5226 matches found
Cisco AnyConnect Secure Mobilty Client Directory Traversal Vulnerability
A vulnerability in the connection establishment process of Cisco AnyConnect Secure Mobility Client could allow an unauthenticated, remote attacker to write or overwrite files in the active user's context. The vulnerability is due to insufficient input validation. An unauthenticated, remote attack...
Cisco IM and Presence Service Reflected Cross-Site Scripting Vulnerability
Cisco IM and Presence Service contains a reflected cross-site scripting XSS vulnerability that could allow an unauthenticated, remote attacker to preform an XSS attack on an authenticated user. The vulnerability is due to an incomplete user input filter that may not filter certain HTML or script...
Cisco TelePresence Serial Gateway Cross-Site Request Forgery Vulnerability
A vulnerability in the Cisco TelePresence Serial Gateway Series could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to insufficient cross-site request forgery CSRF protection. An attacker could exploit this vulnerability by tricking the user of a...
Cisco Adaptive Security Appliance Software OSPFv2 Denial of Service Vulnerability
A vulnerability in the Open Shortest Path First version 2 OSPFv2 code of Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, adjacent attacker to cause the reload of the affected system. The vulnerability is due to improper handling of OSPFv2 packets. An attacker could...
Cisco Unified Presence Server Cross-Site Scripting Vulnerability
A vulnerability in the Cisco Unified Presence Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of the affected system. The vulnerability is due to insufficient input validation of a user-supplied value. An...
Cisco IM and Presence Service Leaked Encrypted Passwords Privilege Escalation Vulnerability
A vulnerability in the Cisco IM and Presence Service could allow an authenticated, remote attacker to gain elevated privileges. The vulnerability is due to improper web page restrictions imposed by the affected software. An authenticated, remote attacker could exploit this vulnerability to access...
Cisco Identity Services Engine and Secure Access Control System Support Bundle Download Vulnerability
A vulnerability in Cisco Identity Services Engine and Secure Access Control System could allow an authenticated, remote attacker to gain unauthorized access to program data. The vulnerability is due to weak authentication and authorization used to control access to support bundles stored on a...
Cisco IOS Software UBR Devices SNMP Subsystem Denial of Service Vulnerability
A vulnerability in the SNMP subsystem of Cisco Universal Broadband Router devices could allow an authenticated, remote attacker to cause a crash of the Parallel Express Forwarding PXF process on the Performance Routing Engine PRE module. The vulnerability is due to a memory leak that occurs when...
Cisco IOS XR Software Crafted IPv6 Packet Denial of Service Vulnerability
A vulnerability in the IP version 6 IPv6 processing code of Cisco IOS XR Software for Cisco CRS-3 Carrier Routing System could allow an unauthenticated, remote attacker to trigger an ASIC scan of the Network Processor Unit NPU and a reload of the line card processing an IPv6 packet. The...
Cisco Headend System Release Archive File Download Vulnerability
A vulnerability in Cisco Headend System Release could allow an unauthenticated, remote attacker to download temporary script files. The vulnerability is due to improper input validation of the HTTP request header. An attacker could exploit this vulnerability by manipulating the URL of an HTTP...
Cisco Wide Area Application Services Server Message Block Protocol Module Denial of Service Vulnerability
A vulnerability in the Server Message Block Protocol SMB module of Cisco Wide Area Application Services WAAS could allow an unauthenticated, remote attacker to cause a reload of the SMB module. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by...
Cisco Unified MeetingPlace Administrative Web Interface Reflected Cross-Site Scripting Vulnerability
A vulnerability in the administrative web interface of Cisco Unified MeetingPlace could allow an unauthenticated, remote attacker to perform a reflected cross-site scripting XSS attack on an affected system. The vulnerability is due to improper validation of user-supplied input by the affected...
Cisco Secure Access Control Server Dashboard Page Cross-Site Request Forgery Vulnerability
A vulnerability in the Dashboard page in the monitoring and report section of Cisco Secure Access Control Server could allow an unauthenticated, remote attacker to perform a cross-site request forgery CSRF attack. The vulnerability is due to the improper generation and validation of the CSRF toke...
Cisco Web Security Appliance Python File Processing Privilege Escalation Vulnerability
A vulnerability in the status-checking process of remote access tunnels for supporting Cisco Web Security Appliances WSA could allow an authenticated, local attacker to execute arbitrary Python code on the affected system. The vulnerability is due to improper usage and handling of the pickle Pyth...
Cisco Web Security Appliance Pickle Python Module Arbitrary Code Execution Vulnerability
A vulnerability in the status checking process of support remote access tunnels in the Cisco Web Security Appliance WSA could allow an authenticated, local attacker to execute arbitrary Python code on a targeted system. The vulnerability is due to improper use and handling of the pickle Python...
Cisco ASR1000 Series Routers ESP Module Denial of Service Vulnerability
A vulnerability in the Embedded Services Processor ESP module of Cisco ASR 1000 Series Routers running Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to improper handling of malformed H.323 packets by an...
Cisco Unified Communications Domain Manager Application Software Information Disclosure Vulnerability
A vulnerability in Cisco Unified Communications Domain Manager Application Software could allow an authenticated, remote attacker to gain access to sensitive information. The vulnerability is due to unspecified condition within the affected software that could allow local file inclusion. An...
Cisco Unified Communications Domain Manager Application Software SQL Injection Vulnerability
A vulnerability in the Image Management functionality of Cisco Unified Communications Domain Manager Application Software could allow an authenticated, remote attacker to conduct SQL injection attacks. The vulnerability is due to insufficient validation of user-supplied input by the affected...
Cisco WebEx Meetings Server Administrative Portal Cross-Site Scripting Vulnerability
A vulnerability in the administration portal page of the Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks. The vulnerability is due to insufficient validation of user-supplied input submitted to the administration portal page ...
Cisco AnyConnect Secure Mobility Client Arbitrary Code Execution Vulnerability
A vulnerability in the inter-process communication IPC channel of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to execute arbitrary code. The vulnerability is due to a lack of input sanitization of certain IPC commands. An attacker could exploit this...
Cisco Intrusion Prevention System MainApp Secure Socket Layer Denial of Service Vulnerability
The Cisco Intrusion Prevention System IPS Software has a vulnerability within the SSL/TLS subsystem utilized by the web management interface which could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. Cisco has released software updates that address this...
Cisco Hosted Collaboration Solution Unauthorized System Access Vulnerability
A vulnerability in the Simple Object Access Protocol SOAP Interface of the Cisco Hosted Collaboration Solution HCS could allow an unauthenticated, remote attacker to gain unauthorized access to a targeted system. An attacker could exploit the vulnerability by transmitting crafted Challenge SOAP...
Cisco Unified IP Phone 9900 Series Denial of Service Vulnerability
A vulnerability in the Cisco Unified IP Phone 9900 Series could allow an authenticated, local attacker to cause a denial of service DoS condition on the affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted...
Cisco Unified Communications Domain Manager Cross-Site Request Forgery Vulnerability
A vulnerability in the web framework code of Cisco Unified Communication Domain Manager version 10 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against the user of the web interface. The vulnerability is due to insufficient CSRF protections. ...
Cisco WebEx Meetings Server XMLAPI Vulnerability
A vulnerability in the XML application programming interface API of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to view sensitive information. The vulnerability is due to improper sanitization of return messages. An attacker could exploit this vulnerability by...
Cisco Unified Communications Manager Remote Mobile Access Subsystem Vulnerability
A vulnerability in the Remote Mobile Access Subsystem in Cisco Unified Communications Manager Cisco Unified CM could allow an unauthenticated, remote attacker to supply a crafted Transport Layer Security TLS certificate that may be accepted by the affected device. The vulnerability is due to...
Cisco IOS XR Software Compression ACL Bypass Vulnerability
A vulnerability in the port or address range compression feature for access control lists ACLs on Typhoon line cards in Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass protection offered by a configured ACL on an affected device. The...
Cisco IOS XR Software Malformed RSVP Packet Denial of Service Vulnerability
A vulnerability in RSVP processing of Cisco IOS XR could allow an unauthenticated, remote attacker to cause a reload of the RSVP process on the affected device. The vulnerability is due to improper parsing of a malformed RSVP packet. An attacker could exploit this vulnerability by sending a...
Cisco Unified Communications Manager Real-Time Monitoring Tool Path Traversal Vulnerability
A vulnerability in the Real-Time Monitoring Tool RTMT of Cisco Unified Communications Manager Cisco Unified CM could allow an authenticated, remote attacker to download files from arbitrary locations on the filesystem. The vulnerability is due to insufficient input validation. An attacker could...
Cisco WebEx Meetings Client Heap-Based Buffer Overflow Vulnerability
A vulnerability in the file sharing functionality of the Cisco WebEx Meetings client could allow an unauthenticated, remote attacker to trigger a heap-based buffer overflow in the Cisco WebEx Meetings client running on another user's computer. The vulnerability exists because the affected softwar...
Cisco Unified Communications Manager Java Interface SQL Injection Vulnerability
A vulnerability in BulkViewFileContentsAction.java of Cisco Unified Communications Manager Cisco Unified CM could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to improper filename parameters. An attacker could exploit this vulnerability by...
Cisco Identity Services Engine RADIUS Service Denial of Service Vulnerability
A vulnerability in Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to cause the affected system to stop processing Remote Authentication Dial-In User Service RADIUS packets. The vulnerability is due to improper implementation of deadlock code when the system...
Cisco IOS Software ScanSafe Vulnerability
A vulnerability in the content scanning module of Cisco IOS Software could allow an unauthenticated, remote attacker to cause a reload of the affected device. The vulnerability occurs when processing HTTPS packets that need to be redirected to a ScanSafe tower. An attacker could exploit this...
Cisco ONS 15454 Controller Card Denial of Service Vulnerability
A vulnerability in the code of the Cisco ONS 15454 Controller Cards could allow an unauthenticated, remote attacker to cause the control card to reset. The vulnerability is due to improper instructions to reload the controller card. A CAL pipe fails to open when the file descriptors are exhausted...
Cisco Emergency Responder Cross-Site Scripting Vulnerability
A vulnerability in the Cisco Emergency Responder Cisco ER UserServlet of Cisco ER Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the Cisco ER web interface. The vulnerability is due to insufficient input validation of a...
Cisco IOS Software Network Address Translation Vulnerabilities
The Cisco IOS Software implementation of the Network Address Translation NAT feature contains two vulnerabilities when translating IP packets that could allow an unauthenticated, remote attacker to cause a denial of service condition. Cisco has released software updates that address these...
Multiple Vulnerabilities in Cisco Wireless LAN Controllers
The Cisco Wireless LAN Controller WLC product family is affected by the following vulnerabilities: Cisco Wireless LAN Controller Denial of Service Vulnerability Cisco Wireless LAN Controller Unauthorized Access to Associated Access Points Vulnerability Cisco Wireless LAN Controller IGMP Version 3...
Cisco Firewall Services Module Cut-Through Proxy Denial of Service Vulnerability
Cisco Firewall Services Module FWSM Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a reload of an affected system. The vulnerability is due to a race condition when releasing the memory allocated by the cut-through proxy function. An attacker could...
Cisco Unified Communications Manager Unauthenticated log4jinit Access Vulnerability
A vulnerability in the log4jinit web application of Cisco Unified Communications Manager UCM could allow an unauthenticated, remote attacker to access the log4jinit web application. The vulnerability is due to insufficient authentication checking when accessing the log4jinit web application. An...
Cisco TelePresence System Software Command Execution Vulnerability
Cisco TelePresence System Software contains a vulnerability in the System Status Collection Daemon SSCD code that could allow an unauthenticated, adjacent attacker to execute arbitrary commands with the privileges of the root user. Cisco has released software updates that address this...
Cisco Context Directory Agent Hidden Input Vulnerability
A vulnerability in certain input fields of Cisco Context Directory Agent CDA could allow an authenticated, remote attacker to hide values that are entered in the affected input fields. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by...
Cisco Server Provisioner Web Interface Information Disclosure Vulnerability
A vulnerability in the web interface of Cisco Server Provisioner could allow an unauthenticated, remote attacker to access some pages directly that should require authentication. The vulnerability is due to a failure to enforce access controls for the vulnerable pages. An attacker could exploit...
Cisco Nexus 1000V Series Switches Arbitrary Command Execution Vulnerability
A vulnerability in the license installation module of the Cisco Nexus 1000V could allow an authenticated, local attacker to execute arbitrary shell commands. The vulnerability is due to a failure of the install all iso command to properly validate user-supplied input. An attacker could exploit th...
Cisco Wireless LAN Controller HTTP Request Denial of Service Vulnerability
A vulnerability in the web framework of the Cisco Wireless LAN Controller WLC could allow an authenticated, remote attacker to create a denial of service DoS condition. The vulnerability is due to improper input validation of configuration parameters. An attacker could exploit this vulnerability ...
Cisco Adaptive Security Appliance IPv6 NAT Denial of Service Vulnerability
A vulnerability in the function that performs IP version 6 IPv6 Network Address Translation NAT for Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of an affected system. The vulnerability is due to improper implementation of the logic that performs NAT when t...
Cisco Identity Services Engine Upload Filename Validation Vulnerability
A vulnerability in the file upload filename parsing routine of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to upload a file with a malicious filename. The vulnerability is due to insufficient validation of uploaded filenames. An attacker could exploit this...
Cisco Unified Computing System Fabric Interconnect Arbitrary File Creation Vulnerability
A vulnerability in the fabric interconnect of the Cisco Unified Computing System could allow an authenticated, local attacker to execute commands with elevated privileges. The vulnerability is due to improper filtering of user-supplied parameters. An attacker could exploit this vulnerability by...
Cisco Unified Computing System Fabric Interconnect Privilege Escalation Vulnerability
A vulnerability in the fabric interconnect of the Cisco Unified Computing System could allow an authenticated, local attacker to execute scripts with elevated privileges. The vulnerability occurs because all scripts are executed at the same privilege level. An attacker could exploit this...
Cisco Identity Services Engine Blind SQL Injection Vulnerability
A vulnerability in the web framework of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to impact the integrity and availability of the affected system by executing arbitrary SQL queries. The vulnerability is due to a failure to validate user-supplied input used i...
Cisco Unified Computing System Fabric Interconnect clear sshkey Command Injection Vulnerability
A vulnerability in the clear sshkey command of the Cisco Unified Computing System fabric interconnect could allow an authenticated, local attacker to execute commands and obtain an interactive Linux shell as the root user. The vulnerability is due to a failure to properly sanitize user input. An...