Vulnerabilities in Cisco SN 5420 Storage Routers

...

Cisco Catalyst SD-WAN Manager Arbitrary File Creation Vulnerability

A vulnerability in the application data endpoints of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to write arbitrary files to an affected system. This vulnerability is due to improper validation of requests to APIs. An attacker could...

Cisco IOS XE Software for Cisco ASR 903 Aggregation Services Routers ARP Denial of Service Vulnerability

A vulnerability in the Cisco Express Forwarding functionality of Cisco IOS XE Software for Cisco ASR 903 Aggregation Services Routers with Route Switch Processor 3 RSP3C could allow an unauthenticated, adjacent attacker to trigger a denial of service DoS condition. This vulnerability is due to...

Cisco Webex App Client-Side Remote Code Execution Vulnerability

A vulnerability in the custom URL parser of Cisco Webex App could allow an unauthenticated, remote attacker to persuade a user to download arbitrary files, which could allow the attacker to execute arbitrary commands on the host of the targeted user. This vulnerability is due to insufficient inpu...

Cisco Meraki MX and Z Series AnyConnect VPN Denial of Service Vulnerability

A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series devices could allow an authenticated, remote attacker to cause a denial of service DoS condition in the Cisco AnyConnect service on an affected device. To exploit this vulnerability, the attacker must...

Cisco Secure Firewall Management Center Software SQL Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to perform an SQL injection attack against an affected device. To exploit this vulnerability,...

Cisco Adaptive Security Appliance and Firepower Threat Defense Software VPN Web Client Services Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the VPN web client services feature of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a browser that is accessing an...

Cisco Secure Firewall Management Center Software Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Secure Firewall Management Center FMC Software, formerly Firepower Management Center Software, could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an...

Cisco Catalyst SD-WAN Routers Denial of Service Vulnerability

A vulnerability in the process that classifies traffic that is going to the Unified Threat Defense UTD component of Cisco IOS XE Software in controller mode could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability exists...

Cisco IOS XE Software SD-Access Fabric Edge Node Denial of Service Vulnerability

A vulnerability in the DHCP Snooping feature of Cisco IOS XE Software on Software-Defined Access SD-Access fabric edge nodes could allow an unauthenticated, remote attacker to cause high CPU utilization on an affected device, resulting in a denial of service DoS condition that requires a manual...

Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. For more information about these vulnerabilities, see the Details "detail...

Cisco Webex App Vulnerabilities

Multiple vulnerabilities in Cisco Webex App could allow an unauthenticated attacker to gain access to sensitive credential information. For more information about these vulnerabilities, see the Details "details" section of this advisory. Cisco has released software updates that address these...

Cisco IOS XR Software DHCP Version 4 Server Denial of Service Vulnerability

A vulnerability in the DHCP version 4 DHCPv4 server feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to trigger a crash of the dhcpd process, resulting in a denial of service DoS condition. This vulnerability exists because certain DHCPv4 messages are improperly...

Cisco IOS XR Software SSH Privilege Escalation Vulnerability

A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System NCS 540 Series and 5700 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to...

Cisco Firepower Threat Defense Software Snort 3 Detection Engine Denial of Service Vulnerability

A vulnerability in the TLS 1.3 implementation of the Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause the Snort 3 detection engine to unexpectedly restart. This vulnerability is due to a logic error in how memory allocations are handled during a...

Cisco Identity Services Engine Device Credential Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to access sensitive information. This vulnerability is due to the improper storage of sensitive information within the web-based management interface. An...

Cisco Identity Services Engine Arbitrary File Download Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to download arbitrary files from the filesystem of an affected device. These vulnerabilities are due to insufficient input validation. An attacker cou...

Cisco Firepower Management Center Software XML External Entity Injection Vulnerability

A vulnerability in the module import function of the administrative interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to view sensitive information. This vulnerability is due to insufficient validation of the XML syntax when importing a...

Cisco Firepower Threat Defense Software XML Injection Vulnerability

A vulnerability in CLI of Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to inject XML into the command parser. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including crafted input in commands...

Cisco Common Services Platform Collector Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco Common Services Platform Collector CSPC could allow an authenticated, remote attacker to access sensitive data on an affected system. This vulnerability exists because the application does not sufficiently protect sensitive data when...

Cisco TelePresence Collaboration Endpoint Software Information Disclosure Vulnerability

A vulnerability in the video endpoint API xAPI of Cisco TelePresence Collaboration Endpoint CE Software could allow an authenticated, remote attacker to gain access to sensitive information on an affected device. The vulnerability is due to improper storage of sensitive information on an affected...

Cisco SD-WAN vManage Software Arbitrary File Creation Vulnerability

A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to write arbitrary files to an affected system. The vulnerability is due to improper validation of requests to APIs. An attacker could exploit this vulnerability by...

Cisco Webex Meetings Desktop App Arbitrary Code Execution Vulnerability

A vulnerability in virtualization channel messaging in Cisco Webex Meetings Desktop App for Windows could allow a local attacker to execute arbitrary code on a targeted system. This vulnerability occurs when this app is deployed in a virtual desktop environment and using virtual environment...

Cisco Identity Services Engine Authorization Bypass Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to modify parts of the configuration on an affected device. The vulnerability is due to improper enforcement of role-based access control RBAC within the...

Cisco Vision Dynamic Signage Director Missing Authentication Vulnerability

A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to access confidential information or make configuration changes. The vulnerability is due to missing authentication for a specific section of the web-bas...

Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers DHCP Denial of Service Vulnerability

A vulnerability in the DHCP message handler of Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause the supervisor to crash, which could result in a denial of service DoS condition. The vulnerability is due to insufficient erro...

Cisco Data Center Network Manager Path Traversal Vulnerability

A vulnerability in a certain REST API endpoint of Cisco Data Center Network Manager DCNM Software could allow an authenticated, remote attacker to perform a path traversal attack on an affected device. The vulnerability is due to insufficient path restriction enforcement. An attacker could exploi...

Cisco Hyperflex HX-Series Software Weak Storage Vulnerability

A vulnerability in the installation component of Cisco Hyperflex HX-Series Software could allow an authenticated, local attacker to retrieve the password that was configured at installation on an affected device. The vulnerability exists because sensitive information is stored as clear text. An...

Cisco Connected Mobile Experiences Restricted Shell Escape Vulnerability

A vulnerability in the CLI of Cisco Connected Mobile Experiences CMX could allow an authenticated, local attacker with administrative credentials to bypass restrictions on the CLI. The vulnerability is due to insufficient security mechanisms in the restricted shell implementation. An attacker cou...

Cisco Unified Communications Products Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to...

Cisco UCS Director Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco UCS Director could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting XSS attack against a user of the interface. The vulnerability exists because the web-based management interfa...

Cisco SD-WAN vManage Software Authorization Bypass Vulnerability

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization, enabling them to access sensitive information, modify the system configuration, or impact the availability of the affected system. The...

Cisco SD-WAN vManage Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating t...

Cisco IOS Software for Cisco Industrial Routers Virtual Device Server Inter-VM Channel Command Injection Vulnerability

A vulnerability in the implementation of the inter-VM channel of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers Industrial ISRs and Cisco 1000 Series Connected Grid Routers CGR1000 could allow an unauthenticated, adjacent attacker to execute arbitrary shell comman...

Cisco AMP for Endpoints Mac Connector Software File Scan Denial of Service Vulnerability

A vulnerability in the file scan process of Cisco AMP for Endpoints Mac Connector Software could cause the scan engine to crash during the scan of local files, resulting in a restart of the AMP Connector and a denial of service DoS condition of the Cisco AMP for Endpoints service. The vulnerabili...

Cisco Unified Communications Manager Path Traversal Vulnerability

A vulnerability in the Tool for Auto-Registered Phones Support TAPS of Cisco Unified Communications Manager UCM and Cisco Unified Communications Manager Session Management Edition SME could allow an unauthenticated, remote attacker to conduct directory traversal attacks on an affected device. The...

Cisco Aironet Series Access Points Client Packet Processing Denial of Service Vulnerability

A vulnerability in Cisco Aironet Series Access Points Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to the improper processing of client packets that are sent to an affected access point AP. An...

Cisco Identity Services Engine Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplied...

Cisco FXOS Software CLI Command Injection Vulnerability

A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root on an affected device. The vulnerability is due to insufficient validation of arguments passed to a...

Cisco Email Security Appliance and Cisco Content Security Management Appliance Denial of Service Vulnerability

A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliance ESA and Cisco Content Security Management Appliance SMA could allow an unauthenticated, remote attacker to cause repeated crashes in some internal processes that are running on the...

Cisco Jabber Guest Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Jabber Guest could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability exists because the web-based...

Cisco Unified Communications Manager Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager UCM could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based...

Cisco Vision Dynamic Signage Director Authentication Bypass Vulnerability

A vulnerability in the REST API endpoint of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to bypass authentication on an affected device. The vulnerability is due to missing authentication on some of the API calls. An attacker could exploit this vulnerabili...

Cisco Elastic Services Controller Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Elastic Services Controller ESC could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface. The vulnerability is due to insufficient validation of user-supplied input by the affecte...

Cisco Jabber Guest Server Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Jabber Guest Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of the affected software. The vulnerability is due to insufficient...

Cisco IOS XR Software Incorrect Permissions Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary code at the root privilege level on an affected system. The vulnerability is due to incorrect permissions that are given to a set of users. An attacker could exploit this...

Cisco Prime Collaboration Provisioning Tool Session Hijacking Vulnerability

A vulnerability in the web application in the Cisco Prime Collaboration Provisioning tool could allow an unauthenticated, remote attacker to hijack another user's session. The vulnerability is due to insufficient session management during user authentication. An attacker could exploit this...

Cisco Ultra Services Framework Element Manager Insecure Default Account Information Vulnerability

A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker to log in to the device with the privileges of the root user. The vulnerability is due to a user account that has a default and static password. An attacker could exploit this...

Cisco Firepower Management Center Information Disclosure Vulnerability

A vulnerability in Cisco Firepower Management Center could allow an authenticated, remote attacker to obtain user information. An attacker could use this information to perform reconnaissance. The vulnerability is due to verbose output in HTTP log files. An attacker could retrieve the log files...

Cisco Elastic Services Controller User Credentials Information Disclosure Vulnerability

A vulnerability in the file system of Cisco Elastic Services Controllers could allow an authenticated, local attacker to gain access to sensitive credentials that are stored in an affected system. The vulnerability exists because the affected software does not sufficiently control access to the...