5226 matches found
Cisco Prime Infrastructure and Evolved Programmable Network Manager Path Traversal Vulnerability
A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network EPN Manager software could allow an authenticated, remote attacker to download and view files within the application that should be restricted. This vulnerability is due to...
Cisco Expressway Series and Cisco TelePresence Video Communication Server Denial of Service Vulnerability
A vulnerability in the XML API of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker to cause the CPU to increase to 100% utilization, causing a denial of service DoS condition on an affected system. The vulnerability is due...
Cisco Directory Connector Search Order Hijacking Vulnerability
A vulnerability in the search path processing of Cisco Directory Connector could allow an authenticated, local attacker to load a binary of their choosing. The vulnerability is due to uncontrolled search path elements. An attacker could exploit this vulnerability by placing a binary of their...
Cisco Firepower Management Center and Firepower System Software Sourcefire Tunnel Control Channel Command Execution Vulnerability
A vulnerability in the Sourcefire tunnel control channel protocol in Cisco Firepower System Software running on Cisco Firepower Threat Defense FTD sensors could allow an authenticated, local attacker to execute specific CLI commands with root privileges on the Cisco Firepower Management Center FM...
Cisco Prime Collaboration Provisioning Intermittent Hard-Coded Password Vulnerability
A vulnerability in the install function of Cisco Prime Collaboration Provisioning PCP could allow an unauthenticated, remote attacker to access the administrative web interface using a default hard-coded username and password that are used during install. The vulnerability is due to a hard-coded...
Cisco Catalyst 6800 Series Switches ROM Monitor Software Secure Boot Bypass Vulnerability
A vulnerability in Cisco IOS ROM Monitor ROMMON Software for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, local attacker to bypass Cisco Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due to the presence of a...
Cisco Webex Player WRF Files Denial of Service Vulnerability
A vulnerability in the Cisco Webex Player for Webex Recording Format WRF files could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. An attacker could exploit this vulnerability by sending a user a link or email attachment with a malicious WRF file and...
Cisco Prime Collaboration Provisioning Cleartext Passwords Written to World-Readable File Vulnerability
A vulnerability in the web portal authentication process of Cisco Prime Collaboration Provisioning could allow an unauthenticated, local attacker to view sensitive data. The vulnerability is due to improper logging of authentication data. An attacker could exploit this vulnerability by monitoring...
Cisco IOS XE Software REST API Authorization Bypass Vulnerability
A vulnerability in the Cisco IOS XE Software REST API could allow an authenticated, remote attacker to bypass API authorization checks and use the API to perform privileged actions on an affected device. The vulnerability is due to insufficient authorization checks for requests that are sent to t...
Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF...
Cisco Policy Suite RADIUS Authentication Bypass Vulnerability
A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthenticated, remote attacker to be authorized as a subscriber without providing a valid password; however, the attacker must provide a valid username. The vulnerability is due to incorrect RADIUS user...
Cisco NX-OS System Software CLI Command Injection Vulnerability
A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments to the CLI parser. An attacker could exploit this vulnerability by injecting...
Cisco Unified Customer Voice Portal Operations Console Privilege Escalation Vulnerability
A vulnerability in the Operations, Administration, Maintenance, and Provisioning OAMP credential reset functionality for Cisco Unified Customer Voice Portal CVP could allow an authenticated, remote attacker to gain elevated privileges. The vulnerability is due to a lack of proper input validation...
Cisco Meeting Server TURN Server Unauthorized Access and Information Disclosure Vulnerability
A vulnerability in the Traversal Using Relay NAT TURN server included with Cisco Meeting Server CMS could allow an authenticated, remote attacker to gain unauthenticated or unauthorized access to components of or sensitive information in an affected system. The vulnerability is due to an incorrec...
Cisco Security Appliances SNMP Polling Information Disclosure Vulnerability
A vulnerability in SNMP polling for the Cisco Web Security Appliance WSA, Email Security Appliance ESA, and Content Security Management Appliance SMA could allow an authenticated, remote attacker to discover confidential information about the appliances that should be available only to an...
Cisco Finesse Reflected Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of...
Cisco Prime Collaboration Provisioning Tool Pervasive Cross-Site Request Forgery Vulnerability
A vulnerability in the Web UI Application of the Cisco Prime Collaboration Provisioning Tool could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to a lack of defense against cross-site request forgery CSRF attacks. An attacker could exploit this...
Cisco Identity Services Engine Cross-Site Scripting Vulnerability
A vulnerability in the web application interface of the Cisco Identity Services Engine ISE portal could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient...
Cisco AsyncOS Software for Cisco ESA Filtering Bypass Vulnerability
A vulnerability in the Multipurpose Internet Mail Extensions MIME scanner of Cisco AsyncOS Software for Cisco Email Security Appliances ESA could allow an unauthenticated, remote attacker to bypass configured user filters on the device. The vulnerability is due to improper error handling of a...
Cisco Expressway Series and TelePresence VCS Denial of Service Vulnerability
A vulnerability in the received packet parser of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS software could allow an unauthenticated, remote attacker to cause a reload of the affected system, resulting in a denial of service DoS condition. The vulnerability is du...
Cisco WebEx Meetings Server Cross-Site Request Forgery Vulnerability
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against an administrative user. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerability by convincing...
Cisco ASR 5000 Series IKEv2 Denial of Service Vulnerability
A vulnerability in the Internet Key Exchange Version 2 IKEv2 feature of Cisco ASR 5000 Series Software could allow an unauthenticated, remote attacker to cause a reload of the ipsecmgr process. The vulnerability is due to a race condition in the IKEv2 negotiation logic. An attacker could exploit...
Cisco IOx Application-Hosting Framework Directory Traversal Vulnerability
A vulnerability in the Cisco application-hosting framework CAF of Cisco IOx could allow an authenticated, remote attacker to read arbitrary files on a targeted system. The vulnerability is due to insufficient input validation by the affected framework. An attacker could exploit this vulnerability...
Cisco ASR 5000 Series IPv6 Packet Processing Denial of Service Vulnerability
A vulnerability in IPv6 packet fragment reassembly of StarOS for Cisco Aggregation Services Router ASR 5000 Series Switch could allow an unauthenticated, remote attacker to cause an unexpected reload of the Network Processing Unit NPU process. The vulnerability is due to lack of proper input...
Cisco Security Appliances AsyncOS Software Update Server Certificate Validation Vulnerability
A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance ESA, Cisco Web Security Appliance WSA, and Cisco Content Management Security Appliance SMA could allow an unauthenticated, remote attacker to impersonate the update server. The vulnerability i...
Cisco Meeting Server Session Description Protocol Media Lines Buffer Overflow Vulnerability
A vulnerability in the Session Description Protocol SDP parser of Cisco Meeting Server could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability exists because the affected software performs incomplete input validation of the size of media...
Cisco Small Business SPA3x/5x Series Denial of Service Vulnerability
A vulnerability in the HTTP framework of Cisco Small Business SPA300 Series IP Phones, Cisco Small Business SPA500 Series IP Phones, and Cisco SPA51x IP Phones could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is du...
Cisco Identity Services Engine Admin Dashboard Page Cross-Site Scripting Vulnerability
A vulnerability in the web framework code of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. The vulnerability is due to insufficient input validation of some parameters passed to the web server. An attacker could...
Cisco TelePresence Video Communication Server Expressway Command Injection Vulnerability
A vulnerability in the administrative web interface of Cisco TelePresence Video Communication Server Expressway could allow an authenticated, remote attacker to execute arbitrary commands on the affected system. The vulnerability is due to the failure to properly sanitize user input passed to the...
Cisco Configuration Assistant Request Processing Unauthorized Access Vulnerability
A vulnerability in Cisco Configuration Assistant CCA could allow an unauthenticated, remote attacker to access sensitive file systems and administrative endpoints without user authentication. The vulnerability is due to lack of controller mechanisms and input validation checks. An attacker could...
Cisco IOS Software Link Layer Discovery Protocol Processing Code Denial of Service Vulnerability
A vulnerability in the Link Layer Discovery Protocol LLDP packet processing code of Cisco IOS Software could allow an unauthenticated, adjacent attacker to cause an affected device to crash. The vulnerability is due to improper handling of crafted LLDP packets. An attacker could exploit this...
Cisco ESA and WSA AMP ClamAV Denial of Service Vulnerability
A vulnerability in the Clam AntiVirus ClamAV software that is used by Cisco Advance Malware Protection AMP for Cisco Email Security Appliances ESAs and Cisco Web Security Appliances WSAs could allow an unauthenticated, remote attacker to cause the AMP process to restart. The vulnerability is due ...
Cisco Adaptive Security Appliance with FirePOWER Services Kernel Logging Denial of Service Vulnerability
A vulnerability in the kernel logging configuration for Firepower System Software for the Adaptive Security Appliance ASA 5585-X FirePOWER Security Services Processor SSP module could allow an unauthenticated, remote attacker to cause a denial of service DoS condition due to high consumption of...
Cisco FirePOWER System Software Packet Processing Denial of Service Vulnerability
A vulnerability in the packet processing functions of Cisco FirePOWER System Software could allow an unauthenticated, remote attacker to cause an affected system to stop inspecting and processing packets, resulting in a denial of service DoS condition. The vulnerability is due to improper packet...
Cisco IOS and NX-OS Software Locator/ID Separation Protocol Packet Denial of Service Vulnerability
A vulnerability in the Locator/ID Separation Protocol LISP of Cisco IOS Software running on the Cisco Catalyst 6500 and 6800 Series Switches and Cisco NX-OS Software running on the Cisco Nexus 7000 and Nexus 7700 Series Switches with an M1 Series Gigabit Ethernet Module could allow an...
Cisco FirePOWER Management Center Unauthenticated Information Disclosure Vulnerability
A vulnerability in the Cisco FirePOWER Management Center could allow an unauthenticated, remote attacker to obtain information about the Cisco FirePOWER Management Center software version from the device login page. The vulnerability is due to verbose output returned when HTML files are retrieved...
Cisco IOS XR Software OSPF Link State Advertisement PCE Vulnerability
A vulnerability in Open Shortest Path First OSPF Link State Advertisement LSA handling by Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to the number of OSPF Path Computation Elements PCEs that are...
Cisco FirePOWER Management Center Software Version Information Disclosure Vulnerability
A vulnerability in Cisco FirePOWER Management Center could allow an unauthenticated, remote attacker to obtain information about the version of Cisco FirePOWER Management Center software that is running on an affected system. An attacker could use this information to conduct reconnaissance attack...
Cisco TelePresence Video Communication Server Cross-Site Request Forgery Vulnerability
A vulnerability in Cisco TelePresence Video Communication Server VCS could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to a lack of cross-site request forgery CSRF protections. An attacker could exploit this vulnerability by persuading a user of...
Cisco SocialMiner WeChat Page Cross-Site Scripting Vulnerability
A vulnerability in the WeChat page of Cisco Social Miner could allow an unauthenticated, remote attacker to send a malicious script to an unsuspecting user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by convincing the user of the...
Cisco Unified Border Element Denial of Service Vulnerability
A vulnerability in the Session Initiation Protocol SIP functionality of Cisco Unified Border Element CUBE could allow an unauthenticated, remote attacker to trigger a denial of service DoS condition. The vulnerability is due to incorrect processing of SIP messages. An attacker could exploit this...
Cisco Application Policy Infrastructure Controller Privilege Escalation SSH Key Vulnerability
A vulnerability in SSH key handling for user accounts in Cisco Application Policy Infrastructure Controller APIC could allow an authenticated, local attacker to elevate privileges. The vulnerability is due to improper validation of SSH keys local users add their accounts. An attacker could exploi...
Cisco Prime Renegotiation Request Denial of Service Vulnerability
A vulnerability in Cisco Prime could allow a remote, unauthenticated attacker to cause a denial of service DoS condition. The vulnerability is due to improper handling of SSL renegotiation requests. An unauthenticated, remote attacker could exploit this vulnerability by sending multiple SSL...
Cisco Secure Access Control Server SSH Login Denial of Service Vulnerability
A vulnerability in the Secure Shell SSH feature of the Cisco Secure Access Control Server ACS could allow an authenticated, remote attacker to cause a partial denial of service DoS condition due to the SSH screen process unexpectedly terminating. The vulnerability is due to improper input...
Cisco Application Policy Infrastructure Controller Access Control Vulnerability
A vulnerability in the cluster management configuration of the Cisco Application Policy Infrastructure Controller APIC and the Cisco Nexus 9000 Series ACI Mode Switch could allow an authenticated, remote attacker to access the APIC as the root user. The vulnerability is due to improper...
Cisco IP Phone 7861 Denial of Service Vulnerability
A vulnerability in the Cisco IP Phone 7861 could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper boundary restrictions when user-supplied input to the affected application is processed. An...
Cisco Access Control Server File Inclusion Vulnerability
A vulnerability in Cisco Access Control Server ACS could allow an unauthenticated, remote attacker to perform a file inclusion attack. The vulnerability is due to improper input validation of certain parameters passed to an affected device. An attacker could exploit this vulnerability by convinci...
Cisco IOS XR Software BVI Routed Packet Denial of Service Vulnerability
A vulnerability in the packet-processing code of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers ASR could allow an unauthenticated, remote attacker to cause a lockup and eventual reload of a network processor chip and the line card that is processing traffic. Only...
Cisco IOS Software Virtual Routing and Forwarding ICMP Queue Wedge Vulnerability
A vulnerability within the virtual routing and forwarding VRF subsystem of Cisco IOS software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to a failure to properly process malicious ICMP version 4 ICMPv4 messages received on ...
Cisco Enterprise Content Delivery System Web Directory Traversal and Arbitrary File Access Vulnerability
A vulnerability in Cisco Enterprise Content Delivery System ECDS could allow an unauthenticated, remote attacker to conduct directory traversal attacks on a targeted system. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could...