow an unauthenticated, remote attacker to send a malicious script to an unsuspecting user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by convincing the user of th...

Multiple Vulnerabilities in Cisco Unified MeetingPlace Web Conferencing

Cisco Unified MeetingPlace Web Conferencing is affected by two vulnerabilities: Cisco Unified MeetingPlace Web Conferencing SQL Injection Vulnerability Cisco Unified MeetingPlace Web Conferencing Buffer Overrun Vulnerability Exploitation of the Cisco Unified MeetingPlace Web Conferencing SQL...

Cisco IOS Software Network Address Translation Vulnerabilities

The Cisco IOS Software Network Address Translation NAT feature contains two denial of service DoS vulnerabilities in the translation of IP packets. The vulnerabilities are caused when packets in transit on the vulnerable device require translation. Cisco has released software updates that address...

Cisco AnyConnect Secure Mobility Client Man-in-the-Middle Attack Vulnerability

Cisco AnyConnect Secure Mobility Client contains a vulnerability that could allow an unauthenticated, remote attacker to conduct man-in-the-middle attacks. The vulnerability is due insufficient validation of certificates to be accepted by end users. An unauthenticated, remote attacker can exploit...

Cisco TelePresence Video Communication Server Session Initiation Protocol Denial of Service Vulnerabilities

Cisco TelePresence Video Communication Servers running software versions prior to X7.0.1 contain vulnerabilities that could allow an attacker to cause a denial of service DoS condition. Cisco has released software updates that address these vulnerabilities. There are no workarounds that mitigate...

Cisco Nexus OS Software Command Injection Vulnerability

Cisco Nexus OS contains a vulnerability that could allow an authenticated, local attacker to execute arbitrary commands on a targeted device. The vulnerability is due to improper sanitization of user-supplied values to command line interface commands. An authenticated, local attacker could exploi...

Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities

Multiple vulnerabilities exist in the Session Initiation Protocol SIP implementation in Cisco IOS Software and Cisco IOS XE Software that could allow an unauthenticated, remote attacker to cause a reload of an affected device or trigger memory leaks that may result in system instabilities. Affect...

Cisco IPsec VPN Implementation Group Name Enumeration Information Disclosure Vulnerability

Multiple Cisco VPN devices contain a vulnerability that could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability exists due to unsafe handling of error response codes. An unauthenticated, remote attacker could exploit this vulnerability by sending...

Vulnerabilities in Cisco Unified Contact Center Express

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

Sudo sudoedit Local Command Privilege Escalation Vulnerability

Sudo contains a vulnerability that could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges. This vulnerability exists due to an error in the affected software while matching commands due to incorrect path resolution. A local attacker with privileges to...

Multiple Vulnerabilities in Cisco Wireless LAN Controllers

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

Cisco IOS Software Layer 2 Tunneling Protocol (L2TP) Denial of Service Vulnerability

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

Cisco IOS Virtual Private Dial-up Network Denial of Service Vulnerability

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

OpenSSL RSA Signature Forgery Vulnerability

OpenSSL versions 0.9.7j and prior and 0.9.8b and prior contain a vulnerability that could allow an unauthenticated, remote attacker to successfully pass a forged X.509 certificate. The vulnerability could allow an unauthenticated, remote attacker to pass a forged Public-Key Cryptography Standards...

Cisco IOS XE Software for Wireless LAN Controllers Multicast DNS Denial of Service Vulnerability

A vulnerability in the multicast DNS mDNS gateway feature of Cisco IOS XE Software for Wireless LAN Controllers WLCs could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition. This vulnerability is due to improper management of mDNS client entries. An attacker...

Cisco IOS XR Software for ASR 9000 Series Aggregation Services Routers PPPoE Denial of Service Vulnerability

A vulnerability in the PPP over Ethernet PPPoE termination feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to crash the pppma process, resulting in a denial of service DoS condition. This vulnerability is du...

Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Stack Overflow Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to improper validation of requests that are sent to the...

Cisco Small Business SPA500 Series IP Phones Web UI Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS or HTML injection attacks. For more information about these vulnerabilities, see the Details "details"...

Cisco Identity Services Engine Command Injection Vulnerabilities

Multiple vulnerabilities in Cisco Identity Services Engine ISE could allow an authenticated attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid credentials on an affected...

Cisco Webex Meetings Web UI Vulnerabilities

Multiple vulnerabilities in the web interface of Cisco Webex Meetings could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack or upload arbitrary files as recordings. For more information about these vulnerabilities, see the Details "details" section of...

Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers Command Injection Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. These vulnerabilitie...

Cisco Adaptive Security Appliance Software, Firepower Threat Defense Software, IOS Software, and IOS XE Software IPv6 DHCP (DHCPv6) Client Denial of Service Vulnerability

A vulnerability in the IPv6 DHCP DHCPv6 client module of Cisco Adaptive Security Appliance ASA Software, Cisco Firepower Threat Defense FTD Software, Cisco IOS Software, and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an...

Cisco SD-WAN vManage Software Cluster Mode Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software when it is operating in cluster mode could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. This vulnerability is due to insufficient CSRF...

Cisco NX-OS Software CLI Command Injection Vulnerability

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments that are passed to specific CLI commands. An...

Cisco Prime Infrastructure Reflected Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Prime Infrastructure Software could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the interface on an affected device. This vulnerability is due to insufficient...

Cisco Industrial Network Director Vulnerabilities

Multiple vulnerabilities in Cisco Industrial Network Director IND could allow an attacker to access sensitive data or conduct cross-site scripting XSS attacks. For more information about these vulnerabilities, see the Details "details" section of this advisory. Cisco has released software updates...

Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family DHCP Processing Denial of Service Vulnerability

A vulnerability in the DHCP processing functionality of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. This vulnerability is due to the improper processing of DHCP messages. An...

Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family SNMP Information Disclosure Vulnerability

A vulnerability in the Simple Network Management Protocol SNMP of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an authenticated, remote attacker to access sensitive information. This vulnerability is due to insufficient restrictions that allow a sensitive...

Cisco Nexus Dashboard Arbitrary File Write Vulnerability

A vulnerability in Cisco Nexus Dashboard could allow an authenticated, remote attacker to write arbitrary files on an affected device. This vulnerability is due to insufficient input validation in the web-based management interface of Cisco Nexus Dashboard. An attacker with Administrator...

Cisco Unified Communications Products Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM, Cisco Unified CM Session Management Edition Unified CM SME, and Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P could allow an unauthenticated, remote attacker to...

Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities

Multiple vulnerabilities in the web engine of Cisco Telepresence CE Software and RoomOS Software could allow a remote attacker to cause a denial of service DoS condition, redirect users to an attacker controlled destination or view sensitive data on an affected device. For more information about...

Cisco IOS XE Software Web UI API Injection Vulnerability

A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input...

Cisco Unified Contact Center Management Portal and Unified Contact Center Domain Manager Privilege Escalation Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal Unified CCMP and Cisco Unified Contact Center Domain Manager Unified CCDM could allow an authenticated, remote attacker to elevate their privileges to Administrator. This vulnerability is due t...

Cisco Common Services Platform Collector Improper Logging Restriction Vulnerability

A vulnerability in the web application of Cisco Common Services Platform Collector CSPC could allow an authenticated, remote attacker to specify non-log files as sources for syslog reporting. This vulnerability is due to improper restriction of the syslog configuration. An attacker could exploit...

Cisco Webex Video Mesh Cross-Site Scripting Vulnerability

A vulnerability in Cisco Webex Video Mesh could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker...

Cisco SD-WAN Software Arbitrary File Creation Vulnerability

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to create or overwrite arbitrary files on an affected device, which could result in a denial of service DoS condition. The vulnerability is due to insufficient input validation for specific commands. ...

Cisco Unified Communications Manager IM and Presence Service Denial of Service Vulnerability

A vulnerability in Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P Software could allow an authenticated, remote attacker to cause the Cisco XCP Authentication Service on an affected device to restart, resulting in a denial of service DoS condition. The vulnerability is...

Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Memory Leak Vulnerability

A vulnerability in the Cisco Discovery Protocol of Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service DoS condition on an affected device. The vulnerability is due to incorrect processin...

Cisco Aironet Access Point Authentication Flood Denial of Service Vulnerability

A vulnerability in Cisco Aironet Access Point AP Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper handling of clients that are trying to connect to the AP. An attacker could exploit this vulnerability by sending...

Cisco SD-WAN Solution Software Denial of Service Vulnerability

A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to improper validation of fields in Cisco SD-WAN peering messages that are encapsulated in UDP packets. An attacker could exploit...

Cisco ASR 5000 Series Aggregation Services Routers Enhanced Charging Service Rule Bypass Vulnerability

A vulnerability in the Enhanced Charging Service ECS functionality of Cisco ASR 5000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass the traffic classification rules on an affected device. The vulnerability is due to insufficient input validation of...