5226 matches found
Cisco SD-WAN Solution Certificate Validation Bypass Vulnerability
A vulnerability in the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to bypass certificate validation on an affected device. The vulnerability is due to improper certificate validation. An attacker could exploit this vulnerability by supplying a system image signed with a...
Cisco SD-WAN Solution Command Injection Vulnerability
A vulnerability in the command-line tcpdump utility in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerabilit...
Cisco Policy Suite Policy Builder Database Unauthenticated Access Vulnerability
A vulnerability in the Policy Builder database of Cisco Policy Suite could allow an unauthenticated, remote attacker to connect directly to the Policy Builder database. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by connecting directly to the...
Cisco Prime Collaboration Provisioning Cleartext Passwords Written to World-Readable File Vulnerability
A vulnerability in the web portal authentication process of Cisco Prime Collaboration Provisioning could allow an unauthenticated, local attacker to view sensitive data. The vulnerability is due to improper logging of authentication data. An attacker could exploit this vulnerability by monitoring...
Cisco Meeting Server Media Services Denial of Service Vulnerability
A vulnerability in the Real-Time Transport Protocol RTP bitstream processing of the Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient input validation of incoming RTP bitstreams. An attacker...
Cisco Firepower System Software Transport Layer Security Denial of Service Vulnerability
A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to restart an instance of the Snort detection engine on an affected device, resulting in a brief denial of service DoS condition. The vulnerability is due to the incorrect...
Cisco IOS XE Software for Cisco 4000 Series Integrated Services Routers Privileged EXEC Mode Root Shell Access Vulnerability
A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerability is due to the affected software improperl...
Cisco Elastic Services Controller Information Disclosure Vulnerability
A vulnerability in the ConfD server of the Cisco Elastic Services Controller ESC could allow an unauthenticated, local attacker to access sensitive information on a targeted system. The vulnerability is due to insufficient security restrictions. An attacker could exploit this vulnerability by...
Cisco RF Gateway 1 TCP Connection Denial of Service Vulnerability
A vulnerability in the TCP state machine of Cisco RF Gateway 1 devices could allow an unauthenticated, remote attacker to prevent an affected device from delivering switched digital video SDV or video on demand VoD streams, resulting in a denial of service DoS condition. The vulnerability is due ...
Cisco TelePresence Video Communication Server Denial of Service Vulnerability
A vulnerability in the Session Initiation Protocol SIP on the Cisco TelePresence Video Communication Server VCS could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on the targeted appliance. The vulnerability is due to excessive SIP traffic sent to the devic...
Cisco Security Appliances SNMP Polling Information Disclosure Vulnerability
A vulnerability in SNMP polling for the Cisco Web Security Appliance WSA, Email Security Appliance ESA, and Content Security Management Appliance SMA could allow an authenticated, remote attacker to discover confidential information about the appliances that should be available only to an...
Cisco Web Security Appliance Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Web Security Appliance WSA could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...
Cisco Elastic Services Controller Arbitrary Command Execution Vulnerability
A vulnerability in certain commands of Cisco Elastic Services Controller could allow an authenticated, remote attacker to elevate privileges to root and run dangerous commands on the server. The vulnerability occurs because a "tomcat" user on the system can run certain shell commands, allowing th...
Cisco Unified Contact Center Express Clear Text Authentication Vulnerability
A vulnerability in the Extensible Messaging and Presence Protocol XMPP service of Cisco Unified Contact Center Express UCCx could allow an unauthenticated, remote attacker to masquerade as a legitimate user. The vulnerability is due to the XMPP service incorrectly processing an unsecured HTTP por...
Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL Injection Vulnerability
A vulnerability in the Cisco Prime Infrastructure PI and Evolved Programmable Network Manager EPNM SQL database interface could allow an authenticated, remote attacker to impact the confidentiality and integrity of the application by executing arbitrary SQL queries. The vulnerability is due to a...
Cisco Identity Services Engine Cross-Site Scripting Vulnerability
A vulnerability in the web application interface of the Cisco Identity Services Engine ISE portal could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient...
Cisco Nexus Series Switches Telnet CLI Command Injection Vulnerability
A vulnerability in the Telnet CLI command of Cisco NX-OS System Software running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could...
Cisco WebEx Meetings Server Information Disclosure Vulnerability
A vulnerability in Cisco WebEx Meetings Server could allow unauthenticated, remote attackers to gain information that could allow them to access scheduled customer meetings. The vulnerability is due to an incomplete configuration of the robots.txt file on customer-hosted WebEx solutions and occur...
Cisco Firepower Threat Defense and Cisco ASA with FirePOWER Module Denial of Service Vulnerability
A vulnerability in the access control policy of Cisco Firepower System Software could allow an authenticated, remote attacker to cause an affected system to stop inspecting and processing packets, resulting in a denial of service DoS condition. The vulnerability is due to improper SSL policy...
Cisco IOS XE Software Startup Script Local Command Execution Vulnerability
A vulnerability in a startup script of Cisco IOS XE Software could allow an unauthenticated attacker with physical access to the targeted system to execute arbitrary commands on the underlying operating system with the privileges of the root user. The vulnerability is due to insufficient validati...
Cisco Unified Communications Manager Web Interface Cross-Site Scripting Vulnerability
A cross-site scripting XSS filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct XSS attacks against a user of an affected device. The vulnerability is due to a failure to properly call...
Cisco Unified Communications Manager Cross-Site Request Forgery Vulnerability
A vulnerability in the web framework of Cisco Unified Communications Manager CallManager could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against a user of the web interface of the affected software. The vulnerability is due to insufficient CSRF...
Cisco Meeting Server API Denial of Service Vulnerability
A vulnerability in an internal API of the Cisco Meeting Server CMS could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on the affected appliance. The vulnerability is due to invalid data being received on a specific port. An attacker could exploit this...
Cisco IOS and IOS XE IKEv2 Denial of Service Vulnerability
A vulnerability in the Internet Key Exchange version 2 IKEv2 code of Cisco IOS and IOS XE could allow an unauthenticated, remote attacker to cause a reload of the affected device. The vulnerability is due to improper handling of crafted IKEv2 packets. The vulnerability applies only to IKEv2 devic...
Cisco IOS and IOS XE Software Internet Key Exchange Version 1 Fragmentation Denial of Service Vulnerability
A vulnerability in the Internet Key Exchange version 1 IKEv1 fragmentation code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an exhaustion of available memory or a reload of the affected system. The vulnerability is due to the improper handling of...
Cisco Wireless LAN Controller wIPS Denial of Service Vulnerability
A vulnerability in the Cisco Adaptive Wireless Intrusion Prevention System wIPS implementation in the Cisco Wireless LAN Controller WLC could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition because the wIPS process on the WLC unexpectedly restarts. The...
Cisco Virtual Media Packager PAM API Unauthorized Access Vulnerability
A vulnerability in the application programming interface API for the Platform and Applications Manager PAM for the Cisco Virtual Media Packager VMP could allow an unauthenticated, remote attacker to access the PAM API. The PAM API is only accessible using the SSL or TLS protocol. The vulnerabilit...
Cisco IOS XR Software for Cisco ASR 9001 Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability
A vulnerability in the driver processing functions of Cisco IOS XR Software for Cisco ASR 9001 Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a memory leak on the route processor RP of an affected device, which could cause the device to drop all control-plan...
Cisco WebEx Meetings Server Administrator Interface SQL Injection Vulnerability
A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries. The vulnerability is due to a lack of input validation on user-supplied input in SQL queries. An attacker could exploit this...
Cisco 8800 Series IP Phone Filesystem Permission Enforcement Unauthorized Access Vulnerability
A vulnerability in the mounted filesystem of Cisco 8800 Series IP Phones could allow an authenticated, remote attacker to access any file, including the right to change the file mode, on a targeted device. The vulnerability is due to insufficient enforcement of filesystem permissions. An attacker...
Cisco RV110W, RV130W, and RV215W Routers HTTP Request Buffer Overflow Vulnerability
A vulnerability in the web-based management interface of Cisco RV110W Wireless-N VPN Firewalls, Cisco RV130W Wireless-N Multifunction VPN Routers, and Cisco RV215W Wireless-N VPN Routers could allow an authenticated, remote attacker to cause a buffer overflow on a targeted system, resulting in a...
Cisco IOS XR Software LPTS Denial of Service Vulnerability
A vulnerability in the Local Packet Transport Services LPTS network stack of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a limited denial of service DoS condition on an affected platform. The vulnerability is due to improper handling of flow base entries by LPTS...
Cisco Unified Computing System Central Cross-Site Scripting Vulnerability
A vulnerability in the HTTP web-based management interface of Cisco Unified Computing System UCS Central Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of the affected system. The vulnerability is due to...
Cisco Information Server XML Parser Denial of Service Vulnerability
A vulnerability in the default configuration of the XML parser component of Cisco Information Server CIS could allow an unauthenticated, remote attacker to access sensitive data or cause excessive consumption of system resources, which could cause a denial of service DoS condition on a targeted...
Cisco Unity Connection Cross-Site Scripting Vulnerability
A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input validation of certain parameters...
Cisco TelePresence Server Crafted IPv6 Packet Handling Denial of Service Vulnerability
A vulnerability in Cisco TelePresence Server devices running software versions 3.0 through 4.24.18 could allow an unauthenticated, remote attacker to cause a kernel panic on the device. The vulnerability exists due to a failure to properly handle a specially crafted stream of IPv6 packets. A...
Cisco TelePresence Server Malformed STUN Packet Processing Denial of Service Vulnerability
A vulnerability in Cisco TelePresence Server devices running software version 3.1 could allow an unauthenticated, remote attacker to reload the device. The vulnerability exists due to a failure to properly process malformed Session Traversal Utilities for NAT STUN packets. An attacker could explo...
Cisco Unified Communications Domain Manager Cross-Site Scripting Vulnerability
A vulnerability in the Cisco Unified Communications Domain Manager Unified CDM could allow an authenticated, remote attacker to execute a cross-site scripting XSS attack. The vulnerability is due to insufficient input validation of user-supplied input. An attacker could exploit this vulnerability...
Cisco Fog Director Cross-Site Scripting Vulnerability
A vulnerability in the Cisco Fog Director web framework could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of the affected software. The vulnerability is due to insufficient input validation for some of the parameters...
Cisco Unity Connection Web Framework Cross-Site Scripting Vulnerability
A vulnerability in the web framework of Cisco Unity Connection UC could allow an unauthenticated, remote attacker to execute a cross-site scripting XSS attack. The vulnerability is due to insufficient input validation of user-supplied input. An attacker could exploit this vulnerability by...
Cisco FireSIGHT Management Center DOM-Based Cross-Site Scripting Vulnerability
Cisco FireSIGHT Management Center MC contains a DOM-based cross-site scripting vulnerability XSS in the management page. An unauthenticated, remote attacker could persuade a user to perform a malicious action, allowing the attacker to perform a XSS attack. The vulnerability is due to mishandling ...
Cisco Adaptive Security Appliance Non-DCERPC Traffic Bypass Vulnerability
A vulnerability in the Distributed Computing Environment/Remote Procedure Calls DCERPC Inspection feature of the Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to send traffic that is not DCERPC between hosts configured only for DCERPC inspection. The DCERPC...
Cisco Emergency Responder Web Framework Arbitrary File Upload Vulnerability
A vulnerability in the web framework of Cisco Emergency Responder CER could allow an unauthenticated, remote attacker to upload arbitrary files to a restricted location on the filesystem. The vulnerability is due to insufficient parameter validation. An attacker could exploit this vulnerability b...
Cisco Firepower 9000 Unauthenticated File Access Vulnerability
A vulnerability in the web interface of the Cisco Firepower 9000 Series Switches could allow an unauthenticated, remote attacker to view certain files on the device that should be restricted. The vulnerability is due to lack of proper authentication checks when a request to download and view a...
Cisco FireSight Management Center Web Framework Cross-Site Scripting Vulnerability
A vulnerability in the web framework of Cisco FireSIGHT Management Center MC could allow an authenticated, remote attacker to execute a stored, cross-site scripting XSS attack against a user of the web interface. The vulnerability is due to improper sanitization of parameter values. An attacker...
Cisco Mobility Services Engine Privilege Escalation Vulnerability
A vulnerability in the installation procedure of the Cisco Mobility Services Engine MSE appliance could allow an authenticated, local attacker to escalate to the root level. The vulnerability is due to incorrect installation and permissions settings on binary files during the MSE physical or...
Cisco Secure Access Control Server Dom-Based Cross-Site Scripting Vulnerability
A vulnerability in the Cisco Secure Access Control Server ACS web interface could allow an unauthenticated, remote attacker to impact the integrity of the system by executing a Document Object Model DOM-based, environment or client side, cross-site scripting XSS attack. The vulnerability is due t...
Cisco Nexus 3000 Series Switches SNMP Non-Existent OID Denial of Service Vulnerability
A vulnerability in the Simple Network Management Protocol SNMP interface of the Nexus 3000 N3K Series Switch could allow an authenticated, remote attacker to cause a partial denial of service DoS condition to the SNMP service running on the device. The vulnerability is due to improper handling of...
Cisco Wireless LAN Controller IPv6 IAPP WIPS Report Vulnerability
A vulnerability in the Internet Access Point Protocol IAPP module of the Cisco Wireless LAN Controller WLC could allow an unauthenticated, remote attacker to cause network traffic to be forwarded to an unexpected destination network. The vulnerability is due to improper input validation of the IP...
Cisco Unified Interaction Manager Web Interface Security Bypass Vulnerability
A vulnerability in the Cisco Unified Interaction Manager web interface could allow an authenticated, remote attacker to delete default system folders for the messaging queues. The vulnerability is due insufficient validation of user-supplied data against the application authorization control logi...