5224 matches found
Cisco Application Services Engine Software Authorization Vulnerability
A vulnerability in the key store of Cisco Application Services Engine Software could allow an authenticated, local attacker to read sensitive information of other users on an affected device. The vulnerability is due to insufficient authorization limitations. An attacker could exploit this...
Cisco Unified Contact Center Express Improper API Authorization Vulnerability
A vulnerability in the API subsystem of Cisco Unified Contact Center Express Unified CCX could allow an authenticated, remote attacker to change the availability state of any agent. The vulnerability is due to insufficient authorization enforcement on an affected system. An attacker could exploit...
Cisco IOx Application Framework Arbitrary File Creation Vulnerability
A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, remote attacker to write or modify arbitrary files in the virtual instance that is running on the affected device. The vulnerability is due to insufficient input...
Cisco IOS XE SD-WAN Software Authentication Bypass Vulnerability
A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, physical attacker to bypass authentication and gain unrestricted access to the root shell of an affected device. The vulnerability exists because the affected software has insufficient authentication mechanisms for...
Multiple Cisco Products Snort HTTP Detection Engine File Policy Bypass Vulnerability
Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass the configured file policies on an affected system. The vulnerability is due to errors in how the Snort detection engine handles specific HTTP...
Cisco Firepower Threat Defense Software Generic Routing Encapsulation Tunnel IPv6 Denial of Service Vulnerability
A vulnerability in the generic routing encapsulation GRE tunnel decapsulation feature of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to a memory handling erro...
Cisco IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Role-Based Access Control Vulnerability
A vulnerability in role-based access control of Cisco Integrated Management Controller IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow a read-only authenticated, remote attacker to disable user accounts on an affected system. The vulnerability is due to...
Cisco Firepower Management Center Open Redirect Vulnerability
A vulnerability in the web interface of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this...
Cisco Firepower Device Manager On-Box Software XML Parsing Vulnerability
A vulnerability in the XML parser code of Cisco Firepower Device Manager On-Box software could allow an authenticated, remote attacker to cause an affected system to become unstable or reload. The vulnerability is due to insufficient hardening of the XML parser configuration. An attacker could...
Cisco SD-WAN Solution vManage SQL Injection Vulnerability
A vulnerability in the web UI of Cisco SD-WAN Solution vManage software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web UI improperly validates SQL values. An attacker could exploit this vulnerability b...
Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements within a Webex...
Cisco FXOS and NX-OS Software Cisco Discovery Protocol Arbitrary Code Execution and Denial of Service Vulnerability
A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code as root or cause a denial of service DoS condition on an affected device. The vulnerability exists because of...
Cisco Mobility Management Entity Denial of Service Vulnerability
A vulnerability in the implementation of the Stream Control Transmission Protocol SCTP on Cisco Mobility Management Entity MME could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an eNodeB that is connected to an affected device. The vulnerability is due ...
Cisco Data Center Network Manager Path Traversal Vulnerabilities
Multiple vulnerabilities in the REST and SOAP API endpoints and the Application Framework feature of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. To exploit these vulnerabilities, an attacker wou...
Cisco Umbrella Enterprise Roaming Client and Enterprise Roaming Module Privilege Escalation Vulnerability
A vulnerability in the Cisco Umbrella Enterprise Roaming Client ERC could allow an authenticated, local attacker to elevate privileges to Administrator. To exploit the vulnerability, the attacker must authenticate with valid local user credentials. This vulnerability is due to improper...
Cisco SD-WAN Solution Command Injection Vulnerability
A vulnerability in the command-line interface CLI in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability ...
Cisco Wide Area Application Services Software Scripts Privilege Escalation Vulnerability
A vulnerability in Cisco-provided scripts disk-check.sh and harcap.sh for Cisco Wide Area Application Services WAAS Software could allow an authenticated, local attacker to elevate their privilege level to root. The attacker must have valid user credentials with super user privileges level 15 to...
Cisco IOS XR Software netconf Denial of Service Vulnerability
A vulnerability in the netconf interface of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on affected system. The vulnerability is due to improper handling of malformed requests processed by the netconf process. An attacker could...
Cisco Data Center Analytics Framework Reflected Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Data Center Analytics Framework could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is du...
Cisco Prime Infrastructure Privilege Escalation Vulnerability
A vulnerability in the role-based access control RBAC functionality of Cisco Prime Infrastructure could allow an authenticated, remote attacker to perform a privilege escalation in which one virtual domain user can view and modify another virtual domain configuration. The vulnerability is due to ...
Cisco NX-OS System Software CLI Arbitrary File Read Vulnerability
A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to read the contents of arbitrary files. The vulnerability is due to insufficient input validation for a specific CLI command. An attacker could exploit this vulnerability by issuing a crafted...
Cisco NX-OS System Software Patch Installation Command Injection Vulnerability
A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. An attacker would need valid administrator credentials to perform this exploit. The vulnerability is due to insufficient input validation during the...
Cisco IOS Software Network Address Translation Denial of Service Vulnerability
A vulnerability in the implementation of Network Address Translation NAT functionality in Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to the improper translation of H.323 messages tha...
Cisco Small Business SPA300, SPA500, and SPA51x Series IP Phones Denial of Service Vulnerability
A vulnerability in the handling of IP fragments for the Cisco Small Business SPA300, SPA500, and SPA51x Series IP Phones could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service DoS condition. The vulnerability is due to the...
Cisco UCS Central Software Command Line Interface Restricted Shell Break Vulnerability
A vulnerability in the CLI of Cisco UCS Central Software could allow an authenticated, local attacker to gain shell access. The vulnerability is due to insufficient input validation of commands entered in the CLI. An attacker could exploit this vulnerability by entering a specific command with...
Cisco Small Business Managed Switches Denial of Service Vulnerability
A vulnerability in the Secure Shell SSH subsystem of Cisco Small Business Managed Switches software could allow an authenticated, remote attacker to cause a reload of the affected switch, resulting in a denial of service DoS condition. The vulnerability is due to improper processing of SSH...
Cisco Meeting Server TURN Server Unauthorized Access and Information Disclosure Vulnerability
A vulnerability in the Traversal Using Relay NAT TURN server included with Cisco Meeting Server CMS could allow an authenticated, remote attacker to gain unauthenticated or unauthorized access to components of or sensitive information in an affected system. The vulnerability is due to an incorrec...
Cisco Firepower Management Center Cross-Site Scripting Vulnerability
A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of the affected software. The vulnerability is due to insufficient validation of user-supplied...
Cisco Virtual Network Function Element Manager Arbitrary Command Execution Vulnerability
A vulnerability in the Cisco Virtual Network Function VNF Element Manager could allow an authenticated, remote attacker to elevate privileges and run commands in the context of the root user on the server. The vulnerability is due to command settings that allow Cisco VNF Element Manager users to...
Cisco Security Appliances SNMP Polling Information Disclosure Vulnerability
A vulnerability in SNMP polling for the Cisco Web Security Appliance WSA, Email Security Appliance ESA, and Content Security Management Appliance SMA could allow an authenticated, remote attacker to discover confidential information about the appliances that should be available only to an...
Cisco Access Control System Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of the Cisco Secure Access Control System ACS could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web interface of the affected system. The vulnerability is due to insufficien...
Cisco StarOS for ASR 5000 Series Routers IPsec VPN Tunnel Denial of Service Vulnerability
A vulnerability in the IPsec component of Cisco StarOS for Cisco ASR 5000 Series Routers could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from establishing, resulting in a denial of service DoS condition. The vulnerability is due to...
Cisco Ultra Services Platform Information Disclosure Vulnerability
A vulnerability in the ConfD server in Cisco Ultra Services Platform could allow an authenticated, local attacker to view sensitive information. The vulnerability is due to insufficient protection of sensitive files on the system. An attacker could exploit this vulnerability by logging in to the...
Cisco TelePresence ICMP Denial of Service Vulnerability
A vulnerability in the ICMP ingress packet processing of Cisco TelePresence Collaboration Endpoint CE Software could allow an unauthenticated, remote attacker to cause the TelePresence endpoint to reload unexpectedly, resulting in a denial of service DoS condition. The vulnerability is due to...
Cisco ASR 903 and ASR 920 Series Devices IPv6 Packet Processing Denial of Service Vulnerability
A vulnerability in Cisco ASR 903 or ASR 920 Series Devices running with an RSP2 card could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on a targeted system. The vulnerability is due to insufficient processing of IPv6 packets by the affected system. The...
Cisco IOS and IOS XE Software Layer 2 Tunneling Protocol Denial of Service Vulnerability
A vulnerability in the Layer 2 Tunneling Protocol L2TP parsing function of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient validation of L2TP packets. An attacker could exploit this...
Cisco WebEx Meetings Server XML External Entity Vulnerability
A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to have read access to part of the information stored in the affected system. The vulnerability is due to improper handling of an XML External Entity XXE when parsing an XML file. An attacker could exploi...
Cisco Unified Communications Manager Cross-Site Scripting Vulnerability
A vulnerability in the serviceability page of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting XSS attacks. The vulnerability is due to improper sanitization or encoding of user-supplied data by the serviceability page ...
Cisco Intercloud Fabric Database Static Credentials Vulnerability
A vulnerability in Cisco Intercloud Fabric for Business and Cisco Intercloud Fabric for Providers could allow an unauthenticated, remote attacker to connect to the database used by these products. The vulnerability occurs because the database account uses static credentials. An attacker could...
Cisco Unified Communications Manager Web Interface Cross-Site Scripting Vulnerability
A vulnerability in several parameters of the ccmivr page of Cisco Unified Communication Manager CallManager could allow an unauthenticated, remote attacker to launch a cross-site scripting XSS attack against a user of the web interface on the affected system. The vulnerability is due to...
Cisco Meeting Server Information Disclosure Vulnerability
A vulnerability in Web Bridge for Cisco Meeting Server could allow an unauthenticated, remote attacker to retrieve memory from a connected server. The vulnerability is due to missing bounds checks in the Web Bridge functionality. An attacker could exploit this vulnerability by sending a crafted...
Cisco Unified Intelligence Center (CUIC) Software Unauthenticated User Account Creation Vulnerability
A vulnerability in the jspringsecurityswitchuser function of Cisco Unified Intelligence Center CUIC Software could allow an unauthenticated, remote attacker to make certain changes to the system. The vulnerability is due to improper implementation of authorization controls when accessing certain...
Cisco IOS and IOS XE Software H.323 Message Validation Denial of Service Vulnerability
A vulnerability in the H.323 subsystem of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to create a denial of service DoS condition on an affected device. The vulnerability is due to a failure to properly validate certain fields in an H.323 protocol suite message...
Cisco Unified Computing System Command Line Interface Privilege Escalation Vulnerability
A vulnerability in the command-line interface CLI of the Cisco Unified Computing System UCS Manager and UCS 6200 Series Fabric Interconnects could allow an authenticated, local attacker to access the underlying operating system with the privileges of the root user. The vulnerability is due to...
Cisco WebEx Meetings Server Information Disclosure Vulnerability
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access sensitive data. The vulnerability is due to lack of proper authentication controls. An attacker could exploit this vulnerability to learn sensitive information about the application. Cisco has...
Cisco cBR-8 Series Converged Broadband Router SNMP Denial of Service Vulnerability
A vulnerability in the Simple Network Management Protocol SNMP subsystem of Cisco IOS XE Software running on Cisco cBR-8 Series Converged Broadband Routers could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability exists because the affected...
Cisco IP Phones Web Application Buffer Overflow Vulnerability
A vulnerability in the web application for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service DoS condition. The vulnerability exists because the affected software fails t...
Cisco Aironet Access Points Command-Line Interpreter Linux Shell Command Injection Vulnerability
A vulnerability in the command-line interpreter of Cisco Aironet 1800, 2800, and 3800 Series Access Points could allow an authenticated, local attacker to inject commands in the Linux shell. The commands could be executed with root-level privileges. The vulnerability is due to improper sanitizati...
Cisco UCS Invicta Software Default GPG Key Vulnerability
A vulnerability in Cisco UCS Invicta Software could allow an unauthenticated, remote attacker to access some encrypted information, if the attacker can intercept communication between an affected system and a Cisco UCS Invicta Autosupport server. The vulnerability is due to the presence of a...
Cisco Unified Computing System Central Cross-Site Scripting Vulnerability
A vulnerability in the HTTP web-based management interface of Cisco Unified Computing System UCS Central Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of the affected system. The vulnerability is due to...