Cisco StarOS for ASR 5000 Series Routers IPsec VPN Tunnel Denial of Service Vulnerability

A vulnerability in the IPsec component of Cisco StarOS for Cisco ASR 5000 Series Routers could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from establishing, resulting in a denial of service DoS condition. The vulnerability is due to...

Cisco Prime Infrastructure Web Framework Code Cross-Site Scripting Vulnerability

A vulnerability in the web framework code of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of some...

Cisco Firepower Management Center Stored Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface. The vulnerability is due to insufficient validation of user-supplied input by the affected...

Cisco Elastic Services Controller Arbitrary Command Execution Vulnerability

A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to run arbitrary commands as the Linux tomcat user on an affected system. The vulnerability is due to insufficient sanitization of commands that are permitted to run from the ConfD...

Cisco NX-OS Software Fibre Channel over Ethernet Denial of Service Vulnerability

A vulnerability in the Fibre Channel over Ethernet FCoE protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition when an FCoE-related process unexpectedly reloads. The vulnerability is due to a lack of proper FCoE...

Cisco Ultra Services Framework Element Manager Insecure Default Password Vulnerability

A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker with access to the management network to log in to the affected device using default credentials present on the system. The vulnerability is due to weak, hard-coded credentials present ...

Cisco Remote Expert Manager Virtual Temporary Directory Information Disclosure Vulnerability

A vulnerability in the web interface of Cisco Remote Expert Manager Software could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding t...

Cisco CallManager Express Unauthorized Access Vulnerability

A vulnerability in Cisco IOS Software for Cisco CallManager Express CME could allow an unauthenticated, remote attacker to make unauthorized phone calls. The vulnerability is due to a configuration restriction in the toll-fraud protections component of the affected software. An attacker could...

Cisco Unified Communications Manager Denial of Service Vulnerability

A vulnerability in the Session Initiation Protocol SIP UDP throttling process of Cisco Unified Communications Manager Cisco Unified CM could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to insufficient rate...

Cisco Wireless LAN Controller RADIUS Change of Authorization Denial of Service Vulnerability

A vulnerability in RADIUS Change of Authorization CoA request processing in the Cisco Wireless LAN Controller WLC could allow an unauthenticated, remote attacker to cause a denial of service DoS condition by disconnecting a single connection. The vulnerability is due to lack of proper input...

Cisco Application-Hosting Framework Arbitrary File Creation Vulnerability

A vulnerability in the Cisco application-hosting framework CAF component of the Cisco IOx application environment could allow an authenticated, remote attacker to write or modify arbitrary files in the virtual instance running on the affected device. The vulnerability is due to insufficient input...

Cisco IOS XE Software HTTP Command Injection Vulnerability

A vulnerability in the web framework of Cisco IOS XE Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation of HTTP parameters supplied by the user. An attacker could...

Cisco TelePresence Server API Privilege Vulnerability

A vulnerability in Cisco TelePresence Server Software could allow an unauthenticated, remote attacker to emulate Cisco TelePresence Server endpoints. The vulnerability is due to how session identification information is maintained by a specific API of the affected software. An attacker could...

Cisco Mobility Express 1800 Access Point Series Authentication Bypass Vulnerability

A vulnerability in the web-based GUI of Cisco Mobility Express 1800 Series Access Points could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges. The vulnerability is due to improper implementation of authentication for...

Cisco Meshed Wireless LAN Controller Impersonation Vulnerability

A vulnerability in the mesh code of Cisco Wireless LAN Controller WLC software could allow an unauthenticated, remote attacker to impersonate a WLC in a meshed topology. The vulnerability is due to insufficient authentication of the parent access point in a mesh configuration. An attacker could...

Cisco Unified Communications Manager Information Disclosure Vulnerability

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of sensitive files. An attacker could exploit this vulnerability by modifying parameters of a...

Cisco WebEx Meetings Server Cross-Site Request Forgery Vulnerability

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against an administrative user. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerability by convincing...

Cisco Mobility Express 2800 and 3800 802.11 Denial of Service Vulnerability

A vulnerability in 802.11 ingress packet processing of the Cisco Mobility Express 2800 and 3800 Access Points APs could allow an unauthenticated, adjacent attacker to cause the connection table to be full of invalid connections and be unable to process new incoming requests. The vulnerability is...

Cisco IOx Application-Hosting Framework Directory Traversal Vulnerability

A vulnerability in the Cisco application-hosting framework CAF of Cisco IOx could allow an authenticated, remote attacker to read arbitrary files on a targeted system. The vulnerability is due to insufficient input validation by the affected framework. An attacker could exploit this vulnerability...

Cisco IOS XE Software Directory Traversal Vulnerability

A vulnerability in the package unbundle utility of Cisco IOS XE Software could allow an authenticated, local attacker to gain write access to some files in the underlying operating system. The vulnerability is due to insufficient validation of files submitted to the affected installation utility...

Cisco Meeting Server and Meeting App Buffer Underflow Vulnerability

A vulnerability in Cisco Meeting Server and Meeting App could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability exists because the software does not perform sufficient boundary checks on user-supplied data. An unauthenticated, remote...

Cisco Prime Home Authentication Bypass Vulnerability

A vulnerability in the web-based graphical user interface GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges. The vulnerability is due to a processing error in the role-based access control...

Cisco Meeting Server Information Disclosure Vulnerability

A vulnerability in Web Bridge for Cisco Meeting Server could allow an unauthenticated, remote attacker to retrieve memory from a connected server. The vulnerability is due to missing bounds checks in the Web Bridge functionality. An attacker could exploit this vulnerability by sending a crafted...

Cisco Firepower Management Center Console Local File Inclusion Vulnerability

A vulnerability in the web console of Cisco Firepower Management Center could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to improper validation of parameters that are sent to the web console of an affected system. The vulnerability could allo...

Cisco Hosted Collaboration Mediation Fulfillment Directory Traversal File System Vulnerability

A vulnerability in the web interface of Cisco Hosted Collaboration Mediation Fulfillment application could allow an unauthenticated, remote attacker to write arbitrary files to any file system location that the application server has permissions to access. The vulnerability is due to lack of prop...

Cisco RV180 VPN and RV180W Wireless-N Multifunction VPN Routers Remote Code Execution Vulnerability

A vulnerability in the web interface of the Cisco RV180 VPN Router and Cisco RV180W Wireless-N Multifunction VPN Router could allow an authenticated, remote attacker to execute arbitrary commands with root-level privileges. The vulnerability is due to improper input validation of HTTP requests. A...

Cisco IOS and IOS XE Software Border Gateway Protocol Message Processing Denial of Service Vulnerability

A vulnerability in Border Gateway Protocol BGP message processing functions of Cisco IOS and IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper processing of crafted BGP attributes. An attacker could exploit th...

Cisco Adaptive Security Appliance Access Control List ICMP Echo Request Code Filtering Vulnerability

A vulnerability in the Cisco Adaptive Security Appliance ASA Software implementation of access control list ACL permit and deny filters for ICMP echo reply messages could allow an unauthenticated, remote attacker to bypass ACL configurations for an affected device. ICMP traffic that should be...

Cisco ASR 5000 Series Packet Data Network Gateway Denial of Service Vulnerability

A vulnerability in the implementation of General Packet Radio Switching Tunneling Protocol Version 1 GTPv1 in Cisco ASR 5000 Series Packet Data Network Gateways could allow an unauthenticated, remote attacker to cause a denial of service DoS condition due to an unexpected restart of the Session...

Cisco TelePresence XML Application Programming Interface Authentication Bypass Vulnerability

A vulnerability in the XML application programming interface API of Cisco TelePresence Codec TC and Collaboration Endpoint CE Software could allow an unauthenticated, remote attacker to bypass authentication and access a targeted system through the API. The vulnerability is due to improper...

Cisco UCS Invicta Default SSH Key Vulnerability

A vulnerability in the implementation of intra-process communication for Cisco UCS Invicta Software could allow an unauthenticated, remote attacker to connect to the affected system with the privileges of the root user. The vulnerability is due to the presence of a default SSH private key that is...

Cisco Prime LAN Management Solution Default Decryption Key Vulnerability

A vulnerability in Cisco Prime LAN Management Solution LMS could allow an authenticated, local attacker to decrypt and access data fields in LMS databases that are used to manage devices in Cisco networks. The vulnerability is due to the presence of a default database decryption key that is share...

Cisco Cable Modem with Digital Voice Remote Code Execution Vulnerability

A vulnerability in the web server used in the Cisco Cable Modem with Digital Voice Model DPC2203 could allow an unauthenticated, remote attacker to exploit a buffer overflow and cause arbitrary code execution. The vulnerability is due to improper input validation for HTTP requests. An attacker...

Cisco Spark Representational State Transfer Interface Unauthorized Access Vulnerability

A vulnerability in the Representational State Transfer REST interface of Cisco Spark could allow an unauthenticated, remote attacker to make changes to an affected system system. The vulnerability is due to improper implementation of authorization controls when accessing certain web pages of the...

Cisco Prime Collaboration Provisioning Local Privilege Escalation Vulnerability

A vulnerability in the command-line interface CLI of the Cisco Prime Collaboration server could allow an authenticated, local attacker to access the underlying Linux operating system with the privileges of the root user. The vulnerability is due to insufficient sanitization of user-supplied input...

Cisco Unity Connection Web Framework Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to execute a cross-site scripting XSS attack. The vulnerability is due to insufficient input validation of user-supplied input. An attacker could exploit this vulnerability by convincing...

Cisco Small Business 500 Series Switches Denial of Service Vulnerability

A vulnerability in the web-based GUI of the Cisco Small Business 500 Series Stackable Managed Switches could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to insufficient handling of HTTP requests. An attacker...

Cisco Integrated Management Controller Denial of Service Vulnerability

A vulnerability in Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker to make the IMC IP interface inaccessible. The vulnerability is due to incomplete sanitization of input for certain parameters. An attacker could exploit this vulnerability by sending a...

Cisco Hosted Collaboration Mediation Fulfillment SOAP API Sensitive Information Disclosure Vulnerability

A vulnerability in the Simple Object Access Protocol SOAP application programming interface API of the Cisco Hosted Collaboration Mediation Fulfillment application could allow an authenticated, remote attacker to obtain sensitive information that should be restricted. The attacker must authentica...

Cisco Emergency Responder Service Web Framework Cross-Site Request Forgery Vulnerability

A vulnerability in the web framework of Cisco Emergency Responder server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against a user of the web interface. The vulnerability is due to insufficient CSRF protections. An attacker could exploit th...

Cisco Unified Email Interaction Manager and Cisco Unified Web Interaction Manager XSS Vulnerability

A vulnerability in the web interface of Cisco Unified Email Interaction Manager and Cisco Unified Web Interaction Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the affected system. The vulnerability is due to insufficient...

Cisco Firepower 9000 Arbitrary File Read Access Script Vulnerability

A vulnerability in a user script supplied with Cisco Firepower 9000 devices could allow an authenticated, remote attacker to view any file on the device, even ones that should be restricted to authenticated users. The vulnerability is due to lack of input validation of the parameters passed to...

Cisco ASR 5000 CDMA PMIpv6 Denial of Service Vulnerability

A vulnerability in the Proxy Mobile IPv6 PMIPv6 protocol implementation of the Cisco Aggregation Services Router ASR ASR 5000 for Cisco Code Division Multiple Access CDMA System Software could allow an unauthenticated, remote attacker to cause a partial denial of service DoS condition due to the...

Cisco Application Policy Infrastructure Controller Privilege Escalation SSH Key Vulnerability

A vulnerability in SSH key handling for user accounts in Cisco Application Policy Infrastructure Controller APIC could allow an authenticated, local attacker to elevate privileges. The vulnerability is due to improper validation of SSH keys local users add their accounts. An attacker could exploi...

Cisco ASR 9000 Series Aggregation Services Routers Denial of Service Vulnerability

A vulnerability in the DHCP version 6 DHCPv6 server implementation of Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to improper handling of certain DHCPv6 packets. An attacker could exploit this...

Cisco Security Mail Appliance Email Spam Quarantine Privilege Escalation Vulnerability

A vulnerability in the email Spam Quarantine, Lightweight Directory Access Protocol LDAP authentication of the Cisco Content Security Management Appliance SMA could allow an authenticated, remote attacker to escalate privileges to those of the Spam Quarantine. The vulnerability is due to improper...

Cisco Unified Interaction Manager Web Interface Authorization Bypass Vulnerability

A vulnerability in the Cisco Unified Interaction Manager web interface could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. The vulnerability is due to insufficient validation of user-supplied data against the application authorization contr...

Cisco Edge 340 Series Digital Media Player File Disclosure Vulnerability

A vulnerability in the Cisco Edge 340 webGUI configuration export functionality could allow an authenticated, remote attacker to gain access to sensitive information. The vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability to view sensitive...

Cisco Application Policy Infrastructure Controller Access Control Vulnerability

A vulnerability in the cluster management configuration of the Cisco Application Policy Infrastructure Controller APIC and the Cisco Nexus 9000 Series ACI Mode Switch could allow an authenticated, remote attacker to access the APIC as the root user. The vulnerability is due to improper...

Cisco WebEx Meetings Server Cross-Site Request Forgery Vulnerability

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to perform a cross-site request forgery CSRF attack. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerability by convincing a user of the affected system t...