Cisco Web Security Appliance FTP Authentication Bypass Vulnerability

A vulnerability in the FTP server of the Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to log in to the FTP server of the device without a valid password. The attacker does need to have a valid username. The vulnerability is due to incorrect FTP user credential...

Cisco WebEx Meeting Server Unauthorized Welcome Message Modification Vulnerability

A vulnerability in Cisco WebEx Meeting Server could allow an unauthenticated, remote attacker to modify the welcome message of a meeting on an affected system. The vulnerability is due to insufficient security settings on meetings. An attacker could exploit this vulnerability by modifying the...

Cisco NX-OS System Software Image Signature Bypass Vulnerability

A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software image. The vulnerability is due to insufficient NX-OS signature verification for software images. An authenticated, local attacker could exploit thi...

Cisco Secure Access Control System Information Disclosure Vulnerability

A vulnerability in the web-based interface of Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to view sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect system software version...

Cisco Wide Area Application Services Central Manager Information Disclosure Vulnerability

A vulnerability in the web-based GUI of Cisco Wide Area Application Services WAAS Central Manager could allow an unauthenticated, remote attacker to retrieve completed reports from an affected system. The vulnerability is due to a processing error in how the affected software applies role-based...

Cisco Firepower Management Center Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface. The vulnerability is due to insufficient validation of user-supplied input by the affected...

Cisco Identity Services Engine Reflected Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a reflective cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...

Cisco Ultra Services Framework AutoVNF VNFStagingView Information Disclosure Vulnerability

A vulnerability in the AutoVNF VNFStagingView class of Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to execute a relative path traversal attack, enabling an attacker to read sensitive files on the system. The vulnerability is due to insufficient sanity checks...

Cisco Identity Services Engine GUI Denial of Service Vulnerability

A vulnerability in the TCP throttling process for the GUI of the Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device where the ISE GUI may fail to respond to new or established connection requests. The...

Cisco Snort++ Protocol Decoder Denial of Service Vulnerabilities

Two vulnerabilities in the protocol decoders of Snort++ Snort 3 could allow an unauthenticated, remote attacker to create a Denial of Service DoS condition. The vulnerabilities are due to lack of validation in the protocol decoders. An attacker could exploit these vulnerabilities by crafting a...

Cisco IOS XR Software Denial of Service Vulnerability

A vulnerability in Google-defined remote procedure call gRPC handling in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon emsd to crash due to a system memory leak, resulting in a denial of service DoS condition. The vulnerability ...

Cisco IOS XE Software for Cisco ASR 920 Series Routers Zero Touch Provisioning Denial of Service Vulnerability

A vulnerability in the DHCP code for the Zero Touch Provisioning feature of Cisco ASR 920 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a format string vulnerability when processing a crafted...

Cisco Expressway Series and TelePresence VCS Denial of Service Vulnerability

A vulnerability in the received packet parser of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS software could allow an unauthenticated, remote attacker to cause a reload of the affected system, resulting in a denial of service DoS condition. The vulnerability is du...

Cisco Unified Communications Manager IM and Presence Service Information Disclosure Vulnerability

A vulnerability in the web management interface of the Cisco Unified Communications Manager IM and Presence Service could allow an unauthenticated, remote attacker to view information on web pages that should be restricted. The vulnerability is due to a lack of proper input validation performed o...

Cisco FirePOWER Malware Protection Bypass Vulnerability

A vulnerability in TCP processing in Cisco FirePOWER system software could allow an unauthenticated, remote attacker to download files that would normally be blocked. The vulnerability is due to out-of-order TCP segments retransmissions out of the current window, which have already been...

Cisco Identity Services Engine Cross-Site Scripting Vulnerability

Cisco Identity Services Engine ISE contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input validation of some parameters...

Cisco IP Interoperability and Collaboration System Command-Line Interface Privilege Escalation Vulnerability

A vulnerability in the command-line interface of the Cisco IP Interoperability and Collaboration System IPICS could allow an authenticated, local attacker to elevate the privilege level associated with their session. The vulnerability is due to insufficient input validation. An attacker could...

Cisco Email Security Appliance Advanced Malware Protection Attachment Scanning Denial of Service Vulnerability

A vulnerability in the email attachment scanning functionality of the Advanced Malware Protection AMP feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop scanning and forwarding email messages du...

Cisco ACE30 Application Control Engine Module and Cisco ACE 4710 Application Control Engine Denial of Service Vulnerability

A vulnerability in the SSL/TLS functions of the Cisco ACE30 Application Control Engine Module and the Cisco ACE 4700 Series Application Control Engine Appliances could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on the affected device. The vulnerability is...

Cisco WebEx Meetings Player Arbitrary Code Execution Vulnerability

A vulnerability in Cisco WebEx Meetings Player could allow an unauthenticated, remote attacker to execute arbitrary code. The vulnerability is due to improper handling of user-supplied files. An attacker could exploit this vulnerability by persuading a user to open a malicious WRF file by using t...

Cisco Adaptive Security Appliance SNMP Remote Code Execution Vulnerability

A vulnerability in the Simple Network Management Protocol SNMP code of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker to cause a reload of the affected system or to remotely execute code. The vulnerability is due to a buffer overflow in the affected...

Cisco Video Communication Server and Expressway Trusted Certificate Authentication Bypass Vulnerability

A vulnerability in certificate management and validation for the Mobile and Remote Access MRA feature for Cisco Expressway Series and TelePresence Video Communication Server VCS could allow an unauthenticated, remote attacker to bypass authentication and access internal HTTP system resources. The...

Cisco Prime Network Analysis Module Unauthenticated Remote Code Execution Vulnerability

A vulnerability in the web interface of Cisco Network Analysis Modules could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of the affected device with the privileges of the web server. The vulnerability is due to a failure to properly...

Cisco Unified Computing System Central Software Arbitrary Command Execution Vulnerability

A vulnerability in the web framework of Cisco Unified Computing System UCS Central Software could allow an unauthenticated, remote attacker to execute arbitrary commands on a targeted system. The vulnerability is due to improper input validation by the affected software. An attacker could exploit...

Cisco Nexus 9000 Series ACI Mode Switch ICMP Record Route Vulnerability

A vulnerability in the ICMP implementation in the Cisco Nexus 9000 Series Application Centric Infrastructure ACI Mode Switch could allow an unauthenticated, remote attacker to cause the switch to reload, resulting in a denial of service DoS condition. The vulnerability is due to improper handling...

Cisco Unity Connection User Search Cross-Site Scripting Vulnerability

A vulnerability in the HTTP web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the affected system's web interface. The vulnerability is due to insufficient input validation of a...

Cisco Small Business SG300 Managed Switch Web Framework GUI Function Denial of Service Vulnerability

A vulnerability in the GUI function in the web framework code of Cisco Small Business SG300 Managed Switches could allow an unauthenticated, remote attacker to cause the HTTPS process to become unresponsive, resulting in a partial denial of service DoS condition. The vulnerability is due to...

Cisco Unified Contact Center Express Cross-Site Scripting Vulnerability

A vulnerability in the HTTP web-based management interface of the Cisco Unified Contact Center Express could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of the affected system. This vulnerability applies to all Permane...

Cisco IOS XE Software Packet Processing Denial of Service Vulnerability

Cisco IOS XE Software Release 16.1.1 contains a vulnerability that could allow an unauthenticated, adjacent attacker to cause an affected device to reload. The vulnerability is due to incorrect processing of packets that have a source MAC address of 0000:0000:0000. An attacker could exploit this...

Cisco Prime Collaboration Assurance Default Account Credential Vulnerability

A vulnerability in Cisco Prime Collaboration Assurance PCA Software could allow an unauthenticated, remote attacker to log in to the system shell with the default cmuser user account and access the shell with a limited set of permissions. The vulnerability is due to an undocumented account that h...

Cisco Wireless Residential Gateway Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of the Cisco EPC3928 Wireless Residential Gateway could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web interface of the affected system. The vulnerability is due to...

Cisco IOS XE 3S Platforms Series root Shell License Bypass Vulnerability

A vulnerability in one of the diagnostic commands in the Cisco IOS XE operating system for Cisco IOS XE 3S platforms could allow an authenticated, privileged, local attacker to gain restricted root shell access. The root shell is provided for advanced troubleshooting with Cisco Technical Assistan...

Cisco FireSIGHT Management Center Certificate Validation Vulnerability

A vulnerability in the rule update functionality of Cisco FireSIGHT Management Center MC could allow an unauthenticated, remote attacker to manipulate the content of the rule update packages and execute arbitrary code on the system. The vulnerability is due to lack of certificate validation durin...

Cisco AnyConnect Secure Mobility Client for Linux and Mac OS X Privilege Escalation Vulnerability

A vulnerability in the code responsible for the self-updating feature of Cisco AnyConnect Secure Mobility Client for Linux and the Cisco AnyConnect Secure Mobility Client for Mac OS X could allow an authenticated, local attacker to execute an arbitrary executable file of its choosing with...

Cisco ACE 4710 and ACE30 Application Control Engine CLI Privilege Escalation Vulnerability

A vulnerability in the command-line interface CLI of Cisco Application Control Engine ACE could allow an authenticated, local attacker to elevate privileges to read and alter the content of files that belong to other contexts. The vulnerability is due to insufficient file access controls. An...

Cisco Prime Infrastructure Web Interface Cross-Site Request Forgery Vulnerability

A vulnerability in the web interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against the user of the web interface. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this...

Cisco Packet Data Network Gateway GTPv2 Tunnel Vulnerability

A vulnerability in the GPRS Tunneling Protocol for Version 2 GTPv2 of the Cisco Packet Data Network Gateway PGW could allow an unauthenticated, remote attacker to cause partial availability of the GTPv2 service. The vulnerability is due to lack of input validation of the incoming GTPv2 packet...

Cisco IOS XR MPLS LDP Packet Processing Denial of Service Vulnerability

A vulnerability in the Multiprotocol Label Switching MPLS Label Distribution Protocol LDP packet processing feature of Cisco IOS XR could allow an unauthenticated, remote attacker to cause a reload of the MPLS LDP process on the affected device. The vulnerability is due to improper processing of...

Cisco IOS Software UBR Devices IPv6 to IPv4 Subsystem Denial of Service Vulnerability

A vulnerability in the IPv6 to IPv4 subsystem of Cisco IOS Software could allow an unauthenticated, remote attacker to cause a standby Performance Routing Engine PRE to leak a small portion of memory on a targeted system, resulting in a denial of service DoS condition. The vulnerability is due to...

Cisco TelePresence Video Communication Server SDP Over SIP Denial of Service Vulnerability

A vulnerability in the Session Description Protocol SDP parser of the Cisco TelePresence Video Communication Server VCS could allow an unauthenticated, remote attacker to cause the Cisco VCS device to become unreachable due to a denial of service DoS attack caused by high CPU utilization. The...

Cisco MediaSense Cross-Site Request Forgery Vulnerability

A vulnerability in Cisco MediaSense could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against the user of the web interface. The vulnerability is due to insufficient CSRF protections on the Cisco MediaSense web interface. An attacker could exploit...

Cisco IOS Software and Cisco IOS XE Software Crafted RADIUS Packet Denial of Service Vulnerability

A vulnerability in Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to improper processing of crafted RADIUS packets by a device running the affected software. An authenticated, remote...

Cisco Web Security Appliance HTTP Proxy Bypass Vulnerability

A vulnerability in the proxy engine of the Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to bypass the security restriction. The vulnerability is due to improper handling of malformed HTTP methods. An attacker could exploit this vulnerability by crafting an...

Cisco Unified Communications Domain Manager Administrative Interface Denial of Service Vulnerability

A vulnerability in Cisco Unified Communication Domain Manager UCDM Application Software version 10 could allow an unauthenticated, remote attacker to cause the web server to become unresponsive. As a result, connections to the Cisco UCDM GUI will not be possible during the attack. The vulnerabili...

Cisco WebEx Meetings Server Information Disclosure Vulnerability

A vulnerability in the file URI scheme of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access sensitive information. The vulnerability is due to inclusion of sensitive information in URLs. An attacker could exploit the vulnerability by viewing application URL...

Cisco WebEx MeetMeNow Server Directory Traversal Vulnerability

A vulnerability in a PHP file in the Cisco WebEx MeetMeNow Server could allow an authenticated, remote attacker to obtain the contents of arbitrary files on an affected device. The vulnerability is due to improper sanitization of user input. An exploit could allow the attacker to view the content...

Cisco IOS Software Internet Key Exchange Version 2 Denial of Service Vulnerability

A vulnerability in the Internet Key Exchange Version 2 IKEv2 module of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of the affected device that would lead to a denial of service DoS condition. The vulnerability is due to how an...

Cisco Unified Communications Manager Real Time Monitoring Tool Information Disclosure Vulnerability

A vulnerability in Real Time Monitoring Tool RTMT web application of Cisco Unified Communications Manager Cisco Unified CM could allow an unauthenticated, remote attacker to access several files related to the RTMT application. The vulnerability is due to insufficient authentication enforcement. ...

Cisco Unified Communications Manager WAR File Availability Vulnerability

A vulnerability in the availability of Cisco Unified Communications Manager UCM web archive WAR files could allow an unauthenticated, remote attacker to access the files. The vulnerability is due to missing authentication requirements on locations that store WAR files. An attacker could exploit...

Cisco ASA VPN Denial of Service Vulnerability

A vulnerability in the VPN authentication code that handles parsing of the username from the certificate on the Cisco ASA firewall could allow an unauthenticated, remote attacker to cause a reload of the affected device. The vulnerability is due to parallel processing of a large number of Interne...