Cisco Unified Communications Manager Remote Mobile Access Subsystem Vulnerability

A vulnerability in the Remote Mobile Access Subsystem in Cisco Unified Communications Manager Cisco Unified CM could allow an unauthenticated, remote attacker to supply a crafted Transport Layer Security TLS certificate that may be accepted by the affected device. The vulnerability is due to...

Cisco Unified Communications Manager SQL Injection Vulnerability

A vulnerability in Cisco Unified Communications Manager could allow an authenticated, remote attacker to perform SQL injection. This could allow the attacker to obtain information the affected application can access. The vulnerability is due to a failure to properly sanitize user-supplied input...

Cisco TelePresence MCU Software Memory Exhaustion Vulnerability

A vulnerability in the network stack of Cisco TelePresence MCU Software could allow an unauthenticated, remote attacker to cause the exhaustion of available memory which could lead to system instability and a reload of the affected system. Cisco has released software updates that address this...

Cisco IOS XR Software DHCPv6 Denial of Service Vulnerability

A vulnerability in the DHCP version 6 DHCPv6 code of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the DHCPv6 server process on an affected device to crash. The vulnerability is due to incorrect handling of malformed DHCPv6 packets. An attacker could exploit this...

Cisco IOS Software and Cisco IOS XE Software EnergyWise Crafted Packet Denial of Service Vulnerability

A vulnerability in the EnergyWise module of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of the affected device. The vulnerability is due to improper parsing of crafted EnergyWise packets destined to an affected device. An attacker could...

Cisco Unified Presence Server Sync Agent Vulnerability

A vulnerability in the Intercluster Sync Agent Service on Cisco Unified Presence Server could allow an unauthenticated, remote attacker to trigger a denial of service DoS condition. The vulnerability is due to a SYN flood. An attacker could exploit this vulnerability by exceeding the tcp max...

Cisco IOS Software and IOS XE Software NTP Access Group Vulnerability

A vulnerability in the implementation of the ntp access-group command in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass the configured Network Time Protocol NTP access group and query the affected NTP-configured server for the time. The...

Cisco WebEx Meeting Server Sensitive Information Disclosure Vulnerability

A vulnerability in Cisco WebEx Meeting Server could allow an authenticated, remote attacker to acquire sensitive information. The vulnerability is due to inclusion of sensitive information in URLs. An attacker could exploit this vulnerability by viewing application URL requests that contain the...

Cisco Adaptive Security Appliance Information Disclosure Vulnerability

A vulnerability in the authorization code of Cisco ASA Software could allow an authenticated, remote attacker to access information stored on the file system of an affected system. The vulnerability is due to improper implementation of authorization controls when an unprivileged user tries to...

Cisco Unified Communications Manager CDR Management Vulnerability

A vulnerability in Call Detail Records CDR Management of Cisco Unified Communications Manager Cisco Unified CM could allow an authenticated, remote attacker to acquire sensitive information. The vulnerability is due to extraneous information included in the web page. An attacker could exploit thi...

Cisco Unity Connection Directory Traversal Vulnerability

A vulnerability in the messaging API of Cisco Unity Connection could allow an authenticated, remote attacker to execute a directory traversal and download arbitrary files that match the allowed MIME types. The vulnerability occurs because there is insufficient input filtering and file types other...

Cisco IOS Software Network Address Translation Vulnerabilities

The Cisco IOS Software implementation of the Network Address Translation NAT feature contains two vulnerabilities when translating IP packets that could allow an unauthenticated, remote attacker to cause a denial of service condition. Cisco has released software updates that address these...

Multiple Vulnerabilities in Cisco Wireless LAN Controllers

The Cisco Wireless LAN Controller WLC product family is affected by the following vulnerabilities: Cisco Wireless LAN Controller Denial of Service Vulnerability Cisco Wireless LAN Controller Unauthorized Access to Associated Access Points Vulnerability Cisco Wireless LAN Controller IGMP Version 3...

Cisco Unified Communications Manager OS Administration CSRF Vulnerability

A vulnerability in the OS Administration page of Cisco Unified Communications Manager Cisco Unified CM could allow an unauthenticated, remote attacker to perform a cross-site request forgery CSRF attack against the OS Administration web interface. The vulnerability is due to insufficient CSRF...

Cisco Firewall Services Module Cut-Through Proxy Denial of Service Vulnerability

Cisco Firewall Services Module FWSM Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a reload of an affected system. The vulnerability is due to a race condition when releasing the memory allocated by the cut-through proxy function. An attacker could...

Cisco Unified Communications Manager Unauthenticated log4jinit Access Vulnerability

A vulnerability in the log4jinit web application of Cisco Unified Communications Manager UCM could allow an unauthenticated, remote attacker to access the log4jinit web application. The vulnerability is due to insufficient authentication checking when accessing the log4jinit web application. An...

Cisco TelePresence System Software Command Execution Vulnerability

Cisco TelePresence System Software contains a vulnerability in the System Status Collection Daemon SSCD code that could allow an unauthenticated, adjacent attacker to execute arbitrary commands with the privileges of the root user. Cisco has released software updates that address this...

Cisco Unified Communications Manager Role Bypass Vulnerability

A vulnerability in the administration portal of Cisco Unified Communications Manager Unified CM could allow an authenticated, remote attacker to bypass role restrictions. The vulnerability is due to insufficient role restriction processing. An attacker could exploit this vulnerability by revisiti...

Cisco NX-OS Software Crafted Border Gateway Protocol Update Message Denial of Service Vulnerability

A vulnerability in the Border Gateway Protocol BGP functionality of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause all BGP sessions on the device to reset. The vulnerability is due to the improper processing of specifically crafted BGP update messages. An attacker...

Cisco ONS 15454 Controller Card Denial of Service Vulnerability

A vulnerability in the TLS/SSLv3 module of the Cisco ONS 15454 Controller Cards could allow an unauthenticated, remote attacker to cause the control card to reset. The vulnerability is due to improper validation of the TLS/SSLv3 packets. An attacker could exploit this vulnerability by sending a...

Cisco Server Provisioner Web Interface Information Disclosure Vulnerability

A vulnerability in the web interface of Cisco Server Provisioner could allow an unauthenticated, remote attacker to access some pages directly that should require authentication. The vulnerability is due to a failure to enforce access controls for the vulnerable pages. An attacker could exploit...

Cisco IOS Software SSL VPN Interface Queue Wedge Denial of Service Vulnerability

A vulnerability in the Datagram Transport Layer Security DTLS function of the Cisco IOS Software SSL VPN feature could allow an authenticated, remote attacker to cause the SSL VPN gateway interface to stop processing traffic when the queue is full, resulting in a denial of service DoS condition...

Cisco WSA, ESA, and SMA Management GUI Denial of Service Vulnerability

A vulnerability in the GUI function in the web framework code could allow an unauthenticated, remote attacker to cause the GlassFish process to become unresponsive, resulting in a partial denial of service DoS condition. The vulnerability is due to improper handling, processing, and termination o...

Cisco Unified Computing System Fabric Interconnect Denial of Service Vulnerability

A vulnerability in the fabric interconnect of Cisco Unified Computing System could allow an authenticated, local attacker to cause a denial of service DoS condition. The vulnerability is due to improper filtering of user-supplied parameters. An attacker could exploit this vulnerability by executi...

Cisco Unified Computing System Fabric Interconnect Man-In-The-Middle Vulnerability

A vulnerability in the Fabric Interconnect of Cisco Unified Computing System could allow an unauthenticated, remote attacker to execute a man-in-the-middle attack. The vulnerability is due to improper verification of the server SSL certificate. An attacker could exploit this vulnerability by...

Cisco Unified Computing System Baseboard Management Controller Command Injection Vulnerability

A vulnerability in the Baseboard Management Controller BMC of the Cisco Unified Computing System could allow an authenticated, local attacker to inject arbitrary commands on the underlying operating system with elevated privileges. The vulnerability is due to improper filtering of user-supplied...

Cisco NX-OS Software Information Disclosure Vulnerability

A vulnerability in Cisco NX-OS Software could allow an authenticated, remote attacker to view sensitive information. The vulnerability is due to improper sanitization of configuration files that can be viewed by users assigned to the network-operator role. An attacker could exploit this...

Cisco Unified Computing System Fabric Interconnect activate firmware Command Injection Vulnerability

A vulnerability in the activate firmware command of the Cisco Unified Computing System fabric interconnect could allow an authenticated, local attacker to execute commands and obtain an interactive Linux shell as the root user. The vulnerability is due to a failure to properly sanitize user input...

Cisco Unified Computing System FTP User Vulnerability

A vulnerability in the FTP server of the Cisco Unified Computing System could allow an unauthenticated, adjacent attacker to view and modify files. The vulnerability is due to an undocumented user account with a hard-coded password. An attacker could exploit this vulnerability by accessing the FT...

Cisco Unified Computing System Arbitrary Command Execution Vulnerability

A vulnerability in the remote debug shell in Cisco Unified Computing System PALO adapter cards could allow an authenticated, local attacker to execute commands on the underlying operating system with elevated privileges. The vulnerability is due to insufficient handling of special characters. An...

Cisco IOS Software Queue Wedge Denial of Service Vulnerability

A vulnerability in the T1/E1 driver queue implementation of Cisco IOS Software could allow an unauthenticated, remote attacker to cause an interface wedge condition, which could lead to loss of connectivity, loss of routing protocol adjacency, and could result in a denial of service DoS scenario...

Multiple Cisco MediaSense oraadmin Cross-Site Scripting Vulnerabilities

A vulnerability in the oraadmin service page of Cisco MediaSense could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against user of the web interface of the affected system. The vulnerability is due to insufficient input validation of a parameter. An...

Cisco Unified MeetingPlace Solution Cross-Site Request Forgery Vulnerability

A vulnerability in the web framework code of Cisco Unified MeetingPlace Solution could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against the user of the web interface. The vulnerability is due to insufficient CSRF protections. An attacker could...

Cisco Jabber for Windows Certificate Validation Vulnerability

A vulnerability in Cisco Jabber for Windows could allow an unauthenticated, remote attacker to gain a man-in-the-middle position. The vulnerability is due to a failure to validate server certificates when negotiating a connection over Secure Sockets Layer SSL. An attacker could exploit this...

Cisco IOS XR RIP Version 2 Crafted Packet Processing Denial of Service Vulnerability

A vulnerability in the Routing Information Protocol RIP process of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the RIP process to crash. The vulnerability is due to insufficient input validations of the packet. An attacker could exploit this vulnerability by...

Cisco Unified IP Phone 8945 Crafted PNG Image Lockup Vulnerability

A vulnerability in PNG image processing of the Cisco Unified IP Phone 8945 running software version 9.32 could allow an unauthenticated, remote attacker to cause the phone to lock up. The vulnerability is due to incorrect processing of malformed PNG images. An attacker could exploit this...

Cisco Unified Communications Manager Privilege Escalation Vulnerability

A vulnerability in Cisco Unified Communications Manager Unified CM could allow an authenticated, local attacker to elevate privileges on the system. The vulnerability is due to improper file permissions, environment variables, and relative paths in a privileged system script. An attacker could...

Cisco 9900 Series Phone Arbitrary File Download Vulnerability

A vulnerability in the Serviceability servlet of fourth-generation Cisco IP phones could allow an unauthenticated, remote attacker to download arbitrary files from the phone's file system. The vulnerability is due to incomplete filtering of path values. An attacker could exploit this vulnerabilit...

Cisco Nexus 1000V Insufficient VSM/VEM Authentication Vulnerability

A vulnerability in the Cisco Nexus 1000V could allow an unauthenticated, remote attacker to obtain control over a Virtual Ethernet Module VEM and associated port groups. The vulnerability is due to insufficient authentication between a VEM and a Virtual Supervisor Module VSM. An attacker could...

Cisco ASA Software VPN Group Enumeration Vulnerability

A vulnerability in the Internet Security Association and Key Management Protocol ISAKMP implementation in Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to enumerate remote access VPN groups configured in a Cisco ASA device. The vulnerability is due...

Cisco IOS Software Zone-Based Policy Firewall Session Initiation Protocol Inspection Denial of Service Vulnerability

Cisco IOS Software contains a memory leak vulnerability that could be triggered through the processing of malformed Session Initiation Protocol SIP messages. Exploitation of this vulnerability could cause an interruption of services. Only devices that are configured for SIP inspection are affecte...

Cisco Unity Connection Memory Leak Denial of Service Vulnerability

Cisco Unity Connection contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to the improper handling of user-supplied requests by the affected software. An unauthenticated, remote attacker could exploit...

Cisco Nexus 7000 M1-Series Modules Crafted Packet Vulnerability

Cisco Nexus 7000 M1-Series Modules contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to incorrect handling of crafted packets processed by the affected software. An unauthenticated, remote attacker cou...

Cisco NX-OS FCIP Remote Denial of Service Vulnerability

Cisco NX-OS contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on a targeted device. The vulnerability is due to improper processing of certain packets by the affected devices. An unauthenticated, remote attacker could exploit...

Multiple Vulnerabilities in Cisco TelePresence Immersive Endpoint Devices

Cisco TelePresence Endpoint devices contain the following vulnerabilities: Cisco TelePresence API Remote Command Execution Vulnerability Cisco TelePresence Remote Command Execution Vulnerability Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability Exploitation of the AP...

Cisco Digital Media Manager Privilege Escalation Vulnerability

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

Cisco Unified Communications Manager Directory Traversal Vulnerability

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

Jabber Extensible Communications Platform and Cisco Unified Presence XML Denial of Service Vulnerability

A denial of service DoS vulnerability exists in Jabber Extensible Communications Platform Jabber XCP and Cisco Unified Presence. An unauthenticated, remote attacker could exploit this vulnerability by sending malicious XML to an affected server. Successful exploitation of this vulnerability could...

Cisco Unified Communications Manager Memory Leak Vulnerability

Cisco Unified Communications Manager contains a memory leak vulnerability that could be triggered through the processing of malformed Session Initiation Protocol SIP messages. Exploitation of this vulnerability could cause an interruption of voice services. Cisco has released free software update...

Cisco Content Services Gateway Vulnerabilities

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...