5226 matches found
Cisco Integrated Management Controller CLI Command Injection Vulnerability
A vulnerability in the CLI of the Cisco Integrated Management Controller IMC could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have read-only or high...
Cisco Nexus Dashboard and Nexus Dashboard Hosted Services Cross-Site Request Forgery Vulnerability
A vulnerability in the web-based management interface of Cisco Nexus Dashboard and Cisco Nexus Dashboard hosted services could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. This vulnerability is due to insufficient CSRF...
Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerability
A vulnerability in the web UI of Cisco Enterprise Chat and Email ECE could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the web UI does not properly validate user-supplied input. An attacker...
Cisco AppDynamics Controller Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco AppDynamics Controller could allow an authenticated, remote attacker to perform a reflected cross-site scripting XSS attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of...
Cisco Secure Client for Linux with ISE Posture Module Privilege Escalation Vulnerability
A vulnerability in the ISE Posture System Scan module of Cisco Secure Client for Linux could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to the use of an uncontrolled search path element. An attacker could exploit this vulnerabilit...
Cisco Catalyst SD-WAN Manager Local File Inclusion Vulnerability
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to retrieve arbitrary files from an affected system. This vulnerability is due to improper validation of parameters that are sent to the web UI. An attacker could exploit this vulnerabilit...
Cisco IOS XR Software iPXE Boot Signature Bypass Vulnerability
A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device. This vulnerability is due to insufficient image verification. An attacker could exploit this vulnerability by manipulating...
Cisco BroadWorks CommPilot Application Software Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the web-based management interface...
Cisco BroadWorks Privilege Escalation Vulnerability
A vulnerability in the privilege management functionality of all Cisco BroadWorks server types could allow an authenticated, local attacker to elevate privileges to root on an affected system. This vulnerability is due to incorrect implementation of user role permissions. An attacker could exploi...
Cisco Secure Workload Authenticated OpenAPI Privilege Escalation Vulnerability
A vulnerability in the OpenAPI of Cisco Secure Workload could allow an authenticated, remote attacker with the privileges of a read-only user to execute operations that should require Administrator privileges. The attacker would need valid user credentials. This vulnerability is due to improper...
Cisco Identity Services Engine XML External Entity Injection Vulnerability
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to access sensitive information, conduct a server-side request forgery SSRF attack through an affected device, or negatively impact the responsiveness of the...
Cisco Firepower Management Center Software Command Injection Vulnerabilities
Multiple vulnerabilities in the web management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. These vulnerabilities are due to insufficient validation of user-supplied...
Cisco Secure Firewall 3100 Series Secure Boot Bypass Vulnerability
A vulnerability in the secure boot implementation of Cisco Secure Firewalls 3100 Series that are running Cisco Adaptive Security Appliance ASA Software or Cisco Firepower Threat Defense FTD Software could allow an unauthenticated attacker with physical access to the device to bypass the secure bo...
Cisco Email Security Appliance and Cisco Secure Email and Web Manager HTTP Response Header Injection Vulnerability
A vulnerability in Cisco Email Security Appliance ESA and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. This vulnerability is due to the failure of the application or its environment to properly sanitize input...
Cisco IOS XR Software Cisco Discovery Protocol Denial of Service Vulnerability
A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the Cisco Discovery Protocol process to reload on an affected device. This vulnerability is due to a heap buffer overflow in certain Cisco Discovery...
Cisco Unified Communications Products Timing Attack Vulnerability
A vulnerability in Cisco Unified Communications Manager Unified CM, Cisco Unified Communications Manager Session Management Edition Unified CM SME, and Cisco Unity Connection could allow an unauthenticated, remote attacker to perform a timing attack. This vulnerability is due to insufficient...
Cisco Firepower Management Center File Upload Security Bypass Vulnerability
A vulnerability in the web management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to bypass security protections and upload malicious files to the affected system. This vulnerability is due to improper validation of files uploaded to t...
Cisco IP Phones Information Disclosure Vulnerability
A vulnerability in the information storage architecture of several Cisco IP Phone models could allow an unauthenticated, physical attacker to obtain confidential information from an affected device. This vulnerability is due to unencrypted storage of confidential information on an affected device...
Cisco Prime Infrastructure and Evolved Programmable Network Manager Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Prime Infrastructure PI and Cisco Evolved Programmable Network Manager EPNM could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web-based management interface of an...
Cisco Firepower Management Center Software Configuration Information Disclosure Vulnerabilities
Multiple vulnerabilities in the administrative web-based GUI configuration manager of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to access sensitive configuration information. The attacker would require low privilege credentials on an affected...
Cisco SD-WAN Software Command Injection Vulnerability
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operating system of an affected device. This vulnerability is due to insufficient input validation on certain C...
Cisco IOS XR Software Enhanced Preboot eXecution Environment Unsigned Code Execution Vulnerability
A vulnerability in the enhanced Preboot eXecution Environment PXE boot loader for Cisco IOS XR 64-bit Software could allow an unauthenticated, remote attacker to execute unsigned code during the PXE boot process on an affected device. The PXE boot loader is part of the BIOS and runs over the...
Cisco TelePresence Collaboration Endpoint Software Information Disclosure Vulnerability
A vulnerability in the video endpoint API xAPI of Cisco TelePresence Collaboration Endpoint CE Software could allow an authenticated, remote attacker to gain access to sensitive information on an affected device. The vulnerability is due to improper storage of sensitive information on an affected...
Multiple Cisco Products SNORT HTTP Detection Engine File Policy Bypass Vulnerability
Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured File Policy for HTTP. The vulnerability is due to incorrect detection of modified HTTP packets used in chunked responses. An attacker...
Cisco Firepower Threat Defense Software TCP Intercept Bypass Vulnerability
A vulnerability in the TCP Intercept functionality of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass configured Access Control Policies including Geolocation and Service Polices on an affected system. The vulnerability exists because TCP...
Cisco IOS XE Software for Cisco ASR 1000 Series 20-Gbps Embedded Services Processor IP ARP Denial of Service Vulnerability
A vulnerability in the IP Address Resolution Protocol ARP feature of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers with a 20-Gbps Embedded Services Processor ESP installed could allow an unauthenticated, adjacent attacker to cause an affected device to reload,...
Cisco IOS and IOS XE Software MP-BGP EVPN Denial of Service Vulnerability
A vulnerability in the implementation of Multiprotocol Border Gateway Protocol MP-BGP for the Layer 2 VPN L2VPN Ethernet VPN EVPN address family in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The...
Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family Improper Access Control Vulnerability
A vulnerability in Cisco IOS XE Wireless Controller Software for Cisco Catalyst 9800 Series Routers could allow an unauthenticated, adjacent attacker to send ICMPv6 traffic prior to the client being placed into RUN state. The vulnerability is due to an incomplete access control list ACL being...
Cisco NX-OS Software Border Gateway Protocol Multicast VPN Session Denial of Service Vulnerability
A vulnerability in the Border Gateway Protocol BGP Multicast VPN MVPN implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a BGP session to repeatedly reset, causing a partial denial of service DoS condition due to the BGP session being down. The...
Cisco Data Center Network Manager Command Injection Vulnerability
A vulnerability in the Device Manager application of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to inject arbitrary commands on the affected device. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this...
Cisco Email Security Appliance Filter Bypass Vulnerability
A vulnerability in URL filtering for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass URL filtering on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted,...
Cisco Data Center Network Manager Cross-Site Scripting Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface on an affected device. These vulnerabilities are due to insufficient...
Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers SSL Remote Code Execution and Denial of Service Vulnerability
A vulnerability in the Secure Sockets Layer SSL VPN feature of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device or cause the device to reload, resulting in a denial of...
Cisco Umbrella Open Redirect Vulnerability
A vulnerability in the web server of Cisco Umbrella could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. The vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected device. An attacker could...
Cisco Webex Meetings Desktop App and Webex Meetings Client URL Filtering Arbitrary Program Execution Vulnerability
A vulnerability in Cisco Webex Meetings Desktop App and Cisco Webex Meetings Client could allow an unauthenticated, remote attacker to execute programs on an affected end-user system. The vulnerability is due to improper validation of input that is supplied to application URLs. The attacker could...
Cisco Smart Software Manager On-Prem Improper Access Control Vulnerability
A vulnerability in the web application of Cisco Smart Software Manager On-Prem SSM On-Prem could allow an unauthenticated, remote attacker to create arbitrary user accounts. The vulnerability is due to the lack of authorization controls in the web application. An attacker could exploit this...
Cisco Application Services Engine Software Unauthenticated Event Policies Update Vulnerability
A vulnerability in the API of Cisco Application Services Engine Software could allow an unauthenticated, remote attacker to update event policies on an affected device. The vulnerability is due to insufficient authentication of users who modify policies on an affected device. An attacker could...
Cisco IOS XE Software Privilege Escalation Vulnerability
A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to escalate their privileges to a user with root-level privileges. The vulnerability is due to insufficient validation of user-supplied content. This vulnerability could allow an attacker to load malicious...
Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers Image Verification Bypass Vulnerability
A vulnerability in the image verification feature of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers Industrial ISRs could allow an authenticated, local attacker to boot a malicious software image on an affected device. The vulnerability is due to insufficient acce...
Cisco IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Role-Based Access Control Vulnerability
A vulnerability in role-based access control of Cisco Integrated Management Controller IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow a read-only authenticated, remote attacker to disable user accounts on an affected system. The vulnerability is due to...
Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerability
A vulnerability in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording...
Cisco Unified Contact Center Express Privilege Escalation Vulnerability
A vulnerability in the Administration Web Interface of Cisco Unified Contact Center Express Unified CCX could allow an authenticated, remote attacker to upload arbitrary files and execute commands on the underlying operating system. To exploit this vulnerability, an attacker needs valid...
Cisco Email Security Appliance Shortened URL Denial of Service Vulnerability
A vulnerability in the email message scanning feature of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to cause a temporary denial of service DoS condition on an affected device. The vulnerability is due to inadequate parsing...
Cisco Crosswork Change Automation Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Crosswork Change Automation could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected system. The vulnerability is due to...
Cisco Tetration Analytics Cross-Site Request Forgery Vulnerability
A vulnerability in the web-based management interface of Cisco Tetration Analytics could allow an authenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for t...
Cisco FXOS and NX-OS Software Cisco Discovery Protocol Arbitrary Code Execution Vulnerability
A vulnerability in the Cisco Discovery Protocol component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code as root or cause a denial of service DoS condition on the affected device. The vulnerability exists because of...
Cisco Identity Services Engine Cross-Site Scripting Vulnerability
A vulnerability in the web framework of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain...
Cisco 5500 and 8500 Series Wireless LAN Controller Information Disclosure Vulnerability
A vulnerability in the REST API of Cisco 5500 and 8500 Series Wireless LAN Controller WLC Software could allow an unauthenticated, remote attacker to view system information that under normal circumstances should be prohibited. The vulnerability is due to incomplete input and validation checking...
Cisco IOS XE Software Arbitrary File Write Vulnerability
A vulnerability in the web-based user interface web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to write arbitrary files to the operating system of an affected device. The vulnerability is due to insufficient input validation of HTTP requests that are sent to the web...
Cisco NX-OS System Software Management Interface Denial of Service Vulnerability
A vulnerability in management interface access control list ACL configuration of Cisco NX-OS System Software could allow an unauthenticated, remote attacker to bypass configured ACLs on the management interface. This could allow traffic to be forwarded to the NX-OS CPU for processing, leading to...