5223 matches found
Cisco Unified Communications Manager Cross-Frame Scripting Vulnerability
A vulnerability in the web UI of Cisco Unified Communications Manager Unified CM could allow an unauthenticated, remote attacker to conduct a cross-frame scripting XFS attack against the user of the web UI of an affected system. The vulnerability is due to insufficient protections for HTML inline...
Cisco Firepower System Software Cross-Origin Domain Protection Vulnerability
A vulnerability in the management console of Cisco Firepower System Software could allow an unauthenticated, remote attacker to access sensitive data about the system. The vulnerability is due to improper cross-origin domain protections for the WebSocket protocol. An attacker could exploit this...
Cisco Wireless LAN Controller IP Fragment Reassembly Denial of Service Vulnerability
A vulnerability in the IP Version 4 IPv4 fragment reassembly function of Cisco 3500, 5500, and 8500 Series Wireless LAN Controller Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service DoS condition. The...
Cisco IOS XR Software Routing and Forwarding Inconsistency Denial of Service Vulnerability
A vulnerability in the forwarding information base FIB code of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause inconsistency between the routing information base RIB and the FIB, resulting in a denial of service DoS condition. The vulnerability is due to incorrect...
Cisco Policy Suite RADIUS Authentication Information Disclosure Vulnerability
A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthenticated, remote attacker to determine whether a subscriber username is valid. The vulnerability occurs because the Cisco Policy Suite RADIUS server component returns different authentication failure...
Cisco Policy Suite RADIUS Authentication Bypass Vulnerability
A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthenticated, remote attacker to be authorized as a subscriber without providing a valid password; however, the attacker must provide a valid username. The vulnerability is due to incorrect RADIUS user...
Cisco D9800 Network Transport Receiver OS Command Injection Vulnerability
A vulnerability in the web management GUI of the Cisco D9800 Network Transport Receiver could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of GUI command arguments. An attacker could exploit this...
Cisco Nexus Series Switches CLI Command Injection Vulnerability
A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments to the CLI parser. An attacker could exploit this vulnerability by injecting...
Cisco NX-OS System Software CLI Command Injection Vulnerability
A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. An attacker would need valid administrator credentials to perform this exploit. The vulnerability is due to insufficient input validation of command...
Cisco NX-OS System Software Interactive TCL Shell Escape Vulnerability
A vulnerability in the TCL scripting subsystem of Cisco NX-OS System Software could allow an authenticated, local attacker to escape the interactive TCL shell and gain unauthorized access to the underlying operating system of the device. The vulnerability exists due to insufficient input validati...
Cisco NX-OS System Software CLI Command Injection Vulnerability
A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command...
Cisco SPA300 and SPA500 Series IP Phones Cross-Site Request Forgery Vulnerability
A vulnerability in Cisco SPA300 and SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device. The vulnerability is due to a lack of cross-site request forgery CSRF protection. An attacker could exploit this vulnerability by tricking...
Cisco Unified Intelligence Center Cross-Site Scripting Vulnerability
A vulnerability in the web framework code of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation...
Cisco Unity Connection Reflected Cross-Site Scripting Vulnerability
A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain...
Cisco Unified Intelligence Center Cross-Site Scripting Vulnerability
A vulnerability in the Cisco Unified Intelligence Center web interface could allow an unauthenticated, remote attacker to impact the integrity of the system by executing a Document Object Model DOM-based, environment or client-side cross-site scripting XSS attack. The vulnerability occurs because...
Cisco RV340, RV345, and RV345P Dual WAN Gigabit VPN Routers Information Disclosure Vulnerability
A vulnerability in the web interface of the Cisco RV340, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to Cisco...
Cisco StarOS for ASR 5000 Series Routers Privilege Escalation Vulnerability
A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to elevate their privileges to admin-level privileges. The vulnerability is due to incorrect permissions that are given to a set o...
Cisco Smart Net Total Care Contracts Details Page SQL Injection Vulnerability
A vulnerability in the web-based management interface of the Cisco Smart Net Total Care SNTC Contracts Details Page could allow an authenticated, remote attacker to perform a read-only, blind SQL injection attack, which could allow the attacker to compromise the confidentiality of the system...
Cisco Meeting Server H.264 Protocol Denial of Service Vulnerability
A vulnerability in the implementation of the H.264 protocol in Cisco Meeting Server CMS could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected system. The vulnerability exists because the affected application does not properly validate...
Cisco Web Security Appliance Command Injection and Privilege Escalation Vulnerability
A vulnerability in the web interface of the Cisco Web Security Appliance WSA could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid administrator credentials. The vulnerability is due to insufficient...
Cisco StarOS for ASR 5000 Series Routers IPsec VPN Tunnel Denial of Service Vulnerability
A vulnerability in the IPsec component of Cisco StarOS for Cisco ASR 5000 Series Routers could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from establishing, resulting in a denial of service DoS condition. The vulnerability is due to...
Cisco Unity Connection ImageID Parameter Unauthorized Access Vulnerability
A vulnerability in the ImageID parameter of Cisco Unity Connection could allow an unauthenticated, remote attacker to access files in arbitrary locations on the filesystem of an affected device. The issue is due to improper sanitization of user-supplied input in HTTP POST parameters that describe...
Cisco Integrated Management Controller Cross-Site Scripting Vulnerability
A vulnerability in the web-based GUI of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker to perform a persistent cross-site scripting XSS attack. The vulnerability is due to insufficient validation of user-supplied input by the affected software. A successf...
Cisco Wireless LAN Controller Management GUI Denial of Service Vulnerability
A vulnerability in the web management interface of Cisco Wireless LAN Controller WLC Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to a missing internal handler for the specific request. An...
Cisco Aironet 1800, 2800, and 3800 Series Access Point Platforms Shell Bypass Vulnerability
A vulnerability in login authentication management in Cisco Aironet 1800, 2800, and 3800 Series Access Point platforms could allow an authenticated, local attacker to gain unrestricted root access to the underlying Linux operating system. The root Linux shell is provided for advanced...
Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance local-mgmt CLI Command Injection Vulnerability
A vulnerability in the local-mgmt CLI command of the Cisco Unified Computing System UCS Manager, Cisco Firepower 4100 Series Next-Generation Firewall NGFW, and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. The...
Cisco Secure Access Control System Information Disclosure Vulnerability
A vulnerability in the web interface of the Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to disclose sensitive information. The vulnerability is due to the inclusion of sensitive information in a server response when certain pages of the web interface are...
Cisco Unified Communications Manager Web Interface Cross-Site Scripting Vulnerability
A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of the affected software. The vulnerability is due to insufficient input validation of...
Cisco Firepower Management Center Web Framework Cross-Site Scripting Vulnerability
A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface. The vulnerability occurs because the affected software fails to perform sufficient validation a...
Cisco Prime Collaboration Assurance Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...
Cisco Meeting Server HTTP Packet Processing Vulnerability
A vulnerability in the Web Bridge interface of the Cisco Meeting Server CMS, formerly Acano Conferencing Server, could allow an authenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information. In addition, the attacker could potentially...
Cisco Unified Communications Manager Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due ...
Cisco NetFlow Generation Appliance Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco NetFlow Generation Appliance could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...
Cisco Hybrid Meeting Server Web Interface Cross-Site Request Forgery Vulnerability
A vulnerability in Cisco Hybrid Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against the user of the web interface. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerability by...
Cisco Mobility Express 2800 and 3800 802.11 Denial of Service Vulnerability
A vulnerability in 802.11 ingress packet processing of the Cisco Mobility Express 2800 and 3800 Access Points APs could allow an unauthenticated, adjacent attacker to cause the connection table to be full of invalid connections and be unable to process new incoming requests. The vulnerability is...
Cisco Intercloud Fabric Director Static Credentials Vulnerability
A vulnerability in the Cisco Intercloud Fabric ICF Director could allow an unauthenticated, remote attacker to connect to internal services with an internal account. The vulnerability is due to static credentials for an internal account. An attacker could exploit this vulnerability by using the...
Cisco Emergency Responder Directory Traversal Vulnerability
A vulnerability in the File Management Utility, the Download File form, and the Serviceability application of Cisco Emergency Responder could allow an authenticated, remote attacker to access files in arbitrary locations on the file system of an affected device. The issue is due to improper...
Cisco Email and Web Security Appliance JAR Advanced Malware Protection DoS Vulnerability
A vulnerability in Advanced Malware Protection AMP for Cisco Email Security Appliances ESA and Web Security Appliances WSA could allow an unauthenticated, remote attacker to cause a partial denial of service DoS condition due to the AMP process unexpectedly restarting. The vulnerability is due to...
Cisco Hosted Collaboration Mediation Fulfillment Cross-Site Request Forgery Vulnerability
A cross-site request forgery CSRF vulnerability in the web interface of the Cisco Hosted Collaboration Mediation Fulfillment application could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to a lack of CSRF protections by an affected device. An...
Cisco Firepower Management Center and FireSIGHT System Software Cross-Site Request Forgery Vulnerability
A cross-site request forgery CSRF vulnerability for Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to a lack of CSRF protections by an affected device. An attacker could...
Cisco Cloud Services Platform 2100 Command Injection Vulnerability
A vulnerability in the web-based GUI of the Cisco Cloud Services Platform 2100 could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system with the privileges of the root user. The vulnerability is due to insufficient sanitization of user-supplie...
Cisco WebEx Meetings Server Remote Command Execution Vulnerability
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to bypass security restrictions on a host located in a DMZ and inject arbitrary commands on a targeted system. The vulnerability is due to insufficient sanitization of user-supplied data processed by th...
Cisco Web Security Appliance HTTP Load Denial of Service Vulnerability
A vulnerability in HTTP request forwarding with Cisco AsyncOS for Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to cause a denial of service DoS condition due to link saturation. The vulnerability is due to how HTTP data ranges are downloaded from the destinatio...
Cisco Small Business 220 Series Smart Plus Switches Web Interface Cross-Site Request Forgery Vulnerability
A vulnerability in the web-based management interface of Cisco Small Business 220 Series Smart Plus Sx220 Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to...
Cisco Firepower Management Center Remote Command Execution Vulnerability
A vulnerability in the web-based GUI of Cisco Firepower Management Center and Cisco Adaptive Security Appliance ASA 5500-X Series with FirePOWER Services could allow an authenticated, remote attacker to perform unauthorized remote command execution on the affected device. The vulnerability is due...
Cisco Wireless LAN Controller Denial of Service Vulnerability
A vulnerability in wireless frame management service of the Cisco Wireless LAN Controller WLC could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on the affected device. The vulnerability is due to insufficient handling of wireless management frames. An...
Cisco Unified Computing System Performance Manager Input Validation Vulnerability
A vulnerability in the web framework of Cisco Unified Computing System UCS Performance Manager could allow an authenticated, remote attacker to execute arbitrary commands. The vulnerability is due to insufficient input validation performed on parameters that are passed via an HTTP GET request. An...
Cisco Meeting Server Persistent Cross-Site Scripting Vulnerability
A vulnerability in the web bridge that offers video via a web interface of Cisco Meeting Server Software, formerly Acano Conferencing Server, could allow an unauthenticated, remote attacker to conduct a persistent cross-site scripting XSS attack against a user of the web interface of an affected...
Cisco IOS XR for NCS 6000 Packet Timer Leak Denial of Service Vulnerability
A vulnerability in the management of system timer resources in Cisco IOS XR for Cisco Network Convergence System 6000 NCS 6000 Series Routers could allow an unauthenticated, remote attacker to cause a leak of system timer resources, leading to a nonoperational state and an eventual reload of the...
Cisco Adaptive Security Appliance Access Control List ICMP Echo Request Code Filtering Vulnerability
A vulnerability in the Cisco Adaptive Security Appliance ASA Software implementation of access control list ACL permit and deny filters for ICMP echo reply messages could allow an unauthenticated, remote attacker to bypass ACL configurations for an affected device. ICMP traffic that should be...