Cisco Hosted WebEx Meeting Center Configuration Manipulation Vulnerability

A vulnerability in the Cisco Hosted WebEx Meeting Center service could allow an unauthenticated, remote attacker to enable meeting features that were explicitly disabled by the meeting organizer or site administrator. The vulnerability is due to improper checking of certain meeting parameters whe...

Cisco Jabber Guest Server HTML5 Response Disclosure

A vulnerability in Cisco Jabber Guest Server could allow an unauthenticated, remote attacker to disclose sensitive information on the targeted system. The vulnerability is due to missing encryption on sensitive data passed via HTTP GET or POST methods by the affected software. An attacker could...

Cisco IOS XR Software Malformed RSVP Packet Denial of Service Vulnerability

A vulnerability in RSVP processing of Cisco IOS XR could allow an unauthenticated, remote attacker to cause a reload of the RSVP process on the affected device. The vulnerability is due to improper parsing of a malformed RSVP packet. An attacker could exploit this vulnerability by sending a...

Cisco Unified Communications Domain Manager Blind Command Injection Vulnerability

A vulnerability in the web framework of Cisco Unified Communications Domain Manager Application Software version 8 could allow an authenticated, remote attacker to inject commands that can be executed by the underlying operating system with the privileges of the web server process. The...

Cisco Intrusion Prevention System IP Logging Denial of Service Vulnerability

A vulnerability in the IP logging feature of Cisco Intrusion Prevention System IPS Software could allow an unauthenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to a race condition when writing the IP logging file. An attacker could exploit this...

Cisco IOS XE Software Autonomic Networking Infrastructure Routing Protocol for Low-Power and Lossy Networks Vulnerability

A vulnerability in the IPv6 Routing Protocol for Low-Power and Lossy Networks RPL of Cisco IOS XE could allow an unauthenticated, adjacent attacker to inject routes into the autonomic control plane ACP. The vulnerability is due to RPL being active on ACP as well as the external Autonomic Networki...

Cisco Unified Computing System E-Series Blade Servers Cisco Integrated Management Controller SSH Denial of Service Vulnerability

A vulnerability in the Cisco Integrated Management Controller Cisco IMC SSH module of the Cisco Unified Computing System E-Series Blade servers could allow an unauthenticated, remote attacker to cause a denial of service condition. The vulnerability is due to a failure to properly handle a crafte...

Cisco Unified Communications Manager and Cisco Unified Presence Server SQL Injection Vulnerability

A vulnerability in certain pages of the administrative web interface of Cisco Unified Communications Manager Cisco Unified CM and Cisco Unified IM and Presence Server formerly Cisco Unified Presence Server could allow an authenticated, remote attacker to perform a number of different SQL injectio...

Cisco IOS XR Software NetFlow Processing Denial of Service Vulnerability

A vulnerability in NetFlow processing in Cisco IOS XR Software for ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to cause a lockup and eventual reload of a Network Processor NP chip and a line card processing traffic. The vulnerability is due to...

Cisco Unified Communications Manager Java Interface SQL Injection Vulnerability

A vulnerability in the Java database interface of Cisco Unified Communications Manager Cisco Unified CM could allow an unauthenticated, remote attacker to impact the integrity of the system by executing arbitrary SQL queries. The vulnerability is due to a failure to validate user-supplied input...

Cisco IOS XE Software Autonomic Networking Infrastructure Overwrite Vulnerability

A vulnerability in the multicast Domain Name System mDNS used for autonomic networking in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to read or overwrite autonomic networking services discovered via mDNS. The vulnerability is due to unconstrained autonomic networking...

Cisco AsyncOS Cross-Site Scripting Vulnerability

A vulnerability in the web management interface of Cisco AsyncOS could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface on the affected system. The vulnerability is due to insufficient input validation of a parameter. An...

Cisco Identity Services Engine Blind SQL Injection Vulnerability

A vulnerability in the web framework of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to impact the integrity and availability of the affected system by executing arbitrary SQL queries. The vulnerability is due to a failure to validate user-supplied input in SQL...

Cisco TelePresence System Directory Information Disclosure Vulnerability

A vulnerability in the code retrieving directory information of Cisco TelePresence System CTS could allow an unauthenticated, remote attacker to intercept and read the content of a directory transferred between the CTS and the Cisco Unified Communications Manager Cisco UCM. The vulnerability is d...

Cisco Unified Web and E-mail Interaction Manager Cross-Site Scripting Vulnerability

A vulnerability in Cisco Unified Web and E-mail Interaction Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against users of the Cisco Unified Web and E-mail Interaction Manager web interface. The vulnerability is due to insufficient input...

Cisco WebEx Meetings Server Cross-Site Request Forgery Vulnerability

A vulnerability in the web framework code of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to perform a cross-site request forgery CSRF attack. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerability by convincing the...

Cisco ONS 15454 Controller Card Denial of Service Vulnerability

A vulnerability in the session termination function of the Cisco ONS 15454 Controller Cards could allow an authenticated, remote attacker to cause the control card to reset. The vulnerability is due to an uninitialized pointer. An attacker could exploit this vulnerability by closing sessions in a...

Cisco Hosted Collaboration Solution Denial of Service Vulnerability

A vulnerability in Java code on the Cisco Hosted Collaboration Solution HCS could allow an unauthenticated, remote attacker to close TCP ports used by the system. The vulnerability is due to improper packet processing in the Java code. An exploit could allow the attacker to create a denial of...

Cisco Unified Communications Manager CAPF Unauthenticated Device Information Update Vulnerability

A vulnerability in the Certificate Authority Proxy Function CAPF of Cisco Unified Communications Manager Cisco Unified CM could allow an unauthenticated, remote attacker to change information related to registered devices. The vulnerability is due to insufficient authentication enforcement. An...

Cisco Adaptive Security Appliance Phone Proxy CTL Authentication Vulnerability

A vulnerability in the Phone Proxy function of the Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to modify the trust of the Certificate Trust List CTL of a remote IP phone. The vulnerability is due to insufficient authentication of the CTL file. An attacker...

Cisco Unified Computing System Central Software Privilege Escalation Vulnerability

A vulnerability in the local-mgmt context in Cisco Unified Computing System Central Software could allow an authenticated, local attacker to gain shell-level access to the affected device. The vulnerability is due to improper input validation in the copy command. An attacker could exploit this...

Cisco Unified Communications Manager Enterprise Mobility Application Blind SQL Injection Vulnerability

A vulnerability in the Enterprise Mobility Application EMApp interface of Cisco Unified Communications Manager Cisco Unified CM could allow an unauthenticated, remote attacker to impact the integrity of the system by executing arbitrary SQL queries. The vulnerability is due to a failure to valida...

Cisco IOS XE Crafted MPLS IP Fragmentation Denial of Service Vulnerability

A vulnerability in the Multiprotocol Label Switching MPLS IP fragmentation function of Cisco IOS XE could allow an unauthenticated, remote attacker to cause the Cisco Packet Processor to crash. The vulnerability is due to input validation processing of the crafted MPLS IP packets. An attacker cou...

Cisco ONS 15454 Transport Node Controller Denial of Service Vulnerability

An issue in the tNetTaskLimit process of the Cisco ONS 15454 Transport Node Controller TNC could allow an unauthenticated, remote attacker to cause the TNC to reload due to a watchdog timeout. The issue is due to a packet processing services process missing health pings due to excessive traffic...

Cisco WebEx Training Center Open Redirect Vulnerability

A vulnerability in Cisco WebEx Training Center could allow an unauthenticated, remote attacker to cause the Cisco WebEx Training Center to issue a redirect to an arbitrary attacker-supplied URL. The vulnerability is due to an open redirect issue in Cisco WebEx Training Center. An attacker could...

Cisco WebEx Training Center Training Session Number Disclosure Vulnerability

A vulnerability in Cisco WebEx Training Center could allow an unauthenticated, remote attacker to view the session number for trainings that require host approval before the host approves the attacker as an attendee. The vulnerability is due to inappropriate disclosure of sensitive information in...

Cisco Cloud Portal Unauthenticated File Download Vulnerability

A vulnerability in the web interface of Cisco Cloud Portal could allow an unauthenticated, remote attacker to download certain file types from a vulnerable server. The vulnerability is due to insufficient enforcement of access controls for certain file types. An attacker could exploit this...

Cisco Secure Access Control System Unprivileged Support Bundle Download Vulnerability

A vulnerability in the role-based access control code of the Cisco Secure Access Control System ACS could allow an authenticated, remote attacker to access support bundle information. The vulnerability is due to a failure to check the user privileges correctly when downloading the support bundle...

Cisco Wireless LAN Controller Cross-Frame Scripting Vulnerability

A vulnerability in the web interface of the Cisco Wireless LAN Controller WLC could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack. The vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerability by directing a...

Cisco MDS 9000 NX-OS Software Denial of Service Vulnerability

A vulnerability in the supervisor of the Cisco MDS Family could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to improper handling of Virtual Router Redundancy Protocol VRRP frames. An attacker could exploit this vulnerability by...

Cisco Prime Central for Hosted Collaboration Solution Denial of Service Vulnerability

A vulnerability in the Impact server Java process of Cisco Prime Central for Hosted Collaboration Solution HCS could allow an unauthenticated, remote attacker to crash the Impact server Java process. The vulnerability is due to the Impact server Java process consuming available resources. An...

Cisco IOS XR Software Route Processor Denial of Service Vulnerability

Cisco IOS XR Software Releases 3.3.0 to 4.2.0 contain a vulnerability when handling fragmented packets that could result in a denial of service DoS condition of the Cisco CRS Route Processor cards listed in the "Affected Products" section of this advisory. The vulnerability is due to improper...

Cisco Identity Services Engine Sponsor Portal File Access Vulnerability

A vulnerability in the Sponsor Portal of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to access files uploaded to the Sponsor Portal. The vulnerability is due to insufficient file permissions. An attacker could exploit this vulnerability by accessing the URL...

Cisco Identity Services Engine File Space Denial of Service Vulnerability

A vulnerability in the file upload management of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to upload multiple files to a specific location of the filesystem and exhaust disk space. The vulnerability is due to insufficient management of filesystem free space...

Cisco WLC Web-Based Management Interface Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of the Cisco Wireless LAN Controller WLC could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of the affected system. The vulnerability is due to insufficient input...

Cisco Unified Computing System Smart Call Home Input Validation Vulnerability

A vulnerability in Cisco Unified Computing System UCS Manager could allow an authenticated, local attacker to trigger a denial of service DoS condition. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by configuring an invalid contact address fo...

Cisco ASA Certificate Processing Denial of Service Vulnerability

Cisco Adaptive Security Appliance ASA Software versions for symmetric multi-processor SMP platforms contain a vulnerability that could allow an unauthenticated, remote attacker to trigger the device to crash. The vulnerability is due to the SSL/TLS certificate handling code. An attacker could...

Cisco IOS Software TCP ACK Storm Vulnerability

A vulnerability in the TCP stack of Cisco IOS Software could allow an unauthenticated, remote attacker to cause an ACK storm. The vulnerability is due to improper closing of an established TCP connection. An attacker could exploit this vulnerability by sending a crafted sequence of TCP ACK and FI...

Cisco Unified Communications Manager User Web Dialer Cross-Site Request Forgery Vulnerability

A vulnerability in the User WebDialer page of Cisco Unified Communications Manager Unified CM could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerabilit...

Cisco Unified MeetingPlace Web Conferencing Authorization Bypass Vulnerability

A vulnerability in the web framework of Cisco Unified MeetingPlace Web Conferencing Server could allow an unauthenticated, remote attacker to bypass certain access-control settings which may lead to the disclosure of information due to the attacker accessing restricted pages. The vulnerability is...

Cisco TC Software Empty Password Validation Vulnerability

A vulnerability in the web portal of Cisco TelePresence endpoints running TC software could allow an unauthenticated, remote attacker to log in with any password. The vulnerability is due to a failure of the Cisco TelePresence endpoints to require an exact match for the password before the user h...

Cisco Prime Infrastructure Rogue AP SSID Cross-Site Scripting Vulnerability

A vulnerability in the wireless configuration module of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to insert scripts into the listing of rogue access points. The vulnerability is due to a failure to properly sanitize SSIDs before inserting them into the XML windowi...

Cisco Connected Grid Network Management System SQL Injection Vulnerabilities

A vulnerability in device management of the Cisco Connected Grid Network Management System CG-NMS could allow an unauthenticated, remote attacker to modify data in the CG-NMS database by using SQL injection. The vulnerability is due to insufficient input validation. An attacker could exploit this...

Cisco Unity Express Multiple Cross-Site Request Forgery Vulnerabilities

Cisco Unity Express contains multiple vulnerabilities that could allow an unauthenticated, remote attacker to conduct cross-site request forgery attacks. The vulnerabilities are due to insufficient sanitization of user-supplied input processed by the Cisco Unity Express software. An...

Multiple Vulnerabilities in Cisco Wireless LAN Controllers

The Cisco Wireless LAN Controller Cisco WLC product family is affected by the following four vulnerabilities: Cisco Wireless LAN Controllers Wireless Intrusion Prevention System wIPS Denial of Service Vulnerability Cisco Wireless LAN Controllers Session Initiation Protocol Denial of Service...

Cisco Wide Area Application Services Appliances One-Way Hash Information Disclosure Vulnerability

Cisco Wide Area Application Services Appliances software contains a vulnerability that could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to a design error that allows user passwords to be displayed within output text as a one-way has...

Cisco Emergency Responder Remote Denial of Service Vulnerability

Cisco Emergency Responder contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on a targeted system. The vulnerability is due to the improper handling of malformed UDP packets by the affected software. An unauthenticated, remote...

Cisco AnyConnect Secure Mobility Client IPsec Certificate Validation Vulnerability

Cisco AnyConnect Secure Mobility Client contains a vulnerability that could allow an unauthenticated, remote attacker to conduct man-in-the-middle attacks. The vulnerability exists because the affected software does not perform certificate name checking in an X.509 certificate when the software i...

Cisco ASA 5500 Series Adaptive Security Appliance Clientless WebVPN Remote Denial of Service Vulnerability

The Cisco ASA 5500 Series Adaptive Security Appliance contains a vulnerability that could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to the improper handling of user-supplied requests by an affected system when configured to use th...

Cisco Application Control Engine Administrator IP Address Overlap Vulnerability

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...