Cisco Firepower Management Center Remote Code Execution Vulnerability

A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system of an affected device. The vulnerability is due to insufficient input validation. An...

Cisco IOS XE Software FTP Application Layer Gateway for NAT, NAT64, and ZBFW Denial of Service Vulnerability

A vulnerability in the FTP application layer gateway ALG functionality used by Network Address Translation NAT, NAT IPv6 to IPv4 NAT64, and the Zone-Based Policy Firewall ZBFW in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The...

Cisco IOS XE Software Web UI Command Injection Vulnerabilities

Multiple vulnerabilities in the web-based user interface Web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands with elevated privileges on the affected device. For more information about these vulnerabilities, see the Details "details" section of this...

Cisco Small Business Series Switches Memory Corruption Vulnerability

A vulnerability in the Secure Sockets Layer SSL input packet processor of Cisco Small Business 200, 300, and 500 Series Managed Switches could allow an unauthenticated, remote attacker to cause a memory corruption on an affected device. The vulnerability is due to improper validation of HTTPS...

Cisco IOS XR Software Border Gateway Protocol Denial of Service Vulnerability

A vulnerability in the implementation of Border Gateway Protocol BGP functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected system. The vulnerability is due to incorrect processing of certain BGP update...

Cisco SD-WAN Solution Command Injection Vulnerability

A vulnerability in the vManage web-based UI Web UI in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerabilit...

Cisco Prime Infrastructure and Evolved Programmable Network Manager Virtual Domain Privilege Escalation Vulnerability

A vulnerability in the Virtual Domain system of Cisco Prime Infrastructure PI and Evolved Programmable Network Manager EPN Manager could allow an authenticated, remote attacker to change the virtual domain configuration, which could lead to privilege escalation. The vulnerability is due to improp...

Vulnerability in Java Deserialization Affecting Cisco Products

A vulnerability in the Java deserialization used by the Apache Commons Collections ACC library could allow an unauthenticated, remote attacker to execute arbitrary code. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could explo...

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software RSA Private Key Leak Vulnerability

A vulnerability in the handling of RSA keys on devices running Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to retrieve an RSA private key. This vulnerability is due to a logic error when the RSA key...

Cisco Advanced Malware Protection for Endpoints Windows Command Injection Vulnerability

A vulnerability in Cisco Advanced Malware Protection AMP for Endpoints for Windows could allow an authenticated, local attacker with administrator privileges to execute arbitrary code. The vulnerability is due to insufficient validation of dynamically loaded modules. An attacker could exploit thi...

Cisco Enterprise NFV Infrastructure Software Command Injection Vulnerability

A vulnerability in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system OS of an affected device as root. The vulnerability is due to insufficient input validation of a configuration file...

Cisco Email Security Appliance Content Filter Bypass Vulnerability

A vulnerability in the attachment scanning of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass configured content filters on the device. The vulnerability is due to improper input validation of the email body. An attacker coul...

Cisco Webex Meetings Server Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to access sensitive system information. The vulnerability is due to improper access control to files within the web-based management interface. An attacker could...

TCP Vulnerabilities in Multiple IOS-Based Cisco Products

...

Cisco FXOS Software and UCS Manager Software Configuration Backup Static Key Vulnerability

A vulnerability in the backup configuration feature of Cisco UCS Manager Software and in the configuration export feature of Cisco FXOS Software could allow an unauthenticated attacker with access to a backup file to decrypt sensitive information stored in the full state and configuration backup...

Vulnerability in Spring Cloud Function Framework Affecting Cisco Products: March 2022

On March 29, 2022, the following critical vulnerability in the Spring Cloud Function Framework affecting releases 3.1.6, 3.2.2, and older unsupported releases was disclosed: CVE-2022-22963: Remote code execution in Spring Cloud Function by malicious Spring Expression For a description of this...

Cisco ADE-OS Local File Inclusion Vulnerability

A vulnerability in the restricted shell of Cisco Evolved Programmable Network EPN Manager, Cisco Identity Services Engine ISE, and Cisco Prime Infrastructure could allow an authenticated, local attacker to identify directories and write arbitrary files to the file system. This vulnerability is du...

Cisco IOS XE Software Fast Reload Vulnerabilities

Multiple vulnerabilities in the fast reload feature of Cisco IOS XE Software running on Cisco Catalyst 3650, Cisco Catalyst 3850, Cisco Catalyst 9300, and Cisco Catalyst 9300L Series Switches could allow an authenticated, local attacker to either execute arbitrary code on the underlying operating...

Cisco Firepower Threat Defense Software NULL Character Obfuscation Detection Bypass Vulnerability

A vulnerability in the normalization functionality of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to...

Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities

Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly validates Advanced...

Cisco RV110W, RV130W, and RV215W Routers Information Disclosure Vulnerability

A vulnerability in the web interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to acquire the list of devices that are connected to the guest network. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit...

Cisco Webex Network Recording Player Remote Code Execution Vulnerabilities

Multiple vulnerabilities in the Cisco Webex Network Recording Player for Advanced Recording Format ARF could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerabilities are due to improper validation of Webex recording files. An attacker could...

Cisco Policy Suite OSGi Interface Unauthenticated Access Vulnerability

A vulnerability in the Open Systems Gateway initiative OSGi interface of Cisco Policy Suite could allow an unauthenticated, remote attacker to directly connect to the OSGi interface. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by directly...

Cisco FXOS and NX-OS Software Cisco Fabric Services Arbitrary Code Execution Vulnerability

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service DoS condition. The vulnerability exists because the affected software insufficiently...

OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products

Multiple Cisco products incorporate a version of the OpenSSL package affected by a vulnerability that could allow an unauthenticated, remote attacker to retrieve memory in chunks of 64 kilobytes from a connected client or server. The vulnerability is due to a missing bounds check in the handling ...

Cisco Unified Communications Manager IM & Presence Service SQL Injection Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities are due to improper validation of user-submitted...

Cisco Unified Communications Products Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager Unified CM, Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P, Cisco Unified Communications Manager Session Management Edition Unified CM SME, and Cisco Unity Connection...

Cisco Prime Service Catalog Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplied input by...

Cisco Nexus 9000 Series Switches Standalone NX-OS Mode Fibre Channel over Ethernet NPV Denial of Service Vulnerability

A vulnerability in the Fibre Channel over Ethernet FCoE N-port Virtualization NPV protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition. The vulnerability is due to an incorrect processing of FCoE packets when...

Cisco SD-WAN Solution VPN Subsystem Command Injection Vulnerability

A vulnerability in the VPN subsystem configuration in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerabilit...

Cisco IOS and IOS XE Software AAA Login Denial of Service Vulnerability

A vulnerability in the Authentication, Authorization, and Accounting AAA service for remote Secure Shell Host SSH connections to the device for Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause the vulnerable device to reload. The vulnerability is due to an...

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software DNS Inspection Denial of Service Vulnerability

A vulnerability in the DNS inspection handler of Cisco Adaptive Security Appliance ASA Software and Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service condition DoS on an affected device. This vulnerability is due to a lack of proper...

Multiple Vulnerabilities in dnsmasq DNS Forwarder Affecting Cisco Products: January 2021

A set of previously unknown vulnerabilities in the DNS forwarder implementation of dnsmasq were disclosed on January 19, 2021. The vulnerabilities are collectively known as DNSpooq. Exploitation of these vulnerabilities could result in remote code execution or denial of service DoS, or may allow ...

Telnet Vulnerability Affecting Cisco Products: June 2020

On February 28, 2020, APPGATE published a blog post regarding CVE-ID CVE-2020-10188, which is a vulnerability in Telnet servers telnetd. For more information about this vulnerability, see the Details "details" section. Cisco will release software updates that address this vulnerability. There are...

Cisco IP Phone 8800 Series Authorization Bypass Vulnerability

A vulnerability in the web-based management interface of Session Initiation Protocol SIP Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to bypass authorization, access critical services, and cause a denial of service DoS condition. The vulnerability exists...

Cisco NX-OS Software Unauthorized Filesystem Access Vulnerability

A vulnerability in the filesystem permissions of Cisco NX-OS Software could allow an authenticated, local attacker to gain read and write access to a critical configuration file. The vulnerability is due to a failure to impose strict filesystem permissions on the targeted device. An attacker coul...

Cisco StarOS IPv4 Fragmentation Denial of Service Vulnerability

A vulnerability in the reassembly logic for fragmented IPv4 packets of Cisco StarOS running on virtual platforms could allow an unauthenticated, remote attacker to trigger a reload of the npusim process, resulting in a denial of service DoS condition. There are four instances of the npusim proces...

Cisco IOS XE Software Filesystem Exhaustion Denial of Service Vulnerability

A vulnerability in the filesystem resource management code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to exhaust filesystem resources on an affected device and cause a denial of service DoS condition. The vulnerability is due to ineffective management of the underlyi...

Cisco TelePresence Video Communication Server and Cisco Expressway Series Server-Side Request Forgery Vulnerability

A vulnerability in Cisco TelePresence Video Communication Server VCS and Cisco Expressway Series software could allow an unauthenticated, remote attacker to cause an affected system to send arbitrary network requests. The vulnerability is due to improper restrictions on network services in the...

Cisco IP Phone 7800 Series and 8800 Series Remote Code Execution Vulnerability

A vulnerability in the web-based management interface of Session Initiation Protocol SIP Software for Cisco IP Phone 7800 Series and Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service DoS condition or execute arbitrary code. The vulnerability...

Cisco Policy Suite Cluster Manager Default Password Vulnerability

A vulnerability in the Cluster Manager of Cisco Policy Suite could allow an unauthenticated, remote attacker to log in to an affected system using the root account, which has default, static user credentials. The vulnerability is due to the presence of undocumented, static user credentials for th...

Cisco Unified Communications Manager Administration Page Cross-Site Scripting Vulnerability

A vulnerability in the ccmadmin page of Cisco Unified Communications Manager CUCM could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting XSS attacks. The vulnerability is due to improper sanitization or encoding of user-supplied data by the ccmadmin page of an...

Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016

Multiple Cisco products incorporate a version of the Network Time Protocol daemon ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition or modify the time being advertised ...

Vulnerabilities in OpenSSL Affecting Cisco Products: November 2022

On November 1, 2022, the OpenSSL Project announced the following vulnerabilities: CVE-2022-3602 - X.509 Email Address 4-byte Buffer Overflow CVE-2022-3786 - X.509 Email Address Variable Length Buffer Overflow For a description of these vulnerabilities, see OpenSSL Security Advisory Nov 1 2022...

Cisco IOS XE ROM Monitor Software for Cisco Industrial Switches OS Command Injection Vulnerability

A vulnerability in the ROM Monitor ROMMON of Cisco IOS XE Software for Cisco Catalyst IE3200, IE3300, and IE3400 Rugged Series Switches, Cisco Catalyst IE3400 Heavy Duty Series Switches, and Cisco Embedded Services 3300 Series Switches could allow an unauthenticated, physical attacker to execute...

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SIP Inspection Denial of Service Vulnerability

A vulnerability in the Session Initiation Protocol SIP inspection module of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The...

Cisco NX-OS and IOS XE Software Virtual Service Image Signature Bypass Vulnerability

A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service image and bypass signature verification on an affected device. The vulnerability is due to improper...

Cisco Data Center Network Manager Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco Data Center Network Manager DCNM could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device. The vulnerability is due to improper access controls for certain URLs on affected DCNM softwar...

Cisco Adaptive Security Appliance Flow Creation Denial of Service Vulnerability

A vulnerability in the ingress flow creation functionality of Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to cause the CPU to increase upwards of 100 percent utilization, causing a denial of service DoS condition on an affected system. The vulnerability i...

Intel Active Management Technology Privilege Escalation Vulnerability

On May 1st, 2017, Intel released a security advisory titled Intel Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability Escalation of Privilege, also known as INTEL-SA-00075. The advisory details a vulnerability in the Intel Active Management AMT, Intel...