5223 matches found
Cisco uBR10012 Series Devices SNMP Vulnerability
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Cisco Unified Communications Manager Denial of Service Vulnerabilities
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
XSS and SQL Injection in Cisco CallManager/Unified Communications Manager Logon Page
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Multiple Vulnerabilities in the IOS FTP Server
The Cisco IOS FTP Server feature contains multiple vulnerabilities that can result in a denial of service DoS condition, improper verification of user credentials, and the ability to retrieve or write any file from the device filesystem, including the device's saved configuration. This...
Cisco Online Help System Cross-Site Scripting Vulnerability
Multiple Cisco products contain a vulnerability in the Online Help System that could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. This vulnerability exists because the search feature of the web-based Online Help System interface fails to sufficiently filter...
Cisco Security Monitoring, Analysis and Response System and Adaptive Security Device Manager Secure Communication Vulnerability
Cisco Security Monitoring, Analysis and Response System versions prior to 4.2.3 and Cisco Adaptive Security Device Manager versions prior to 5.22.1 contain a vulnerability that could allow an unauthenticated, remote attacker to impersonate a device managed by the system. The vulnerability exists...
Cisco Secure Access Control Server Accounting-Request Buffer Overflow Vulnerability
Cisco Secure Access Control Server for Windows and Cisco Secure Access Control Server Solution Engine contain a vulnerability that could allow an authenticated, remote attacker to cause a denial of service DoS condition or execute arbitrary code. The vulnerability exists due to insufficient input...
Multiple Vulnerabilities in Wireless Control System
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Cisco Unity Express Expired Password Reset Privilege Escalation
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Buffer Overflow in UNIX VPN Client
...
Cisco IOS XE Software for Cisco Catalyst and Rugged Series Switches Secure Boot Bypass Vulnerability
A vulnerability in the bootloader of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches, Cisco Catalyst ESS9300 Embedded Series Switches, Cisco Catalyst IE9310 and IE9320 Rugged Series Switches, and Cisco IE3500 and IE3505 Rugged Series Switches could allow an authenticated, local...
Cisco IOS XE Software Bootstrap Arbitrary File Write Vulnerability
A vulnerability in the bootstrap loading of Cisco IOS XE Software could allow an authenticated, local attacker to write arbitrary files to an affected system. This vulnerability is due to insufficient input validation of the bootstrap file that is read by the system software when a device is firs...
Cisco IOS XE Software Privilege Escalation Vulnerabilities
Multiple vulnerabilities in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying operating system of an affected device. These vulnerabilities are due to insufficient input validation when processing...
Cisco IOS XR Software Access Control List Bypass Vulnerability
A vulnerability in the access control list ACL processing in the egress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability exists because certain packets are handled incorrectly when they are received on an ingress...
Cisco Identity Services Engine Insecure Java Deserialization and Authorization Bypass Vulnerabilities
Multiple vulnerabilities in Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to execute arbitrary commands and elevate privileges on an affected device. Note: To exploit these vulnerabilities, an attacker must have valid ISE administrative credentials. These...
Multiple Cisco Products Web-Based Management Interface Privilege Escalation Vulnerability
A vulnerability in the JSON-RPC API feature in Cisco Crosswork Network Services Orchestrator NSO and ConfD that is used by the web-based management interfaces of Cisco Optical Site Manager and Cisco RV340 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to modify the...
Cisco Identity Services Engine Server-Side Request Forgery Vulnerability
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a server-side request forgery SSRF attack through an affected device. This vulnerability is due to improper input validation for specific HTTP...
Cisco IOS XE Software Unified Threat Defense Command Injection Vulnerability
A vulnerability in the Unified Threat Defense UTD configuration CLI of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying host operating system. To exploit this vulnerability, an attacker must have level 15 privileges on the...
Cisco IOS XR Software SNMP Management Plane Protection ACL Bypass Vulnerability
A vulnerability in the UDP forwarding code of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to bypass configured management plane protection policies and access the Simple Network Management Plane SNMP server of an affected device. This vulnerability is due to incorrect...
Cisco SPA112 2-Port Phone Adapters Remote Command Execution Vulnerability
A vulnerability in the web-based management interface of Cisco SPA112 2-Port Phone Adapters could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to a missing authentication process within the firmware upgrade function. An...
Cisco Firepower Threat Defense Software SSL Decryption Policy Bleichenbacher Attack Vulnerability
A vulnerability in the TLS handler of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability is due to improper implementation of countermeasures against a Bleichenbacher attack on a device that uses...
Cisco Firepower Threat Defense Software and Cisco FXOS Software Command Injection Vulnerability
A vulnerability in the CLI of Cisco Firepower Threat Defense FTD Software and Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root. This vulnerability is due to improper input validation for specific CLI commands...
Cisco AppDynamics Controller Authorization Bypass Vulnerability
A vulnerability in the web-based management interface of Cisco AppDynamics Controller Software could allow an unauthenticated, remote attacker to access a configuration file and the login page for an administrative console that they would not normally have authorization to access. This...
Cisco UCS Director JavaScript Cross-Site Scripting Vulnerability
A vulnerability in the web applications of Cisco UCS Director could allow an authenticated, remote attacker to conduct a cross-site scripting attack on an affected system. This vulnerability is due to unsanitized user input. An attacker could exploit this vulnerability by submitting custom...
Cisco DNA Center Information Disclosure Vulnerability
A vulnerability in the audit log of Cisco DNA Center could allow an authenticated, local attacker to view sensitive information in clear text. This vulnerability is due to the unsecured logging of sensitive information on an affected system. An attacker with administrative privileges could exploi...
Cisco Webex Meetings Email Content Injection Vulnerability
A vulnerability in the account activation feature of Cisco Webex Meetings could allow an unauthenticated, remote attacker to send an account activation email with an activation link that points to an arbitrary domain. This vulnerability is due to insufficient validation of user-supplied parameter...
Cisco IOS XR Software Border Gateway Protocol Resource Public Key Infrastructure Denial of Service Vulnerability
A vulnerability in the implementation of the Resource Public Key Infrastructure RPKI feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Border Gateway Protocol BGP process to crash, resulting in a denial of service DoS condition. This vulnerability is du...
Cisco Integrated Management Controller Authorization Bypass Vulnerability
A vulnerability in the API endpoints of Cisco Integrated Management Controller could allow an authenticated, remote attacker to bypass authorization and take actions on a vulnerable system without authorization. The vulnerability is due to improper authorization checks on API endpoints. An attack...
Cisco SD-WAN Software Privilege Escalation Vulnerability
A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by providing crafted options to a specifi...
Cisco Firepower Management Center Software Denial of Service Vulnerability
A vulnerability in the licensing service of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to improper handling of system resource values by the affected system. An attacker could...
Cisco Firepower Management Center Software Denial of Service Vulnerability
A vulnerability in the host input API daemon of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper certificate validation. An attacker could exploit...
Cisco Firepower Management Center Software Open Redirect Vulnerability
A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attack...
Cisco Firepower Threat Defense Software TCP Flood Denial of Service Vulnerability
A vulnerability in the packet processing functionality of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to inefficient memory management. An attacker could...
Cisco Expressway Series and TelePresence Video Communication Server Denial of Service Vulnerability
A vulnerability in the Session Initiation Protocol SIP of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to incorrect handling ...
Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family WLAN Local Profiling Denial of Service Vulnerability
A vulnerability in the WLAN Local Profiling feature of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to incorrect parsing of...
Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerabilities
Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points CAPWAP protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition of an affected...
Cisco IOS XR Authenticated User Privilege Escalation Vulnerability
A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to execute that command, even though administrative privileges should be required. The attacker must have valid credentials on the affected device. The...
Cisco Identity Services Engine Password Disclosure Vulnerability
A vulnerability in the Admin portal of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to recover service account passwords that are saved on an affected system. The vulnerability is due to the incorrect inclusion of saved passwords when loading configuration page...
Cisco Webex Meetings Scheduled Meeting Template Creation Vulnerability
A vulnerability in the scheduled meeting template feature of Cisco Webex Meetings could allow an authenticated, remote attacker to create a scheduled meeting template that would belong to another user in their organization. The vulnerability is due to insufficient authorization enforcement for th...
Cisco Data Center Network Manager SQL Injection Vulnerability
A vulnerability in the web-based management interface of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability is due to improper validation of user-submitted parameters. An attacker could...
Cisco Small Business RV110W Wireless-N VPN Firewall Static Default Credential Vulnerability
A vulnerability in the Telnet service of Cisco Small Business RV110W Wireless-N VPN Firewall Routers could allow an unauthenticated, remote attacker to take full control of the device with a high-privileged account. The vulnerability exists because a system account has a default and static...
Cisco SD-WAN vManage Software Information Disclosure Vulnerability
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying filesystem of the device. The vulnerability is due to insufficient file scope limiting. An attacker could exploit this...
Cisco SD-WAN vManage Software Remote Code Execution Vulnerability
A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to execute code with root privileges on an affected system. The vulnerability is due to insufficient input sanitization during user authentication processing. An attacker could exploit this vulnerabilit...
Cisco RV110W and RV215W Series Routers Arbitrary Code Execution Vulnerability
A vulnerability in the web-based management interface of Cisco RV110W Wireless-N VPN Firewall and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied...
Cisco Unified Customer Voice Portal Information Disclosure Vulnerability
A vulnerability in the Java Remote Method Invocation RMI interface of Cisco Unified Customer Voice Portal CVP could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability exists because certain RMI listeners are not properly authenticate...
Cisco Data Center Network Manager Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting XSS attack against a user of the interface. The vulnerability is due to insufficient inpu...
Cisco IOx Application Environment for IOS Software for Cisco Industrial Routers Vulnerabilities
Multiple vulnerabilities in the Cisco IOx application environment of Cisco 809 and 829 Industrial Integrated Services Routers Industrial ISRs and Cisco 1000 Series Connected Grid Routers CGR1000 that are running Cisco IOS Software could allow an attacker to cause a denial of service DoS condition...
Cisco IOx Application Framework Local Manager Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based Local Manager interface of the Cisco IOx Application Framework could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web-based Local Manager interface of an affected device. The attacker must have...
Cisco Firepower Device Manager On-Box Software Arbitrary File Overwrite Vulnerability
A vulnerability in Cisco Firepower Device Manager FDM On-Box software could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation. An attacker could exploit this...
Cisco Firepower Threat Defense Software SSL/TLS URL Category Bypass Vulnerability
A vulnerability in the Transport Layer Security version 1.3 TLS 1.3 policy with URL category functionality for Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass a configured TLS 1.3 policy to block traffic for a specific URL. The vulnerability i...