5226 matches found
Cisco Elastic Services Controller Arbitrary Command Execution Vulnerability
A vulnerability in certain commands of Cisco Elastic Services Controller could allow an authenticated, remote attacker to elevate privileges to root and run dangerous commands on the server. The vulnerability occurs because a "tomcat" user on the system can run certain shell commands, allowing th...
Cisco Unified Contact Center Express Clear Text Authentication Vulnerability
A vulnerability in the Extensible Messaging and Presence Protocol XMPP service of Cisco Unified Contact Center Express UCCx could allow an unauthenticated, remote attacker to masquerade as a legitimate user. The vulnerability is due to the XMPP service incorrectly processing an unsecured HTTP por...
Cisco Identity Services Engine Cross-Site Scripting Vulnerability
A vulnerability in the web application interface of the Cisco Identity Services Engine ISE portal could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient...
Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL Injection Vulnerability
A vulnerability in the Cisco Prime Infrastructure PI and Evolved Programmable Network Manager EPNM SQL database interface could allow an authenticated, remote attacker to impact the confidentiality and integrity of the application by executing arbitrary SQL queries. The vulnerability is due to a...
Cisco Ultra Services Platform Information Disclosure Vulnerability
A vulnerability in the ConfD server in Cisco Ultra Services Platform could allow an authenticated, local attacker to view sensitive information. The vulnerability is due to insufficient protection of sensitive files on the system. An attacker could exploit this vulnerability by logging in to the...
Cisco Nexus Series Switches Telnet CLI Command Injection Vulnerability
A vulnerability in the Telnet CLI command of Cisco NX-OS System Software running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could...
Cisco Prime Collaboration Provisioning Directory Traversal Arbitrary File Deletion Vulnerability
A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software could allow an authenticated, remote attacker to delete any file from an affected system. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests and...
Cisco Prime Collaboration Provisioning Directory Traversal Information Disclosure Vulnerability
A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software could allow an authenticated, remote attacker to view any file on an affected system. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests and fails ...
Cisco WebEx Meetings Server Information Disclosure Vulnerability
A vulnerability in Cisco WebEx Meetings Server could allow unauthenticated, remote attackers to gain information that could allow them to access scheduled customer meetings. The vulnerability is due to an incomplete configuration of the robots.txt file on customer-hosted WebEx solutions and occur...
Cisco Firepower Threat Defense and Cisco ASA with FirePOWER Module Denial of Service Vulnerability
A vulnerability in the access control policy of Cisco Firepower System Software could allow an authenticated, remote attacker to cause an affected system to stop inspecting and processing packets, resulting in a denial of service DoS condition. The vulnerability is due to improper SSL policy...
Cisco IOS XE Software Startup Script Local Command Execution Vulnerability
A vulnerability in a startup script of Cisco IOS XE Software could allow an unauthenticated attacker with physical access to the targeted system to execute arbitrary commands on the underlying operating system with the privileges of the root user. The vulnerability is due to insufficient validati...
Cisco ASR 903 and ASR 920 Series Devices IPv6 Packet Processing Denial of Service Vulnerability
A vulnerability in Cisco ASR 903 or ASR 920 Series Devices running with an RSP2 card could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on a targeted system. The vulnerability is due to insufficient processing of IPv6 packets by the affected system. The...
Cisco Unified Communications Manager Web Interface Cross-Site Scripting Vulnerability
A cross-site scripting XSS filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct XSS attacks against a user of an affected device. The vulnerability is due to a failure to properly call...
Cisco Unified Communications Manager Cross-Site Request Forgery Vulnerability
A vulnerability in the web framework of Cisco Unified Communications Manager CallManager could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against a user of the web interface of the affected software. The vulnerability is due to insufficient CSRF...
Cisco Meeting Server API Denial of Service Vulnerability
A vulnerability in an internal API of the Cisco Meeting Server CMS could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on the affected appliance. The vulnerability is due to invalid data being received on a specific port. An attacker could exploit this...
Cisco IOS and IOS XE IKEv2 Denial of Service Vulnerability
A vulnerability in the Internet Key Exchange version 2 IKEv2 code of Cisco IOS and IOS XE could allow an unauthenticated, remote attacker to cause a reload of the affected device. The vulnerability is due to improper handling of crafted IKEv2 packets. The vulnerability applies only to IKEv2 devic...
Cisco IOS and IOS XE Software Internet Key Exchange Version 1 Fragmentation Denial of Service Vulnerability
A vulnerability in the Internet Key Exchange version 1 IKEv1 fragmentation code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an exhaustion of available memory or a reload of the affected system. The vulnerability is due to the improper handling of...
Cisco Wireless LAN Controller wIPS Denial of Service Vulnerability
A vulnerability in the Cisco Adaptive Wireless Intrusion Prevention System wIPS implementation in the Cisco Wireless LAN Controller WLC could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition because the wIPS process on the WLC unexpectedly restarts. The...
Cisco IOS XR Software for Cisco ASR 9001 Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability
A vulnerability in the driver processing functions of Cisco IOS XR Software for Cisco ASR 9001 Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a memory leak on the route processor RP of an affected device, which could cause the device to drop all control-plan...
Cisco WebEx Meetings Server Administrator Interface Reflected Cross-Site Scripting Vulnerability
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting XSS attacks. The vulnerability is due to insufficient sanitization of user-supplied input by the affected software. An unauthenticated, remote attacker could...
Cisco 8800 Series IP Phone Filesystem Permission Enforcement Unauthorized Access Vulnerability
A vulnerability in the mounted filesystem of Cisco 8800 Series IP Phones could allow an authenticated, remote attacker to access any file, including the right to change the file mode, on a targeted device. The vulnerability is due to insufficient enforcement of filesystem permissions. An attacker...
Cisco RV110W, RV130W, and RV215W Routers HTTP Request Buffer Overflow Vulnerability
A vulnerability in the web-based management interface of Cisco RV110W Wireless-N VPN Firewalls, Cisco RV130W Wireless-N Multifunction VPN Routers, and Cisco RV215W Wireless-N VPN Routers could allow an authenticated, remote attacker to cause a buffer overflow on a targeted system, resulting in a...
Cisco IOS XR Software LPTS Denial of Service Vulnerability
A vulnerability in the Local Packet Transport Services LPTS network stack of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a limited denial of service DoS condition on an affected platform. The vulnerability is due to improper handling of flow base entries by LPTS...
Cisco Unified Computing System Central Cross-Site Scripting Vulnerability
A vulnerability in the HTTP web-based management interface of Cisco Unified Computing System UCS Central Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of the affected system. The vulnerability is due to...
Cisco TelePresence Server Crafted IPv6 Packet Handling Denial of Service Vulnerability
A vulnerability in Cisco TelePresence Server devices running software versions 3.0 through 4.24.18 could allow an unauthenticated, remote attacker to cause a kernel panic on the device. The vulnerability exists due to a failure to properly handle a specially crafted stream of IPv6 packets. A...
Cisco TelePresence Server Malformed STUN Packet Processing Denial of Service Vulnerability
A vulnerability in Cisco TelePresence Server devices running software version 3.1 could allow an unauthenticated, remote attacker to reload the device. The vulnerability exists due to a failure to properly process malformed Session Traversal Utilities for NAT STUN packets. An attacker could explo...
Cisco Unified Communications Domain Manager Cross-Site Scripting Vulnerability
A vulnerability in the Cisco Unified Communications Domain Manager Unified CDM could allow an authenticated, remote attacker to execute a cross-site scripting XSS attack. The vulnerability is due to insufficient input validation of user-supplied input. An attacker could exploit this vulnerability...
Cisco Fog Director Cross-Site Scripting Vulnerability
A vulnerability in the Cisco Fog Director web framework could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of the affected software. The vulnerability is due to insufficient input validation for some of the parameters...
Cisco FireSIGHT Management Center DOM-Based Cross-Site Scripting Vulnerability
Cisco FireSIGHT Management Center MC contains a DOM-based cross-site scripting vulnerability XSS in the management page. An unauthenticated, remote attacker could persuade a user to perform a malicious action, allowing the attacker to perform a XSS attack. The vulnerability is due to mishandling ...
Cisco Adaptive Security Appliance Non-DCERPC Traffic Bypass Vulnerability
A vulnerability in the Distributed Computing Environment/Remote Procedure Calls DCERPC Inspection feature of the Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to send traffic that is not DCERPC between hosts configured only for DCERPC inspection. The DCERPC...
Cisco IOS XR Software OSPF Link State Advertisement PCE Vulnerability
A vulnerability in Open Shortest Path First OSPF Link State Advertisement LSA handling by Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to the number of OSPF Path Computation Elements PCEs that are...
Cisco Emergency Responder Web Framework Arbitrary File Upload Vulnerability
A vulnerability in the web framework of Cisco Emergency Responder CER could allow an unauthenticated, remote attacker to upload arbitrary files to a restricted location on the filesystem. The vulnerability is due to insufficient parameter validation. An attacker could exploit this vulnerability b...
Cisco Mobility Services Engine Privilege Escalation Vulnerability
A vulnerability in the installation procedure of the Cisco Mobility Services Engine MSE appliance could allow an authenticated, local attacker to escalate to the root level. The vulnerability is due to incorrect installation and permissions settings on binary files during the MSE physical or...
Cisco Email Security Appliance Email Scanner Denial of Service Vulnerability
A vulnerability in the email message filtering feature of Cisco AsyncOS for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to cause an ESA device to become unavailable due to a denial of service DoS condition. The vulnerability is due to improper input validati...
Cisco Secure Access Control Server Dom-Based Cross-Site Scripting Vulnerability
A vulnerability in the Cisco Secure Access Control Server ACS web interface could allow an unauthenticated, remote attacker to impact the integrity of the system by executing a Document Object Model DOM-based, environment or client side, cross-site scripting XSS attack. The vulnerability is due t...
Cisco Nexus 3000 Series Switches SNMP Non-Existent OID Denial of Service Vulnerability
A vulnerability in the Simple Network Management Protocol SNMP interface of the Nexus 3000 N3K Series Switch could allow an authenticated, remote attacker to cause a partial denial of service DoS condition to the SNMP service running on the device. The vulnerability is due to improper handling of...
Cisco Wireless LAN Controller IPv6 IAPP WIPS Report Vulnerability
A vulnerability in the Internet Access Point Protocol IAPP module of the Cisco Wireless LAN Controller WLC could allow an unauthenticated, remote attacker to cause network traffic to be forwarded to an unexpected destination network. The vulnerability is due to improper input validation of the IP...
Cisco Unified Interaction Manager Web Interface Security Bypass Vulnerability
A vulnerability in the Cisco Unified Interaction Manager web interface could allow an authenticated, remote attacker to delete default system folders for the messaging queues. The vulnerability is due insufficient validation of user-supplied data against the application authorization control logi...
Cisco AnyConnect Secure Mobility Client Local Denial of Service Vulnerability
A vulnerability in the kernel extension for Mac OS X of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient bounds checking. An attacker could exploit this vulnerability by crafti...
Cisco Email Security Appliance AsyncOS Cross-Site Scripting Vulnerability
A vulnerability in the web management interface of multiple Cisco products could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface on the affected system. The vulnerability is due to insufficient input validation of a...
Cisco WebEx Meetings Server Remote Code Execution Vulnerability
A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability is due to insufficient sanitization of user-supplied input. An attacker could exploit this vulnerability by sending crafted data in a...
Cisco Unified Communications Manager ccmivr Page Cross-Site Scripting Vulnerability
A vulnerability in several parameters of the ccmivr page of Cisco Unified Communications Manager, formerly known as CallManager, could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface on an affected system. The vulnerabilit...
Cisco Adaptive Security Appliance SNMP Denial of Service Vulnerability
A vulnerability in the Simple Network Management Protocol SNMP code of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to improper handling of SNMP packets. An attacker could exploit th...
Cisco Headend System Releases Denial of Service Vulnerability
A vulnerability in Cisco Headend System Releases could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to the software's inability to recover memory after certain usage situations. An attacker could exploit this vulnerability by...
Cisco AnyConnect Client for Windows Privilege Escalation Vulnerability
A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and execute an arbitrary executable file with privileges equivalent to the Microsoft Windows operating system SYSTEM account. The vulnerability is due to a lack of checks...
Cisco WebEx Meetings Meeting Access Number Vulnerability
A vulnerability in Cisco WebEx Meetings could allow an unauthenticated, remote attacker to discover the meeting access number. The vulnerability is due to the inclusion of sensitive information in URLs. An attacker could exploit this vulnerability by accessing the web page containing meeting...
Cisco Edge 340 Privilege Escalation Vulnerability
A vulnerability in the system configuration of Cisco Edge 340 could allow an authenticated, local attacker to run arbitrary programs with elevated privileges. The vulnerability is due to insufficient access control protections. An attacker could exploit this vulnerability by logging in to the...
Cisco FireSIGHT Management Center XSS and HTML Injection Vulnerabilities
Multiple vulnerabilities in the administrative web interface of the Cisco FireSIGHT Management Center could allow an attacker to conduct both cross-site scripting XSS and also arbitrary HTML command injection attacks. These vulnerabilities are due to improper user input validation. An attacker...
Cisco Sourcefire 3D System Lights-Out Management Arbitrary File Upload Vulnerability
A vulnerability in Lights-Out Management LOM functionality of the Sourcefire 3D System could allow an authenticated, remote attacker to upload arbitrary files to the baseboard management controller BMC on an affected device. The vulnerability is due to insufficient validation and sanitization of...
Cisco IOS Voice Gateway Malformed ISDN Q931 Message Denial of Service Vulnerability
A vulnerability in the Integrated Services Digital Network ISDN processing code of Cisco IOS could allow an unauthenticated, adjacent attacker to cause a reload of the affected device. The vulnerability is due to improper processing of malformed ISDN Q931 SETUP messages. An attacker could exploit...