5223 matches found
Multiple Vulnerabilities in Cisco Prime Collaboration Assurance
Cisco Prime Collaboration Assurance Software contains the following vulnerabilities: Cisco Prime Collaboration Assurance Web Framework Access Controls Bypass Vulnerability Cisco Prime Collaboration Assurance Information Disclosure Vulnerability Cisco Prime Collaboration Assurance Session ID...
Cisco TelePresence Video Communication Server Expressway Access Vulnerability
A vulnerability in of the Cisco TelePresence Video Communication Server VCS Expressway could allow an authenticated, remote attacker to falsely register their Mobile and Remote Access MRA endpoint. The vulnerability is due to insufficient validation of the registering phone line. An attacker coul...
Cisco TelePresence Video Communication Server Expressway Information Disclosure Vulnerability
A vulnerability in Configuration Log File of the Cisco TelePresence Video Communication Server VCS Expressway could allow an authenticated, remote attacker to obtain sensitive information stored on an affected system. The vulnerability is due to the inclusion of sensitive information in certain l...
Cisco TelePresence Video Communication Server Expressway Denial of Service Vulnerability
A vulnerability in the Cisco TelePresence Video Communication Server VCS Expressway could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient handling of malformed authentication messages. An attacker could exploit this...
Cisco TelePresence Video Communication Server Expressway Denial of Service Vulnerability
A vulnerability in the Cisco TelePresence Video Communication Server VCS Expressway could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient handling of malformed GET request messages. An attacker could exploit this...
Cisco Prime Central Hosted Collaboration Solution Cross-Site Scripting Vulnerability
A vulnerability in the HTTP web-based management interface of the Cisco Prime Central for Hosted Collaboration Solution PC4HCS could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of the affected system. The vulnerability...
Cisco TelePresence Advanced Media Gateway Cross-Site Request Forgery Vulnerability
A vulnerability in the Cisco TelePresence Advanced Media Gateway Series could allow and unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to insufficient cross-site request forgery CSRF protection. An attacker could exploit this vulnerability by tricking the...
Cisco Nexus 7000 Devices Virtual Device Context Privilege Escalation Vulnerability
A privilege escalation vulnerability in the Python scripting subsystem of Cisco Nexus 7000 devices that have been configured with multiple virtual device contexts VDCs could allow an authenticated, local attacker to delete files owned by a different VDC on the device. The vulnerability exists due...
Cisco Application Policy Infrastructure Controller Unauthorized Access Vulnerability
A vulnerability in the role-based access control RBAC of the Cisco Application Policy Infrastructure Controller Cisco APIC could allow an authenticated, remote attacker to have read access to certain information stored in the affected system. The vulnerability is due to improper handling of RBAC...
Cisco WebEx Meeting Center Data and Credential Exposure Vulnerability
A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to access data and credentials. The vulnerability is due to the exposure of sensitive information. An attacker could exploit this vulnerability to access data and credentials. Cisco has confirmed the...
Cisco IOS XR IPv6 Packet Processing Denial of Service Vulnerability
A vulnerability in IP version 6 IPv6 processing in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a reload of the ipv6io service. The vulnerability is due to improper processing of a malformed IPv6 packet by a device configured to process such packets. An attacker...
Cisco Adaptive Security Appliance XAUTH Bypass Vulnerability
A vulnerability in Internet Key Exchange IKE version 1 v1 code of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker to bypass Extended Authentication XAUTH and successfully log in via IPsec remote VPN. The vulnerability is due to improper implementation ...
Cisco WebEx Meetings Server Cross-Site Scripting Vulnerability
A vulnerability within the administrative interface of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to insufficient validation of user-supplied input submitted to an affected device. An unauthenticate...
Command Injection Vulnerability in Multiple Cisco TelePresence Products
A vulnerability in the web framework of multiple Cisco TelePresence products could allow an authenticated, remote attacker to inject arbitrary commands that are executed with the privileges of the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this...
Cisco IOS Software and Cisco IOS XE Software Crafted DHCPv6 Sequence Denial of Service Vulnerability
A vulnerability in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition. The vulnerability is due to improper handling of DHCPv6 packets for a SOLICIT message for an Identity Association for Non-Temporary Address...
Cisco Web Security Appliance Cross-Site Scripting Vulnerability
A vulnerability in filter search forms of certain admin webpages of the Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to perform cross-site scripting XSS attacks. The vulnerability is due to insufficient input validation by an affected device. An unauthenticated...
Cisco ASA FirePOWER Services and Cisco ASA CX Services Crafted Packets Denial of Service Vulnerability
A vulnerability in the virtualization layer of the Cisco ASA FirePOWER Services and Cisco ASA Context Aware CX Services could allow an unauthenticated, remote attacker to cause the a reload of the affected system. Cisco has released software updates that address this vulnerability. The resolution...
Cisco Nexus 9000 Series Denial of Service Vulnerability
A vulnerability in the SNMP subsystem of Cisco Nexus 9000 software could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability occurs when the High Availability HA policy is set to Reset in the affected software. An authenticated, remote attacker...
Cisco Prime Data Center Network Manager File Information Disclosure Vulnerability
Cisco Prime Data Center Network Manager DCNM contains a file information disclosure vulnerability that could allow an unauthenticated, remote attacker to retrieve arbitrary files from the underlying operating system. Cisco has released software updates that address this vulnerability. Workarounds...
Cisco Videoscape Distribution Suite for Internet Streaming Denial of Service Vulnerability
A vulnerability in the DNS subsystem of the Cisco Videoscape Distribution Suite for Internet Streaming VDS-IS used by Cisco services routers could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient validation of specific...
Cisco Unified Web Interaction Manager Cross-Site Scripting Vulnerability
A vulnerability in Cisco Unified Web Interaction Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability is due to a lack of input sanitization of the Cisco Unified Web...
Cisco Identity Services Engine Cross-Site Scripting Vulnerability
A vulnerability in the web framework of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface on the affected system. The vulnerability is due to insufficient input validation on several web...
Cisco Hosted WebEx Meeting Center Configuration Manipulation Vulnerability
A vulnerability in the Cisco Hosted WebEx Meeting Center service could allow an unauthenticated, remote attacker to enable meeting features that were explicitly disabled by the meeting organizer or site administrator. The vulnerability is due to improper checking of certain meeting parameters whe...
Cisco IOS XR Software Malformed RSVP Packet Denial of Service Vulnerability
A vulnerability in RSVP processing of Cisco IOS XR could allow an unauthenticated, remote attacker to cause a reload of the RSVP process on the affected device. The vulnerability is due to improper parsing of a malformed RSVP packet. An attacker could exploit this vulnerability by sending a...
Cisco Unified Communications Domain Manager Blind Command Injection Vulnerability
A vulnerability in the web framework of Cisco Unified Communications Domain Manager Application Software version 8 could allow an authenticated, remote attacker to inject commands that can be executed by the underlying operating system with the privileges of the web server process. The...
Cisco Transport Gateway for Smart Call Home Unauthorized Configuration Change Vulnerability
A vulnerability in the web framework code of Cisco Transport Gateway for Smart Call Home TG-SCH could allow an unauthenticated, remote attacker to make certain changes to the system. The vulnerability is due to improper implementation of authorization controls when accessing certain administrativ...
Cisco Unified Communications Manager and Cisco Unified Presence Server SQL Injection Vulnerability
A vulnerability in certain pages of the administrative web interface of Cisco Unified Communications Manager Cisco Unified CM and Cisco Unified IM and Presence Server formerly Cisco Unified Presence Server could allow an authenticated, remote attacker to perform a number of different SQL injectio...
Cisco WebEx Meetings Server OutlookAction Class Vulnerability
A vulnerability in the OutlookAction Class of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to enumerate valid user accounts. The vulnerability is due to improper sanitization of a returned message. An attacker could exploit this vulnerability by sending crafted URL...
Cisco IOS XR Software NetFlow Processing Denial of Service Vulnerability
A vulnerability in NetFlow processing in Cisco IOS XR Software for ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to cause a lockup and eventual reload of a Network Processor NP chip and a line card processing traffic. The vulnerability is due to...
Cisco Adaptive Security Appliance Software Filter and Inspect Overlap Denial of Service Vulnerability
A vulnerability in the inspection and filter features of the Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to cause the affected system to reload. The vulnerability is due to an internal traffic loop condition that can be triggered when a received packet is...
Cisco Unified Communications Manager Java Interface SQL Injection Vulnerability
A vulnerability in the Java database interface of Cisco Unified Communications Manager Cisco Unified CM could allow an unauthenticated, remote attacker to impact the integrity of the system by executing arbitrary SQL queries. The vulnerability is due to a failure to validate user-supplied input...
Cisco Intelligent Automation for Cloud Form Data Viewer Utility Vulnerability
A vulnerability in the Form Data Viewer utility of Cisco Intelligent Automation for Cloud could allow an authenticated, remote attacker to view passwords of provisioned systems. The vulnerability is due to the inclusion of passwords in the form data. An attacker could exploit this vulnerability b...
Cisco WebEx Meeting Server Sensitive Information Disclosure Vulnerability
A vulnerability in the XML programmatic interface XML PI of Cisco WebEx Meeting Server could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to disclosure of the meeting information. An attacker could exploit this vulnerability by sending a crafte...
Cisco AsyncOS Cross-Site Scripting Vulnerability
A vulnerability in the web management interface of Cisco AsyncOS could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface on the affected system. The vulnerability is due to insufficient input validation of a parameter. An...
Cisco Identity Services Engine Blind SQL Injection Vulnerability
A vulnerability in the web framework of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to impact the integrity and availability of the affected system by executing arbitrary SQL queries. The vulnerability is due to a failure to validate user-supplied input in SQL...
Cisco TelePresence System Directory Information Disclosure Vulnerability
A vulnerability in the code retrieving directory information of Cisco TelePresence System CTS could allow an unauthenticated, remote attacker to intercept and read the content of a directory transferred between the CTS and the Cisco Unified Communications Manager Cisco UCM. The vulnerability is d...
Cisco Unified Web and E-mail Interaction Manager Cross-Site Scripting Vulnerability
A vulnerability in Cisco Unified Web and E-mail Interaction Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against users of the Cisco Unified Web and E-mail Interaction Manager web interface. The vulnerability is due to insufficient input...
Cisco WebEx Meetings Server Cross-Site Request Forgery Vulnerability
A vulnerability in the web framework code of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to perform a cross-site request forgery CSRF attack. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerability by convincing the...
Cisco Hosted Collaboration Solution Denial of Service Vulnerability
A vulnerability in Java code on the Cisco Hosted Collaboration Solution HCS could allow an unauthenticated, remote attacker to close TCP ports used by the system. The vulnerability is due to improper packet processing in the Java code. An exploit could allow the attacker to create a denial of...
Cisco Unified Computing System Central Software Privilege Escalation Vulnerability
A vulnerability in the local-mgmt context in Cisco Unified Computing System Central Software could allow an authenticated, local attacker to gain shell-level access to the affected device. The vulnerability is due to improper input validation in the copy command. An attacker could exploit this...
Multiple Vulnerabilities in Cisco IPS Software
Cisco Intrusion Prevention System IPS Software is affected by the following vulnerabilities: Cisco IPS Analysis Engine Denial of Service Vulnerability Cisco IPS Control-Plane MainApp Denial of Service Vulnerability Cisco IPS Jumbo Frame Denial of Service Vulnerability The Cisco IPS Analysis Engin...
Cisco Unified Communications Manager Enterprise Mobility Application Blind SQL Injection Vulnerability
A vulnerability in the Enterprise Mobility Application EMApp interface of Cisco Unified Communications Manager Cisco Unified CM could allow an unauthenticated, remote attacker to impact the integrity of the system by executing arbitrary SQL queries. The vulnerability is due to a failure to valida...
Multiple Vulnerabilities in Cisco Secure Access Control System
Cisco Secure Access Control System ACS is affected by the following vulnerabilities: Cisco Secure ACS RMI Privilege Escalation Vulernability Cisco Secure ACS RMI Unauthenticated User Access Vulnerability Cisco Secure ACS Operating System Command Injection Vulnerability Cisco Secure ACS uses the...
Cisco IOS XE Crafted MPLS IP Fragmentation Denial of Service Vulnerability
A vulnerability in the Multiprotocol Label Switching MPLS IP fragmentation function of Cisco IOS XE could allow an unauthenticated, remote attacker to cause the Cisco Packet Processor to crash. The vulnerability is due to input validation processing of the crafted MPLS IP packets. An attacker cou...
Cisco WebEx Training Center Open Redirect Vulnerability
A vulnerability in Cisco WebEx Training Center could allow an unauthenticated, remote attacker to cause the Cisco WebEx Training Center to issue a redirect to an arbitrary attacker-supplied URL. The vulnerability is due to an open redirect issue in Cisco WebEx Training Center. An attacker could...
Cisco WebEx Training Center Training Session Number Disclosure Vulnerability
A vulnerability in Cisco WebEx Training Center could allow an unauthenticated, remote attacker to view the session number for trainings that require host approval before the host approves the attacker as an attendee. The vulnerability is due to inappropriate disclosure of sensitive information in...
Cisco Cloud Portal Unauthenticated File Download Vulnerability
A vulnerability in the web interface of Cisco Cloud Portal could allow an unauthenticated, remote attacker to download certain file types from a vulnerable server. The vulnerability is due to insufficient enforcement of access controls for certain file types. An attacker could exploit this...
Cisco Secure Access Control System Unprivileged Support Bundle Download Vulnerability
A vulnerability in the role-based access control code of the Cisco Secure Access Control System ACS could allow an authenticated, remote attacker to access support bundle information. The vulnerability is due to a failure to check the user privileges correctly when downloading the support bundle...
Cisco Wireless LAN Controller Cross-Frame Scripting Vulnerability
A vulnerability in the web interface of the Cisco Wireless LAN Controller WLC could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack. The vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerability by directing a...
Cisco Nexus 4000 Series Switches IPv6 Denial of Service Vulnerability
A vulnerability in the IP version 6 IPv6 packet handling routine of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a device to stop responding to neighbor solicitation NS requests, causing a limited denial of service DoS condition. The vulnerability is due to...