5226 matches found
Cisco Unified Communications Manager CAPF CSR Arbitrary File Read/Write Vulnerability
A vulnerability in the Certificate Authority Proxy Function CAPF command-line function for Certificate Signing Request CSR management of Cisco Unified Communications Manager Cisco Unified CM could allow an authenticated, local attacker to read or write arbitrary files to the underlying operating...
Cisco Third-Generation IP Phone CTL Trust Chain Enforcement Vulnerability
A vulnerability in Certificate Trust List CTL authentication of Cisco third-generation IP phones could allow an unauthenticated, remote attacker to inject a crafted CTL file to the IP phone. The vulnerability is due to insufficient authentication of the CTL file. An attacker could exploit this...
Cisco Unified Communications Manager Arbitrary File Read Vulnerability
A vulnerability in the bulk administration interface of Cisco Unified Communications Manager UCM could allow an authenticated, remote attacker to read arbitrary files from the underlying file system. The vulnerability is due to insufficient input validation. An attacker could exploit this...
Cisco NX-OS Software TACACS+ Command Authorization Vulnerability
A vulnerability in the TACACS+ command authorization code of Cisco NX-OS Software could allow an authenticated, local attacker to execute certain commands without TACACS+ server authorization. The vulnerability is due to the processing of certain commands when executed in a sequence. An attacker...
Cisco TelePresence System Software Command Execution Vulnerability
Cisco TelePresence System Software contains a vulnerability in the System Status Collection Daemon SSCD code that could allow an unauthenticated, adjacent attacker to execute arbitrary commands with the privileges of the root user. Cisco has released software updates that address this...
Cisco Context Directory Agent Mappings Page Cross-Site Scripting Vulnerability
A vulnerability in the Mappings page of Cisco Context Directory Agent CDA could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by...
Cisco Adaptive Security Appliance Management Connections Denial of Service Vulnerability
A vulnerability in the Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to cause an affected system to become unresponsive to management session requests via SSH, Telnet, HTTP, and HTTPS. The vulnerability is due to a memory leak in the connection...
Cisco Unified Communications Manager Arbitrary File Read/Write Vulnerability
A vulnerability in a command-line utility of Cisco Unified Communications Manager Cisco Unified CM could allow an authenticated, local attacker to read or write data to arbitrary locations on the filesystem. The vulnerability is due to insufficient input validation. An attacker could exploit this...
Cisco IOS Software SSL VPN Interface Queue Wedge Denial of Service Vulnerability
A vulnerability in the Datagram Transport Layer Security DTLS function of the Cisco IOS Software SSL VPN feature could allow an authenticated, remote attacker to cause the SSL VPN gateway interface to stop processing traffic when the queue is full, resulting in a denial of service DoS condition...
Cisco Unified Computing System Fabric Interconnect Cross-Site Request Forgery Vulnerability
A vulnerability in the fabric interconnect FI web management interface of the Cisco Unified Computing System could allow an unauthenticated, remote attacker to conduct cross-site request forgery CSRF attacks. The vulnerability occurs because the web interface relies on cookies to authenticate...
Cisco NX-OS Software Input Validation Vulnerability
A vulnerability in the input parsing of Cisco NX-OS Software could allow an unauthenticated, local attacker to execute commands on the underlying operating system. The vulnerability is due to poor processing of parameters that include special characters. An attacker could exploit this vulnerabili...
Cisco NX-OS Software Arbitrary Code Execution Vulnerability
A vulnerability in the input parsing of Cisco NX-OS Software could allow an authenticated, local attacker to execute commands on the underlying operating system. The vulnerability is due to poor processing of parameters that include special characters. An attacker could exploit this vulnerability...
Cisco Identity Services Engine Mobile Device Management Portal Cross-Site Scripting Vulnerability
A vulnerability in the Mobile Device Management MDM portal of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability is due to insufficient inpu...
Cisco MediaSense Sensitive Data in Query String/Cookie Vulnerability
A vulnerability in the web interface of Cisco MediaSense could allow an unauthenticated, remote attacker to collect sensitive information. The vulnerability is due to sensitive information being transmitted via an insecure channel. An attacker could exploit this vulnerability by capturing the...
Cisco Secure Access Control Server Remote Command Execution Vulnerability
A vulnerability in the EAP-FAST authentication module of Cisco Secure Access Control Server ACS versions 4.0 through 4.2.1.15 could allow an unauthenticated, remote attacker to execute arbitrary commands on the Cisco Secure ACS server. This vulnerability is only present when Cisco Secure ACS is...
Cisco Finesse Directory Read Vulnerability
A vulnerability in the web interface of Cisco Finesse could allow an unauthenticated, remote attacker to read the contents of a directory on the server. The vulnerability is due to insufficient access controls on directory access. An attacker could exploit this vulnerability by visiting a URL tha...
Cisco WebEx Error Message Information Disclosure Vulnerability
A vulnerability in Cisco WebEx could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to improper error messages displayed by the affected software when handling requests to view another user's files. An attacker could exploit this vulnerability by...
Cisco Integrated Management Controller Denial of Service Vulnerability
Cisco Unified Computing System UCS C-Series Rack Server version 1.4 contains a vulnerability that could allow an unauthenticated, remote attacker to cause the Cisco Integrated Management Controller CIMC, which is used for management/monitoring of the Cisco UCS Rack Server, to stop responding or a...
Cisco WebEx Meetings Server Inactive User Authentication Bypass Vulnerability
A vulnerability in the web interface of Cisco WebEx Meetings Server could allow an authenticated, remote attacker to manage meetings, including scheduling of meetings, after the authenticated user has been deactivated. The vulnerability is due to a failure to verify the active status of users...
Cisco Unified Operations Manager SQL Injection Vulnerability
A vulnerability in the management application of the Cisco Unified Operations Manager could allow an authenticated, remote attacker to execute arbitrary Structured Query Language SQL queries. The vulnerability is due to a failure to validate user-supplied input used in SQL queries. An attacker...
Cisco Nexus 1000V VSM to vCenter Communication Man-in-the-Middle Vulnerability
A vulnerability in the SSL implementation of the Cisco Nexus 1000V could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack against Virtual Supervisor Module VSM to VMware vCenter communications. The vulnerability is due to improper verification of SSL security...
Cisco Nexus 1000V ESXi Hypervisor Denial of Service Vulnerability
A vulnerability in the Cisco Nexus 1000V Virtual Ethernet Module VEM kernel driver for VMware ESXi could allow an unauthenticated, remote attacker to cause the ESXi hypervisor to crash, resulting in a purple screen of death PSOD. The vulnerability is due to insufficient validation of STUN protoco...
Cisco Unified Presence Memory Exhaustion Vulnerability
A vulnerability in the web framework of Cisco Unified Presence could allow an unauthenticated, remote attacker to cause an increase in memory utilization. The vulnerability is due to improper handling of memory allocation when the affected system is flooded with malformed TCP packets. An attacker...
Cisco Unified Presence XMPP Denial of Service Vulnerability
The XML parser of Cisco Unified Presence contains a vulnerability that could allow an authenticated, remote attacker to trigger a crash of the jabberd process, causing a denial of service condition. The vulnerability is due to insufficient validation of crafted XML in Extensible Messaging and...
Cisco Adaptive Security Appliance Software and Firewall Services Module Software Secure Shell Denial of Service Vulnerability
A vulnerability in the implementation of the Secure Shell SSH function could allow an unauthenticated, remote attacker to deny SSH management access to legitimate users. The vulnerability is due to improper implementation of the logic to terminate SSH sessions. An attacker could exploit this...
Cisco IOS Software Protocol Translation Vulnerability
The Cisco IOS Software Protocol Translation PT feature contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are...
Cisco ASA-CX and Cisco PRSM Log Retention Denial of Service Vulnerability
Cisco ASA-CX Context-Aware Security appliance and Cisco Prime Security Manager PRSM contain a denial of service DoS vulnerability in versions prior to 9.0.2-103. Successful exploitation of this vulnerability on the Cisco ASA-CX could cause the device to stop processing user traffic and prevent...
Cisco NX-OS FCIP Remote Denial of Service Vulnerability
Cisco NX-OS contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on a targeted device. The vulnerability is due to improper processing of certain packets by the affected devices. An unauthenticated, remote attacker could exploit...
Cisco Scientific Atlanta D20 and D30 Based Cable Modem Cross-Site Scripting Vulnerability
Cisco Scientific Atlanta cable modems D20 and D30 based products contain a vulnerability that could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to insufficient sanitization of user-supplied input to the web wizard setup web page. An...
Cisco IOS Software Smart Install Denial of Service Vulnerability
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Cisco Firewall Services Module Crafted Protocol Independent Multicast Message Denial of Service Vulnerability
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Default Credentials for Root Account on Tandberg E, EX and C Series Endpoints
...
CiscoWorks Common Services Arbitrary Code Execution Vulnerability
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Cisco IOS Software Network Address Translation Vulnerabilities
The Cisco IOS® Software Network Address Translation functionality contains three denial of service DoS vulnerabilities. The first vulnerability is in the translation of Session Initiation Protocol SIP packets, the second vulnerability in the translation of H.323 packets and the third vulnerabilit...
Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Multiple Vulnerabilities in Cisco Security Agent
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Vulnerabilities in Unified Contact Center Express Administration Pages
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Cisco Unified Communications Manager CAPF Denial of Service Vulnerability
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Cisco IOS HTTP Server Ping Parameter Cross-Site Scripting Vulnerability
Cisco IOS Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary HTML and script code in the user's browser session. The vulnerability exists due to an input sanitization error in the embedded HTTP server. An unauthenticated, remote attacker...
Cisco IOS MPLS VPN May Leak Information
Devices running Cisco IOS versions 12.0S, 12.2, 12.3 or 12.4 and configured for Multiprotocol Label Switching MPLS Virtual Private Networks VPNs or VPN Routing and Forwarding Lite VRF Lite and using Border Gateway Protocol BGP between Customer Edge CE and Provider Edge PE devices may permit...
Cisco IOS IPS Denial of Service Vulnerability
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Cisco Unified Communications Manager Denial of Service and Authentication Bypass Vulnerabilities
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
SQL injection in Cisco Unified Communications Manager
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Cisco Trust Agent Local Privilege Escalation Vulnerability
Cisco Trust Agent versions 2.1103 and prior contain a vulnerability when running on Apple Mac OS X that could allow an unauthenticated, local user to bypass security restrictions and gain unauthorized access to the affected system. This vulnerability exists due to improper display of user...
Cisco Wireless Control System Privilege Escalation Vulnerability
Cisco Wireless Control System WCS versions prior to 4.0.87.0 contains a vulnerability that could allow an authenticated, remote attacker to gain escalated privileges on the affected system. This vulnerability exists due to insufficient access controls on the Cisco WCS configuration page used to...
SIP Packets Reload IOS Devices with support for SIP
Cisco devices running an affected version of Internetwork Operating System IOS which supports Session Initiation Protocol SIP are affected by a vulnerability that may lead to a reload of the device when receiving a specific series of packets destined to port 5060. This issue is compounded by a...
Cisco Secure Access Control Server Access-Request Handling Denial of Service Vulnerability
Cisco Secure Access Control Server for Windows and Cisco Secure Access Control Server Solution Engine contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. This vulnerability exists due to insufficient handling of malformed RADIUS...
Cisco Security Agent Management Center LDAP Administrator Authentication Bypass
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Multiple Cisco Unified CallManager Vulnerabilities
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Access Point Web-browser Interface Vulnerability
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...