5224 matches found
Cisco Wide Area Application Services HTTP Application Optimization Denial of Service Vulnerability
A vulnerability in the HTTP web interface for Cisco Wide Area Application Services WAAS could allow an unauthenticated, remote attacker to cause an HTTP Application Optimization AO related process to restart, causing a partial denial of service DoS condition. The vulnerability is due to lack of...
Cisco IR800 Integrated Services Router ROM Monitor Input Validation Vulnerability
A vulnerability in the ROM Monitor ROMMON code of Cisco IR800 Integrated Services Router Software could allow an unauthenticated, local attacker to boot an unsigned Hypervisor on an affected device and compromise the integrity of the system. The vulnerability is due to insufficient sanitization o...
Cisco Unified Intelligence Center Cross-Site Scripting Vulnerability
A vulnerability in the Cisco Unified Intelligence Center web interface could allow an unauthenticated, remote attacker to impact the integrity of the system by executing a Document Object Model DOM-based, environment or client-side cross-site scripting XSS attack. The vulnerability occurs because...
Cisco ASR 5500 System Architecture Evolution Gateway GPRS Tunneling Protocol Denial of Service Vulnerability
A vulnerability in the General Packet Radio Service GPRS Tunneling Protocol ingress packet handler of Cisco ASR 5500 System Architecture Evolution SAE Gateways could allow an unauthenticated, remote attacker to cause a partial denial of service DoS condition on an affected device. The vulnerabili...
Cisco Unified Communications Manager Trust Verification Service Denial of Service Vulnerability
A vulnerability in the Trust Verification Service TVS of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper handling of Transport Layer Security TLS traffic by...
Cisco StarOS for ASR 5000 Series Routers FTP Configuration File Modification Vulnerability
A vulnerability in Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify sensitive system files. The vulnerability is due to the inclusion of sensitive system files within specific FTP...
Cisco Prime Collaboration Provisioning Tool Pervasive Cross-Site Request Forgery Vulnerability
A vulnerability in the Web UI Application of the Cisco Prime Collaboration Provisioning Tool could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to a lack of defense against cross-site request forgery CSRF attacks. An attacker could exploit this...
Cisco Prime Network Privilege Escalation Vulnerability
A vulnerability in the installation procedure for Cisco Prime Network Software could allow an authenticated, local attacker to elevate their privileges to root privileges. The vulnerability is due to the use of incorrect installation and permission settings for binary files when the affected...
Cisco Wide Area Application Services Core Dump Denial of Service Vulnerability
A vulnerability in the Server Message Block SMB protocol of Cisco Wide Area Application Services WAAS could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device due to a process restarting unexpectedly. The vulnerability is due to incomplete...
Cisco Ultra Services Framework Staging Server Arbitrary Command Execution Vulnerability
A vulnerability in the AutoIT service of Cisco Ultra Services Framework Staging Server could allow an unauthenticated, remote attacker to execute arbitrary shell commands as the Linux root user. The vulnerability is due to improper shell invocations. An attacker could exploit this vulnerability b...
Cisco Industrial Network Director Cross-Site Scripting Vulnerability
A vulnerability in the web interface of Cisco Industrial Network Director could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against an affected system. The vulnerability is due to insufficient validation of certain user-supplied input passed in...
Cisco Prime Collaboration Provisioning Authentication Bypass Vulnerability
A vulnerability in the web interface for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to bypass authentication and perform command injection with root privileges. The vulnerability is due to missing security constraints in certain HTTP request methods,...
Cisco Remote Expert Manager Information Disclosure Vulnerability
A vulnerability in the web interface of Cisco Remote Expert Manager Software could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding t...
Cisco TelePresence IX5000 Series Directory Traversal Vulnerability
A vulnerability in the web framework of the Cisco TelePresence IX5000 Series could allow an unauthenticated, remote attacker to access arbitrary files on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using directory...
Cisco Nexus Series Switches CLI Command Injection Vulnerability
A vulnerability in the CLI of Cisco NX-OS System Software running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this...
Cisco Firepower Detection Engine Pragmatic General Multicast Protocol Decoding Denial of Service Vulnerability
A vulnerability in the detection engine parsing of Pragmatic General Multicast PGM protocol packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition due to the Snort process unexpectedly restarting. The vulnerability is...
Cisco Integrated Management Controller Privilege Escalation Vulnerability
A vulnerability in the web-based GUI of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker to elevate the privileges of user accounts on the affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerabili...
Cisco Firepower Detection Engine SSL Denial of Service Vulnerability
A vulnerability in the detection engine that handles Secure Sockets Layer SSL packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition because the Snort process unexpectedly restarts. The vulnerability is due to imprope...
Cisco Prime Infrastructure Cross-Site Scripting Vulnerability
A vulnerability in the HTTP web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of the affected system. The vulnerability is due to insufficient input validati...
Cisco Firepower Management Center Incomplete Rule Set Vulnerability
A vulnerability in the Policy deployment module of the Cisco Firepower Management Center FMC could allow an unauthenticated, remote attacker to prevent deployment of a complete and accurate rule base. The vulnerability is due to a lack of condition checks in the rules engine. An attacker could...
Cisco Email Security Appliance Content Filter Bypass Vulnerability
A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass user filters that are configured for an affected device. The vulnerability is due to improper filtering of certain TAR...
Cisco ASR 5000 Series IKEv2 Denial of Service Vulnerability
A vulnerability in the Internet Key Exchange Version 2 IKEv2 feature of Cisco ASR 5000 Series Software could allow an unauthenticated, remote attacker to cause a reload of the ipsecmgr process. The vulnerability is due to a race condition in the IKEv2 negotiation logic. An attacker could exploit...
Cisco Hybrid Media Service Privilege Escalation Vulnerability
A vulnerability in the installation procedure of the Cisco Hybrid Media Service could allow an authenticated, local attacker to elevate privileges to the root level. The vulnerability is due to incorrect installation and permissions settings on binary files during the Hybrid Media Service...
Cisco IOS XR Software Command-Line Interface Privilege Escalation Vulnerability
A vulnerability in the command-line interface CLI of IOS-XR series software could allow an authenticated, local attacker to execute arbitrary code on a targeted system at the root privilege level. The vulnerability is due to incorrect permissions given to a set of users. An attacker could exploit...
Cisco Unified Intelligence Center (CUIC) Software Cross-Site Scripting Vulnerability
A vulnerability in the HTTP web-based management interface of Cisco Unified Intelligence Center CUIC Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of the affected system. The vulnerability is due to...
Cisco Firepower Management Center Console Local File Inclusion Vulnerability
A vulnerability in the web console of Cisco Firepower Management Center could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to improper validation of parameters that are sent to the web console of an affected system. The vulnerability could allo...
Cisco AsyncOS File Transfer Protocol Denial of Service Vulnerability
A vulnerability in the local File Transfer Protocol FTP service on the Cisco AsyncOS for Email Security Appliance ESA, Web Security Appliance WSA, and Content Security Management Appliance SMA could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The...
Cisco Web Security Appliance HTTP Load Denial of Service Vulnerability
A vulnerability in HTTP request forwarding with Cisco AsyncOS for Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to cause a denial of service DoS condition due to link saturation. The vulnerability is due to how HTTP data ranges are downloaded from the destinatio...
Cisco Wireless LAN Controller TSM SNMP Denial of Service Vulnerability
A vulnerability in the traffic stream metrics TSM implemented with the Inter-Access Point Protocol IAPP of the Cisco Wireless LAN Controller WLC could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition because the process on the WLC unexpectedly restarts. The D...
Cisco Virtual Media Packager PAM API Unauthorized Access Vulnerability
A vulnerability in the application programming interface API for the Platform and Applications Manager PAM for the Cisco Virtual Media Packager VMP could allow an unauthenticated, remote attacker to access the PAM API. The PAM API is only accessible using the SSL or TLS protocol. The vulnerabilit...
Cisco WebEx Meetings Server Command Injection Vulnerability
A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability occurs due to the expectation of a certain file type during an upload. An attacker could exploit this vulnerability by using crafted command...
Cisco WebEx Meetings Server Administrator Interface Reflected Cross-Site Scripting Vulnerability
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting XSS attacks. The vulnerability is due to insufficient sanitization of user-supplied input by the affected software. An unauthenticated, remote attacker could...
Cisco IOS Software Link Layer Discovery Protocol Processing Code Denial of Service Vulnerability
A vulnerability in the Link Layer Discovery Protocol LLDP packet processing code of Cisco IOS could allow an unauthenticated, adjacent attacker to cause the crash of an affected device. The vulnerability is due to improper handling of crafted LLDP packets. An attacker could exploit this...
Cisco IOS Software Link Layer Discovery Protocol Processing Code Denial of Service Vulnerability
A vulnerability in the Link Layer Discovery Protocol LLDP packet processing code of Cisco IOS Software could allow an unauthenticated, adjacent attacker to cause an affected device to crash. The vulnerability is due to improper handling of crafted LLDP packets. An attacker could exploit this...
Cisco RV110W, RV130W, and RV215W Routers Arbitrary Code Execution Vulnerability
A vulnerability in the web interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code as root on a targeted system. The vulnerability is d...
Cisco Web Security Appliance HTTP Length Denial of Service Vulnerability
A vulnerability in HTTP request parsing in Cisco AsyncOS for the Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to cause a denial of service DoS condition when the proxy process unexpectedly restarts. The vulnerability occurs because the affected software does no...
Cisco TelePresence Server Malformed STUN Packet Processing Denial of Service Vulnerability
A vulnerability in Cisco TelePresence Server devices running software version 3.1 could allow an unauthenticated, remote attacker to reload the device. The vulnerability exists due to a failure to properly process malformed Session Traversal Utilities for NAT STUN packets. An attacker could explo...
Cisco Unified Communications Domain Manager Cross-Site Scripting Vulnerability
A vulnerability in the web framework of Cisco Unified Communications Domain Manager UCDM Software could allow an unauthenticated, remote attacker to perform a cross-site scripting XSS attack. The vulnerability is due to insufficient input validation of user-submitted content. An attacker could...
Cisco Application Policy Infrastructure Controller Enterprise Module SNMP Hostname Cross-Site Scripting Vulnerability
A vulnerability in the Simple Network Management Protocol SNMP query process of the Cisco Application Policy Infrastructure Controller Enterprise Module APIC-EM could allow an unauthenticated, remote attacker to perform a cross-site scripting XSS attack. The vulnerability is due to insufficient...
Cisco Wireless LAN Controller Unauthorized Access Vulnerability
Devices running Cisco Wireless LAN Controller WLC software versions 7.6.120.0 or later, 8.0 or later, or 8.1 or later contain an unauthorized access vulnerability that could allow an unauthenticated, remote attacker to modify the configuration of the device. An attacker who can connect to an...
Cisco Unified Communications Manager SQL Injection Vulnerability
A vulnerability in Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a blind SQL injection attack on a specific page. The vulnerability is due to a failure to validate user-supplied input used in SQL queries. An attacker could exploit this vulnerability...
Cisco Unified Communications Manager Web Applications Identity Management Subsystem Denial of Service Vulnerability
A vulnerability in the Identity Management subsystem used by the WebApplications of Cisco Unified Communications Manager Cisco UCM software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to invalid session requests. An attacker...
Cisco WebEx Meetings for Android Custom Permissions Vulnerability
A vulnerability in the custom application permissions handling for Cisco WebEx Meetings for Android could allow an unauthenticated, remote attacker to change platform-specific permissions of a custom application. The vulnerability is due to the way custom application permissions are assigned at...
Cisco Email Security Appliance Email Scanner Denial of Service Vulnerability
A vulnerability in the email message filtering feature of Cisco AsyncOS for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to cause an ESA device to become unavailable due to a denial of service DoS condition. The vulnerability is due to improper input validati...
Cisco Secure Access Control Server Role-Based Access Control URL Lack of Protection Vulnerability
A vulnerability in the role-based access control RBAC implementation of the Cisco Secure Access Control Server ACS could allow an authenticated, remote attacker to impact the integrity of the system by modifying dashboard portlets that should be restricted. The vulnerability is due to improper...
Cisco ASA Software DHCPv6 Relay Denial of Service Vulnerability
A vulnerability in the DHCPv6 relay feature of Cisco Adaptive Security Appliance ASA software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient validation of DHCPv6 packets. Cisco ASA Software is affected by this...
Cisco AnyConnect Secure Mobility Client for Windows Privilege Escalation Vulnerability
A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to execute an arbitrary executable file with privileges equivalent to the Microsoft Windows operating system SYSTEM account. The vulnerability is due to lack of checks in the code f...
Cisco TelePresence Video Communication Server Expressway Command Injection Vulnerability
A vulnerability in a local file script in Cisco TelePresence Video Communication Server VCS Expressway could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with elevated privilege. The vulnerability is due to insufficient protection of a...
Cisco Prime Infrastructure Privilege Escalation Vulnerability
A vulnerability in the Cisco Prime Infrastructure PI username storage and authentication process could allow an authenticated, remote attacker to gain elevated privileges on a targeted system. The vulnerability occurs because the affected software saves case-sensitive usernames and performs...
Cisco TelePresence Video Communication Server Expressway Information Disclosure Vulnerability
A vulnerability in the System Snapshot of Cisco TelePresence Video Communication Server VCS Expressway could allow an authenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of data at rest. An attacker could exploit this vulnerability by...