5226 matches found
Cisco RV110W, RV130W, and RV215W Routers Management Interface Denial of Service Vulnerability
A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denia...
Cisco NX-OS Software Privilege Escalation Vulnerability
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to escalate lower-level privileges to the administrator level. The vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by authenticating to the...
Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent Software Redis Server Unauthenticated Access Vulnerability
A vulnerability in the Redis implementation used by the Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent software could allow an unauthenticated, remote attacker to modify key-value pairs for short-lived events stored by the Redis server. The vulnerability is due to...
Cisco AnyConnect Secure Mobility Client for Windows with VPN Posture (HostScan) Module DLL Hijacking Vulnerability
A vulnerability in the interprocess communication IPC channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the VPN Posture HostScan Module is installed on the AnyConnect client. This...
Cisco FXOS Software for Firepower 4100/9300 Series Command Injection Vulnerability
A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this...
Cisco Aironet Access Points Unauthorized Access Vulnerability
A vulnerability in Cisco Aironet Access Points APs Software could allow an unauthenticated, remote attacker to gain unauthorized access to a targeted device with elevated privileges. The vulnerability is due to insufficient access control for certain URLs on an affected device. An attacker could...
Cisco IOS XE Software Web UI Command Injection Vulnerabilities
Multiple vulnerabilities in the web-based user interface Web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands with elevated privileges on the affected device. For more information about these vulnerabilities, see the Details "details" section of this...
Cisco Industrial Network Director Remote Code Execution Vulnerability
A vulnerability in the software update feature of Cisco Industrial Network Director could allow an authenticated, remote attacker to execute arbitrary code. The vulnerability is due to improper validation of files uploaded to the affected application. An attacker could exploit this vulnerability ...
Cisco NX-OS Software Cisco Fabric Services Denial of Service Vulnerability
A vulnerability in the Cisco Fabric Services component of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a buffer overflow, resulting in a denial of service DoS condition. The vulnerability is due to insufficient validation of Cisco Fabric Services packets. An...
Cisco Nexus 9000 Series Switches Standalone NX-OS Mode Tetration Analytics Agent Arbitrary Code Execution Vulnerability
A vulnerability in the Tetration Analytics agent for Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker to execute arbitrary code as root. The vulnerability is due to an incorrect permissions setting. An attacker could exploit this vulnerability...
Vulnerability in Java Deserialization Affecting Cisco Products
A vulnerability in the Java deserialization used by the Apache Commons Collections ACC library could allow an unauthenticated, remote attacker to execute arbitrary code. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could explo...
OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products
Multiple Cisco products incorporate a version of the OpenSSL package affected by a vulnerability that could allow an unauthenticated, remote attacker to retrieve memory in chunks of 64 kilobytes from a connected client or server. The vulnerability is due to a missing bounds check in the handling ...
Multiple Cisco Unified Communications Products Cross-Site Request Forgery Vulnerability
A vulnerability in the web-based interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition SME, Cisco Unified Communications Manager IM and Presence Unified CM IM&P Service, and Cisco Unity Connection could allow an unauthenticated, remote...
Cisco IOS and IOS XE Software Change of Authorization Denial of Service Vulnerability
A vulnerability in the RADIUS Change of Authorization CoA code of Cisco TrustSec, a feature within Cisco IOS XE Software, could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper handling of a malformed...
Cisco IOS XR Software Border Gateway Protocol Denial of Service Vulnerability
A vulnerability in the implementation of Border Gateway Protocol BGP functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected system. The vulnerability is due to incorrect processing of certain BGP update...
Cisco Firepower Management Center RSS Cross-Site Scripting Vulnerabilities
Multiple vulnerabilities in the RSS dashboard in the web-based management interface of Cisco Firepower Management Center FMC could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The...
Cisco IP Phone 8800 Series Cross-Site Request Forgery Vulnerability
A vulnerability in the web-based management interface of Session Initiation Protocol SIP Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack. The vulnerability is due to insufficient CSRF protections for the...
Cisco FXOS and NX-OS Software Cisco Fabric Services Arbitrary Code Execution Vulnerability
A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service DoS condition. The vulnerability exists because the affected software insufficiently...
Web Interface Vulnerabilities in Cisco Secure ACS for Windows
...
Cisco Firepower Threat Defense Software NULL Character Obfuscation Detection Bypass Vulnerability
A vulnerability in the normalization functionality of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to...
Cisco Small Business Series Switches Memory Corruption Vulnerability
A vulnerability in the Secure Sockets Layer SSL input packet processor of Cisco Small Business 200, 300, and 500 Series Managed Switches could allow an unauthenticated, remote attacker to cause a memory corruption on an affected device. The vulnerability is due to improper validation of HTTPS...
Cisco Prime Infrastructure and Evolved Programmable Network Manager Virtual Domain Privilege Escalation Vulnerability
A vulnerability in the Virtual Domain system of Cisco Prime Infrastructure PI and Evolved Programmable Network Manager EPN Manager could allow an authenticated, remote attacker to change the virtual domain configuration, which could lead to privilege escalation. The vulnerability is due to improp...
Cisco SD-WAN Solution Command Injection Vulnerability
A vulnerability in the vManage web-based UI Web UI in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerabilit...
Cisco Webex Network Recording Player Remote Code Execution Vulnerabilities
Multiple vulnerabilities in the Cisco Webex Network Recording Player for Advanced Recording Format ARF could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerabilities are due to improper validation of Webex recording files. An attacker could...
TCP Vulnerabilities in Multiple IOS-Based Cisco Products
...
Cisco FXOS Software and UCS Manager Software Configuration Backup Static Key Vulnerability
A vulnerability in the backup configuration feature of Cisco UCS Manager Software and in the configuration export feature of Cisco FXOS Software could allow an unauthenticated attacker with access to a backup file to decrypt sensitive information stored in the full state and configuration backup...
Cisco IOS XE Software Fast Reload Vulnerabilities
Multiple vulnerabilities in the fast reload feature of Cisco IOS XE Software running on Cisco Catalyst 3650, Cisco Catalyst 3850, Cisco Catalyst 9300, and Cisco Catalyst 9300L Series Switches could allow an authenticated, local attacker to either execute arbitrary code on the underlying operating...
Cisco Nexus 9000 Series Fabric Switches ACI Mode Link Layer Discovery Protocol Port Denial of Service Vulnerability
A vulnerability in the Link Layer Discovery Protocol LLDP for Nexus 9000 Series Fabric Switches in Application Centric Infrastructure ACI mode could allow an unauthenticated, adjacent attacker to disable switching on a small form-factor pluggable SFP interface. This vulnerability is due to...
Cisco Advanced Malware Protection for Endpoints Windows Command Injection Vulnerability
A vulnerability in Cisco Advanced Malware Protection AMP for Endpoints for Windows could allow an authenticated, local attacker with administrator privileges to execute arbitrary code. The vulnerability is due to insufficient validation of dynamically loaded modules. An attacker could exploit thi...
Cisco Email Security Appliance Content Filter Bypass Vulnerability
A vulnerability in the attachment scanning of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass configured content filters on the device. The vulnerability is due to improper input validation of the email body. An attacker coul...
Cisco RV110W, RV130W, and RV215W Routers Information Disclosure Vulnerability
A vulnerability in the web interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to acquire the list of devices that are connected to the guest network. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit...
Cisco Webex Meetings Server Information Disclosure Vulnerability
A vulnerability in the web-based management interface of Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to access sensitive system information. The vulnerability is due to improper access control to files within the web-based management interface. An attacker could...
Cisco Policy Suite OSGi Interface Unauthenticated Access Vulnerability
A vulnerability in the Open Systems Gateway initiative OSGi interface of Cisco Policy Suite could allow an unauthenticated, remote attacker to directly connect to the OSGi interface. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by directly...
Cisco SD-WAN Solution VPN Subsystem Command Injection Vulnerability
A vulnerability in the VPN subsystem configuration in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerabilit...
Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016
Multiple Cisco products incorporate a version of the Network Time Protocol daemon ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition or modify the time being advertised ...
Telnet Vulnerability Affecting Cisco Products: June 2020
On February 28, 2020, APPGATE published a blog post regarding CVE-ID CVE-2020-10188, which is a vulnerability in Telnet servers telnetd. For more information about this vulnerability, see the Details "details" section. Cisco will release software updates that address this vulnerability. There are...
Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly validates Advanced...
Cisco Enterprise NFV Infrastructure Software Arbitrary File Read and Write Vulnerability
A vulnerability in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker with administrator privileges to overwrite or read arbitrary files on the underlying operating system OS of an affected device. The vulnerability is due to improper input validation...
Cisco Nexus 9000 Series Switches Standalone NX-OS Mode Fibre Channel over Ethernet NPV Denial of Service Vulnerability
A vulnerability in the Fibre Channel over Ethernet FCoE N-port Virtualization NPV protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition. The vulnerability is due to an incorrect processing of FCoE packets when...
Cisco Prime Collaboration Provisioning Unauthorized Password Change Denial of Service Vulnerability
A vulnerability in the password change function of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to cause the system to become inoperable. The vulnerability is due to insufficient validation of a password change request. An attacker could exploit this...
Cisco Unified Communications Manager IM & Presence Service SQL Injection Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities are due to improper validation of user-submitted...
Cisco Unified Communications Products Cross-Site Scripting Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager Unified CM, Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P, Cisco Unified Communications Manager Session Management Edition Unified CM SME, and Cisco Unity Connection...
Cisco Prime Service Catalog Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplied input by...
Cisco IP Phone 8800 Series File Upload Denial of Service Vulnerability
A vulnerability in the web-based management interface of Session Initiation Protocol SIP Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service DoS condition. The vulnerability exists because the...
Multiple Cisco Products Disk Utilization Denial of Service Vulnerability
Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service DoS condition. The vulnerability occu...
Vulnerabilities in OpenSSL Affecting Cisco Products: November 2022
On November 1, 2022, the OpenSSL Project announced the following vulnerabilities: CVE-2022-3602 - X.509 Email Address 4-byte Buffer Overflow CVE-2022-3786 - X.509 Email Address Variable Length Buffer Overflow For a description of these vulnerabilities, see OpenSSL Security Advisory Nov 1 2022...
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software DNS Inspection Denial of Service Vulnerability
A vulnerability in the DNS inspection handler of Cisco Adaptive Security Appliance ASA Software and Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service condition DoS on an affected device. This vulnerability is due to a lack of proper...
Multiple Vulnerabilities in dnsmasq DNS Forwarder Affecting Cisco Products: January 2021
A set of previously unknown vulnerabilities in the DNS forwarder implementation of dnsmasq were disclosed on January 19, 2021. The vulnerabilities are collectively known as DNSpooq. Exploitation of these vulnerabilities could result in remote code execution or denial of service DoS, or may allow ...
Cisco IOS XE Software Filesystem Exhaustion Denial of Service Vulnerability
A vulnerability in the filesystem resource management code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to exhaust filesystem resources on an affected device and cause a denial of service DoS condition. The vulnerability is due to ineffective management of the underlyi...
Cisco IP Phone 7800 Series and 8800 Series Remote Code Execution Vulnerability
A vulnerability in the web-based management interface of Session Initiation Protocol SIP Software for Cisco IP Phone 7800 Series and Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service DoS condition or execute arbitrary code. The vulnerability...