Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family DHCP Processing Denial of Service Vulnerability

A vulnerability in the DHCP processing functionality of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. This vulnerability is due to the improper processing of DHCP messages. An...

Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family SNMP Information Disclosure Vulnerability

A vulnerability in the Simple Network Management Protocol SNMP of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an authenticated, remote attacker to access sensitive information. This vulnerability is due to insufficient restrictions that allow a sensitive...

Cisco SD-WAN Software Arbitrary File Corruption Vulnerability

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite and possibly corrupt files on an affected system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary commands...

Cisco Nexus Dashboard Arbitrary File Write Vulnerability

A vulnerability in Cisco Nexus Dashboard could allow an authenticated, remote attacker to write arbitrary files on an affected device. This vulnerability is due to insufficient input validation in the web-based management interface of Cisco Nexus Dashboard. An attacker with Administrator...

Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities

Multiple vulnerabilities in the web engine of Cisco Telepresence CE Software and RoomOS Software could allow a remote attacker to cause a denial of service DoS condition, redirect users to an attacker controlled destination or view sensitive data on an affected device. For more information about...

Cisco Firepower Threat Defense Software DNS Enforcement Denial of Service Vulnerability

A vulnerability in the Snort rule evaluation function of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper handling of the DNS reputation enforcement...

Cisco IOS XE Software Web UI API Injection Vulnerability

A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input...

Cisco Unified Contact Center Management Portal and Unified Contact Center Domain Manager Privilege Escalation Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal Unified CCMP and Cisco Unified Contact Center Domain Manager Unified CCDM could allow an authenticated, remote attacker to elevate their privileges to Administrator. This vulnerability is due t...

Cisco Webex Video Mesh Cross-Site Scripting Vulnerability

A vulnerability in Cisco Webex Video Mesh could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker...

Cisco Firepower Management Center Software Cross-Site Scripting and Open Redirect Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an attacker to execute a cross-site scripting XSS attack or an open redirect attack. For more information about these vulnerabilities, see the Details "details" section of...

Cisco IoT Field Network Director Improper Domain Access Control Vulnerability

A vulnerability in the user management functionality of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to manage user information for users in different domains on an affected system. The vulnerability is due to improper domain access control. An attacker could...

Cisco Telepresence CE Software and RoomOS Software Unauthorized Token Generation Vulnerability

A vulnerability in the xAPI service of Cisco Telepresence CE Software and Cisco RoomOS Software could allow an authenticated, remote attacker to generate an access token for an affected device. The vulnerability is due to insufficient access authorization. An attacker could exploit this...

Cisco SD-WAN Software Arbitrary File Creation Vulnerability

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to create or overwrite arbitrary files on an affected device, which could result in a denial of service DoS condition. The vulnerability is due to insufficient input validation for specific commands. ...

Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Memory Leak Vulnerability

A vulnerability in the Cisco Discovery Protocol of Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service DoS condition on an affected device. The vulnerability is due to incorrect processin...

Cisco IOS XE Software IOx Application Hosting Privilege Escalation Vulnerability

A vulnerability in the application-hosting subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to root on an affected device. The attacker could execute IOS XE commands outside the application-hosting subsystem Docker container as well as on the...

Cisco IOS XE Software Web UI Improper Input Validation Vulnerability

A vulnerability in the web server authentication of Cisco IOS XE Software could allow an authenticated, remote attacker to crash the web server on the device. The vulnerability is due to insufficient input validation during authentication. An attacker could exploit this vulnerability by entering...

Cisco SD-WAN Solution Software Denial of Service Vulnerability

A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to improper validation of fields in Cisco SD-WAN peering messages that are encapsulated in UDP packets. An attacker could exploit...

Cisco IOS XE Software Command Injection Vulnerability

A vulnerability in the processing of boot options of specific Cisco IOS XE Software switches could allow an authenticated, local attacker with root shell access to the underlying operating system OS to conduct a command injection attack during device boot. This vulnerability is due to insufficien...

Cisco IOS XE Software Web UI Command Injection Vulnerability

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to inject and execute arbitrary commands with administrative privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of user-suppli...

Cisco IOS XE Software Privilege Escalation Vulnerability

A vulnerability in the Virtual Services Container of Cisco IOS XE Software could allow an authenticated, local attacker to gain root-level privileges on an affected device. The vulnerability is due to insufficient validation of a user-supplied open virtual appliance OVA. An attacker could exploit...

Cisco Unified Contact Center Express Remote Code Execution Vulnerability

A vulnerability in the Java Remote Management Interface of Cisco Unified Contact Center Express Unified CCX could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affecte...

Cisco Wireless LAN Controller 802.11 Generic Advertisement Service Denial of Service Vulnerability

A vulnerability in the 802.11 Generic Advertisement Service GAS frame processing function of Cisco Wireless LAN Controller WLC Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS. The vulnerability is due to incomple...

Cisco NX-OS Software Cisco Discovery Protocol Remote Code Execution Vulnerability

A vulnerability in the Cisco Discovery Protocol implementation for Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability exists because the Cisco Discovery Protocol parser does not properly...

Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities

Multiple vulnerabilities in the implementation of Border Gateway Protocol BGP Ethernet VPN EVPN functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerabilities are due to incorrect processing of BGP update...

Cisco Email Security Appliance Filter Bypass Vulnerability

A vulnerability in certain attachment detection mechanisms of the Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass the filtering functionality of an affected device. The vulnerability is due to improper detection of certain content sent to an affected...

Cisco HyperFlex World-Readable Sensitive Information Vulnerability

A vulnerability in the installation process of Cisco HyperFlex Software could allow an authenticated, local attacker to read sensitive information. The vulnerability is due to insufficient cleanup of installation files. An attacker could exploit this vulnerability by accessing the residual...

Cisco Industrial Network Director DHCP Request Processing Denial of Service Vulnerability

A vulnerability in the DHCP service of Cisco Industrial Network Director could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition. The vulnerability is due to improper handling of DHCP lease requests. An attacker could exploit this vulnerability by sending...

Cisco Meeting Server Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the...

Cisco NX-OS Software CLI Arbitrary Command Execution Vulnerability

A vulnerability in the CLI parser of Cisco NX-OS Software could allow an authenticated, local attacker to perform a command-injection attack on an affected device. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by...

Cisco FXOS Software and UCS Fabric Interconnect Arbitrary Code Execution Vulnerability

A vulnerability in the CLI parser of Cisco FXOS Software and Cisco UCS Fabric Interconnect Software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to incorrect input validation in the CLI parser subsystem. An attacker could...

Cisco Web Security Appliance Layer 4 Traffic Monitor Security Bypass Vulnerability

A vulnerability in traffic-monitoring functions in Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to circumvent Layer 4 Traffic Monitor L4TM functionality and bypass security protections. The vulnerability is due to a change in the underlying operating system...

Cisco Security Manager DesktopServlet Reflected Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplied...

Cisco Web Security Appliance FTP Authentication Bypass Vulnerability

A vulnerability in the FTP server of the Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to log in to the FTP server of the device without a valid password. The attacker does need to have a valid username. The vulnerability is due to incorrect FTP user credential...

Cisco Identity Services Engine DOM Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a Document Object Model DOM cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The...

Cisco Policy Suite Unauthenticated Information Disclosure Vulnerability

A vulnerability in the Policy and Charging Rules Function PCRF of the Cisco Policy Suite CPS could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The attacker would also have to have access ...

Cisco WebEx Meeting Server Unauthorized Welcome Message Modification Vulnerability

A vulnerability in Cisco WebEx Meeting Server could allow an unauthenticated, remote attacker to modify the welcome message of a meeting on an affected system. The vulnerability is due to insufficient security settings on meetings. An attacker could exploit this vulnerability by modifying the...

Cisco Secure Access Control System Information Disclosure Vulnerability

A vulnerability in the web-based interface of Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to view sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect system software version...

Cisco IP Phone 8800 Series Denial of Service Vulnerability

A vulnerability in Session Initiation Protocol SIP call handling in Cisco IP Phone 8800 Series devices could allow an unauthenticated, remote attacker to cause a denial of service DoS condition because the SIP process unexpectedly restarts. All active phone calls are dropped as the SIP process...

Cisco StarOS for ASR 5000 Series Routers Command-Line Interface Security Bypass Vulnerability

A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to bypass the CLI restrictions and execute commands on the underlying operating system. The vulnerability is due to insufficient...

Cisco Unified Communications Manager SQL Injection Vulnerability

A vulnerability in Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a blind SQL injection attack. The vulnerability is due to a failure to validate user-supplied input used in SQL queries that bypass protection filters. An attacker could exploit this...

Cisco Wide Area Application Services Central Manager Information Disclosure Vulnerability

A vulnerability in the web-based GUI of Cisco Wide Area Application Services WAAS Central Manager could allow an unauthenticated, remote attacker to retrieve completed reports from an affected system. The vulnerability is due to a processing error in how the affected software applies role-based...

Cisco Identity Services Engine Reflected Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a reflective cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...

Cisco Industrial Ethernet 1000 Series Switches Device Manager Cross-Site Request Forgery Vulnerability

A vulnerability in the Device Manager web interface of Cisco Industrial Ethernet 1000 Series Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against a user of an affected system. The vulnerability is due to insufficient CSRF protection ...

Cisco Prime Collaboration Provisioning Information Disclosure Vulnerability

A vulnerability in the web interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to insufficient protection of...

Cisco Snort++ Protocol Decoder Denial of Service Vulnerabilities

Two vulnerabilities in the protocol decoders of Snort++ Snort 3 could allow an unauthenticated, remote attacker to create a Denial of Service DoS condition. The vulnerabilities are due to lack of validation in the protocol decoders. An attacker could exploit these vulnerabilities by crafting a...

Cisco ASA Software IPsec Denial of Service Vulnerability

A vulnerability in the IPsec code of Cisco ASA Software could allow an authenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to improper parsing of malformed IPsec packets. An attacker could exploit this vulnerability by sending malformed IPsec packets ...

Cisco IOS XE Software for Cisco ASR 920 Series Routers Zero Touch Provisioning Denial of Service Vulnerability

A vulnerability in the DHCP code for the Zero Touch Provisioning feature of Cisco ASR 920 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a format string vulnerability when processing a crafted...

Cisco IOS and IOS XE Software IPv6 Denial of Service Vulnerability

A vulnerability in the Autonomic Networking Infrastructure ANI feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to incomplete input validation on certain crafted packets. An...

Cisco Nexus 9000 Series Switches Telnet Login Denial of Service Vulnerability

A vulnerability in the Telnet remote login functionality of Cisco NX-OS Software running on Cisco Nexus 9000 Series Switches could allow an unauthenticated, remote attacker to cause a Telnet process used for login to terminate unexpectedly and the login attempt to fail. There is no impact to user...

Cisco ASA Clientless SSL VPN CIFS Heap Overflow Vulnerability

A vulnerability in Common Internet Filesystem CIFS code in the Clientless SSL VPN functionality of Cisco ASA Software could allow an authenticated, remote attacker to cause a heap overflow. The vulnerability is due to insufficient validation of user supplied input. An attacker could exploit this...