5226 matches found
Cisco IP 8800 Series Phones btcli Utility Command Injection Vulnerability
A vulnerability in a command-line interface CLI utility of the Cisco IP 8800 Series Phones could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted...
Cisco Products IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability
A vulnerability in the IP Version 6 IPv6 packet processing functions of multiple Cisco products could allow an unauthenticated, remote attacker to cause an affected device to stop processing IPv6 traffic, leading to a denial of service DoS condition on the device. The vulnerability is due to...
Cisco Wireless LAN Controller Management Interface Denial of Service Vulnerability
A vulnerability in the web-based management interface of Cisco Wireless LAN Controller WLC devices running Cisco AireOS Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. The vulnerability is due to the...
Cisco Firepower Malware Block Bypass Vulnerability
A vulnerability in the malicious file detection and blocking features of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system. The vulnerability is due to improper input validation of fields in HTTP headers. A...
Cisco FireSIGHT Management Center Stored Cross-Site Scripting Vulnerabilities
Multiple vulnerabilities in the web framework of Cisco FireSIGHT Management Center could allow an unauthenticated, remote attacker to execute a stored cross-site scripting XSS attack against a user of the Cisco FireSIGHT Management Center web interface. The vulnerabilities are due to improper...
Cisco Videoscape Distribution Suite Service Manager Unauthorized Access Vulnerability
A vulnerability in the role-based access control RBAC for certain users of the Cisco Videoscape Distribution Suite Service Manager VDS-SM could allow an authenticated, remote attacker read and write access to an internal database that contains sensitive information. The vulnerability is due to la...
Cisco Wireless Residential Gateway Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of the Cisco EPC3928 Wireless Residential Gateway could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web interface of the affected system. The vulnerability is due to...
Cisco IOS XE 3S Platforms Series root Shell License Bypass Vulnerability
A vulnerability in one of the diagnostic commands in the Cisco IOS XE operating system for Cisco IOS XE 3S platforms could allow an authenticated, privileged, local attacker to gain restricted root shell access. The root shell is provided for advanced troubleshooting with Cisco Technical Assistan...
Cisco Firepower 9000 Command Injection at Management I/O Command-Line Interface Vulnerability
A vulnerability in the Management I/O MIO command-line interface CLI command execution of Cisco Firepower 9000 devices could allow an authenticated, local attacker to access the underlying operating system and execute commands at the root privilege level. The vulnerability is due to insufficient...
Cisco Web Security Appliance Range Request Denial of Service Vulnerability
A vulnerability in the file-range request functionality of Cisco AsyncOS for Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an appliance because the appliance runs out of system memory. The vulnerability is due to a...
Cisco Prime Collaboration Assurance SQL Injection Vulnerability
A vulnerability in web framework of Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to execute unauthorized SQL queries. The vulnerability is due to a failure to validate user-supplied input that is used in SQL queries. An attacker could exploit this vulnerabilit...
Cisco TelePresence Video Communication Server Expressway File Modification Vulnerability
A vulnerability in the symbolic link operation of the Cisco TelePresence Video Communication Server VCS Expressway could allow an authenticated, local attacker to perform a symbolic link attack on the affected system. The vulnerability is due to insufficient protection of files. An attacker could...
Cisco AnyConnect Secure Mobility Client for Linux and Mac OS X Privilege Escalation Vulnerability
A vulnerability in the code responsible for the self-updating feature of Cisco AnyConnect Secure Mobility Client for Linux and the Cisco AnyConnect Secure Mobility Client for Mac OS X could allow an authenticated, local attacker to execute an arbitrary executable file of its choosing with...
Cisco Hosted Collaboration Solution Cross-Site Scripting Vulnerability
A vulnerability in Cisco Hosted Collaboration Solution could allow an unauthenticated, remote attacker to perform cross-site scripting XSS attacks. The vulnerability is due to insufficient validation of a user-supplied value. An attacker could exploit this vulnerability by convincing a user to...
Cisco IOS XE for Cisco 1000 Series ASR Routers Denial of Service Vulnerability
A vulnerability in PPP over Ethernet PPPoE processing on Cisco IOS XE for Cisco 1000 Series ASR routers could allow an unauthenticated, adjacent attacker to cause a reload of the affected device. The vulnerability is due to improper processing of malformed PPPoE Active Discovery Request PADR...
Cisco StarOS for Cisco ASR 5000 Series HAMGR Service Proxy Mobile IPv6 Processing Denial of Service Vulnerability
A vulnerability in proxy mobile PM IPv6 processing of Cisco StarOS for Cisco ASR 5000 Series devices could allow an unauthenticated, remote attacker to cause a reload of the hamgr service on the affected device. The vulnerability is due to improper processing of malformed IPv6 PM packets. An...
Cisco Unified Communications Manager Interactive Voice Response Interface SQL Injection Vulnerability
A vulnerability in the Interactive Voice Response IVR interface of Cisco Unified Communications Manager UCM could allow an unauthenticated, remote attacker to conduct SQL injection attacks. The vulnerability is due to a lack of input validation on user-supplied input within SQL queries. An attack...
Cisco NX-OS Software DHCP Options Command Injection Vulnerability
A vulnerability in DHCP code used with PowerOn Auto Provisioning POAP of Cisco NX-OS could allow an unauthenticated, adjacent attacker to inject arbitrary commands into the Cisco NX-OS device. The vulnerability is due to insufficient input validation of the DHCP options returned as a result of...
Cisco IOS Measurement, Aggregation, and Correlation Engine Denial of Service Vulnerability
A vulnerability in the Measurement, Aggregation, and Correlation Engine MACE feature of Cisco IOS Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a race condition between process switching and Cisco Express Forwarding...
Cisco UCS C-Series Rack Servers Integrated Management Controller Cross-Frame Scripting Vulnerability
A vulnerability in the web interface of the Cisco Integrated Management Controller of the Cisco Unified Computing System C-Series Rack Servers could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack. The vulnerability is due to insufficient HTML iframe...
Cisco Identity Services Engine Periodic Backup Password Disclosure Vulnerability
A vulnerability in the periodic backup functionality of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to discover the password used to encrypt the backup on the system. The vulnerability is due to improper processing of certain client requests by the affected...
Cisco IronPort ESA Subject Header Length Denial of Service Vulnerability
A vulnerability in Subject header length processing on Cisco IronPort Email Security Appliance ESA could allow an unauthenticated, remote attacker to cause a limited denial of service DoS condition on an affected platform. The vulnerability occurs because the appliance does not limit the length o...
Multiple Vulnerabilities in Cisco Small Business RV Series Routers
The Cisco RV120W Wireless-N VPN Firewall, Cisco RV180 VPN Router, Cisco RV180W Wireless-N Multifunction VPN Router, and Cisco RV220W Wireless Network Security Firewall are affected by the following vulnerabilities: Cisco RV Series Routers Command Injection Vulnerability Cisco RV Series Routers HT...
Cisco Broadcast Access Center for Telco and Wireless Cross-Site Request Forgery Vulnerability
A vulnerability in the web framework of the Cisco Broadcast Access Center for Telco and Wireless BAC-TW could allow an unauthenticated, remote attacker to perform a cross-site request forgery CSRF attack against the Cisco BAC-TW web interface. The vulnerability is due to insufficient CSRF...
Cisco IOS Software SSL VPN Denial of Service Vulnerability
A vulnerability in the Secure Sockets Layer SSL VPN subsystem of Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to a failure to process certain types of HTTP requests. To exploit the vulnerability, an attacke...
Multiple Vulnerabilities in Cisco Wireless LAN Controllers
The Cisco Wireless LAN Controller WLC product family is affected by the following vulnerabilities: Cisco Wireless LAN Controller Denial of Service Vulnerability Cisco Wireless LAN Controller Unauthorized Access to Associated Access Points Vulnerability Cisco Wireless LAN Controller IGMP Version 3...
Cisco Wireless LAN Controller Buffer Overread Vulnerability
A vulnerability in the Control and Provisioning of Wireless Access Points CAPWAP protocol of the Cisco Wireless LAN Controller WLC could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient data packet validation. An attack...
Cisco Unity Connection Directory Traversal Vulnerability
A vulnerability in the attachment service of Cisco Unity Connection, known as Cisco Unity Web Service or as Voice Message Web Service VMWS, could allow an authenticated, remote attacker to place files in arbitrary locations on an affected device. The vulnerability is due to a failure to properly...
Multiple Vulnerabilities in Cisco Intrusion Prevention System Software
Cisco Intrusion Prevention System IPS Software is affected by the following vulnerabilities: Cisco IPS Software Malformed IP Packets Denial of Service Vulnerability Cisco IPS Software Fragmented Traffic Denial of Service Vulnerability Cisco IPS NME Malformed IP Packets Denial of Service...
Cisco Unified Communications Manager Multiple Denial of Service Vulnerabilities
Cisco Unified Communications Manager contains two vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. Exploitation of these vulnerabilities could cause an interruption of voice services. Cisco has released software updates that address...
Multiple Vulnerabilities in Cisco Unified MeetingPlace Web Conferencing
Cisco Unified MeetingPlace Web Conferencing is affected by two vulnerabilities: Cisco Unified MeetingPlace Web Conferencing SQL Injection Vulnerability Cisco Unified MeetingPlace Web Conferencing Buffer Overrun Vulnerability Exploitation of the Cisco Unified MeetingPlace Web Conferencing SQL...
Multiple Vulnerabilities in Cisco Firewall Services Module
The Cisco Firewall Services Module FWSM for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers is affected by the following vulnerabilities: DCERPC Inspection Buffer Overflow Vulnerability DCERPC Inspection Denial Of Service Vulnerabilities These vulnerabilities are not...
Cisco AnyConnect Secure Mobility Client Man-in-the-Middle Attack Vulnerability
Cisco AnyConnect Secure Mobility Client contains a vulnerability that could allow an unauthenticated, remote attacker to conduct man-in-the-middle attacks. The vulnerability is due insufficient validation of certificates to be accepted by end users. An unauthenticated, remote attacker can exploit...
Cisco AnyConnect Secure Mobility Client Software Downgrade Vulnerability
Cisco AnyConnect Secure Mobility Client contains a vulnerability that could allow an unauthenticated, remote attacker to replace software components. The vulnerability is due to improper sanitization of user-supplied input by the affected software's download feature. An unauthenticated, remote...
Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module Denial of Service Vulnerability
Cisco ASA 5500 Series Adaptive Security Appliances Cisco ASA and Cisco Catalyst 6500 Series ASA Services Module Cisco ASASM contain a vulnerability that may allow an unauthenticated, remote attacker to cause the reload of the affected device. Cisco has released software updates that address this...
Cisco Digital Media Manager Privilege Escalation Vulnerability
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Oracle Outside In Technology File Processing Arbitrary Code Execution Vulnerability
Oracle Outside In Technology components used by the Oracle Fusion Middleware applications contain a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. The vulnerability exists due to incorrect processing of Lotus 1-2-3 spreadsheet...
Cisco IPsec VPN Implementation Group Name Enumeration Information Disclosure Vulnerability
Multiple Cisco VPN devices contain a vulnerability that could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability exists due to unsafe handling of error response codes. An unauthenticated, remote attacker could exploit this vulnerability by sending...
Multiple Vulnerabilities in Cisco Wireless LAN Controllers
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Multiple Vulnerabilities in Cisco ASA Adaptive Security Appliance and Cisco PIX Security Appliances
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Cisco Unified Communications Manager CTL Provider Heap Overflow
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
LDAP and VPN Vulnerabilities in PIX and ASA Appliances
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Cisco Unified Contact Center and IP Contact Center JTapi Gateway Denial of Service Vulnerability
Cisco Unified Contact Center and Cisco IP Contact Center versions 5.0, 6.0, 7.0, and 7.1 contain a vulnerability that could allow an unauthenticated, remote attacker to create a denial of service DoS condition. The vulnerability is due to insufficient handling of unexpected connections. An...
OpenSSL RSA Signature Forgery Vulnerability
OpenSSL versions 0.9.7j and prior and 0.9.8b and prior contain a vulnerability that could allow an unauthenticated, remote attacker to successfully pass a forged X.509 certificate. The vulnerability could allow an unauthenticated, remote attacker to pass a forged Public-Key Cryptography Standards...
Internet Key Exchange Protocol Version 1 Denial of Service Vulnerability
Multiple products contain a vulnerability in the implementation of the Internet Key Exchange IKE version 1 protocol. IKE is typically used for key exchange in IPSec, and IPSec is commonly used to encrypt data for VPN connections. The vulnerability affects IKE Phase 1 negotiations in both Main Mod...
Crafted Packet Causes Reload on Cisco Routers
...
Malformed SNMP Message-Handling Vulnerabilities
...
Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Vulnerabilities
Multiple vulnerabilities in Cisco IP Phone firmware could allow an unauthenticated, remote attacker to cause a denial of service DoS condition, gain unauthorized access, or view sensitive information on an affected system. For more information about these vulnerabilities, see the Details "details...
Cisco Access Point Software Secure Boot Bypass Vulnerability
A vulnerability in the boot process of Cisco Access Point AP Software could allow an unauthenticated, physical attacker to bypass the Cisco Secure Boot functionality and load a software image that has been tampered with on an affected device. This vulnerability exists because unnecessary commands...
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Stack Overflow Vulnerability
A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to improper validation of requests that are sent to the...