5226 matches found
Cisco AsyncOS File Transfer Protocol Denial of Service Vulnerability
A vulnerability in the local File Transfer Protocol FTP service on the Cisco AsyncOS for Email Security Appliance ESA, Web Security Appliance WSA, and Content Security Management Appliance SMA could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The...
Cisco Web Security Appliance HTTP Load Denial of Service Vulnerability
A vulnerability in HTTP request forwarding with Cisco AsyncOS for Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to cause a denial of service DoS condition due to link saturation. The vulnerability is due to how HTTP data ranges are downloaded from the destinatio...
Cisco Wireless LAN Controller TSM SNMP Denial of Service Vulnerability
A vulnerability in the traffic stream metrics TSM implemented with the Inter-Access Point Protocol IAPP of the Cisco Wireless LAN Controller WLC could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition because the process on the WLC unexpectedly restarts. The D...
Cisco WebEx Meetings Server Command Injection Vulnerability
A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability occurs due to the expectation of a certain file type during an upload. An attacker could exploit this vulnerability by using crafted command...
Cisco WebEx Meetings Server Administrator Interface Reflected Cross-Site Scripting Vulnerability
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting XSS attacks. The vulnerability is due to insufficient sanitization of user-supplied input by the affected software. An unauthenticated, remote attacker could...
Cisco IOS Software Link Layer Discovery Protocol Processing Code Denial of Service Vulnerability
A vulnerability in the Link Layer Discovery Protocol LLDP packet processing code of Cisco IOS could allow an unauthenticated, adjacent attacker to cause the crash of an affected device. The vulnerability is due to improper handling of crafted LLDP packets. An attacker could exploit this...
Cisco IOS Software Link Layer Discovery Protocol Processing Code Denial of Service Vulnerability
A vulnerability in the Link Layer Discovery Protocol LLDP packet processing code of Cisco IOS Software could allow an unauthenticated, adjacent attacker to cause an affected device to crash. The vulnerability is due to improper handling of crafted LLDP packets. An attacker could exploit this...
Cisco RV110W, RV130W, and RV215W Routers Arbitrary Code Execution Vulnerability
A vulnerability in the web interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code as root on a targeted system. The vulnerability is d...
Cisco Web Security Appliance HTTP Length Denial of Service Vulnerability
A vulnerability in HTTP request parsing in Cisco AsyncOS for the Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to cause a denial of service DoS condition when the proxy process unexpectedly restarts. The vulnerability occurs because the affected software does no...
Cisco Application Policy Infrastructure Controller Enterprise Module SNMP Hostname Cross-Site Scripting Vulnerability
A vulnerability in the Simple Network Management Protocol SNMP query process of the Cisco Application Policy Infrastructure Controller Enterprise Module APIC-EM could allow an unauthenticated, remote attacker to perform a cross-site scripting XSS attack. The vulnerability is due to insufficient...
Cisco Wireless LAN Controller Unauthorized Access Vulnerability
Devices running Cisco Wireless LAN Controller WLC software versions 7.6.120.0 or later, 8.0 or later, or 8.1 or later contain an unauthorized access vulnerability that could allow an unauthenticated, remote attacker to modify the configuration of the device. An attacker who can connect to an...
Cisco Unified Communications Manager SQL Injection Vulnerability
A vulnerability in Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a blind SQL injection attack on a specific page. The vulnerability is due to a failure to validate user-supplied input used in SQL queries. An attacker could exploit this vulnerability...
Cisco Unified Communications Manager Web Applications Identity Management Subsystem Denial of Service Vulnerability
A vulnerability in the Identity Management subsystem used by the WebApplications of Cisco Unified Communications Manager Cisco UCM software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to invalid session requests. An attacker...
Cisco WebEx Meetings for Android Custom Permissions Vulnerability
A vulnerability in the custom application permissions handling for Cisco WebEx Meetings for Android could allow an unauthenticated, remote attacker to change platform-specific permissions of a custom application. The vulnerability is due to the way custom application permissions are assigned at...
Cisco Email Security Appliance Email Scanner Denial of Service Vulnerability
A vulnerability in the email message filtering feature of Cisco AsyncOS for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to cause an ESA device to become unavailable due to a denial of service DoS condition. The vulnerability is due to improper input validati...
Cisco Secure Access Control Server Role-Based Access Control URL Lack of Protection Vulnerability
A vulnerability in the role-based access control RBAC implementation of the Cisco Secure Access Control Server ACS could allow an authenticated, remote attacker to impact the integrity of the system by modifying dashboard portlets that should be restricted. The vulnerability is due to improper...
Cisco ASA Software DHCPv6 Relay Denial of Service Vulnerability
A vulnerability in the DHCPv6 relay feature of Cisco Adaptive Security Appliance ASA software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient validation of DHCPv6 packets. Cisco ASA Software is affected by this...
Cisco Aironet 1850 Access Point Privilege Escalation Vulnerability
A vulnerability in the command-line interface CLI of the Cisco Aironet 1850 Series Access Point device could allow an authenticated, local attacker to obtain elevated privileges to the restricted shell on the device. The vulnerability is due to a lack of proper escape protections when validating...
Cisco AnyConnect Secure Mobility Client for Windows Privilege Escalation Vulnerability
A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to execute an arbitrary executable file with privileges equivalent to the Microsoft Windows operating system SYSTEM account. The vulnerability is due to lack of checks in the code f...
Cisco TelePresence Video Communication Server Expressway Command Injection Vulnerability
A vulnerability in a local file script in Cisco TelePresence Video Communication Server VCS Expressway could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with elevated privilege. The vulnerability is due to insufficient protection of a...
Cisco Prime Infrastructure Privilege Escalation Vulnerability
A vulnerability in the Cisco Prime Infrastructure PI username storage and authentication process could allow an authenticated, remote attacker to gain elevated privileges on a targeted system. The vulnerability occurs because the affected software saves case-sensitive usernames and performs...
Cisco TelePresence Video Communication Server Expressway Information Disclosure Vulnerability
A vulnerability in the System Snapshot of Cisco TelePresence Video Communication Server VCS Expressway could allow an authenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of data at rest. An attacker could exploit this vulnerability by...
Cisco Nexus 3000 Nexus Data Broker Denial of Service Vulnerability
A vulnerability in the Nexus Data Broker NDB in Cisco Nexus 3000 Series Switches could allow an unauthenticated, remote attacker to cause a partial denial of service DoS condition. The vulnerability is in handling incoming connections to the Java application. An attacker could exploit this...
Cisco Unified MeetingPlace Unauthorized Password Change Vulnerability
The password change functionality in the Cisco Unified MeetingPlace Web Conferencing application could allow an unauthenticated remote, attacker to change the passwords of arbitrary users. The vulnerability is due to the following: Users are not required to enter the previous password during a...
Cisco Videoscape Delivery System Denial of Service Vulnerability
A vulnerability in the HTTP processing module of the Cisco Videoscape Distribution Suite for Internet Streaming VDS-IS and Cisco Videoscape Distribution Suite Service Broker VDS-SB could allow an unauthenticated, remote attacker to cause a reload of the affected device. The vulnerability is due t...
Cisco Adaptive Security Appliance Message Authentication Code Checking Vulnerability
A vulnerability in the Transport Layer Security TLS code on the Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to modify the contents of an encrypted TLS packet without detection of the modifications. The vulnerability is due to an error on the firmware of t...
Cisco IP Communicator Web Access Denial of Service Vulnerability
A vulnerability in the web interface of Cisco IP Communicator could allow an unauthenticated, remote attacker to take the web service offline. The vulnerability is due to access of a specific HTTP URL. An attacker could exploit this vulnerability by sending an HTTP GET request to the specific...
Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers Denial of Service Vulnerability
A vulnerability in flow control processing of Cisco IOS XR Software for Cisco ASR 9000 Series Routers could allow an unauthenticated, adjacent attacker to cause a Network Processing Unit NPU chip reset and potentially a reload of the affected line card. The vulnerability is due to improper...
Cisco IOS XR SSH Disconnect Error Denial of Service Vulnerability
A vulnerability in Cisco IOS XR Software could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to an error that could occur in the affected software when an SSH connection is disconnected from an affected device. An authenticated, remot...
Cisco Unified MeetingPlace Arbitrary File Download Vulnerability
A vulnerability in the Cisco Unified MeetingPlace application could allow an unauthenticated, remote attacker to retrieve arbitrary files. The vulnerability is due to improper handling of requests for resources by an affected device. An unauthenticated, remote attacker could exploit this...
Cisco Telepresence Video Communication Server Cross-Site Scripting Vulnerability
A vulnerability in TelePresence Video Communication Server VCS could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. The vulnerability is due to insufficient validation of user-supplied input submitted to and processed by an affected device. An attacker cou...
Cisco Unified Communications Manager SQL Injection Vulnerability
A vulnerability in Cisco Unified Communications Manager could allow an authenticated, remote attacker to perform SQL injection attacks. The vulnerability is due to a failure to properly sanitize user-supplied input passed to the affected application. An attacker could exploit this vulnerability b...
Cisco Unified Communications Domain Manager Application Software Remote Code Execution Vulnerability
A vulnerability in a deprecated page in Cisco Unified Communications Domain Manager Application Software could allow an authenticated, remote attacker to execute arbitrary code. The vulnerability is due to insufficient security restrictions imposed by the affected software that could allow...
Cisco Common Services Cross-Site Scripting Vulnerability
A vulnerability in the web framework of Cisco Common Services help pages could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface on the affected system. The vulnerability is due to insufficient input validation of some...
Cisco Wireless LAN Controller Denial of Service Vulnerability
A vulnerability in the wireless intrusion detection WIDS feature of the Cisco Wireless LAN Controller WLC could allow an unauthenticated, remote attacker to force the WLC to become unresponsive. For a Cisco WLC with a default configuration, the attacker could exploit this vulnerability by sending...
Cisco IOS Measurement, Aggregation, and Correlation Engine Denial of Service Vulnerability
A vulnerability in the Measurement, Aggregation, and Correlation Engine MACE feature of Cisco IOS Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a race condition between process switching and Cisco Express Forwarding...
Cisco Secure Access Control System SQL Injection Vulnerability
Cisco Secure Access Control System ACS prior to version 5.5 patch 8 is vulnerable to a SQL injection attack in the ACS View reporting interface pages. A successful attack could allow an authenticated, remote attacker to access and modify information such as RADIUS accounting records stored in one...
Cisco AsyncOS Software Uuencoded Email Filtering Bypass Vulnerability
A vulnerability in the uuencode inspection engine of Cisco AsyncOS for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass engine protection and deliver a malicious file as an email attachment. The vulnerability is due to improper implementation of the log...
Cisco WebEx Meetings Server Unauthorized Invite List Vulnerability
A vulnerability in the outlookpa page of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to modify the invite list of scheduled meetings. The vulnerability is due to improper sanitization of application programming interface API input. An attacker could exploit this...
Cisco Unified Communications Domain Manager Platform High CPU Utilization Denial of Service Vulnerability
A vulnerability in Cisco Unified Communications Domain Manager Platform Software could allow an unauthenticated, remote attacker to cause high CPU utilization, which may affect the performance of the system and make some services unavailable. The vulnerability is due to insufficient implementatio...
Cisco Jabber Guest Server HTML5 Information Disclosure Vulnerability
A vulnerability in the underlying application programming interface API of the Cisco Jabber Guest Server could allow an unauthenticated, remote attacker to access sensitive system information from the affected system. The vulnerability is due to insufficient validation of specific values passed v...
Cisco Unified Communications Domain Manager XSS Vulnerability
A vulnerability in the web framework of the Cisco Unified Communications Domain Manager application could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web interface on an affected system. The vulnerability is due to imprope...
Cisco Adaptive Security Appliance Software Information Leak in Syslog Messages Vulnerability
A vulnerability in the syslog management subsystem of devices running Cisco Adaptive Security Appliance ASA Software may allow an unauthenticated, remote attacker to access sensitive information. The vulnerability is due to improper sanitization of syslog messages. An attacker could exploit this...
Cisco Intelligent Automation for Cloud URL Redirection Vulnerability
A vulnerability in the URL redirection of Cisco Intelligent Automation for Cloud could allow an authenticated, remote attacker to obtain sensitive information. The vulnerability is due to improper sanitization of redirect URLs. An attacker could exploit this vulnerability by submitting crafted...
Cisco Packet Data Network Gateway Denial of Service Vulnerability
A vulnerability in the Session Manager software of Cisco Packet Data Network Gateway PGW could allow an unauthenticated, remote attacker to cause the Session Manager to crash. The issue is due to insufficient validation of received TCP packets. An attacker could exploit this issue by sending a...
Cisco IOS XE Software PPPoE Denial of Service Vulnerability
A vulnerability in the PPP over Ethernet PPPoE processing code of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a reload of the affected device, which could lead to a denial of service DoS condition. The vulnerability is due to improper processing of certain...
Cisco Unified Web and E-mail Interaction Manager XML External Entities Vulnerability
A vulnerability in the /system/egain/chat/entrypoint script of Cisco Unified Web and E-mail Interaction Manager could allow an unauthenticated, remote attacker to inject malicious XML entities. The vulnerability is due to inadequate input validation. An attacker could exploit this vulnerability b...
Cisco Nexus 1000V Access Control List Bypass Vulnerability
A vulnerability in Cisco Nexus 1000V switches could allow an unauthenticated, remote attacker to bypass deny statements in access control lists ACLs with certain types of Internet Group Management Protocol version 2 IGMPv2 or IGMP version 3 IGMPv3 traffic. IGMP version 1 IGMPv1 is not affected. T...
Cisco Small Business Router Password Disclosure Vulnerability
A vulnerability in the web management interface of the Cisco RV110W Wireless-N VPN Firewall, the Cisco RV215W Wireless-N VPN Router, and the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain administrative-level access to the web management interface of t...
Multiple Vulnerabilities in Cisco Secure Access Control System
Cisco Secure Access Control System ACS is affected by the following vulnerabilities: Cisco Secure ACS RMI Privilege Escalation Vulernability Cisco Secure ACS RMI Unauthenticated User Access Vulnerability Cisco Secure ACS Operating System Command Injection Vulnerability Cisco Secure ACS uses the...