Cisco Unified MeetingPlace Server Cross-Site Scripting Vulnerability

Cisco Unified MeetingPlace Server contains a vulnerability that could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to insufficient sanitization of user-supplied input processed by the Cisco Unified MeetingPlace software. An...

Cisco Unity Express Cross-Site Scripting Vulnerabilities

Cisco Unity Express contains multiple vulnerabilities that could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerabilities are due to insufficient sanitization of user-supplied input processed by the Cisco Unity Express software. An unauthenticated,...

Cisco Carrier Routing System Small Packets Denial of Service Vulnerability

Cisco Carrier Routing System CRS contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on a targeted system. The vulnerability is due to the improper handling of malformed packets processed by the affected software. An...

Cisco Secure Access Control System TACACS+ Authentication Bypass Vulnerability

Cisco Secure Access Control System ACS contains a vulnerability that could allow an unauthenticated, remote attacker to bypass TACACS+ based authentication services offered by the affected application. The vulnerability is due to improper validation of user-supplied input processed by the affecte...

Cisco Catalyst 4500E Series Switch with Cisco Catalyst Supervisor Engine 7L-E Denial of Service Vulnerability

The Catalyst 4500E series switch with Supervisor Engine 7L-E contains a denial of service DoS vulnerability when processing specially crafted packets that can cause a reload of the device. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this...

Multiple Vulnerabilities in Cisco TelePresence Recording Server

Cisco TelePresence Recording Server contains the following vulnerabilities: Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability Cisco TelePresence Web Interface Command Injection Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability Exploitation of...

Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client

The Cisco AnyConnect Secure Mobility Client is affected by the following vulnerabilities: Cisco AnyConnect Secure Mobility Client VPN Downloader Arbitrary Code Execution Vulnerability Cisco AnyConnect Secure Mobility Client VPN Downloader Software Downgrade Vulnerability Cisco AnyConnect Secure...

Cisco IOS Software Zone-Based Firewall Vulnerabilities

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

Cisco Small Business SRP 500 Series Multiple Vulnerabilities

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

Cisco Show and Share File Upload Arbitrary Code Execution Vulnerability

Cisco Show and Share contains a vulnerability that could allow an authenticated, remote attacker to execute code on a vulnerable device. The vulnerability is due to insecure restrictions when allowing videos to be uploaded to an affected device. An authenticated, remote attacker with privileges t...

Directory Traversal Vulnerability in Cisco Network Admission Control Manager

Cisco Network Admission Control NAC Manager contains a directory traversal vulnerability that may allow an unauthenticated attacker to obtain system information. There are no workarounds to mitigate this vulnerability. Cisco has released software updates that address this vulnerability. This...

Multiple Vulnerabilities in Cisco TelePresence Recording Server

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

Multiple Vulnerabilities in Cisco Network Building Mediator

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

Cisco Unified Communications Manager Express Vulnerability

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

Cisco IOS Software Object-group Access Control List Bypass Vulnerability

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

Firewall Services Module Crafted ICMP Message Vulnerability

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

Vulnerabilities in Cisco Video Surveillance Products

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

Cisco ASA Adaptive Security Appliance Clientless SSL VPN CIFS and FTP Credential Theft Vulnerability

Cisco ASA Adaptive Security Appliance Software versions prior to 8.0.434, 8.1.225, and 8.2.13 that have been configured to accept Clientless SSL VPN connections contain a vulnerability that could allow an unauthenticated, remote attacker to steal user account credentials. Versions 7.x are not...

Cisco IOS Software WebVPN and SSLVPN Vulnerabilities

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

Cisco IOS IPS Denial of Service Vulnerability

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

CiscoWorks Common Services Arbitrary Code Execution Vulnerability

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

Application Inspection Vulnerability in Cisco Firewall Services Module

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

Denial of Service Vulnerability in Cisco Wide Area Application Services (WAAS) Software

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

Cisco Security Agent for Linux Port Scan Denial of Service

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

Cisco VPN 3000 Concentrator FTP Management Vulnerabilities

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

Multiple Crafted IPv6 Packets Cause Reload

...

Cisco IOS Malformed BGP Packet Causes Reload

...

Vulnerabilities in SNMP Message Processing

...

Cisco CSS 11000 Series Content Services Switches Malformed UDP Packet Vulnerability

...

HTTP GET Vulnerability in AP1x00

...

Cisco IOS XE Software Web-Based Management Interface Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco IOS XE Software could allow a remote attacker to read files from the underlying operating system, read limited parts of the configuration file, clear the syslog, or conduct a cross-site request forgery CSRF attack on an...

Cisco Catalyst SD-WAN Manager Arbitrary File Creation Vulnerability

A vulnerability in the application data endpoints of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to write arbitrary files to an affected system. This vulnerability is due to improper validation of requests to APIs. An attacker could...

Cisco Webex App Client-Side Remote Code Execution Vulnerability

A vulnerability in the custom URL parser of Cisco Webex App could allow an unauthenticated, remote attacker to persuade a user to download arbitrary files, which could allow the attacker to execute arbitrary commands on the host of the targeted user. This vulnerability is due to insufficient inpu...

Cisco Enterprise Chat and Email Denial of Service Vulnerability

A vulnerability in chat messaging features of Cisco Enterprise Chat and Email ECE could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. This vulnerability is due to improper validation of user-supplied input to chat entry points. An attacker could exploit thi...

Cisco Secure Firewall Management Center Software SQL Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to perform an SQL injection attack against an affected device. To exploit this vulnerability,...

Cisco Secure Firewall Management Center Software SQL Injection Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Secure Firewall Management Center FMC Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities exist...

Cisco Adaptive Security Appliance and Firepower Threat Defense Software IKEv2 VPN Denial of Service Vulnerability

A vulnerability in the Internet Key Exchange version 2 IKEv2 protocol for VPN termination of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected...

Cisco Webex App Vulnerabilities

Multiple vulnerabilities in Cisco Webex App could allow an unauthenticated attacker to gain access to sensitive credential information. For more information about these vulnerabilities, see the Details "details" section of this advisory. Cisco has released software updates that address these...

Cisco Crosswork Network Services Orchestrator Privilege Escalation Vulnerability

A vulnerability in the Tail-f High Availability Cluster Communications HCC function pack of Cisco Crosswork Network Services Orchestrator NSO could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability exists because a user-controlled searc...

Cisco IOS XR Software DHCP Version 4 Server Denial of Service Vulnerability

A vulnerability in the DHCP version 4 DHCPv4 server feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to trigger a crash of the dhcpd process, resulting in a denial of service DoS condition. This vulnerability exists because certain DHCPv4 messages are improperly...

Cisco IOS XR Software Layer 2 Services Denial of Service Vulnerability

A vulnerability in the Layer 2 Ethernet services of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the line card network processor to reset, resulting in a denial of service DoS condition. This vulnerability is due to the incorrect handling of specific Ethernet...

Cisco Firepower Threat Defense Software Snort 3 Detection Engine Denial of Service Vulnerability

A vulnerability in the TLS 1.3 implementation of the Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause the Snort 3 detection engine to unexpectedly restart. This vulnerability is due to a logic error in how memory allocations are handled during a...

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Access SSL VPN Multiple Certificate Authentication Bypass Vulnerability

A vulnerability in the remote access SSL VPN feature of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, remote attacker to bypass a configured multiple certificate authentication policy and connect using only a valid...

Cisco Meeting Server Web Bridge Denial of Service Vulnerability

A vulnerability in an API of the Web Bridge feature of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. This vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending...

Cisco Software-Defined Application Visibility and Control on Cisco vManage Static Username and Password Vulnerability

A vulnerability in authentication mechanism of Cisco Software-Defined Application Visibility and Control SD-AVC on Cisco vManage could allow an unauthenticated, remote attacker to access the GUI of Cisco SD-AVC using a default static username and password combination. This vulnerability exists...

Cisco IP Phone Duplicate Key Vulnerability

A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user's phone if the Cisco Unified Communications Manager CUCM is in secure mode. This vulnerability is due to improper key generation during the manufacturing process that could resul...

Cisco Secure Network Analytics Network Diagrams Application Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of the Network Diagrams application for Cisco Secure Network Analytics, formerly Stealthwatch Enterprise, could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This...

Cisco Umbrella Secure Web Gateway File Inspection Bypass Vulnerability

A vulnerability in the Cisco Umbrella Secure Web Gateway service could allow an unauthenticated, remote attacker to bypass the file inspection feature. This vulnerability is due to insufficient restrictions in the file inspection feature. An attacker could exploit this vulnerability by downloadin...

Cisco Redundancy Configuration Manager for Cisco StarOS Software Multiple Vulnerabilities

Multiple vulnerabilities in Cisco Redundancy Configuration Manager RCM for Cisco StarOS Software could allow a unauthenticated, remote attacker to disclose sensitive information or execute arbitrary commands as the root user in the context of the configured container. For more information about...

Cisco SD-WAN vManage Software Command Injection Vulnerability

A vulnerability in the remote management feature of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to inject arbitrary commands and potentially gain elevated privileges. The vulnerability is due to improper validation of commands to the remote management CLI of the...