5224 matches found
Cisco FireSIGHT System Software Convert Timing Channel Vulnerability
A vulnerability in credential authentication for valid and invalid username-password pairs for Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to determine a list of valid usernames for an affected device. The vulnerability is due to implementation details of how...
Cisco Prime Infrastructure Log File Remote Code Execution Vulnerability
A vulnerability in the log file handling for Cisco Prime Infrastructure could allow an authenticated, remote attacker to change and modify the system log file. The log file could have executable code added to it that could be executed when the log file is viewed. The vulnerability is due to lack ...
Cisco Nexus 2000 Series Fabric Extender Software Default Credential Vulnerability
A vulnerability in the Cisco Nexus 2000 Series Fabric Extender could allow an unauthenticated, local attacker to log in to the system shell with root user privileges. The vulnerability is due to a missing password for the root user account on the affected system. This account is created at...
Cisco Modular Encoding Platform D9036 Software Default Credentials Vulnerability
A vulnerability in Cisco Modular Encoding Platform D9036 Software could allow an unauthenticated, remote attacker to log in to the system shell with the privileges of the root user. The vulnerability occurs because the root user has a default and static password. This account is created at...
Cisco FireSIGHT Management Center Stored Cross-Site Scripting Vulnerabilities
Multiple vulnerabilities in the web framework of Cisco FireSIGHT Management Center could allow an unauthenticated, remote attacker to execute a stored cross-site scripting XSS attack against a user of the Cisco FireSIGHT Management Center web interface. The vulnerabilities are due to improper...
Cisco Nexus 5000 Series USB Driver Denial of Service Vulnerability
A vulnerability in the USB driver for Cisco Nexus 5000 Series Switches could allow an unauthenticated, local attacker to cause a denial of service DoS condition due to a kernel crash. The vulnerability is due to insufficient handling of USB input parameters. An attacker could exploit this...
Cisco Web Security Appliance Native FTP Denial of Service Vulnerability
A vulnerability in the native passthrough FTP functionality of the Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to cause a partial denial of service DoS condition due to high CPU utilization. The vulnerability occurs when the FTP client terminates the FTP contr...
Cisco TelePresence Video Communication Server Cross-Site Request Forgery Vulnerability
A vulnerability in Cisco TelePresence Video Communication Server VCS could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to a lack of cross-site request forgery CSRF protections. An attacker could exploit this vulnerability by persuading a user of...
Cisco Networking Services Sensitive Information Disclosure Vulnerability
A vulnerability in the debug logging function of Cisco Networking Services CNS used for configuring Cisco IOS networking devices could allow an authenticated, local attacker to disclose sensitive data. The vulnerability is due to insufficient protections of sensitive data at rest. An attacker...
Cisco Prime Renegotiation Request Denial of Service Vulnerability
A vulnerability in Cisco Prime could allow a remote, unauthenticated attacker to cause a denial of service DoS condition. The vulnerability is due to improper handling of SSL renegotiation requests. An unauthenticated, remote attacker could exploit this vulnerability by sending multiple SSL...
Cisco Prime Collaboration Provisioning SQL Injection Vulnerability
A vulnerability in web framework of Cisco Prime Collaboration Provisioning PCP could allow an authenticated, remote attacker to execute unauthorized SQL queries. The vulnerability is due to a failure to validate user-supplied input used in SQL queries. An attacker could exploit this vulnerability...
Cisco Aironet 1850 Access Point Privilege Escalation Vulnerability
A vulnerability in the command-line interface CLI of the Cisco Aironet 1850 Series Access Point device could allow an authenticated, local attacker to obtain elevated privileges to the restricted shell on the device. The vulnerability is due to a lack of proper escape protections when validating...
Cisco Email Security Appliance Max Files Denial of Service Vulnerability
A vulnerability in file descriptor handling of the Cisco Email Security Appliance ESA could allow an authenticated, remote attacker to cause a denial of service DoS condition due to the affected device unexpectedly reloading. The vulnerability is due to failure to release file descriptors when th...
Cisco ASR 1000 Series Aggregation Services Routers Data-Plane Processing Denial of Service Vulnerability
A vulnerability in the Cisco ASR 1000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to the processing of excessive number of IPv4 packets that require fragmentation and reassembly. An attack...
Cisco TelePresence Video Communication Server Expressway TFTP Information Disclosure Vulnerability
A vulnerability in TFTP in Cisco TelePresence Video Communication Server VCS Expressway could allow an authenticated, remote attacker to obtain unauthorized access to configuration files from the device by using TFTP. The vulnerability is due to lack of TFTP authentication and control for the...
Cisco Unified IP Phones 9900 Series Denial of Service Vulnerability
A vulnerability in the packet storing capabilities of Cisco 9900 Series IP Phones could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to how the phone decoder handles certain real-time transport protocol RTP packets. An attacker...
Cisco Virtual WSA, ESA, and SMA Default SSH Host Keys Vulnerability
A vulnerability in the remote support functionality of Cisco WSAv, Cisco ESAv, and Cisco SMAv Software could allow an unauthenticated, remote attacker to decrypt and impersonate secure communication between any virtual content security appliances. The vulnerability is due to the presence of...
Cisco WebEx Meetings Host Calendar Download Vulnerability
A vulnerability in Cisco WebEx Meetings could allow an unauthenticated, remote attacker to access and download calendar files without authorization. The vulnerability is due to inconsistent authorization checks. An attacker could exploit this vulnerability by enumerating scheduled meetings and...
Cisco FireSIGHT Management Center Cross-Site Scripting Vulnerability
A vulnerability in the Cisco FireSIGHT Management Center could allow an authenticated, remote attacker to perform cross-site scripting XSS attacks. The vulnerability is due to insufficient input validation of some parameters passed via HTTP GET or POST methods. An attacker could exploit this...
Multiple Cisco Products TCP Flood Denial of Service Vulnerability
A vulnerability in the TCP module of multiple Cisco products could allow an unauthenticated, remote attacker to disable TCP ports and cause an increase in CPU and memory usage, resulting in a denial of service DoS condition. The vulnerability is due to a lack of rate limiting in the TCP listener...
Cisco FireSIGHT Management Center Web Framework Stored Cross-Site Scripting Vulnerability
A vulnerability in the web framework of Cisco FireSIGHT Management Center MC could allow an authenticated, remote attacker to execute a stored cross-site scripting XSS attack against the user of the web interface. The vulnerability is due to improper sanitization of parameter values. An attacker...
Cisco Unified MeetingPlace Web Services Directory SOAP API Endpoints Cross-Site Request Forgery Vulnerability
A vulnerability in the SOAP application programming interface API endpoints of the web services directory of Cisco Unified MeetingPlace could allow an unauthenticated, remote attacker to perform a cross-site request forgery CSRF attack. The vulnerability is due to insufficient CSRF protections in...
Cisco IOS XR Software BVI Routed Packet Denial of Service Vulnerability
A vulnerability in the packet-processing code of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers ASR could allow an unauthenticated, remote attacker to cause a lockup and eventual reload of a network processor chip and the line card that is processing traffic. Only...
Cisco IOS Software and IOS XE Software mDNS Gateway Denial of Service Vulnerability
A vulnerability in the multicast DNS mDNS gateway function of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to reload the vulnerable device. The vulnerability is due to improper validation of mDNS packets. An attacker could exploit this vulnerability...
Cisco Content Services Switch (11500) Unauthenticated Port Forwarding Vulnerability
A vulnerability in the Management Interface of the Cisco Content Services Switch 11500 could allow an unauthenticated, remote attacker to gain unauthorized access to other devices on the network. The vulnerability is due to improper handling of SSH packets. An attacker could exploit this...
Cisco ACE 4710 Application Control Engine and Application Networking Manager Cross-Site Request Forgery Vulnerability
A vulnerability in the web GUI of the Cisco Application Networking Manager ANM and the Device Manager DM in the Cisco ACE 4710 Application Control Engine ACE Appliance could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against the user of the web...
Cisco Web Security Appliance Cross-Site Scripting Vulnerability
A vulnerability in the Administrator report page of the Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by...
Cisco TelePresence Management Suite XML Vulnerability
A vulnerability in the configuration of the XML parser of the Cisco TelePresence Management Suite TMS could allow an authenticated, remote attacker to cause a denial of service condition. The vulnerability is due to improper handling of XML external entities. An attacker could exploit this...
Cisco Secure Access Control System SQL Injection Vulnerability
Cisco Secure Access Control System ACS prior to version 5.5 patch 8 is vulnerable to a SQL injection attack in the ACS View reporting interface pages. A successful attack could allow an authenticated, remote attacker to access and modify information such as RADIUS accounting records stored in one...
Cisco Adaptive Security Appliance WebVPN Content Rewriter Denial of Service Vulnerability
A vulnerability in the WebVPN functionality of Cisco Adaptive Security Appliance ASA could allow an authenticated, remote attacker to cause an affected device to crash. The vulnerability is due to a fault in the Proxy Bypass Content Rewriter implementation. An attacker could exploit this...
Cisco Unified IP Phone 9900 Series Arbitrary File Upload Vulnerability
A vulnerability in the web framework of Cisco Unified IP Phone 9900 Series could allow an unauthenticated, remote attacker to upload arbitrary files to the phone. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafte...
Cisco Unified IP Phone 9900 Series Mobility Extension Availability Vulnerability
A vulnerability in the mobility extension support of Cisco Unified IP Phone 9900 Series could allow an unauthenticated, remote attacker to log off the mobility extension user. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability ...
Cisco WebEx Meetings Server Cross-Site Scripting Vulnerability
A vulnerability in the sendPwMail.do page of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to improper sanitization of the email...
Cisco AnyConnect User Interface Dialog Rendered When Connecting to Arbitrary Hosts Vulnerability
A vulnerability in Cisco AnyConnect for Android and Mac OS X could allow an unauthenticated, remote attacker to force the rendering of an authentication form in the client. The vulnerability is due to insufficient validation of the type of host to which AnyConnect establishes a connection. An...
Cisco Prime Infrastructure Device Discovery Password Disclosure Vulnerability
A vulnerability in the web interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to view the passwords stored for device discovery. The vulnerability occurs because the Quick Discovery options page contains the stored password in the HMTL page source. An attacker...
Cisco Adaptive Security Appliance DOM Cross-Site Scripting Vulnerability in WebVPN Portal
Cisco Adaptive Security Appliance ASA devices configured for WebVPN contain a DOM-based cross-site scripting vulnerability XSS within the Portal Login page. An unauthenticated, remote attacker who can convince a user to take a malicious action, could perform a XSS attack on the user. The...
Cisco IOS XR Software lighttpd TCP Session Vulnerability
A vulnerability in the lighttpd module of Cisco IOS XR could allow an unauthenticated, remote attacker to cause a reload of the affected lighttpd process. The vulnerability is due to a race condition while handling TCP sessions to the lighttpd module on the affected Cisco IOS XR device. An attack...
Cisco ASA Local Path Inclusion Vulnerability
A vulnerability in the function that exports environment variables of Cisco ASA Software could allow an authenticated, local attacker to inject a malicious library and take complete control of the system. The vulnerability is due to improper setting of the LDLIBRARYPATH environment. An attacker...
Cisco IOS Software Metadata Vulnerabilities
Two vulnerabilities in the metadata flow feature of Cisco IOS Software could allow an unauthenticated, remote attacker to reload a vulnerable device. The vulnerabilities are due to improper handling of transit RSVP packets that need to be processed by the metadata infrastructure. An attacker coul...
Cisco IOS XR Software Malformed MPLS Packet Denial of Service Vulnerability
A vulnerability in parsing of malformed Multiprotocol Label Switching MPLS packets in Cisco IOS XR Software for Cisco Network Convergence System 6000 Series Routers could allow an unauthenticated, adjacent attacker to cause a lockup and eventual reload of a network processor unit NPU and a line...
Cisco Integrated Management Controller SSH Denial of Service Vulnerability
A vulnerability in the Cisco Integrated Management Controller Cisco IMC SSH module of the Cisco Unified Computing System E-Series Blade servers could allow an unauthenticated, remote attacker to cause a denial of service condition. The vulnerability is due to a failure to properly handle a crafte...
Cisco 1800 Series ISR ISDN Basic Rate Interface Denial of Service Vulnerability
Cisco 1800 Series Integrated Services Routers ISR contain a vulnerability in the hardware entropy collection module when the Integrated Services Digital Network ISDN Basic Rate Interface BRI is configured and connected to a public switched network. This could allow an attacker with knowledge of t...
Cisco Unified Communications Manager CTIManager Vulnerability
A vulnerability in the CTIManager module of Cisco Unified Communications Manager Cisco Unified CM could allow an authenticated, remote attacker to execute arbitrary commands with elevated privileges. The vulnerability is due to a failure to properly validate input contained within Kerberos single...
Cisco Unified Communications Manager SIP Subsystem Vulnerability
A vulnerability in the Session Initiation Protocol SIP subsystem of Cisco Unified Communications Manager Cisco Unified CM could allow an authenticated, remote attacker to trigger a denial of service condition. The vulnerability is due to a failure by the SIP subsystem to properly sanitize...
Cisco WebEx Meetings Client Arbitrary File Download Vulnerability
A vulnerability in the File Transfer functionality of the Cisco WebEx Meetings client could allow an unauthenticated, remote attacker to access arbitrary files on another user's computer also running the Cisco WebEx Meetings client. The vulnerability exists because the affected software does not...
Cisco TelePresence TC and TE Software u-boot Buffer Overflow Vulnerability
A vulnerability in the implementation of executable utilities that use the universal bootloader u-boot compiler of Cisco TelePresence TC and TE Software could allow an authenticated, local attacker to create a buffer overflow and possibly execute arbitrary code on the affected system. The...
Cisco Adaptive Security Appliance DHCPv6 Denial of Service Vulnerability
A vulnerability in the DHCP code of Cisco ASA Software could allow an unauthenticated, adjacent attacker to cause the reload of an affected system. The vulnerability is due to insufficient validation of crafted or malformed DHCP version 6 DHCPv6 packets when DHCPv6 replay feature is enabled. An...
Cisco Unity Connection Directory Traversal Vulnerability
A vulnerability in the messaging API of Cisco Unity Connection could allow an authenticated, remote attacker to execute a directory traversal and download arbitrary files that match the allowed MIME types. The vulnerability occurs because there is insufficient input filtering and file types other...
Cisco IOS Software Sup2T Denial of Service Vulnerability
A vulnerability in Cisco Catalyst 6500 Supervisor Engine 2T Sup2T could allow an unauthenticated, remote attacker to crash the device. The vulnerability is due to incorrect processing multicast traffic by the Sup2T. An attacker could exploit this vulnerability by sending crafted packets to the...
Cisco Unified Communications Manager CAPF CSR Arbitrary File Read/Write Vulnerability
A vulnerability in the Certificate Authority Proxy Function CAPF command-line function for Certificate Signing Request CSR management of Cisco Unified Communications Manager Cisco Unified CM could allow an authenticated, local attacker to read or write arbitrary files to the underlying operating...