5226 matches found
Cisco SD-WAN vManage Software Disaster Recovery Feature Password Exposure Vulnerability
A vulnerability in the disaster recovery feature of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain unauthorized access to user credentials. This vulnerability exists because access to API endpoints is not properly restricted. An attacker could exploit this...
Cisco SD-WAN Software Information Disclosure Vulnerability
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information. This vulnerability is due to improper protections on file access through the CLI. An attacker could exploit this vulnerability by running a CLI command that targets an...
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services File Upload Denial of Service Vulnerability
Update from October 22nd, 2020: Cisco has become aware of a new Cisco Adaptive Security Appliance vulnerability that could affect the fixed releases recommended for code trains 9.13 and 9.14 in the Fixed Software "fs" section of this advisory. See the Cisco Adaptive Security Appliance Software...
Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers Multicast DNS Denial of Service Vulnerability
A vulnerability in the multicast DNS mDNS feature of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to improper validation of mDNS packets. An attacker...
Cisco NX-OS Software Call Home Command Injection Vulnerability
A vulnerability in the Call Home feature of Cisco NX-OS Software could allow an authenticated, remote attacker to inject arbitrary commands that could be executed with root privileges on the underlying operating system OS. The vulnerability is due to insufficient input validation of specific Call...
Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Remote Code Execution and Denial of Service Vulnerabilities
Multiple vulnerabilities in the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP camera. These vulnerabilities are due to missing checks when t...
Cisco Smart Software Manager On-Prem Privilege Escalation Vulnerability
A vulnerability in Cisco Smart Software Manager On-Prem SSM On-Prem could allow an authenticated, remote attacker to elevate privileges and execute commands with higher privileges. The vulnerability is due to insufficient authorization of the System Operator role capabilities. An attacker could...
Cisco vWAAS for Cisco ENCS 5400-W Series and CSP 5000-W Series Default Credentials Vulnerability
A vulnerability in Cisco Virtual Wide Area Application Services vWAAS with Cisco Enterprise NFV Infrastructure Software NFVIS-bundled images for Cisco ENCS 5400-W Series and CSP 5000-W Series appliances could allow an unauthenticated, remote attacker to log into the NFVIS CLI of an affected devic...
Cisco Firepower 1000 Series SSL/TLS Denial of Service Vulnerability
A vulnerability in the Secure Sockets Layer SSL/Transport Layer Security TLS handler of Cisco Firepower Threat Defense FTD Software when running on the Cisco Firepower 1000 Series platform could allow an unauthenticated, remote attacker to trigger a denial of service DoS condition on an affected...
Cisco Firepower Threat Defense Software Management Interface Denial of Service Vulnerability
A vulnerability in how Cisco Firepower Threat Defense FTD Software handles session timeouts for management connections could allow an unauthenticated, remote attacker to cause a buildup of remote management connections to an affected device, which could result in a denial of service DoS condition...
Cisco Wireless LAN Controller CAPWAP Denial of Service Vulnerability
A vulnerability in the Control and Provisioning of Wireless Access Points CAPWAP protocol handler of Cisco Wireless LAN Controller WLC Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to insufficien...
Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data
Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details "details"...
Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Remote Code Execution and Denial of Service Vulnerability
A vulnerability in the Cisco Discovery Protocol implementation for the Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP Camera. The vulnerability is due to missing checks when processing...
Cisco IOS XR Software BGP EVPN Operational Routes Denial of Service Vulnerability
A vulnerability in the implementation of Border Gateway Protocol BGP Ethernet VPN EVPN functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to incorrect processing of a BGP update message that...
Cisco Data Center Analytics Framework Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of the Cisco Data Center Analytics Framework application could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the interface of an affected system. The vulnerability is due to...
Cisco Prime Network Registrar Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplied input...
Cisco Prime Network Registrar Denial of Service Vulnerability
A vulnerability in the DHCPv6 input packet processor of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to restart the server and cause a denial of service DoS condition on the affected system. The vulnerability is due to incomplete user-supplied input validation whe...
Cisco Enterprise NFV Infrastructure Software Information Disclosure Vulnerability
A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to read any file on an affected system. The vulnerability is due to insufficient authorization and parameter validation checks. An attacker could exploit this...
Cisco Digital Network Architecture Center Command Injection Vulnerability
A vulnerability in the CronJob scheduler API of Cisco Digital Network Architecture DNA Center could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to incorrect input validation of user-supplied data. An attacker could exploit this...
Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Session Initiation Protocol Denial of Service Vulnerability
A vulnerability in the Session Initiation Protocol SIP call-handling functionality of Cisco IP Phone 6800, 7800, and 8800 Series Phones with Multiplatform Firmware could allow an unauthenticated, remote attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of...
Cisco Identity Services Engine Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface. The vulnerability is due to insufficient input validation of some...
Cisco IP Phone 7800 Series and 8800 Series and Cisco Wireless IP Phone 8821 Denial of Service Vulnerability
A vulnerability in the Session Initiation Protocol SIP call-handling functionality of Cisco IP Phone 7800 Series, IP Phone 8800 Series, and Wireless IP Phone 8821 could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected phone. The vulnerability is...
Cisco Identity Services Engine Logs Cross-Site Scripting Vulnerability
A vulnerability in the logs component of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to improper validation of requests stored in logs in the application management interface. An attacker could...
Cisco IoT Field Network Director Cross-Site Request Forgery Vulnerability
A vulnerability in the web-based management interface of Cisco IoT Field Network Director IoT-FND could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and alter the data of existing users and groups on an affected device. The vulnerability is due to...
Cisco Firepower Threat Defense Software Policy Bypass Vulnerability
A vulnerability in the detection engine of Cisco Firepower Threat Defense software could allow an unauthenticated, remote attacker to bypass a configured Secure Sockets Layer SSL Access Control AC policy to block SSL traffic. The vulnerability is due to the incorrect handling of TCP SSL packets...
Cisco Meeting Server Remote Code Execution Vulnerability
A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain unauthorized access to components of, or sensitive information in, an affected system. The vulnerability is due to incorrect default configuration of the device, which can expose internal interfaces an...
Cisco Email Security Appliance and Cisco Content Security Management Appliance Spam Quarantine Vulnerability
A vulnerability in the spam quarantine of Cisco Email Security Appliance and Cisco Content Security Management Appliance could allow an authenticated, remote attacker to download any message from the spam quarantine by modifying browser string information. The vulnerability is due to a lack of...
Cisco NX-OS Software Python Parser Escape Vulnerability
A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and gain unauthorized access to the underlying operating system of the device. The vulnerability exists due to insufficient sanitization of...
Cisco IOS XE Software Web UI Privilege Escalation Vulnerability
A vulnerability in the web-based user interface web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate their privileges on an affected device. The vulnerability is due to incorrect default permission settings for new users who are created by using the web UI of t...
Cisco Meeting Server Guest Hyperlink Information Disclosure Vulnerability
A vulnerability in the ability for guest users to join meetings via a hyperlink with Cisco Meeting Server could allow an authenticated, remote attacker to enter a meeting with a hyperlink URL, even though access should be denied. The vulnerability is due to the incorrect implementation of the...
Cisco Prime LAN Management Solution Session Fixation Vulnerability
A vulnerability in the web functionality of the Cisco Prime LAN Management Solution could allow an authenticated, remote attacker to hijack another user's administrative session. The vulnerability is due to the reuse of a preauthentication session token as part of the postauthentication session. ...
Cisco IoT Field Network Director Memory Exhaustion Denial of Service Vulnerability
A vulnerability in the TCP throttling process for Cisco IoT Field Network Director IoT-FND could allow an unauthenticated, remote attacker to cause the system to consume additional memory, eventually forcing the device to restart. The vulnerability is due to insufficient rate-limiting protection...
Cisco Ultra Services Platform Deployment Configuration Information Disclosure Vulnerability
A vulnerability in the Elastic Services Controller ESC web interface of the Cisco Ultra Services Platform could allow an authenticated, remote attacker to acquire sensitive information. The vulnerability is due to the transmission of sensitive information as part of a GET request. An attacker cou...
Cisco Finesse Reflected Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of...
Cisco Videoscape Distribution Suite Cache Server Denial of Service Vulnerability
A vulnerability in the cache server within Cisco Videoscape Distribution Suite VDS for Television could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on a targeted appliance. The vulnerability is due to excessive mapped connections exhausting the allotted...
Cisco IOS and IOS XE Software Autonomic Control Plane Channel Information Disclosure Vulnerability
A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to reset the Autonomic Control Plane ACP of an affected system and view ACP packets that are transferred in clear text within an affected system. T...
Cisco IP Phone 8851 Session Initiation Protocol Denial of Service Vulnerability
A vulnerability in the Session Initiation Protocol SIP implementation of Cisco IP Phone 8851 could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to an abnormal SIP message. An attacker could exploit this vulnerability by manipulatin...
Cisco IOS and IOS XE Software Simple Network Management Protocol Subsystem Denial of Service Vulnerability
A vulnerability in the Simple Network Management Protocol SNMP subsystem of Cisco IOS and IOS XE Software could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to a race condition that could occur when the affected software processes an...
Cisco Secure Access Control System Cross-Site Scripting Vulnerability
A vulnerability in Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to conduct a DOM-based cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input validation of a user-suppli...
Cisco Web Security Appliance Drop Decrypt Policy Bypass Vulnerability
A vulnerability in the Decrypt for End-User Notification configuration parameter of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to connect to a secure website over Secure Sockets Layer SSL or Transport Layer Security TLS, even if the WS...
Cisco IOS and Cisco IOS XE Software Zone-Based Firewall Feature Bypass Vulnerability
A vulnerability in the Zone-Based Firewall feature of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to pass traffic that should otherwise have been dropped based on the configuration. The vulnerability is due to a logic flaw in a corner case scenario. An...
Cisco Email and Web Security Appliance MIME Header Bypass Vulnerability
A vulnerability in the email filtering for malformed Multipurpose Internet Mail Extensions MIME headers of Cisco AsyncOS Software for Cisco Email Security Appliances ESA and Web Security Appliances WSA could allow an unauthenticated, remote attacker to bypass the filtering functionality of the...
Cisco Identity Services Engine SQL Injection Vulnerability
A vulnerability in the web framework code of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to execute arbitrary SQL commands on the database. The vulnerability is due to insufficient controls on Structured Query Language SQL statements. An attacker could exploit...
Cisco IOS and IOS XE Software Smart Install Memory Leak Vulnerability
The Smart Install client feature in Cisco IOS and IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a memory leak and eventual denial of service DoS condition on an affected device. The vulnerability is due to incorrect handling of image list...
Cisco IOS and IOS XE Software IOx Local Manager Cross-Site Scripting Vulnerability
A vulnerability in the web framework code of the Cisco Local Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input validation of some...
Cisco Firepower Management Center and FireSIGHT System Software Session Fixation Vulnerability
A vulnerability in session identification management functionality of the web-based management interface for Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to hijack a valid user session. The vulnerability exists because the...
Cisco IOS Software Point-to-Point Tunneling Protocol Server Information Disclosure Vulnerability
A vulnerability in the implementation of Point-to-Point Tunneling Protocol PPTP server functionality in Cisco IOS Software could allow an unauthenticated, remote attacker to access data from a packet buffer that was previously used. The vulnerability is due to the use of a previously used packet...
Cisco IOS and IOS XE Software Crafted Network Time Protocol Packets Denial of Service Vulnerability
A vulnerability in the processing of Network Time Protocol NTP packets by Cisco IOS and Cisco IOS XE could allow an unauthenticated, remote attacker to cause an interface wedge and an eventual denial of service DoS condition on the affected device. The vulnerability is due to insufficient checks ...
Cisco Firepower Management Center Web Interface Code Injection Vulnerability
A vulnerability in the web interface of Cisco Firepower Management Center could allow an authenticated, remote attacker to modify a page in the web interface. The vulnerability is due to improper sanitization of some parameter values. An attacker could exploit this vulnerability by injecting...
Cisco Adaptive Security Appliance with FirePOWER Services Kernel Logging Denial of Service Vulnerability
A vulnerability in the kernel logging configuration for Firepower System Software for the Adaptive Security Appliance ASA 5585-X FirePOWER Security Services Processor SSP module could allow an unauthenticated, remote attacker to cause a denial of service DoS condition due to high consumption of...