Cisco Unity Connection Web Framework Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to execute a cross-site scripting XSS attack. The vulnerability is due to insufficient input validation of user-supplied input. An attacker could exploit this vulnerability by convincing...

Cisco Small Business 500 Series Switches Denial of Service Vulnerability

A vulnerability in the web-based GUI of the Cisco Small Business 500 Series Stackable Managed Switches could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to insufficient handling of HTTP requests. An attacker...

Cisco Integrated Management Controller Denial of Service Vulnerability

A vulnerability in Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker to make the IMC IP interface inaccessible. The vulnerability is due to incomplete sanitization of input for certain parameters. An attacker could exploit this vulnerability by sending a...

Cisco Hosted Collaboration Mediation Fulfillment SOAP API Sensitive Information Disclosure Vulnerability

A vulnerability in the Simple Object Access Protocol SOAP application programming interface API of the Cisco Hosted Collaboration Mediation Fulfillment application could allow an authenticated, remote attacker to obtain sensitive information that should be restricted. The attacker must authentica...

Cisco Emergency Responder Service Web Framework Cross-Site Request Forgery Vulnerability

A vulnerability in the web framework of Cisco Emergency Responder server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against a user of the web interface. The vulnerability is due to insufficient CSRF protections. An attacker could exploit th...

Cisco Unified Email Interaction Manager and Cisco Unified Web Interaction Manager XSS Vulnerability

A vulnerability in the web interface of Cisco Unified Email Interaction Manager and Cisco Unified Web Interaction Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the affected system. The vulnerability is due to insufficient...

Cisco Unified Computing System Central Software Cross-Site Scripting Vulnerability

A vulnerability in the HTTP web-based management interface of Cisco Unified Computing System UCS Central Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of the affected system. The vulnerability is due to...

Cisco Firepower 9000 Arbitrary File Read Access Script Vulnerability

A vulnerability in a user script supplied with Cisco Firepower 9000 devices could allow an authenticated, remote attacker to view any file on the device, even ones that should be restricted to authenticated users. The vulnerability is due to lack of input validation of the parameters passed to...

Cisco ASA Software DNS Denial of Service Vulnerability

A vulnerability in the DNS code of Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to cause an affected system to reload. The vulnerability is due to improper processing of DNS packets. An attacker could exploit this vulnerability by sending a crafte...

Cisco Application Policy Infrastructure Controller Privilege Escalation SSH Key Vulnerability

A vulnerability in SSH key handling for user accounts in Cisco Application Policy Infrastructure Controller APIC could allow an authenticated, local attacker to elevate privileges. The vulnerability is due to improper validation of SSH keys local users add their accounts. An attacker could exploi...

Cisco ASR 9000 Series Aggregation Services Routers Denial of Service Vulnerability

A vulnerability in the DHCP version 6 DHCPv6 server implementation of Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to improper handling of certain DHCPv6 packets. An attacker could exploit this...

Cisco Security Mail Appliance Email Spam Quarantine Privilege Escalation Vulnerability

A vulnerability in the email Spam Quarantine, Lightweight Directory Access Protocol LDAP authentication of the Cisco Content Security Management Appliance SMA could allow an authenticated, remote attacker to escalate privileges to those of the Spam Quarantine. The vulnerability is due to improper...

Cisco Unified Interaction Manager Web Interface Authorization Bypass Vulnerability

A vulnerability in the Cisco Unified Interaction Manager web interface could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. The vulnerability is due to insufficient validation of user-supplied data against the application authorization contr...

Cisco Edge 340 Series Digital Media Player File Disclosure Vulnerability

A vulnerability in the Cisco Edge 340 webGUI configuration export functionality could allow an authenticated, remote attacker to gain access to sensitive information. The vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability to view sensitive...

Cisco ASR 1000 Series Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability

A vulnerability in the code handling the reassembly of fragmented IP version 4 IPv4 or IP version 6 IPv6 packets of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a crash of the Embedded Services Processor ESP...

Cisco Firepower 9000 Series Unauthenticated Web Page Vulnerability

A vulnerability in the web interface of the Cisco Firepower 9000 device could allow an unauthenticated, remote attacker to access a web page that should be restricted. The vulnerability is due to improper authentication validation. An attacker could exploit this vulnerability by accessing a certa...

Cisco Email Security Appliance Malformed DMARC Policy Records File Modification Vulnerability

A vulnerability in the Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to generate malformed Domain-Based Message Authentication, Reporting, and Conformance DMARC policy records to the targeted system. The vulnerability occurs because the affected ESA is not abl...

Cisco Packet Data Network Gateway IP Stack Denial of Service Vulnerability

A vulnerability in the IP stack of the Cisco Packet Data Network Gateway PGW could allow an unauthenticated, remote attacker to cause a partial denial of service DoS of the Session Manager service when a malformed IP packet is received. The vulnerability is due to improper input validation of...

Cisco Wireless LAN Controller Command Injection Vulnerability

A vulnerability in the command-line interface CLI processor of the Cisco Wireless LAN Controller WLC could allow an authenticated, local attacker to inject arbitrary commands that are executed with elevated privileges on the underlying operating system. The vulnerability is due to insufficient...

Cisco Unified MeetingPlace Plain Text Password Information Disclosure Vulnerability

A vulnerability in Cisco Unified MeetingPlace could allow an authenticated, remote attacker to view passwords in plain text. The vulnerability is due to the inclusion of sensitive information in the web page source code of the affected software. An attacker could exploit this vulnerability to vie...

Cisco WebEx Meeting Center Web-Based Administrative Interface User Enumeration Vulnerability

A vulnerability in the web-based administrative interface of Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to enumerate valid usernames and determine if the usernames have administrative privileges. The vulnerability is due to a logic error in the handling of invalid...

Cisco Prime Network Control System Unauthorized Configuration Vulnerability

A vulnerability in the authentication, authorization, and accounting AAA user roles of the Cisco Prime Network Control System NCS network management application could allow an authenticated, remote attacker who is logged in as a system monitor user to perform configuration tasks. The vulnerabilit...

Cisco Unified Email Interaction Manager and Cisco Unified Web Interaction Manager SQL Injection Vulnerability

A vulnerability in the Cisco Unified Email Interaction Manager EIM and Cisco Unified Web Interaction Manager WIM interface could allow an unauthenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries. The vulnerability is due to a lack of input...

Cisco Access Control Server Representational State Transfer Application Programming Interface Denial of Service Vulnerability

A vulnerability in the Representational State Transfer REST application programming interface API of the Cisco Access Control Server ACS could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to how the ACS REST API handles increased...

Cisco IOS XE Software OTV Processing Code Denial of Service Vulnerability

A vulnerability in the Overlay Transport Virtualization OTV processing code of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a reload of the affected device. The vulnerability is due to improper processing of oversized OTV frames passing through an affected...

Cisco TelePresence Collaboration Desk and Room Endpoints HTML Redirect Vulnerability

A vulnerability within the login page of the web user interface of Cisco TelePresence Collaboration Desk and Room Endpoints devices running TC Software could allow an unauthenticated, remote attacker to conduct HTML redirection attacks. The vulnerability is due to improper input validation of...

Cisco Wireless LAN Controller Task Name aaaQueueReader Denial of Service Vulnerability

A vulnerability in the web authentication feature of Cisco Wireless LAN Controller WLC could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition. The vulnerability is due to the improper handling of ill-formed passwords by the web authentication feature used by...

Cisco Intrusion Prevention System MainApp Secure Socket Layer Denial of Service Vulnerability

The Cisco Intrusion Prevention System IPS Software has a vulnerability within the SSL/TLS subsystem utilized by the web management interface which could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. Cisco has released software updates that address this...

Cisco AsyncOS Software HTTP Redirect Vulnerability

A vulnerability in the web framework of Cisco AsyncOS could allow an unauthenticated, remote attacker to inject a crafted HTTP header that could cause a web page redirection to a malicious website. The vulnerability is due to insufficient validation of user input before it is used as an HTTP head...

Cisco Prime Infrastructure Cross-Site Request Forgery Vulnerability

A vulnerability in the INSERT page of Cisco Prime Infrastructure PI could allow an unauthenticated, remote attacker to perform a cross-site request forgery CSRF attack against the Cisco PI web interface. The vulnerability is due to insufficient CSRF protections on the Cisco PI web interface. An...

Cisco Prime Service Catalog XML External Entity Processing Vulnerability

A vulnerability in the configuration of the XML parser of Cisco Prime Service Catalog could allow an authenticated, remote attacker to access sensitive data stored on the host operating system or cause system resource consumption that could cause a denial of service condition. Cisco has released...

Cisco Secure Access Control Server Privilege Escalation Vulnerability

A vulnerability in role-based access control in Cisco Secure Access Control Server ACS could allow an authenticated, remote attacker to take actions with an elevated authorization level. The vulnerability is due to improper privilege validation. An attacker could exploit the vulnerability by...

Cisco MDS 9000 Series Denial of Service Vulnerability

A vulnerability in the high availability HA subsystem of Cisco NX-OS running on MDS 9000 series devices could allow an unauthenticated, remote attacker to cause a denial of device DoS condition. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerabilit...

Cisco Jabber Guest Server Cross-Site Scripting Vulnerability

Cisco Jabber Guest Server contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input validation of some parameters...

Cisco Unified Computing System Manager Information Disclosure Vulnerability

A vulnerability in the system logs of the Cisco Unified Computing System Manager could allow an unauthenticated, remote attacker to view sensitive system information. The vulnerability is due to the inclusion of sensitive information in certain log files. An attacker could exploit this...

Cisco Unified Communications Manager IM and Presence Service Enumeration Vulnerability

A vulnerability in the web framework of the Cisco Unified Communications Manager IM and Presence Service could allow an unauthenticated, remote attacker to enumerate valid user accounts. The vulnerability is due to improper sanitization of a returned message. An attacker could exploit this...

Cisco Unified Communications Manager Admin Interface Reflected Cross-Site Scripting Vulnerability

A vulnerability in the CCM admin interface of the Cisco Unified Communications Manager Server contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability ...

Cisco Unified Communications Manager DNA Interface Reflected Cross-Site Scripting Vulnerability

A vulnerability in the CCM Dialed Number Analyzer interface of the Cisco Unified Communications Manager Server contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. T...

Cisco ASR901 Crafted IPv4 Packet Denial of Service Vulnerability

A vulnerability in Internet Protocol version 4 IPv4 packet processing of the Cisco ASR901 could allow an unauthenticated, remote attacker to flood packets to the ASR901 CPU. The vulnerability is due to punting crafted IPv4 packets to the CPU for processing. An attacker could exploit this...

Cisco Unified Communications Manager Cross-Site Redirection Vulnerability

A vulnerability in the web framework code of Cisco Unified Communications Manager Cisco Unified CM could allow an authenticated, remote attacker to conduct a reflected cross-site scripting XSS attack. The vulnerability is due to insufficient validation of a parameter. Cisco has confirmed the...

Cisco NX-OS Software SNMP Information Disclosure Vulnerability

A vulnerability in the Simple Network Management Protocol SNMP module of Cisco NX-OS Software could allow an unauthenticated, remote attacker to access sensitive information. The vulnerability is due to a failure to respond to invalid requests in the same manner when specifying a VLAN ID. An...

Cisco Unified Customer Voice Portal Cross-Site Scripting Vulnerability

A vulnerability in the web based administration interface of the Cisco Unified Customer Voice Portal CVP could allow an unauthenticated, remote attacker to perform a cross-site scripting XSS attack against the user of a web interface. The vulnerability is due to insufficient input validation of a...

Cisco Prime Data Center Network Manager Cross-Site Scripting Vulnerability

A vulnerability in the web server hosting the Cisco Prime Data Center Network Manager could allow an unauthenticated, remote attacker to perform a cross-site scripting XSS attack against the user of the web interface. The issue is due to insufficient input validation of parameters by the web...

Cisco WebEx Meetings Server User Enumeration Vulnerability

A vulnerability in the web framework of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to enumerate valid user accounts. The vulnerability is due to improper sanitization of a returned message. An attacker could exploit this vulnerability by sending crafted URL reques...

Multiple Vulnerabilities in the Cisco WebEx Recording Format and Advanced Recording Format Players

Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Recording Format WRF and Advanced Recording Format ARF Players. Exploitation of these vulnerabilities could allow a remote attacker to cause an affected player to crash and, in some cases, could allow a remote attacker to execute...

Cisco Unified Communications Manager CAPF CLI Command Injection Vulnerability

A vulnerability in the Certificate Authority Proxy Function CAPF command-line interface CLI of Cisco Unified Communications Manager Cisco Unified CM could allow an authenticated, local attacker to inject commands into the underlying operating system. The vulnerability is due to insufficient input...

Cisco Unified Communications Manager Enterprise License Manager Information Disclosure Vulnerability

A vulnerability in the Enterprise License Manager ELM of Cisco Unified Communications Manager Cisco Unified CM could allow an unauthenticated, remote attacker to access underlying ELM files. The vulnerability is due to insufficient authentication enforcement. An attacker could exploit this...

Cisco WebEx Meetings Server Unauthorized Meeting Actions Vulnerability

A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attackers to join meetings they have not been authorized to attend or to end meetings for which they are not the host. The vulnerability is due to insufficient validation of user-supplied input. An attacker could...

Cisco Secure Access Control System Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface on the affected system. The vulnerability is due to insufficient input validation of a...

Cisco Context Directory Agent Replayed RADIUS Accounting Message Vulnerability

A vulnerability in RADIUS message processing of Cisco Context Directory Agent CDA could allow an unauthenticated, remote attacker to affect the contents of the CDA cache. The vulnerability is due to insufficient validation of RADIUS accounting messages. An attacker could exploit this vulnerabilit...