Cisco Headend System Releases Denial of Service Vulnerability

A vulnerability in Cisco Headend System Releases could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to the software's inability to recover memory after certain usage situations. An attacker could exploit this vulnerability by...

Cisco WebEx Meetings Meeting Access Number Vulnerability

A vulnerability in Cisco WebEx Meetings could allow an unauthenticated, remote attacker to discover the meeting access number. The vulnerability is due to the inclusion of sensitive information in URLs. An attacker could exploit this vulnerability by accessing the web page containing meeting...

Cisco Edge 340 Privilege Escalation Vulnerability

A vulnerability in the system configuration of Cisco Edge 340 could allow an authenticated, local attacker to run arbitrary programs with elevated privileges. The vulnerability is due to insufficient access control protections. An attacker could exploit this vulnerability by logging in to the...

Cisco FireSIGHT Management Center XSS and HTML Injection Vulnerabilities

Multiple vulnerabilities in the administrative web interface of the Cisco FireSIGHT Management Center could allow an attacker to conduct both cross-site scripting XSS and also arbitrary HTML command injection attacks. These vulnerabilities are due to improper user input validation. An attacker...

Cisco Finesse XML Processing Denial of Service Vulnerability

A vulnerability in Cisco Finesse could allow an authenticated, remote attacker to gain access to sensitive information or cause a denial of service DoS condition. The vulnerability is due to improper processing of XML files by an affected device. An authenticated, remote attacker could exploit th...

Multiple Vulnerabilities in Cisco IOS Software and IOS XE Software Autonomic Networking Infrastructure

The Autonomic Networking Infrastructure ANI feature of Cisco IOS Software and IOS XE Software has multiple vulnerabilities which could allow an unauthenticated, remote attacker to cause a denial of service DoS condition or gain limited command and control of the device. Autonomic Networking...

Cisco UCS C-Series Integrated Management Controller Denial of Service Vulnerability

A vulnerability in the Cisco Integrated Management Controller IMC of Cisco Unified Computing System UCS C-Series Servers could allow an unauthenticated, adjacent attacker to access specific controls on the Cisco IMC on an affected device. The vulnerability is due to insufficient input validation...

Cisco ASA Challenge-Response Tunnel Group Selection Bypass Vulnerability

A vulnerability in the authentication code of Cisco ASA Software could allow an authenticated, remote attacker to access resources of a VPN tunnel group. The vulnerability is due to improper implementation of the tunnel group selection when a user authenticates to the remote access VPN via the...

Cisco Prime Infrastructure Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface on the affected system. The vulnerability is due to insufficient input validation of several paramete...

Cisco Secure Access Control Server Open Redirect Vulnerability

A vulnerability in the web interface of Cisco Secure Access Control Server ACS could allow an unauthenticated, remote attacker to conduct a web page open redirection attack against a user's browser. The vulnerability is due to insufficient input validation of a specific parameter. An attacker cou...

Cisco ASA Smart Call Home Digital Certificate Validation Vulnerability

A vulnerability in the Smart Call Home SCH feature of Cisco ASA Software could allow an unauthenticated, remote attacker to bypass digital certificate validation if any feature that uses digital certificates is configured on the affected system. The vulnerability exists because when SCH is...

Cisco IOS XR Software Malformed SNMPv2 Packet Denial of Service Vulnerability

A vulnerability in Simple Network Management Protocol SNMP version 2 SNMPv2 processing of Cisco IOS XR could allow an authenticated, remote attacker to cause a reload of the SNMP daemon snmpd process on an affected device. The vulnerability is due to improper parsing of a malformed SNMPv2 packet...

Cisco Identity Services Engine HTTP Control Interface for NAC Web Agent Cross-Site Scripting Vulnerability

A vulnerability in the HTTP control interface for NAC Web Agent of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to execute a cross-site scripting XSS attack. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerabili...

Cisco NX-OS Software Label Distribution Protocol Message Vulnerability

A vulnerability in the Label Distribution Protocol LDP message processing of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an affected device to stop accepting valid LDP sessions during a 60-second period. The vulnerability is due to how certain malformed LDP Hello...

Cisco Secure ACS Portal Cross-Site Scripting Vulnerability

A vulnerability in the portal of the Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the portal on the affected system. The vulnerability is due to insufficient input validation of a parameter. A...

Cisco Unity Connection Internet Message Access Protocol Denial of Service Vulnerability

A vulnerability in the Internet Message Access Protocol IMAP function of Cisco Unity Connection could allow an authenticated, remote attacker to cause 100 percent CPU utilization on the Cisco Unity Connection server, which may cause a denial of service DoS condition. The vulnerability is due to t...

Cisco Adaptive Security Appliance Malformed DNS Reply Denial of Service Vulnerability

A vulnerability in the DNS code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause the reload of an affected system. The vulnerability is due to improper handling of DNS error cases when the Cisco ASA Software receives a DNS reply packet under a particular system...

Cisco Identity Services Engine Guest User Account Exhaustion Vulnerability

A vulnerability in Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to exhaust guest user account resources. The vulnerability is due to a guest account creation page that allows unlimited guest accounts to be created upon refreshing the page. An attacker could...

Cisco NX-OS Software Input Validation Vulnerability

A vulnerability in the Stream Editor sed command-line filter in Cisco NX-OS Software could allow an authenticated, local attacker to read and write arbitrary files. The vulnerability is due to an input validation issue. An attacker could exploit this vulnerability by using the sed r and sed w...

Cisco IOS XR Software Memory Exhaustion Vulnerability

Cisco IOS XR Software version 4.3.1 contains a vulnerability that could result in complete packet memory exhaustion. Successful exploitation could render critical services on the affected device unable to allocate packets resulting in a denial of service DoS condition. Cisco has released software...

Cisco IOS Software Multicast Network Time Protocol Denial of Service Vulnerability

A vulnerability in the implementation of the Network Time Protocol NTP feature in Cisco IOS Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. The vulnerability is due to the improper handling of multicas...

Multiple Vulnerabilities in Cisco Prime Data Center Network Manager

Cisco Prime Data Center Network Manager DCNM contains multiple vulnerabilities that could allow an unauthenticated, remote attacker to disclose file components, and access text files on an affected device. Various components of Cisco Prime DCNM are affected. These vulnerabilities can be exploited...

Cisco VC220 Network Dome Camera and Cisco VC240 Network Bullet Camera Denial of Service Vulnerabilites

The Cisco Video Surveillance VC220 Network Dome Camera and the Cisco VC240 Network Bullet Camera contain vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on the affected devices, preventing web user interface WebUI access to the...

Cisco Aironet 3600 Series Access Point Denial of Service Vulnerability

A vulnerability in the Cisco Aironet 3600 Series Access Point could allow an unauthenticated, remote attacker to trigger a denial of service condition. The vulnerability is due to a memory corruption condition that could occur when the device switches between FlexConnect and Standalone mode. An...

Cisco ASA Next-Generation Firewall Fragmented Traffic Denial of Service Vulnerability

Cisco ASA Next-Generation Firewall NGFW Services��contains a Fragmented Traffic Denial of Service DoS vulnerability.�� Successful exploitation of this vulnerability on the Cisco ASA NGFW could cause the device to reload or stop processing user traffic that has been redirected by the parent Cisco...

Cisco IOS Software Resource Reservation Protocol Denial of Service Vulnerability

The Resource Reservation Protocol RSVP feature in Cisco IOS Software and Cisco IOS XE Software contains a vulnerability when used on a device that has Multiprotocol Label Switching with Traffic Engineering MPLS-TE enabled. Successful exploitation of the vulnerability could allow an unauthenticate...

Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module

Cisco ASA 5500 Series Adaptive Security Appliances ASA and Cisco Catalyst 6500 Series ASA Services Module ASASM may be affected by the following vulnerabilities: DHCP Memory Allocation Denial of Service Vulnerability SSL VPN Authentication Denial of Service Vulnerability SIP Inspection Media Upda...

Cisco Security Agent Remote Code Execution Vulnerabilities

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

Cisco IOS Software SSH Banner Processing Error Denial of Service Vulnerability

Cisco IOS Software contains a vulnerability that could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to improper handling of login banners by Cisco IOS Software. An authenticated, remote attacker could exploit this vulnerability by...

Multiple Vulnerabilities in Cisco PGW Softswitch

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

Cisco Secure Access Control Server for Windows User-Changeable Password Vulnerabilities

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

Multiple Vulnerabilities in Cisco PIX and ASA Appliance

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

Information Leakage Using IPv6 Routing Header in Cisco IOS and Cisco IOS-XR

Cisco IOS and Cisco IOS XR contain a vulnerability when processing specially crafted IPv6 packets with a Type 0 Routing Header present. Exploitation of this vulnerability can lead to information leakage on affected IOS and IOS XR devices, and may also result in a crash of the affected IOS device...

Voice Vulnerabilities in Cisco IOS and Cisco Unified Communications Manager

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

Vulnerability in Cisco Secure Access Control Server EAP-TLS Authentication

...

Multiple Vulnerabilities in Cisco Secure Access Control Server

...

Cisco VPN 5000 Series Concentrator RADIUS PAP Authentication Vulnerability

...

TFTP Long Filename Vulnerability

...

A Vulnerability in IOS Firewall Feature Set

...

Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability

A vulnerability in the Simple Network Management Protocol SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow the following: An authenticated, remote attacker with low privileges could cause a denial of service DoS condition on an affected device that is running Cisco IOS...

Cisco Firepower Management Center Software Object Group Access Control List Bypass Vulnerability

A vulnerability in the Object Groups for Access Control Lists ACLs feature of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to bypass configured access controls on managed devices that are running Cisco Firepower Threat Defense FTD Software. This...

Cisco Integrated Management Controller CLI Command Injection Vulnerability

A vulnerability in the CLI of the Cisco Integrated Management Controller IMC could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have read-only or high...

Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerability

A vulnerability in the web UI of Cisco Enterprise Chat and Email ECE could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the web UI does not properly validate user-supplied input. An attacker...

Cisco Nexus Dashboard and Nexus Dashboard Hosted Services Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Nexus Dashboard and Cisco Nexus Dashboard hosted services could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. This vulnerability is due to insufficient CSRF...

Cisco IOS XE Software OSPFv2 Denial of Service Vulnerability

A vulnerability in the OSPF version 2 OSPFv2 feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service DoS condition. This vulnerability is due to improper validation of OSPF updates that...

Cisco TelePresence Management Suite Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco TelePresence Management Suite TMS Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. These vulnerabilities are due to insufficient input...

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software ICMPv6 Message Processing Denial of Service Vulnerability

A vulnerability in ICMPv6 processing of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. This vulnerability is due to improper processing of ICMPv6 messages. A...

Cisco IOS XE Software Application Quality of Experience and Unified Threat Defense Denial of Service Vulnerability

A vulnerability in Application Quality of Experience AppQoE and Unified Threat Defense UTD on Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service DoS condition. This vulnerability is due to the...

Cisco IOS XR Software Compression ACL Bypass Vulnerability

A vulnerability in the classic access control list ACL compression feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass the protection that is offered by a configured ACL on an affected device. This vulnerability is due to incorrect destination address range...

Cisco IOS XR Software iPXE Boot Signature Bypass Vulnerability

A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device. This vulnerability is due to insufficient image verification. An attacker could exploit this vulnerability by manipulating...