5224 matches found
Cisco Prime Infrastructure Privilege Escalation Vulnerability
A vulnerability in the Cisco Prime Infrastructure PI username storage and authentication process could allow an authenticated, remote attacker to gain elevated privileges on a targeted system. The vulnerability occurs because the affected software saves case-sensitive usernames and performs...
Cisco TelePresence Video Communication Server Expressway Information Disclosure Vulnerability
A vulnerability in the System Snapshot of Cisco TelePresence Video Communication Server VCS Expressway could allow an authenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of data at rest. An attacker could exploit this vulnerability by...
Cisco Nexus 3000 Nexus Data Broker Denial of Service Vulnerability
A vulnerability in the Nexus Data Broker NDB in Cisco Nexus 3000 Series Switches could allow an unauthenticated, remote attacker to cause a partial denial of service DoS condition. The vulnerability is in handling incoming connections to the Java application. An attacker could exploit this...
Cisco Unified MeetingPlace Unauthorized Password Change Vulnerability
The password change functionality in the Cisco Unified MeetingPlace Web Conferencing application could allow an unauthenticated remote, attacker to change the passwords of arbitrary users. The vulnerability is due to the following: Users are not required to enter the previous password during a...
Cisco Videoscape Delivery System Denial of Service Vulnerability
A vulnerability in the HTTP processing module of the Cisco Videoscape Distribution Suite for Internet Streaming VDS-IS and Cisco Videoscape Distribution Suite Service Broker VDS-SB could allow an unauthenticated, remote attacker to cause a reload of the affected device. The vulnerability is due t...
Cisco Adaptive Security Appliance Message Authentication Code Checking Vulnerability
A vulnerability in the Transport Layer Security TLS code on the Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to modify the contents of an encrypted TLS packet without detection of the modifications. The vulnerability is due to an error on the firmware of t...
Cisco IP Communicator Web Access Denial of Service Vulnerability
A vulnerability in the web interface of Cisco IP Communicator could allow an unauthenticated, remote attacker to take the web service offline. The vulnerability is due to access of a specific HTTP URL. An attacker could exploit this vulnerability by sending an HTTP GET request to the specific...
Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers Denial of Service Vulnerability
A vulnerability in flow control processing of Cisco IOS XR Software for Cisco ASR 9000 Series Routers could allow an unauthenticated, adjacent attacker to cause a Network Processing Unit NPU chip reset and potentially a reload of the affected line card. The vulnerability is due to improper...
Cisco IOS XR SSH Disconnect Error Denial of Service Vulnerability
A vulnerability in Cisco IOS XR Software could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to an error that could occur in the affected software when an SSH connection is disconnected from an affected device. An authenticated, remot...
Cisco Unified MeetingPlace Arbitrary File Download Vulnerability
A vulnerability in the Cisco Unified MeetingPlace application could allow an unauthenticated, remote attacker to retrieve arbitrary files. The vulnerability is due to improper handling of requests for resources by an affected device. An unauthenticated, remote attacker could exploit this...
Cisco Telepresence Video Communication Server Cross-Site Scripting Vulnerability
A vulnerability in TelePresence Video Communication Server VCS could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. The vulnerability is due to insufficient validation of user-supplied input submitted to and processed by an affected device. An attacker cou...
Cisco Unified Communications Manager SQL Injection Vulnerability
A vulnerability in Cisco Unified Communications Manager could allow an authenticated, remote attacker to perform SQL injection attacks. The vulnerability is due to a failure to properly sanitize user-supplied input passed to the affected application. An attacker could exploit this vulnerability b...
Cisco Unified Communications Domain Manager Application Software Remote Code Execution Vulnerability
A vulnerability in a deprecated page in Cisco Unified Communications Domain Manager Application Software could allow an authenticated, remote attacker to execute arbitrary code. The vulnerability is due to insufficient security restrictions imposed by the affected software that could allow...
Cisco Common Services Cross-Site Scripting Vulnerability
A vulnerability in the web framework of Cisco Common Services help pages could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface on the affected system. The vulnerability is due to insufficient input validation of some...
Cisco Wireless LAN Controller Denial of Service Vulnerability
A vulnerability in the wireless intrusion detection WIDS feature of the Cisco Wireless LAN Controller WLC could allow an unauthenticated, remote attacker to force the WLC to become unresponsive. For a Cisco WLC with a default configuration, the attacker could exploit this vulnerability by sending...
Cisco IOS Measurement, Aggregation, and Correlation Engine Denial of Service Vulnerability
A vulnerability in the Measurement, Aggregation, and Correlation Engine MACE feature of Cisco IOS Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a race condition between process switching and Cisco Express Forwarding...
Cisco Secure Access Control System SQL Injection Vulnerability
Cisco Secure Access Control System ACS prior to version 5.5 patch 8 is vulnerable to a SQL injection attack in the ACS View reporting interface pages. A successful attack could allow an authenticated, remote attacker to access and modify information such as RADIUS accounting records stored in one...
Cisco AsyncOS Software Uuencoded Email Filtering Bypass Vulnerability
A vulnerability in the uuencode inspection engine of Cisco AsyncOS for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass engine protection and deliver a malicious file as an email attachment. The vulnerability is due to improper implementation of the log...
Cisco WebEx Meetings Server Unauthorized Invite List Vulnerability
A vulnerability in the outlookpa page of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to modify the invite list of scheduled meetings. The vulnerability is due to improper sanitization of application programming interface API input. An attacker could exploit this...
Cisco Unified Communications Domain Manager Platform High CPU Utilization Denial of Service Vulnerability
A vulnerability in Cisco Unified Communications Domain Manager Platform Software could allow an unauthenticated, remote attacker to cause high CPU utilization, which may affect the performance of the system and make some services unavailable. The vulnerability is due to insufficient implementatio...
Cisco Jabber Guest Server HTML5 Information Disclosure Vulnerability
A vulnerability in the underlying application programming interface API of the Cisco Jabber Guest Server could allow an unauthenticated, remote attacker to access sensitive system information from the affected system. The vulnerability is due to insufficient validation of specific values passed v...
Cisco Unified Communications Domain Manager XSS Vulnerability
A vulnerability in the web framework of the Cisco Unified Communications Domain Manager application could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web interface on an affected system. The vulnerability is due to imprope...
Cisco Adaptive Security Appliance Software Information Leak in Syslog Messages Vulnerability
A vulnerability in the syslog management subsystem of devices running Cisco Adaptive Security Appliance ASA Software may allow an unauthenticated, remote attacker to access sensitive information. The vulnerability is due to improper sanitization of syslog messages. An attacker could exploit this...
Cisco Intelligent Automation for Cloud URL Redirection Vulnerability
A vulnerability in the URL redirection of Cisco Intelligent Automation for Cloud could allow an authenticated, remote attacker to obtain sensitive information. The vulnerability is due to improper sanitization of redirect URLs. An attacker could exploit this vulnerability by submitting crafted...
Cisco Packet Data Network Gateway Denial of Service Vulnerability
A vulnerability in the Session Manager software of Cisco Packet Data Network Gateway PGW could allow an unauthenticated, remote attacker to cause the Session Manager to crash. The issue is due to insufficient validation of received TCP packets. An attacker could exploit this issue by sending a...
Cisco IOS XE Software PPPoE Denial of Service Vulnerability
A vulnerability in the PPP over Ethernet PPPoE processing code of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a reload of the affected device, which could lead to a denial of service DoS condition. The vulnerability is due to improper processing of certain...
Cisco Unified Web and E-mail Interaction Manager XML External Entities Vulnerability
A vulnerability in the /system/egain/chat/entrypoint script of Cisco Unified Web and E-mail Interaction Manager could allow an unauthenticated, remote attacker to inject malicious XML entities. The vulnerability is due to inadequate input validation. An attacker could exploit this vulnerability b...
Cisco Nexus 1000V Access Control List Bypass Vulnerability
A vulnerability in Cisco Nexus 1000V switches could allow an unauthenticated, remote attacker to bypass deny statements in access control lists ACLs with certain types of Internet Group Management Protocol version 2 IGMPv2 or IGMP version 3 IGMPv3 traffic. IGMP version 1 IGMPv1 is not affected. T...
Cisco Small Business Router Password Disclosure Vulnerability
A vulnerability in the web management interface of the Cisco RV110W Wireless-N VPN Firewall, the Cisco RV215W Wireless-N VPN Router, and the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain administrative-level access to the web management interface of t...
Cisco NX-OS Directory Traversal Vulnerability
A vulnerability in the Command Line Interface CLI of the Cisco NX-OS Software could allow an authenticated, local attacker to delete arbitrary files on the device. The vulnerability is due to improper filtering of user input. An attacker could exploit this vulnerability by leveraging the filesys...
Cisco IOS XR Software SNMP Denial of Service Vulnerability
A vulnerability in the Simple Network Management Protocol SNMP module of Cisco IOS XR Software could allow an authenticated, remote attacker to cause a reload of the SNMP process on an affected device. The vulnerability is due to improper processing of SNMP requests for certain MIBs. An attacker...
Cisco Identity Services Engine Troubleshooting Interface Cross-Site Scripting Vulnerability
A vulnerability in the troubleshooting page of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input validation of...
Cisco IOS Software Network Address Translation Vulnerabilities
The Cisco IOS Software implementation of the network address translation NAT feature contains three vulnerabilities when translating IP packets that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. Cisco has released software updates that address these...
Cisco Unified Computing System Software KVM Client Certificate Validation Vulnerability
A vulnerability in Cisco Unified Computing System software KVM client could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack. The vulnerability is due to improper certificate validation by the KVM client. An attacker could exploit this vulnerability by intercepting ...
Cisco Unified Computing System Serial over LAN Static Private Key Vulnerability
A vulnerability in the Cisco Unified Computing System Serial over LAN SoL implementation could allow an unauthenticated, remote attacker to perform a man-in-the-middle MITM attack. The vulnerability occurs because the Board Management Controller BMC uses a hard-coded private key. An attacker coul...
Cisco Unified MeetingPlace Application Server Cross-Site Scripting Vulnerability
A vulnerability in the web framework of Cisco Unified MeetingPlace Application Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface on the affected system. The vulnerability is due to insufficient input validation ...
Cisco Secure Access Control System Malformed Packet Denial of Service Vulnerability
A vulnerability in the TACACS+ socket read function of Cisco Secure ACS versions 5.x could allow an unauthenticated, remote attacker to cause a runtime process to crash. The vulnerability is due to improper processing of read requests on the TACACS+ socket. An attacker could exploit this...
Multiple Vulnerabilities in Cisco Unified Communications Manager
Cisco Unified Communications Manager Unified CM contains multiple vulnerabilities that could allow an unauthenticated, remote attacker to modify data, execute arbitrary commands, or cause a denial of service DoS condition. Cisco has released software updates that address these vulnerabilities. Th...
Cisco Secure Access Control System Administration Page Cross-Site Scripting Vulnerability
A vulnerability in the Administration pages of Cisco Access Control System ACS could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of the affected system. The vulnerability is due to insufficient input validation of a...
Cisco Nexus 1000V License Installation Command Injection Vulnerability
A vulnerability in the license installation module of Cisco Nexus 1000V could allow an authenticated, local attacker to execute arbitrary shell commands. The vulnerability is due to a failure of the install license command to properly validate user-supplied input. An attacker could exploit this...
Cisco Wireless LAN Controllers Wireless Intrusion Prevention System Denial of Service Vulnerability
Cisco Wireless LAN Controllers WLC Wireless Intrusion Prevention System wIPS contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to improper handling of crafted IP packets by the wIPS software component...
Cisco IOS Software Intrusion Prevention System Denial of Service Vulnerability
Cisco IOS Software contains a vulnerability in the Intrusion Prevention System IPS feature that could allow an unauthenticated, remote attacker to cause a reload of an affected device if specific Cisco IOS IPS configurations exist. Cisco has released software updates that address this...
Cisco IOS Software Malformed Border Gateway Protocol Attribute Vulnerability
Cisco IOS Software contains a vulnerability in the Border Gateway Protocol BGP routing protocol feature. The vulnerability can be triggered when the router receives a malformed attribute from a peer on an existing BGP session. Successful exploitation of this vulnerability can cause all BGP...
Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability
Cisco Unified Communications Manager contains a vulnerability in its Session Initiation Protocol SIP implementation that could allow an unauthenticated, remote attacker to cause a critical service to fail, which could interrupt voice services. Affected devices must be configured to process SIP...
Multiple Vulnerabilities in Cisco TelePresence Manager
Cisco TelePresence Manager contains the following vulnerabilities: Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability Exploitation of the Cisco TelePresence Malformed IP Packets Denial of Service...
Multiple Vulnerabilities in Cisco Unity Connection
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Multiple Vulnerabilities in Cisco TelePresence Endpoint Devices
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Multiple Cisco WebEx Player Vulnerabilities
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Multiple Vulnerabilities in Cisco Wireless LAN Controllers
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...