5226 matches found
Cisco IOS XR Software DHCPv4 Server Denial of Service Vulnerability
A vulnerability in the DHCP process of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to improper processing of crafted DHCP messages on a targeted...
Cisco AnyConnect Secure Mobility Client Arbitrary Code Execution Vulnerability
A vulnerability in the inter-process communication IPC channel of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to execute arbitrary code with elevated privileges. The vulnerability is due to unauthenticated IPC commands which allow software installation as...
Cisco AnyConnect Secure Mobility Client Arbitrary File Write Vulnerability
A vulnerability in the inter-process communication IPC channel of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to write arbitrary files with elevated privileges. The vulnerability is due to lack of authentication or authorization of certain IPC commands. An...
Cisco IOS XR Software IPv6 Malformed Packet Denial of Service Vulnerability
A vulnerability in the parsing of malformed IP version 6 IPv6 packets in Cisco IOS XR Software for Cisco Network Convergence System 6000 NCS 6000 and Cisco Carrier Routing System CRS-X could allow an unauthenticated, remote attacker to cause a reload of a line card that is processing traffic. The...
Cisco Unified Communications Manager Real-Time Monitoring Tool File Disclosure Vulnerability
A vulnerability in the application programming interface API that supports the Real-Time Monitoring Tool RTMT in Cisco Unified Communications Manager could allow an authenticated, remote attacker to access the contents of arbitrary files on an affected device. The vulnerability is due to a failur...
Cisco ASR 5000 System Architecture Evolution Gateway High CPU Utilization Vulnerability
A vulnerability in the Simple Network Management Protocol SNMP code of Cisco ASR 5500 System Architecture Evolution SAE Gateway could allow an unauthenticated, remote attacker to cause high CPU utilization and the SNMP process may stop responding. The vulnerability is due to insufficient validati...
Cisco IOS Shell Denial of Service Vulnerability
A vulnerability in the Cisco IOS Shell could allow an authenticated, but unprivileged, local user to crash the device. The vulnerability is due to improper processing of IOS Shell commands. An attacker could repeatedly exploit this vulnerability to cause an extended denial of service. Cisco has...
Cisco WebEx Meetings Server User Enumeration Vulnerability
A vulnerability in the Forgot Password process of the Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to enumerate a valid administrator account. The vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by submitting...
Cisco WebEx Meetings Server Cross-Site Request Forgery Vulnerability
A vulnerability in the web framework of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to perform a cross-site request forgery CSRF attack. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerability by convincing a user of...
Cisco WebEx Meetings Server User Enumeration Vulnerability
A vulnerability in the web framework of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to enumerate valid user accounts. The vulnerability is due to improper sanitization of a returned message. An attacker could exploit this vulnerability by sending crafted URL reques...
Cisco WebEx Meetings Server Password Encryption Vulnerability
A vulnerability in the OutlookAction LI of Cisco WebEx Meetings Server could allow an authenticated, remote attacker to generate sensitive encrypted values. The vulnerability is due to the return of a user's encrypted password. An attacker could exploit this vulnerability by generating these...
Cisco ASA Software DHCPv6 Relay Denial of Service Vulnerability
A vulnerability in the DHCPv6 relay feature of Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient validation of DHCPv6 packets. Cisco ASA Software is affected by this...
Cisco Unified Communications Manager SQL Injection Vulnerability
A vulnerability in Cisco Unified Communications Manager could allow an authenticated, remote attacker to perform SQL injection. This could allow the attacker to obtain information the affected application can access. The vulnerability is due to a failure to properly sanitize user-supplied input...
Cisco Prime Optical Cross-Site Scripting Vulnerability
A vulnerability in the web framework code of Cisco Prime Optical could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack. The vulnerability is due to insufficient validation of a parameter. An attacker could exploit this vulnerability by persuading a...
Cisco TelePresence MCU Software Memory Exhaustion Vulnerability
A vulnerability in the network stack of Cisco TelePresence MCU Software could allow an unauthenticated, remote attacker to cause the exhaustion of available memory which could lead to system instability and a reload of the affected system. Cisco has released software updates that address this...
Cisco IOS XR Software DHCPv6 Denial of Service Vulnerability
A vulnerability in the DHCP version 6 DHCPv6 code of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the DHCPv6 server process on an affected device to crash. The vulnerability is due to incorrect handling of malformed DHCPv6 packets. An attacker could exploit this...
Cisco IOS Software and Cisco IOS XE Software EnergyWise Crafted Packet Denial of Service Vulnerability
A vulnerability in the EnergyWise module of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of the affected device. The vulnerability is due to improper parsing of crafted EnergyWise packets destined to an affected device. An attacker could...
Cisco Unified Presence Server Sync Agent Vulnerability
A vulnerability in the Intercluster Sync Agent Service on Cisco Unified Presence Server could allow an unauthenticated, remote attacker to trigger a denial of service DoS condition. The vulnerability is due to a SYN flood. An attacker could exploit this vulnerability by exceeding the tcp max...
Cisco IOS Software and IOS XE Software NTP Access Group Vulnerability
A vulnerability in the implementation of the ntp access-group command in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass the configured Network Time Protocol NTP access group and query the affected NTP-configured server for the time. The...
Cisco WebEx Meeting Server Sensitive Information Disclosure Vulnerability
A vulnerability in Cisco WebEx Meeting Server could allow an authenticated, remote attacker to acquire sensitive information. The vulnerability is due to inclusion of sensitive information in URLs. An attacker could exploit this vulnerability by viewing application URL requests that contain the...
Cisco Adaptive Security Appliance Information Disclosure Vulnerability
A vulnerability in the authorization code of Cisco ASA Software could allow an authenticated, remote attacker to access information stored on the file system of an affected system. The vulnerability is due to improper implementation of authorization controls when an unprivileged user tries to...
Cisco Unified Communications Manager CDR Management Vulnerability
A vulnerability in Call Detail Records CDR Management of Cisco Unified Communications Manager Cisco Unified CM could allow an authenticated, remote attacker to acquire sensitive information. The vulnerability is due to extraneous information included in the web page. An attacker could exploit thi...
Cisco Adaptive Security Appliance WebVPN Login Page Cross-Site Scripting Vulnerability
A vulnerability in the WebVPN login page of Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of WebVPN on the Cisco ASA. The vulnerability is due to insufficient input validation of a...
Cisco Unified Communications Manager OS Administration CSRF Vulnerability
A vulnerability in the OS Administration page of Cisco Unified Communications Manager Cisco Unified CM could allow an unauthenticated, remote attacker to perform a cross-site request forgery CSRF attack against the OS Administration web interface. The vulnerability is due to insufficient CSRF...
Cisco Unified Communications Manager Role Bypass Vulnerability
A vulnerability in the administration portal of Cisco Unified Communications Manager Unified CM could allow an authenticated, remote attacker to bypass role restrictions. The vulnerability is due to insufficient role restriction processing. An attacker could exploit this vulnerability by revisiti...
Cisco NX-OS Software Crafted Border Gateway Protocol Update Message Denial of Service Vulnerability
A vulnerability in the Border Gateway Protocol BGP functionality of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause all BGP sessions on the device to reset. The vulnerability is due to the improper processing of specifically crafted BGP update messages. An attacker...
Cisco ONS 15454 Controller Card Denial of Service Vulnerability
A vulnerability in the TLS/SSLv3 module of the Cisco ONS 15454 Controller Cards could allow an unauthenticated, remote attacker to cause the control card to reset. The vulnerability is due to improper validation of the TLS/SSLv3 packets. An attacker could exploit this vulnerability by sending a...
Cisco Prime Collaboration Assurance Cross-Site Scripting Vulnerability
A vulnerability in the Assurance component of Cisco Prime Collaboration could allow an unauthenticated, remote attacker to conduct several cross-site scripting XSS attacks against the user of the web interface of the affected system. The vulnerability is due to insufficient validation of user...
Cisco WSA, ESA, and SMA Management GUI Denial of Service Vulnerability
A vulnerability in the GUI function in the web framework code could allow an unauthenticated, remote attacker to cause the GlassFish process to become unresponsive, resulting in a partial denial of service DoS condition. The vulnerability is due to improper handling, processing, and termination o...
Cisco Unified Computing System Fabric Interconnect Denial of Service Vulnerability
A vulnerability in the fabric interconnect of Cisco Unified Computing System could allow an authenticated, local attacker to cause a denial of service DoS condition. The vulnerability is due to improper filtering of user-supplied parameters. An attacker could exploit this vulnerability by executi...
Cisco Unified Computing System Fabric Interconnect Man-In-The-Middle Vulnerability
A vulnerability in the Fabric Interconnect of Cisco Unified Computing System could allow an unauthenticated, remote attacker to execute a man-in-the-middle attack. The vulnerability is due to improper verification of the server SSL certificate. An attacker could exploit this vulnerability by...
Cisco Unified Computing System Fabric Interconnect Arbitrary File Read Vulnerability
A vulnerability in the fabric interconnect of the Cisco Unified Computing System could allow an authenticated, local attacker to view arbitrary files on the underlying filesystem. The vulnerability is due to improper filtering of user-supplied parameters. An attacker could exploit this...
Cisco Unified Computing System Baseboard Management Controller Command Injection Vulnerability
A vulnerability in the Baseboard Management Controller BMC of the Cisco Unified Computing System could allow an authenticated, local attacker to inject arbitrary commands on the underlying operating system with elevated privileges. The vulnerability is due to improper filtering of user-supplied...
Cisco NX-OS Software Information Disclosure Vulnerability
A vulnerability in Cisco NX-OS Software could allow an authenticated, remote attacker to view sensitive information. The vulnerability is due to improper sanitization of configuration files that can be viewed by users assigned to the network-operator role. An attacker could exploit this...
Cisco Unified Computing System Fabric Interconnect create certreq Command Injection Vulnerability
A vulnerability in the create certreq command of the Cisco Unified Computing System fabric interconnect could allow an authenticated, local attacker to execute commands and obtain an interactive Linux shell as the root user. The vulnerability is due to a failure to properly sanitize user input. A...
Cisco Unified Computing System Fabric Interconnect activate firmware Command Injection Vulnerability
A vulnerability in the activate firmware command of the Cisco Unified Computing System fabric interconnect could allow an authenticated, local attacker to execute commands and obtain an interactive Linux shell as the root user. The vulnerability is due to a failure to properly sanitize user input...
Cisco Unified Computing System Baseboard Management Controller Arbitrary File Access Vulnerability
A vulnerability in the Baseboard Management Controller BMC local file editor of the Cisco Unified Computing System could allow an authenticated, local attacker to modify the contents of arbitrary files on the fabric interconnect. The vulnerability is due to a failure to properly sanitize user...
Cisco Unified Computing System FTP User Vulnerability
A vulnerability in the FTP server of the Cisco Unified Computing System could allow an unauthenticated, adjacent attacker to view and modify files. The vulnerability is due to an undocumented user account with a hard-coded password. An attacker could exploit this vulnerability by accessing the FT...
Cisco Unified Computing System Arbitrary Command Execution Vulnerability
A vulnerability in the remote debug shell in Cisco Unified Computing System PALO adapter cards could allow an authenticated, local attacker to execute commands on the underlying operating system with elevated privileges. The vulnerability is due to insufficient handling of special characters. An...
Multiple Cisco MediaSense oraadmin Cross-Site Scripting Vulnerabilities
A vulnerability in the oraadmin service page of Cisco MediaSense could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against user of the web interface of the affected system. The vulnerability is due to insufficient input validation of a parameter. An...
Cisco Jabber for Windows Certificate Validation Vulnerability
A vulnerability in Cisco Jabber for Windows could allow an unauthenticated, remote attacker to gain a man-in-the-middle position. The vulnerability is due to a failure to validate server certificates when negotiating a connection over Secure Sockets Layer SSL. An attacker could exploit this...
Cisco IOS XR RIP Version 2 Crafted Packet Processing Denial of Service Vulnerability
A vulnerability in the Routing Information Protocol RIP process of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the RIP process to crash. The vulnerability is due to insufficient input validations of the packet. An attacker could exploit this vulnerability by...
Cisco Unified IP Phone 8945 Crafted PNG Image Lockup Vulnerability
A vulnerability in PNG image processing of the Cisco Unified IP Phone 8945 running software version 9.32 could allow an unauthenticated, remote attacker to cause the phone to lock up. The vulnerability is due to incorrect processing of malformed PNG images. An attacker could exploit this...
Cisco WAAS Central Manager Remote Code Execution Vulnerability
Cisco Wide Area Application Services WAAS when configured as Central Manager CM, contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the affected system. Cisco has released software updates that address this vulnerability. Workarounds that...
Cisco Unified Communications Manager Privilege Escalation Vulnerability
A vulnerability in Cisco Unified Communications Manager Unified CM could allow an authenticated, local attacker to elevate privileges on the system. The vulnerability is due to improper file permissions, environment variables, and relative paths in a privileged system script. An attacker could...
Cisco 9900 Series Phone Arbitrary File Download Vulnerability
A vulnerability in the Serviceability servlet of fourth-generation Cisco IP phones could allow an unauthenticated, remote attacker to download arbitrary files from the phone's file system. The vulnerability is due to incomplete filtering of path values. An attacker could exploit this vulnerabilit...
Cisco Hosted Collaboration Mediation Excessive CPU Utilization Vulnerability
A vulnerability in the network stack of Cisco Hosted Collaboration Mediation could allow an unauthenticated, remote attacker to cause excessive CPU utilization on the affected system. The vulnerability is due to insufficient optimization of resources when the affected system is flooded with...
Cisco Wireless LAN Controller Telnet Denial of Service Vulnerability
A vulnerability in Cisco Wireless LAN Controller Software could allow an unauthenticated, remote attacker to create a denial of service DoS condition for remote login Telnet sessions. The vulnerability is due to improper cleanup of incorrectly terminated remote login sessions. An exploit could...
Cisco ASA Software VPN Group Enumeration Vulnerability
A vulnerability in the Internet Security Association and Key Management Protocol ISAKMP implementation in Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to enumerate remote access VPN groups configured in a Cisco ASA device. The vulnerability is due...
Cisco IOS Software Zone-Based Policy Firewall Session Initiation Protocol Inspection Denial of Service Vulnerability
Cisco IOS Software contains a memory leak vulnerability that could be triggered through the processing of malformed Session Initiation Protocol SIP messages. Exploitation of this vulnerability could cause an interruption of services. Only devices that are configured for SIP inspection are affecte...