5226 matches found
Cisco FireSIGHT Management Center Policy Code for VMware Privilege Escalation Vulnerability
A vulnerability in the policy code of Cisco FireSIGHT Management Center for VMware could allow an authenticated, remote attacker to access the underlying Linux operating system with the privileges of the root user. The vulnerability is due to insufficient sanitization of user-supplied input. An...
Cisco Application Policy Infrastructure Controller Privilege Escalation SSH Key Vulnerability
A vulnerability in SSH key handling for user accounts in Cisco Application Policy Infrastructure Controller APIC could allow an authenticated, local attacker to elevate privileges. The vulnerability is due to improper validation of SSH keys local users add their accounts. An attacker could exploi...
Cisco Prime Collaboration Provisioning Web Framework Access Controls Bypass Vulnerability
A vulnerability in the web framework of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to access higher-privileged functions. An exploit could allow the attacker to access functions, some of which should be accessible only to users who have administrative...
Cisco Security Mail Appliance Email Spam Quarantine Privilege Escalation Vulnerability
A vulnerability in the email Spam Quarantine, Lightweight Directory Access Protocol LDAP authentication of the Cisco Content Security Management Appliance SMA could allow an authenticated, remote attacker to escalate privileges to those of the Spam Quarantine. The vulnerability is due to improper...
Cisco Unified Interaction Manager Web Interface Authorization Bypass Vulnerability
A vulnerability in the Cisco Unified Interaction Manager web interface could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. The vulnerability is due to insufficient validation of user-supplied data against the application authorization contr...
Cisco Edge 340 Series Digital Media Player File Disclosure Vulnerability
A vulnerability in the Cisco Edge 340 webGUI configuration export functionality could allow an authenticated, remote attacker to gain access to sensitive information. The vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability to view sensitive...
Cisco ASR 1000 Series Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability
A vulnerability in the code handling the reassembly of fragmented IP version 4 IPv4 or IP version 6 IPv6 packets of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a crash of the Embedded Services Processor ESP...
Cisco Firepower 9000 Series Unauthenticated Web Page Vulnerability
A vulnerability in the web interface of the Cisco Firepower 9000 device could allow an unauthenticated, remote attacker to access a web page that should be restricted. The vulnerability is due to improper authentication validation. An attacker could exploit this vulnerability by accessing a certa...
Cisco Wireless LAN Controller Command Injection Vulnerability
A vulnerability in the command-line interface CLI processor of the Cisco Wireless LAN Controller WLC could allow an authenticated, local attacker to inject arbitrary commands that are executed with elevated privileges on the underlying operating system. The vulnerability is due to insufficient...
Cisco Prime Network Control System Unauthorized Configuration Vulnerability
A vulnerability in the authentication, authorization, and accounting AAA user roles of the Cisco Prime Network Control System NCS network management application could allow an authenticated, remote attacker who is logged in as a system monitor user to perform configuration tasks. The vulnerabilit...
Cisco Unified Email Interaction Manager and Cisco Unified Web Interaction Manager SQL Injection Vulnerability
A vulnerability in the Cisco Unified Email Interaction Manager EIM and Cisco Unified Web Interaction Manager WIM interface could allow an unauthenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries. The vulnerability is due to a lack of input...
Cisco Unified Communications Manager Multiple Vulnerabilities
Multiple vulnerabilities in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS, cross-site request forgery XSRF, and phishing attacks on the affected software. The vulnerabilities are due to improper input validation of certain...
Cisco IOS XE Software OTV Processing Code Denial of Service Vulnerability
A vulnerability in the Overlay Transport Virtualization OTV processing code of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a reload of the affected device. The vulnerability is due to improper processing of oversized OTV frames passing through an affected...
Cisco FireSIGHT Management Center Web Framework HTTP Header Redirection Vulnerability
A vulnerability in the web framework of Cisco FireSIGHT Management Center could allow an unauthenticated, remote attacker to inject a crafted HTTP header that causes users to be redirected to a malicious website. The vulnerability is due to insufficient validation of user input before it is used ...
Cisco TelePresence Collaboration Desk and Room Endpoints HTML Redirect Vulnerability
A vulnerability within the login page of the web user interface of Cisco TelePresence Collaboration Desk and Room Endpoints devices running TC Software could allow an unauthenticated, remote attacker to conduct HTML redirection attacks. The vulnerability is due to improper input validation of...
Cisco Nexus 9000 Series Denial of Service Vulnerability
A vulnerability in the SNMP subsystem of Cisco Nexus 9000 software could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability occurs when the High Availability HA policy is set to Reset in the affected software. An authenticated, remote attacker...
Cisco Unified Web Interaction Manager Cross-Site Scripting Vulnerability
A vulnerability in Cisco Unified Web Interaction Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability is due to a lack of input sanitization of the Cisco Unified Web...
Cisco AsyncOS Software HTTP Redirect Vulnerability
A vulnerability in the web framework of Cisco AsyncOS could allow an unauthenticated, remote attacker to inject a crafted HTTP header that could cause a web page redirection to a malicious website. The vulnerability is due to insufficient validation of user input before it is used as an HTTP head...
Cisco Prime Service Catalog XML External Entity Processing Vulnerability
A vulnerability in the configuration of the XML parser of Cisco Prime Service Catalog could allow an authenticated, remote attacker to access sensitive data stored on the host operating system or cause system resource consumption that could cause a denial of service condition. Cisco has released...
Cisco Identity Services Engine Cross-Site Scripting Vulnerability
A vulnerability in the web framework of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface on the affected system. The vulnerability is due to insufficient input validation on several web...
Cisco Secure Access Control Server Privilege Escalation Vulnerability
A vulnerability in role-based access control in Cisco Secure Access Control Server ACS could allow an authenticated, remote attacker to take actions with an elevated authorization level. The vulnerability is due to improper privilege validation. An attacker could exploit the vulnerability by...
Cisco MDS 9000 Series Denial of Service Vulnerability
A vulnerability in the high availability HA subsystem of Cisco NX-OS running on MDS 9000 series devices could allow an unauthenticated, remote attacker to cause a denial of device DoS condition. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerabilit...
Cisco Jabber Guest Server Cross-Site Scripting Vulnerability
Cisco Jabber Guest Server contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input validation of some parameters...
Cisco Unified Communications Manager IM and Presence Service Enumeration Vulnerability
A vulnerability in the web framework of the Cisco Unified Communications Manager IM and Presence Service could allow an unauthenticated, remote attacker to enumerate valid user accounts. The vulnerability is due to improper sanitization of a returned message. An attacker could exploit this...
Cisco Unified Communications Manager Service Interface Reflected Cross-Site Scripting Vulnerability
A vulnerability in the CCM Service interface of the Cisco Unified Communications Manager Server contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerabilit...
Cisco Unified Communications Manager Admin Interface Reflected Cross-Site Scripting Vulnerability
A vulnerability in the CCM admin interface of the Cisco Unified Communications Manager Server contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability ...
Cisco Unified Communications Manager DNA Interface Reflected Cross-Site Scripting Vulnerability
A vulnerability in the CCM Dialed Number Analyzer interface of the Cisco Unified Communications Manager Server contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. T...
Cisco ASR901 Crafted IPv4 Packet Denial of Service Vulnerability
A vulnerability in Internet Protocol version 4 IPv4 packet processing of the Cisco ASR901 could allow an unauthenticated, remote attacker to flood packets to the ASR901 CPU. The vulnerability is due to punting crafted IPv4 packets to the CPU for processing. An attacker could exploit this...
Cisco IOS XR Software Packet Parsing Denial of Service Vulnerability
A vulnerability in the packet parsing code of Cisco IOS XR Software for ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to cause a lockup and eventual reload of a Network Processor NP chip and a line card processing traffic. The vulnerability is due ...
Cisco NX-OS Software SNMP Information Disclosure Vulnerability
A vulnerability in the Simple Network Management Protocol SNMP module of Cisco NX-OS Software could allow an unauthenticated, remote attacker to access sensitive information. The vulnerability is due to a failure to respond to invalid requests in the same manner when specifying a VLAN ID. An...
Cisco Unified Customer Voice Portal Cross-Site Scripting Vulnerability
A vulnerability in the web based administration interface of the Cisco Unified Customer Voice Portal CVP could allow an unauthenticated, remote attacker to perform a cross-site scripting XSS attack against the user of a web interface. The vulnerability is due to insufficient input validation of a...
Cisco Prime Data Center Network Manager Cross-Site Scripting Vulnerability
A vulnerability in the web server hosting the Cisco Prime Data Center Network Manager could allow an unauthenticated, remote attacker to perform a cross-site scripting XSS attack against the user of the web interface. The issue is due to insufficient input validation of parameters by the web...
Cisco WebEx Meetings Server User Enumeration Vulnerability
A vulnerability in the web framework of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to enumerate valid user accounts. The vulnerability is due to improper sanitization of a returned message. An attacker could exploit this vulnerability by sending crafted URL reques...
Cisco Wireless Residential Gateway Remote Code Execution Vulnerability
A vulnerability in the web server used in multiple Cisco Wireless Residential Gateway products could allow an unauthenticated, remote attacker to exploit a buffer overflow and cause arbitrary code execution. The vulnerability is due to incorrect input validation for HTTP requests. An attacker cou...
Cisco Unified Communications Manager DNA Path Traversal Vulnerability
A vulnerability in the /dna/viewfilecontents.do URL of the Cisco Unified Communications Manager Dialed Number Analyzer DNA could allow an authenticated, remote attacker to view files from specific locations on the filesystem. The vulnerability is due to insufficient input validation. An attacker...
Multiple Vulnerabilities in the Cisco WebEx Recording Format and Advanced Recording Format Players
Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Recording Format WRF and Advanced Recording Format ARF Players. Exploitation of these vulnerabilities could allow a remote attacker to cause an affected player to crash and, in some cases, could allow a remote attacker to execute...
Cisco Unified Contact Center Express DRS Sensitive Information Disclosure Vulnerability
A vulnerability in the disaster recovery system DRS of Cisco Unified Contact Center Express Cisco Unified CCX could allow an authenticated, remote attacker to acquire sensitive information about DRS-related devices. The vulnerability is due to extraneous information included in the web page. An...
Cisco Unified Communications Manager CAPF CLI Command Injection Vulnerability
A vulnerability in the Certificate Authority Proxy Function CAPF command-line interface CLI of Cisco Unified Communications Manager Cisco Unified CM could allow an authenticated, local attacker to inject commands into the underlying operating system. The vulnerability is due to insufficient input...
Cisco Secure Access Control System Cross-Site Scripting Vulnerability
A vulnerability in the web framework of Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface on the affected system. The vulnerability is due to insufficient input validation of a...
Cisco Context Directory Agent Replayed RADIUS Accounting Message Vulnerability
A vulnerability in RADIUS message processing of Cisco Context Directory Agent CDA could allow an unauthenticated, remote attacker to affect the contents of the CDA cache. The vulnerability is due to insufficient validation of RADIUS accounting messages. An attacker could exploit this vulnerabilit...
Cisco Unified Presence Server SQL Injection Vulnerability
A vulnerability in the web interface of Cisco Unified Presence Server could allow an authenticated, remote attacker to impact the confidentiality, integrity, and availability of the affected system by executing arbitrary SQL queries. The vulnerability is due to a failure to validate user-supplied...
Cisco Unified IP Phone 8900/9900 Series Insecure File Permissions Vulnerability
A vulnerability in Cisco Unified IP Phone 9951, Cisco Unified IP Phone 9971, and Cisco Unified IP Phone 8961 could allow an authenticated, local attacker to fully compromise the affected device. The vulnerability is due to insecure file permissions on memory block devices. An attacker could explo...
Cisco Nexus 4000 Series Switches IPv6 Denial of Service Vulnerability
A vulnerability in the IP version 6 IPv6 packet handling routine of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a device to stop responding to neighbor solicitation NS requests, causing a limited denial of service DoS condition. The vulnerability is due to...
Cisco Adaptive Security Appliance Phone Proxy Database Entry Manipulation Vulnerability
A vulnerability in the phone proxy feature of the Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to temporarily insert an invalid entry in the phone proxy connection database. The vulnerability is due to the acceptance of an untrusted certificate. An attacke...
Cisco WAAS Mobile Remote Code Execution Vulnerability
Cisco Wide Area Application Services WAAS Mobile contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the Cisco WAAS Mobile server with the privileges of the Microsoft Internet Information Services IIS web server. Cisco has released software...
Cisco Adaptive Security Appliance Software Clientless SSL VPN Rewriter Denial of Service Vulnerability
A vulnerability in the clientless SSL VPN feature of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker to cause an affected system to reload. The vulnerability is due to a stack overflow while browsing internal resources via the clientless SSL VPN portal...
Cisco Secure Access Control System Distributed Deployment Denial of Service Vulnerability
A vulnerability in the firewall modules of Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to cause certain internal processes to crash. The vulnerability is due to improper implementation of the firewall rule to limit incoming packets. An attacker could...
Cisco Unified Computing System Fabric Interconnect Information Disclosure Vulnerability
A vulnerability in the Fabric Interconnect of Cisco Unified Computing System could allow an unauthenticated, remote attacker to capture KVM media connection credentials. The vulnerability is due to improperly securing the KVM media traffic between the server and the client. An attacker could...
Cisco Identity Services Engine Sponsor Portal Cross-Frame Scripting Vulnerability
A vulnerability in the Sponsor Portal of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack. The vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerability by directing a...
Cisco NX-OS Software Routing Information Protocol Denial of Service Vulnerability
A vulnerability in the Routing Information Protocol RIP service engine of Cisco NX-OS Software could allow an unauthenticated, remote attacker to create a denial of service DoS condition by causing the RIP service engine to restart. The vulnerability is due to improper input filtering of RIP...