5224 matches found
Cisco WebEx Meetings Server OutlookAction Class Vulnerability
A vulnerability in the OutlookAction Class of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to enumerate valid user accounts. The vulnerability is due to improper sanitization of a returned message. An attacker could exploit this vulnerability by sending crafted URL...
Cisco WebEx Meetings Server Stack Trace Vulnerability
A vulnerability in the ProfileAction controller of Cisco WebEx Meetings Server CWMS could allow an unauthenticated, remote attacker to view sensitive information. The vulnerability is due to improper sanitization of returned messages. An attacker could exploit this vulnerability by submitting...
Cisco Adaptive Security Appliance Software Filter and Inspect Overlap Denial of Service Vulnerability
A vulnerability in the inspection and filter features of the Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to cause the affected system to reload. The vulnerability is due to an internal traffic loop condition that can be triggered when a received packet is...
Cisco Intelligent Automation for Cloud Form Data Viewer Utility Vulnerability
A vulnerability in the Form Data Viewer utility of Cisco Intelligent Automation for Cloud could allow an authenticated, remote attacker to view passwords of provisioned systems. The vulnerability is due to the inclusion of passwords in the form data. An attacker could exploit this vulnerability b...
Cisco WebEx Meeting Server Sensitive Information Disclosure Vulnerability
A vulnerability in the XML programmatic interface XML PI of Cisco WebEx Meeting Server could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to disclosure of the meeting information. An attacker could exploit this vulnerability by sending a crafte...
Cisco NX-OS Software HSRP Authentication Denial of Service Vulnerability
A vulnerability in Hot Standby Router Protocol HSRP authentication in the Cisco Nexus series could allow an unauthenticated, adjacent attacker to affect the state of HSRP group members and cause black holing of traffic. The vulnerability is due to incorrect parsing of malformed HSRP packets. An...
Cisco Unified Communications Manager Sensitive Information Disclosure Vulnerability
A vulnerability in Cisco IP Manager Assistant IPMA of Cisco Unified Communications Manager Cisco Unified CM could allow an unauthenticated, remote attacker to access sensitive information on the affected device. The vulnerability is due to improper validation of user input. An attacker could...
Cisco Unified Communications Manager IPMA Reflected Cross-Site Scripting Vulnerability
A vulnerability in the Cisco IP Manager Assistant IPMA interface of Cisco Unified Communications Manager Cisco Unified CM could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface on the affected system. The vulnerability is d...
Cisco Unified Communications Manager Operating System-Level Privilege Escalation Vulnerability
A vulnerability in underlying file permissions of specific operating system-level commands of Cisco Unified Communications Manager Cisco Unified CM could allow an authenticated, local attacker to gain elevated privileges. The vulnerability is due to insufficient file permissions. An attacker coul...
Cisco MediaSense Open Redirection Vulnerability
A vulnerability in a specific URL parameter of Cisco MediaSense could allow an unauthenticated, remote attacker to perform site redirection. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including a desired remote site URL in the affect...
Cisco Secure Access Control System Cross-Site Scripting Vulnerability
A vulnerability in Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input validation of a parameter. An attacke...
Cisco IOS Software ICMP Processing Denial of Service Vulnerability
A vulnerability in IPSec tunnel implementation of Cisco IOS Software could allow an unauthenticated, remote attacker to change the tunnel MTU or path MTU and potentially cause IPSec tunnels to drop. The vulnerability is due to incorrect processing of certain ICMP packets. An attacker could exploi...
Cisco IOS Software MLDP Denial of Service Vulnerability
A vulnerability in MLDP processing of Cisco IOS Software on Cisco 7600 Series routers could allow an unauthenticated, remote attacker to cause a reload of the affected device, which could lead to a denial of service DoS condition. The vulnerability is due to chunk corruption when MLDP and a large...
Cisco IOS XE Software AAA DHCP Denial of Service Vulnerability
A vulnerability in a DHCP function that assigns IP addresses to AAA clients on Cisco IOS XE Software could allow an authenticated, remote attacker to cause a reload of the affected device. The vulnerability is due to improper processing of AAA packets that require IP address assignment from a DHC...
Cisco Unified Communications Manager Denial of Service Vulnerability
A vulnerability in Cisco Unified Communications Manager Unified CM could allow an unauthenticated, remote attacker to create a denial of service DoS condition. The vulnerability is due to improper parsing of a SIP message. An attacker could exploit this vulnerability by sending a specific SIP...
Cisco Unified IP Phones 9900 Series Image Upgrade Command Injection Vulnerability
A vulnerability in the image upgrade facility of Cisco Unified IP Phones 9900 Series could allow an authenticated, local attacker to execute commands within the context of the underlying operating system. The vulnerability is due to insufficient sanitization of input during the image upgrade...
Cisco IOS Software DHCP Server remember Functionality Vulnerability
An issue in the DHCP server code of Cisco IOS Software could allow an unauthenticated, adjacent attacker to cause the device to reload. The issue is due to the remember functionality of the DHCP server. An attacker could exploit this issue by obtaining a lease and then releasing it. An exploit...
Cisco Firewall Services Module Command Authorization Vulnerability
A vulnerability in the authorization code of the Cisco Firewall Services Module FWSM could allow an authenticated but unprivileged, local attacker to delete, modify, or view the configuration of any other context of the affected system. The vulnerability is due to insufficient authorization...
Cisco NX-OS Software Routing Information Protocol Denial of Service Vulnerability
A vulnerability in the Routing Information Protocol RIP service engine of Cisco NX-OS Software could allow an unauthenticated, remote attacker to create a denial of service DoS condition by causing the RIP service engine to restart. The vulnerability is due to improper input filtering of RIP...
Cisco TelePresence Multipoint Switch Media Snapshot Denial of Service Vulnerability
A vulnerability in the Media Snapshot code of Cisco TelePresence Multipoint Switch CTMS could allow an authenticated, remote attacker to cause the reload of the affected system, creating a denial of service DoS condition. The vulnerability is due to a failure in handling requests for Media Snapsh...
Cisco IOS Software Zone-Based Firewall and Content Filtering Vulnerability
A vulnerability in the Zone-Based Firewall ZBFW component of Cisco IOS Software could allow an unauthenticated, remote attacker to cause an affected device to hang or reload. The vulnerability is due to improper processing of specific HTTP packets when the device is configured for either Cisco IO...
Cisco Unified Computing System Fabric Interconnect Devices Arbitrary Command Execution Vulnerability
A vulnerability in the initial setup script of Cisco Unified Computing System fabric interconnect FI devices could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. The vulnerability is due to unfiltered input in the cluster initial...
Cisco Unified Computing System Cisco Management Controller Command Injection Vulnerability
A vulnerability in the Cisco Management Controller of the Cisco Unified Computing System could allow an authenticated, local attacker to execute commands on the underlying operation system with elevated privileges. The vulnerability is due to improper parameter input validation. An attacker could...
Cisco Unified Communications Manager IM and Presence Service Denial of Service Vulnerability
Cisco Unified Communications Manager IM and Presence Service contains a denial of service DoS vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. Exploitation of this vulnerability could cause an interruption of presence services. Cisco h...
Cisco TelePresence System Default Credentials Vulnerability
A vulnerability in Cisco TelePresence System could allow a remote attacker to access the web server via a user account that is created with default credentials. The vulnerability is due to a default user account being created at installation time. An attacker could exploit this vulnerability by...
Cisco WAAS Central Manager Remote Code Execution Vulnerability
Cisco Wide Area Application Services WAAS when configured as Central Manager CM, contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the affected system. Cisco has released software updates that address this vulnerability. Workarounds that...
Cisco ASA Software Cross-Site Scripting Vulnerability
A vulnerability in the WebVPN portal login page of the Cisco ASA could allow an unauthenticated, remote attacker to execute cross-site scripting XSS attacks or hijack user sessions. The vulnerability is due to a failure to properly validate user-supplied input in the WebVPN portal login page. An...
Cisco Unified IP Conference Station 7937G Denial of Service Vulnerability
A vulnerability in processing network traffic of the Cisco Unified IP Conference Station 7937G could allow an unauthenticated, remote attacker to create a denial of service DoS condition on the affected device. The vulnerability is due to resource constraints in processing a high rate of network...
Cisco Secure Access Control System Cross-Site Scripting Vulnerability
A vulnerability in the web interface of Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of the affected system. The vulnerability is due to insufficient input validation of a...
Cisco Unified Communications Management Products Cross-Site Scripting Vulnerability
A vulnerability in the web framework of Cisco unified communications management products could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface on the affected system. The vulnerability is due to insufficient input validati...
Cisco Unified Communications Manager Unified Serviceability CSRF Vulnerability
A vulnerability in the Cisco Unified Serviceability component of Cisco Unified Communications Manager CUCM could allow an unauthenticated, remote attacker to perform a cross-site request forgery CSRF attack. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this...
Cisco Video Surveillance Operations Manager Help Page Redirect Vulnerability
A vulnerability in the help page of the Cisco Video Surveillance Operations Manager could allow an unauthenticated, remote attacker to load remote web pages on a victim's web browser. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this...
Cisco Jabber Extensible Communications Platform Connection Manager Vulnerability
A vulnerability in the Connection Manager component of Cisco Jabber Extensible Communications Platform Jabber XCP could allow an unauthenticated, remote attacker to crash the login connection manager service. The vulnerability is due to insufficient checking of received login data. An attacker...
Cisco Tivoli Business Service Manager Denial of Service Vulnerability
Cisco Tivoli Business Service Manager TBSM, which is part of Cisco Hosted Collaboration Mediation HCM, contains a vulnerability that could allow an unauthenticated, remote attacker to cause a partial denial of service DoS. An attacker could exploit this vulnerability by sending a flood of TCP...
Cisco ASA 1000V Cloud Firewall H.323 Inspection Denial of Service Vulnerability
A vulnerability in Cisco Adaptive Security Appliance ASA Software for the Cisco ASA 1000V Cloud Firewall may cause the Cisco ASA 1000V to reload after processing a malformed H.323 message. Cisco ASA 1000V Cloud Firewall is affected when H.323 inspection is enabled. Cisco has released software...
Cisco IP Communicator Certificate Trust List Man-in-the-Middle Attack Vulnerability
Cisco IP Communicator contains a vulnerability that could allow an unauthenticated, remote attacker to conduct man-in-the-middle attacks on a targeted system. The vulnerability is due insufficient validation of signing certificates in the Certificate Trust List which have been accepted by end...
Cisco AnyConnect Secure Mobility Client and Secure Desktop WebLaunch Software Downgrade Vulnerability
Cisco AnyConnect Secure Mobility Client and Secure Desktop contain a vulnerability that could allow an unauthenticated, remote attacker to replace software components on a targeted system. The vulnerability exists because the affected software performs insufficient validation of user-supplied...
Cisco AnyConnect Secure Mobility Client Arbitrary Code Execution Vulnerability
Cisco AnyConnect Secure Mobility Client contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. The vulnerability is due to insufficient validation of user-supplied input that is received by the 64-bit Java applet that perfor...
Cisco Unified Operations Manager Multiple Cross-Site Scripting Vulnerabilities
Cisco Unified Operations Manager contains multiple cross-site scripting vulnerabilities that could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to insufficient validation of user-supplied input to certain scripts that make up the...
Cisco Unified Communications Manager Potential SQL Injection Vulnerability
Cisco Unified Communications Manager contains a vulnerability that could allow an unauthenticated, remote attacker to conduct SQL injection on a vulnerable system. The vulnerability is in a JavaServer Pages JSP script due to insufficient checks on user-supplied input. An unauthenticated, remote...
Multiple Vulnerabilities in Cisco Firewall Services Module
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Cisco ASA Adaptive Security Appliance Software Clientless SSL VPN Rot13-Encoded Cross-Site Scripting Vulnerability
Cisco ASA Adaptive Security Appliance Software versions prior to 8.0.434, 8.1.225, and 8.2.13 that have been configured to accept Clientless SSL VPN connections contain a cross-site scripting vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary script or HTML co...
Cisco Service Control Engine Denial of Service Vulnerabilities
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Cisco Security Agent for Windows System Driver Remote Buffer Overflow Vulnerability
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Multiple Vulnerabilities in the Cisco Wireless Control System
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Cisco Catalyst 6000, 6500 and Cisco 7600 Series MPLS Packet Vulnerability
Cisco Catalyst 6500 series systems that are running certain versions of Cisco Internetwork Operating System IOS are vulnerable to an attack from a Multi Protocol Label Switching MPLS packet. Only the systems that are running in Hybrid Mode Catalyst OS CatOS software on the Supervisor Engine and I...
Cisco Firewall Services Module HTTPS Request Denial of Service Vulnerability
Cisco Firewall Services Module versions prior to 3.13.18 contain a vulnerability that could allow an unauthenticated, remote attacker to create a temporary denial of service DoS condition. The vulnerability is due to an error when handling malformed HTTPS requests on devices that are configured t...
Cisco Intrusion Prevention System Management Interface Denial of Service and Fragmented Packet Evasion Vulnerabilities
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
LDAP Connection Leak in CTI when User Authentication Fails
...
Data Leak with Cisco Express Forwarding Enabled
...