5223 matches found
Cisco WebEx Meetings Server User Enumeration Vulnerability
A vulnerability in the Forgot Password process of the Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to enumerate a valid administrator account. The vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by submitting...
Cisco Unified Communications Domain Manager Cross-Site Request Forgery Vulnerability
A vulnerability in the web framework code of Cisco Unified Communication Domain Manager version 10 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against the user of the web interface. The vulnerability is due to insufficient CSRF protections. ...
Cisco WebEx Meetings Server Cross-Site Request Forgery Vulnerability
A vulnerability in the web framework of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to perform a cross-site request forgery CSRF attack. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerability by convincing a user of...
Cisco WebEx Meetings Server User Enumeration Vulnerability
A vulnerability in the web framework of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to enumerate valid user accounts. The vulnerability is due to improper sanitization of a returned message. An attacker could exploit this vulnerability by sending crafted URL reques...
Cisco WebEx Meetings Server Password Encryption Vulnerability
A vulnerability in the OutlookAction LI of Cisco WebEx Meetings Server could allow an authenticated, remote attacker to generate sensitive encrypted values. The vulnerability is due to the return of a user's encrypted password. An attacker could exploit this vulnerability by generating these...
Cisco Unified Communications Manager Remote Mobile Access Subsystem Vulnerability
A vulnerability in the Remote Mobile Access Subsystem in Cisco Unified Communications Manager Cisco Unified CM could allow an unauthenticated, remote attacker to supply a crafted Transport Layer Security TLS certificate that may be accepted by the affected device. The vulnerability is due to...
Cisco Unified Communications Manager SQL Injection Vulnerability
A vulnerability in Cisco Unified Communications Manager could allow an authenticated, remote attacker to perform SQL injection. This could allow the attacker to obtain information the affected application can access. The vulnerability is due to a failure to properly sanitize user-supplied input...
Cisco TelePresence MCU Software Memory Exhaustion Vulnerability
A vulnerability in the network stack of Cisco TelePresence MCU Software could allow an unauthenticated, remote attacker to cause the exhaustion of available memory which could lead to system instability and a reload of the affected system. Cisco has released software updates that address this...
Cisco IOS XR Software Compression ACL Bypass Vulnerability
A vulnerability in the port or address range compression feature for access control lists ACLs on Typhoon line cards in Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass protection offered by a configured ACL on an affected device. The...
Cisco IOS XR Software Malformed RSVP Packet Denial of Service Vulnerability
A vulnerability in RSVP processing of Cisco IOS XR could allow an unauthenticated, remote attacker to cause a reload of the RSVP process on the affected device. The vulnerability is due to improper parsing of a malformed RSVP packet. An attacker could exploit this vulnerability by sending a...
Cisco IOS XR Software DHCPv6 Denial of Service Vulnerability
A vulnerability in the DHCP version 6 DHCPv6 code of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the DHCPv6 server process on an affected device to crash. The vulnerability is due to incorrect handling of malformed DHCPv6 packets. An attacker could exploit this...
Cisco IOS Software and Cisco IOS XE Software EnergyWise Crafted Packet Denial of Service Vulnerability
A vulnerability in the EnergyWise module of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of the affected device. The vulnerability is due to improper parsing of crafted EnergyWise packets destined to an affected device. An attacker could...
Cisco Unified Presence Server Sync Agent Vulnerability
A vulnerability in the Intercluster Sync Agent Service on Cisco Unified Presence Server could allow an unauthenticated, remote attacker to trigger a denial of service DoS condition. The vulnerability is due to a SYN flood. An attacker could exploit this vulnerability by exceeding the tcp max...
Cisco WebEx Meetings Client Heap-Based Buffer Overflow Vulnerability
A vulnerability in the file sharing functionality of the Cisco WebEx Meetings client could allow an unauthenticated, remote attacker to trigger a heap-based buffer overflow in the Cisco WebEx Meetings client running on another user's computer. The vulnerability exists because the affected softwar...
Cisco IOS Software and IOS XE Software NTP Access Group Vulnerability
A vulnerability in the implementation of the ntp access-group command in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass the configured Network Time Protocol NTP access group and query the affected NTP-configured server for the time. The...
Cisco WebEx Meeting Server Sensitive Information Disclosure Vulnerability
A vulnerability in Cisco WebEx Meeting Server could allow an authenticated, remote attacker to acquire sensitive information. The vulnerability is due to inclusion of sensitive information in URLs. An attacker could exploit this vulnerability by viewing application URL requests that contain the...
Cisco Adaptive Security Appliance Information Disclosure Vulnerability
A vulnerability in the authorization code of Cisco ASA Software could allow an authenticated, remote attacker to access information stored on the file system of an affected system. The vulnerability is due to improper implementation of authorization controls when an unprivileged user tries to...
Cisco Unified Communications Manager CDR Management Vulnerability
A vulnerability in Call Detail Records CDR Management of Cisco Unified Communications Manager Cisco Unified CM could allow an authenticated, remote attacker to acquire sensitive information. The vulnerability is due to extraneous information included in the web page. An attacker could exploit thi...
Cisco Unity Connection Directory Traversal Vulnerability
A vulnerability in the messaging API of Cisco Unity Connection could allow an authenticated, remote attacker to execute a directory traversal and download arbitrary files that match the allowed MIME types. The vulnerability occurs because there is insufficient input filtering and file types other...
Cisco IOS Software Network Address Translation Vulnerabilities
The Cisco IOS Software implementation of the Network Address Translation NAT feature contains two vulnerabilities when translating IP packets that could allow an unauthenticated, remote attacker to cause a denial of service condition. Cisco has released software updates that address these...
Multiple Vulnerabilities in Cisco Wireless LAN Controllers
The Cisco Wireless LAN Controller WLC product family is affected by the following vulnerabilities: Cisco Wireless LAN Controller Denial of Service Vulnerability Cisco Wireless LAN Controller Unauthorized Access to Associated Access Points Vulnerability Cisco Wireless LAN Controller IGMP Version 3...
Cisco Unified Communications Manager OS Administration CSRF Vulnerability
A vulnerability in the OS Administration page of Cisco Unified Communications Manager Cisco Unified CM could allow an unauthenticated, remote attacker to perform a cross-site request forgery CSRF attack against the OS Administration web interface. The vulnerability is due to insufficient CSRF...
Cisco Firewall Services Module Cut-Through Proxy Denial of Service Vulnerability
Cisco Firewall Services Module FWSM Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a reload of an affected system. The vulnerability is due to a race condition when releasing the memory allocated by the cut-through proxy function. An attacker could...
Cisco Unified Communications Manager Unauthenticated log4jinit Access Vulnerability
A vulnerability in the log4jinit web application of Cisco Unified Communications Manager UCM could allow an unauthenticated, remote attacker to access the log4jinit web application. The vulnerability is due to insufficient authentication checking when accessing the log4jinit web application. An...
Cisco NX-OS Software Crafted Border Gateway Protocol Update Message Denial of Service Vulnerability
A vulnerability in the Border Gateway Protocol BGP functionality of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause all BGP sessions on the device to reset. The vulnerability is due to the improper processing of specifically crafted BGP update messages. An attacker...
Cisco ONS 15454 Controller Card Denial of Service Vulnerability
A vulnerability in the TLS/SSLv3 module of the Cisco ONS 15454 Controller Cards could allow an unauthenticated, remote attacker to cause the control card to reset. The vulnerability is due to improper validation of the TLS/SSLv3 packets. An attacker could exploit this vulnerability by sending a...
Cisco Server Provisioner Web Interface Information Disclosure Vulnerability
A vulnerability in the web interface of Cisco Server Provisioner could allow an unauthenticated, remote attacker to access some pages directly that should require authentication. The vulnerability is due to a failure to enforce access controls for the vulnerable pages. An attacker could exploit...
Cisco IOS Software SSL VPN Interface Queue Wedge Denial of Service Vulnerability
A vulnerability in the Datagram Transport Layer Security DTLS function of the Cisco IOS Software SSL VPN feature could allow an authenticated, remote attacker to cause the SSL VPN gateway interface to stop processing traffic when the queue is full, resulting in a denial of service DoS condition...
Cisco WSA, ESA, and SMA Management GUI Denial of Service Vulnerability
A vulnerability in the GUI function in the web framework code could allow an unauthenticated, remote attacker to cause the GlassFish process to become unresponsive, resulting in a partial denial of service DoS condition. The vulnerability is due to improper handling, processing, and termination o...
Cisco Unified Computing System Fabric Interconnect Denial of Service Vulnerability
A vulnerability in the fabric interconnect of Cisco Unified Computing System could allow an authenticated, local attacker to cause a denial of service DoS condition. The vulnerability is due to improper filtering of user-supplied parameters. An attacker could exploit this vulnerability by executi...
Cisco Unified Computing System Fabric Interconnect Man-In-The-Middle Vulnerability
A vulnerability in the Fabric Interconnect of Cisco Unified Computing System could allow an unauthenticated, remote attacker to execute a man-in-the-middle attack. The vulnerability is due to improper verification of the server SSL certificate. An attacker could exploit this vulnerability by...
Cisco Unified Computing System Baseboard Management Controller Command Injection Vulnerability
A vulnerability in the Baseboard Management Controller BMC of the Cisco Unified Computing System could allow an authenticated, local attacker to inject arbitrary commands on the underlying operating system with elevated privileges. The vulnerability is due to improper filtering of user-supplied...
Cisco NX-OS Software Information Disclosure Vulnerability
A vulnerability in Cisco NX-OS Software could allow an authenticated, remote attacker to view sensitive information. The vulnerability is due to improper sanitization of configuration files that can be viewed by users assigned to the network-operator role. An attacker could exploit this...
Cisco Unified Computing System Fabric Interconnect activate firmware Command Injection Vulnerability
A vulnerability in the activate firmware command of the Cisco Unified Computing System fabric interconnect could allow an authenticated, local attacker to execute commands and obtain an interactive Linux shell as the root user. The vulnerability is due to a failure to properly sanitize user input...
Cisco Unified Computing System Arbitrary Command Execution Vulnerability
A vulnerability in the remote debug shell in Cisco Unified Computing System PALO adapter cards could allow an authenticated, local attacker to execute commands on the underlying operating system with elevated privileges. The vulnerability is due to insufficient handling of special characters. An...
Cisco IOS Software Queue Wedge Denial of Service Vulnerability
A vulnerability in the T1/E1 driver queue implementation of Cisco IOS Software could allow an unauthenticated, remote attacker to cause an interface wedge condition, which could lead to loss of connectivity, loss of routing protocol adjacency, and could result in a denial of service DoS scenario...
Multiple Cisco MediaSense oraadmin Cross-Site Scripting Vulnerabilities
A vulnerability in the oraadmin service page of Cisco MediaSense could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against user of the web interface of the affected system. The vulnerability is due to insufficient input validation of a parameter. An...
Cisco Prime Central for Hosted Collaboration Solution Assurance Unauthenticated Username and Password Enumeration Vulnerability
A vulnerability in the web framework of Cisco Prime Central for Hosted Collaboration Solution HCS Assurance could allow an unauthenticated, remote attacker to access sensitive information on the system. The vulnerability is due to improper user authentication and inadequate session management. An...
Cisco Unified MeetingPlace Solution Cross-Site Request Forgery Vulnerability
A vulnerability in the web framework code of Cisco Unified MeetingPlace Solution could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against the user of the web interface. The vulnerability is due to insufficient CSRF protections. An attacker could...
Cisco Jabber for Windows Certificate Validation Vulnerability
A vulnerability in Cisco Jabber for Windows could allow an unauthenticated, remote attacker to gain a man-in-the-middle position. The vulnerability is due to a failure to validate server certificates when negotiating a connection over Secure Sockets Layer SSL. An attacker could exploit this...
Cisco IOS XR RIP Version 2 Crafted Packet Processing Denial of Service Vulnerability
A vulnerability in the Routing Information Protocol RIP process of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the RIP process to crash. The vulnerability is due to insufficient input validations of the packet. An attacker could exploit this vulnerability by...
Cisco Unified IP Phone 8945 Crafted PNG Image Lockup Vulnerability
A vulnerability in PNG image processing of the Cisco Unified IP Phone 8945 running software version 9.32 could allow an unauthenticated, remote attacker to cause the phone to lock up. The vulnerability is due to incorrect processing of malformed PNG images. An attacker could exploit this...
Cisco Unified Communications Manager Privilege Escalation Vulnerability
A vulnerability in Cisco Unified Communications Manager Unified CM could allow an authenticated, local attacker to elevate privileges on the system. The vulnerability is due to improper file permissions, environment variables, and relative paths in a privileged system script. An attacker could...
Cisco Nexus 1000V Insufficient VSM/VEM Authentication Vulnerability
A vulnerability in the Cisco Nexus 1000V could allow an unauthenticated, remote attacker to obtain control over a Virtual Ethernet Module VEM and associated port groups. The vulnerability is due to insufficient authentication between a VEM and a Virtual Supervisor Module VSM. An attacker could...
Cisco ASA Software VPN Group Enumeration Vulnerability
A vulnerability in the Internet Security Association and Key Management Protocol ISAKMP implementation in Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to enumerate remote access VPN groups configured in a Cisco ASA device. The vulnerability is due...
Cisco Unified Presence XMPP Denial of Service Vulnerability
The XML parser of Cisco Unified Presence contains a vulnerability that could allow an authenticated, remote attacker to trigger a crash of the jabberd process, causing a denial of service condition. The vulnerability is due to insufficient validation of crafted XML in Extensible Messaging and...
Cisco IOS Software Zone-Based Policy Firewall Session Initiation Protocol Inspection Denial of Service Vulnerability
Cisco IOS Software contains a memory leak vulnerability that could be triggered through the processing of malformed Session Initiation Protocol SIP messages. Exploitation of this vulnerability could cause an interruption of services. Only devices that are configured for SIP inspection are affecte...
Cisco Unity Connection Memory Leak Denial of Service Vulnerability
Cisco Unity Connection contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to the improper handling of user-supplied requests by the affected software. An unauthenticated, remote attacker could exploit...
Cisco NX-OS FCIP Remote Denial of Service Vulnerability
Cisco NX-OS contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on a targeted device. The vulnerability is due to improper processing of certain packets by the affected devices. An unauthenticated, remote attacker could exploit...
Cisco Unified Computing System Remote Denial of Service Vulnerability
Cisco Unified Computing System contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on a targeted system. The vulnerability is due to the improper handling of user-supplied SSH requests by affected software. An unauthenticated,...