5226 matches found
Vulnerabilities in OpenSSL Affecting Cisco Products: November 2022
On November 1, 2022, the OpenSSL Project announced the following vulnerabilities: CVE-2022-3602 - X.509 Email Address 4-byte Buffer Overflow CVE-2022-3786 - X.509 Email Address Variable Length Buffer Overflow For a description of these vulnerabilities, see OpenSSL Security Advisory Nov 1 2022...
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SIP Inspection Denial of Service Vulnerability
A vulnerability in the Session Initiation Protocol SIP inspection module of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The...
Cisco Prime Collaboration Provisioning Unauthorized Password Change Denial of Service Vulnerability
A vulnerability in the password change function of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to cause the system to become inoperable. The vulnerability is due to insufficient validation of a password change request. An attacker could exploit this...
Intel Active Management Technology Privilege Escalation Vulnerability
On May 1st, 2017, Intel released a security advisory titled Intel Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability Escalation of Privilege, also known as INTEL-SA-00075. The advisory details a vulnerability in the Intel Active Management AMT, Intel...
Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilities
Multiple vulnerabilities exist in the Link Layer Discovery Protocol LLDP implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would...
Cisco Unified Communications Products Remote Code Execution Vulnerability
A vulnerability in the SOAP API endpoint of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, Cisco Unity Connection, and Cisco Prime License Manager could allow an authenticated, remo...
Cisco IOS XE ROM Monitor Software for Cisco Industrial Switches OS Command Injection Vulnerability
A vulnerability in the ROM Monitor ROMMON of Cisco IOS XE Software for Cisco Catalyst IE3200, IE3300, and IE3400 Rugged Series Switches, Cisco Catalyst IE3400 Heavy Duty Series Switches, and Cisco Embedded Services 3300 Series Switches could allow an unauthenticated, physical attacker to execute...
Cisco NX-OS and IOS XE Software Virtual Service Image Signature Bypass Vulnerability
A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service image and bypass signature verification on an affected device. The vulnerability is due to improper...
Cisco Application Policy Infrastructure Controller REST API Privilege Escalation Vulnerability
A vulnerability in the REST API for software device management in Cisco Application Policy Infrastructure Controller APIC Software could allow an authenticated, remote attacker to escalate privileges to root on an affected device. The vulnerability is due to incomplete validation and error checki...
Cisco Data Center Network Manager Information Disclosure Vulnerability
A vulnerability in the web-based management interface of Cisco Data Center Network Manager DCNM could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device. The vulnerability is due to improper access controls for certain URLs on affected DCNM softwar...
Cisco Adaptive Security Appliance Flow Creation Denial of Service Vulnerability
A vulnerability in the ingress flow creation functionality of Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to cause the CPU to increase upwards of 100 percent utilization, causing a denial of service DoS condition on an affected system. The vulnerability i...
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Privilege Escalation Vulnerability
A vulnerability in the web services interface for remote access VPN features of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, but unprivileged, remote attacker to elevate privileges to level 15. This vulnerability is d...
Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data SCP User Default Credentials Vulnerability
A vulnerability in Cisco Integrated Management Controller IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to log in to the CLI of an affected system by using the SCP User account scpuser, which has default user...
Cisco Firepower Threat Defense Software Nonstandard Protocol Detection Bypass Vulnerability
A vulnerability in the protocol detection component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to...
Cisco Firepower Threat Defense Software HTTP Filtering Bypass Vulnerability
A vulnerability in the HTTP traffic filtering component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due t...
Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Enterprise Chat and Email ECE Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...
Cisco IOS XE Software Web UI Command Injection Vulnerability
A vulnerability in the web-based user interface Web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability occurs because the affected software improperly sanitizes...
Cisco NX-OS Software NX-API Arbitrary Code Execution Vulnerability
A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to craft a packet to the management interface on an affected system, causing a buffer overflow. The vulnerability is due to incorrect input validation in the authentication module of the...
Cisco Firepower 4100 Series Next-Generation Firewall and Firepower 9300 Security Appliance Path Traversal Vulnerability
A vulnerability in the process of uploading new application images to the Cisco Firepower 4100 Series Next-Generation Firewall NGFW and Firepower 9300 Security Appliance could allow an authenticated, remote attacker using path traversal techniques to create or overwrite arbitrary files on an...
Cisco Adaptive Security Appliance Application Layer Protocol Inspection Denial of Service Vulnerabilities
Multiple vulnerabilities in the Application Layer Protocol Inspection feature of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of servi...
Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service condition or perform a man-in-the-middle attack. On January 8, 2015, the OpenSSL Project released a securi...
Cisco IOx for IOS Software Guest Operating System Unauthorized Access Vulnerability
A vulnerability in the IOx application environment for Cisco IOS Software could allow an authenticated, remote attacker to gain unauthorized access to the Guest Operating System Guest OS running on an affected device. The vulnerability is due to incorrect role-based access control RBAC evaluation...
Cisco REST API Container for IOS XE Software Authentication Bypass Vulnerability
A vulnerability in the Cisco REST API virtual service container for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication on the managed Cisco IOS XE device. The vulnerability is due to an improper check performed by the area of code that manages the REST...
Cisco Firepower Threat Defense Software Stream Reassembly Bypass Vulnerability
A vulnerability in the stream reassembly component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to...
Cisco Nexus 9000 Series ACI Mode Switch Software Link Layer Discovery Protocol Buffer Overflow Vulnerability
A vulnerability in the Link Layer Discovery Protocol LLDP subsystem of Cisco Nexus 9000 Series Application Centric Infrastructure ACI Mode Switch Software could allow an adjacent, unauthenticated attacker to cause a denial of service DoS condition or execute arbitrary code with root privileges. T...
Cisco FXOS and NX-OS Software Unauthorized Directory Access Vulnerability
A vulnerability in the file system permissions of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to access sensitive information that is stored in the file system of an affected system. The vulnerability is due to improper implementation of file system...
Cisco Enterprise NFV Infrastructure Software Linux Shell Access Vulnerability
A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to access the shell of the underlying Linux operating system on the affected device. The vulnerability is due to improper input validation in the affected software. An...
Cisco Firepower Management Center Disk Utilization Denial of Service Vulnerability
A vulnerability in the Shell Access Filter feature of Cisco Firepower Management Center FMC, when used in conjunction with remote authentication, could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service DoS condition. The vulnerability occur...
CPU Side-Channel Information Disclosure Vulnerabilities: August 2018
5On August 14th, 2018, three vulnerabilities were disclosed by Intel and security researchers that leverage a speculative execution side-channel method referred to as L1 Terminal Fault L1TF that affects modern Intel microprocessors. These vulnerabilities could allow an unprivileged, local attacke...
Cisco NX-OS Software Authenticated Simple Network Management Protocol Denial of Service Vulnerability
A vulnerability in the Simple Network Management Protocol SNMP input packet processor of Cisco NX-OS Software could allow an authenticated, remote attacker to cause the SNMP application on an affected device to restart unexpectedly. The vulnerability is due to improper validation of SNMP protocol...
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016
On March 1, 2016, the OpenSSL Software Foundation released a security advisory detailing seven vulnerabilities and a new attack, referred to as the Decrypting RSA with Obsolete and Weakened eNcryption DROWN attack. A total of eight Common Vulnerabilities and Exposures CVEs were assigned. Of the...
Cisco Catalyst 4000 Series Switches TCP Denial of Service Vulnerability
A vulnerability in the ingress packet processing function of Cisco IOS Software for Cisco Catalyst 4000 Series Switches could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper resource allocation when...
Cisco FXOS and NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1611)
A vulnerability in the CLI of Cisco NX-OS Software and Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI...
Cisco IOS and IOS XE Software IPv6 Hop-by-Hop Options Denial of Service Vulnerability
A vulnerability in the IPv6 processing code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect handling of specific IPv6 hop-by-hop options. An attacker could exploit this vulnerability by sending a...
Cisco IOS XE Software HTTP Denial of Service Vulnerability
A vulnerability in the web framework of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a buffer overflow condition on an affected device, resulting in a denial of service DoS condition. The vulnerability is due to the affected software improperly parsing malformed...
Cisco IOS XE SD-WAN Software Parameter Injection Vulnerabilities
Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system with root privileges. These vulnerabilities are due to insufficient input validation of certain CLI commands. An attacker could exploit these...
Cisco Webex Meetings and Cisco Webex Meetings Server Ghost Join Vulnerability
A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to join a Webex session without appearing on the participant list. This vulnerability is due to improper handling of authentication tokens by a vulnerable Webex site. An attacke...
Cisco Firepower Management Center Software File and Malware Policy Bypass Vulnerability
A vulnerability in the file and malware inspection feature of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to bypass the file and malware inspection policies on an affected system. The vulnerability exists because the affected software...
Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Authentication Bypass Vulnerability
A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to acquire a valid session token with administrator privileges, bypassing...
Cisco Email Security Appliance Content Filter Bypass Vulnerability
A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass configured filters on the device. The vulnerability is due to improper input validation of certain email fields. An attacker cou...
Cisco IOS and IOS XE Software Hot Standby Router Protocol Information Leak Vulnerability
A vulnerability in the Hot Standby Router Protocol HSRP subsystem of Cisco IOS and IOS XE Software could allow an unauthenticated, adjacent attacker to receive potentially sensitive information from an affected device. The vulnerability is due to insufficient memory initialization. An attacker...
Cisco RV110W, RV130W, and RV215W Routers Management Interface Directory Traversal Vulnerability
A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is...
Cisco IOS and IOS XE Software DHCP Version 4 Relay Heap Overflow Denial of Service Vulnerability
A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. The vulnerability exists because the affected...
Multiple Vulnerabilities in Treck IP Stack Affecting Cisco Products: June 2020
A set of previously unknown vulnerabilities on the Treck IP stack implementation were disclosed on June 16, 2020. The vulnerabilities are collectively known as Ripple20. Exploitation of these vulnerabilities could result in remote code execution, denial of service DoS, or information disclosure,...
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software WebVPN CPU Denial of Service Vulnerability
A vulnerability in the WebVPN feature of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause increased CPU utilization on an affected device. The vulnerability is due to excessive processing load f...
Cisco IOS XE Software NAT Session Initiation Protocol Application Layer Gateway Denial of Service Vulnerability
A vulnerability in the Network Address Translation NAT Session Initiation Protocol SIP Application Layer Gateway ALG of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper processing of transient SIP...
Cisco Wide Area Application Services Software HTTPS Proxy Authentication Bypass Vulnerability
A vulnerability in the HTTPS proxy feature of Cisco Wide Area Application Services WAAS Software could allow an unauthenticated, remote attacker to use the Central Manager as an HTTPS proxy. The vulnerability is due to insufficient authentication of proxy connection requests. An attacker could...
Cisco IOS XE Software Catalyst 4500 Cisco Discovery Protocol Denial of Service Vulnerability
A vulnerability in the Easy Virtual Switching System VSS of Cisco IOS XE Software on Catalyst 4500 Series Switches could allow an unauthenticated, adjacent attacker to cause the switches to reload. The vulnerability is due to incomplete error handling when processing Cisco Discovery Protocol CDP...
Cisco IOS XE Software Static Credential Vulnerability
A vulnerability in Cisco IOS XE Software could allow an unauthenticated, remote attacker to log in to a device running an affected release of Cisco IOS XE Software with the default username and password that are used at initial boot. The vulnerability is due to an undocumented user account with...
Cisco AnyConnect Secure Mobility Client for Windows DLL and Executable Hijacking Vulnerabilities
Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the application. A successful exploit could allow the attacker to execut...