Cisco Prime Collaboration Provisioning Web Framework Access Controls Bypass Vulnerability

A vulnerability in the web framework of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to access higher-privileged functions. An exploit could allow the attacker to access functions, some of which should be accessible only to users who have administrative...

Multiple Vulnerabilities in Cisco Prime Collaboration Assurance

Cisco Prime Collaboration Assurance Software contains the following vulnerabilities: Cisco Prime Collaboration Assurance Web Framework Access Controls Bypass Vulnerability Cisco Prime Collaboration Assurance Information Disclosure Vulnerability Cisco Prime Collaboration Assurance Session ID...

Cisco Unified Interaction Manager Cross-Site Scripting Vulnerability

A vulnerability in the web chat interface of Cisco Unified Interaction Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the chat on the affected system. The vulnerability is due to insufficient input validation of user-supplied...

Cisco TelePresence Video Communication Server Expressway Information Disclosure Vulnerability

A vulnerability in Configuration Log File of the Cisco TelePresence Video Communication Server VCS Expressway could allow an authenticated, remote attacker to obtain sensitive information stored on an affected system. The vulnerability is due to the inclusion of sensitive information in certain l...

Cisco UCS Central Software File Access Vulnerability

A vulnerability in the web framework of the Cisco UCS Central Software could allow an unauthenticated, remote attacker to download arbitrary files from a targeted device. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by sending a crafted HTTP...

Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability

A vulnerability in the web framework of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against the user of the web interface. The vulnerability is due to insufficient CSRF protections. An attacker could exploit th...

Cisco FireSIGHT Management Center Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in Cisco FireSIGHT Management Center could allow an unauthenticated, remote attacker to perform reflected cross-site scripting XSS attacks. The vulnerabilities are due to insufficient validation of user-supplied input by the affected software. An attacker could exploit...

Cisco Nexus Operating System Devices Command Line Interface Local Privilege Escalation Vulnerability

A vulnerability in the Command Line Interface CLI parser of Cisco Nexus Operating System NX-OS devices could allow an authenticated, local attacker to perform a privilege escalation. The vulnerability is due to improper input validation of special characters within filenames. An attacker could...

Cisco Nexus 7000 Devices Virtual Device Context Privilege Escalation Vulnerability

A privilege escalation vulnerability in the Python scripting subsystem of Cisco Nexus 7000 devices that have been configured with multiple virtual device contexts VDCs could allow an authenticated, local attacker to delete files owned by a different VDC on the device. The vulnerability exists due...

Cisco Application Policy Infrastructure Controller Unauthorized Access Vulnerability

A vulnerability in the role-based access control RBAC of the Cisco Application Policy Infrastructure Controller Cisco APIC could allow an authenticated, remote attacker to have read access to certain information stored in the affected system. The vulnerability is due to improper handling of RBAC...

Cisco NX-OS Software Link Layer Discovery Protocol Denial of Service Vulnerability

A vulnerability in the Link Layer Discovery Protocol LLDP code of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to crash an affected device. The vulnerability is due to an error in parsing a malformed LLDP packet. An attacker could exploit this vulnerability by sending a...

Cisco Prime Collaboration Manager SQL Injection Vulnerability

A vulnerability in the Cisco Prime Collaboration Manager interface could allow an unauthenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries. The vulnerability is due to a lack of input validation on user-supplied input in SQL queries. An...

Cisco Unified MeetingPlace Session ID Information Disclosure Vulnerability

A vulnerability in the Cisco Unified MeetingPlace application could allow an unauthenticated, remote attacker to obtain sensitive information. The Cisco Unified MeetingPlace application does not always properly validate the session ID in the HTTP URL. This could allow an attacker to obtain...

Cisco Adaptive Security Appliance XAUTH Bypass Vulnerability

A vulnerability in Internet Key Exchange IKE version 1 v1 code of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker to bypass Extended Authentication XAUTH and successfully log in via IPsec remote VPN. The vulnerability is due to improper implementation ...

Cisco Unified MeetingPlace XML Processing Information Disclosure Vulnerability

A vulnerability in the web-based user interface of Cisco Unified MeetingPlace could allow an authenticated, remote attacker to gain read access to select information stored on the affected system. The vulnerability is due to improper handling of XML External Entities XXEs when parsing an XML file...

Cisco Headend Digital Broadband Delivery System HTTP Response-Splitting Vulnerability

A vulnerability in the Cisco Headend Digital Broadband Delivery System could allow an unauthenticated, remote attacker to conduct HTTP response-splitting attacks. The vulnerability is due to improper sanitization on user input performed by the HTTP Header Handler within the affected software...

Cisco Conductor for Videoscape and Cisco Headend System Release HTTP Injection Vulnerability

A vulnerability in the Cisco Conductor for Videoscape and Cisco Headend System Releases could allow an unauthenticated, remote attacker to inject arbitrary HTTP cookies via an HTTP request. The vulnerability is due to improper input validation of an HTTP request header. An attacker could exploit...

Command Injection Vulnerability in Multiple Cisco TelePresence Products

A vulnerability in the web framework of multiple Cisco TelePresence products could allow an authenticated, remote attacker to inject arbitrary commands that are executed with the privileges of the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this...

Cisco UCS Central Software Arbitrary Command Execution Vulnerability

A vulnerability in the web framework of Cisco UCS Central Software could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by sending a crafted HTTP...

Cisco StarOS for Cisco ASR 5000 Series HTTP Packet Processing Denial of Service Vulnerability

A vulnerability in HTTP packet processing of Cisco StarOS for Cisco ASR 5000 Series devices could allow an unauthenticated, remote attacker to cause a reload of the session manager service on the affected device. The vulnerability is due to improper processing of malformed HTTP packets. An...

Cisco WebEx Meetings Server Authentication Bypass Vulnerability

A vulnerability in the play/modules of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to be granted authenticated administrator access. The vulnerability is due to an exposed application programming interface API. An attacker could exploit this vulnerability by sendin...

Cisco Intrusion Prevention System IP Logging Denial of Service Vulnerability

A vulnerability in the IP logging feature of Cisco Intrusion Prevention System IPS Software could allow an unauthenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to a race condition when writing the IP logging file. An attacker could exploit this...

Cisco IOS XE Software Autonomic Networking Infrastructure Routing Protocol for Low-Power and Lossy Networks Vulnerability

A vulnerability in the IPv6 Routing Protocol for Low-Power and Lossy Networks RPL of Cisco IOS XE could allow an unauthenticated, adjacent attacker to inject routes into the autonomic control plane ACP. The vulnerability is due to RPL being active on ACP as well as the external Autonomic Networki...

Cisco Intrusion Prevention System MainApp Denial of Service Vulnerability

A vulnerability in the web framework of Cisco Intrusion Prevention System IPS Software could allow an authenticated, remote attacker to cause MainApp to hang intermittently because the authentication manager process creates a denial of service DoS condition. The vulnerability is due to improper...

Cisco Unified Computing System E-Series Blade Servers Cisco Integrated Management Controller SSH Denial of Service Vulnerability

A vulnerability in the Cisco Integrated Management Controller Cisco IMC SSH module of the Cisco Unified Computing System E-Series Blade servers could allow an unauthenticated, remote attacker to cause a denial of service condition. The vulnerability is due to a failure to properly handle a crafte...

Cisco Wireless Residential Gateway Remote Code Execution Vulnerability

A vulnerability in the web server used in multiple Cisco Wireless Residential Gateway products could allow an unauthenticated, remote attacker to exploit a buffer overflow and cause arbitrary code execution. The vulnerability is due to incorrect input validation for HTTP requests. An attacker cou...

Cisco ASA CIFS Share Enumeration Denial of Service Vulnerability

A vulnerability in the WebVPN Common Internet File System CIFS access function of Cisco Adaptive Security Appliance ASA could allow an authenticated, remote attacker to trigger a reload of the affected device. The vulnerability is due to missing bounds checks on the response received from the CIF...

Cisco IOS XR Software Punt Policer Denial of Service Vulnerability

A vulnerability in the implementation of the punt policer on Trident line cards in Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to overload the CPU on the Trident line card or route processor RP and eventually cause a denial of service DoS...

Cisco IOS XE Software Autonomic Networking Infrastructure Overwrite Vulnerability

A vulnerability in the multicast Domain Name System mDNS used for autonomic networking in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to read or overwrite autonomic networking services discovered via mDNS. The vulnerability is due to unconstrained autonomic networking...

Cisco ONS 15454 Controller Card Denial of Service Vulnerability

A vulnerability in the session termination function of the Cisco ONS 15454 Controller Cards could allow an authenticated, remote attacker to cause the control card to reset. The vulnerability is due to an uninitialized pointer. An attacker could exploit this vulnerability by closing sessions in a...

Cisco Emergency Responder Cross-Site Request Forgery Vulnerability

A vulnerability in the CERUserServlet pages of the Cisco Emergency Responder Cisco ER could allow an unauthenticated, remote attacker to perform a cross-site request forgery CSRF attack against the Cisco ER web interface. The vulnerability is due to insufficient CSRF protections on the Cisco ER w...

Cisco Unified Contact Center Express Serviceability Page CSRF Vulnerability

A vulnerability in the Cisco Unified Serviceability component of Cisco Unified Contact Center Express Cisco Unified CCX could allow an unauthenticated, remote attacker to perform a cross-site request forgery CSRF attack. The vulnerability is due to insufficient CSRF protections. An attacker could...

Cisco Unified Communications Manager CAPF Unauthenticated Device Information Update Vulnerability

A vulnerability in the Certificate Authority Proxy Function CAPF of Cisco Unified Communications Manager Cisco Unified CM could allow an unauthenticated, remote attacker to change information related to registered devices. The vulnerability is due to insufficient authentication enforcement. An...

Cisco Adaptive Security Appliance Phone Proxy CTL Authentication Vulnerability

A vulnerability in the Phone Proxy function of the Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to modify the trust of the Certificate Trust List CTL of a remote IP phone. The vulnerability is due to insufficient authentication of the CTL file. An attacker...

Cisco Unified Communications Manager Enterprise Mobility Application Blind SQL Injection Vulnerability

A vulnerability in the Enterprise Mobility Application EMApp interface of Cisco Unified Communications Manager Cisco Unified CM could allow an unauthenticated, remote attacker to impact the integrity of the system by executing arbitrary SQL queries. The vulnerability is due to a failure to valida...

Cisco Video Surveillance Operations Manager MySQL Database Insufficient Authentication Controls Vulnerability

A vulnerability in the configuration of the MySQL database as installed by Cisco Video Surveillance Operations Manager VSOM could allow an unauthenticated, remote attacker to access the MySQL database. The vulnerability is due to insufficient authentication controls. An attacker could exploit thi...

Cisco Secure ACS RMI Arbitrary File Read Vulnerability

A vulnerability in the Remote Method Invocation RMI interface of the Cisco Secure Access Control System ACS could allow an authenticated, remote attacker to read arbitrary files on the Cisco Secure ACS server. The vulnerability is due to insufficient authorization enforcement. An attacker could...

Multiple Vulnerabilities in Cisco Secure Access Control System

Cisco Secure Access Control System ACS is affected by the following vulnerabilities: Cisco Secure ACS RMI Privilege Escalation Vulernability Cisco Secure ACS RMI Unauthenticated User Access Vulnerability Cisco Secure ACS Operating System Command Injection Vulnerability Cisco Secure ACS uses the...

Cisco ONS 15454 Transport Node Controller Denial of Service Vulnerability

An issue in the tNetTaskLimit process of the Cisco ONS 15454 Transport Node Controller TNC could allow an unauthenticated, remote attacker to cause the TNC to reload due to a watchdog timeout. The issue is due to a packet processing services process missing health pings due to excessive traffic...

Cisco WebEx Sales Center Reflected Cross-Site Scripting Vulnerability

A vulnerability in the administrative page for creating a new product in Cisco WebEx Sales Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit thi...

Cisco WebEx Sales Center Open Redirect Vulnerability

A vulnerability in Cisco WebEx Sales Center could allow an unauthenticated, remote attacker to cause WebEx Sales Center to issue a redirect to an arbitrary attacker-supplied URL. The vulnerability is due to an open redirect issue in Cisco WebEx Sales Center. An attacker could exploit this...

Cisco TelePresence VX Clinical Assistant Administrative Password Reset Vulnerability

A vulnerability in the WIL-A module of Cisco TelePresence VX Clinical Assistant could allow an unauthenticated, remote attacker to log in as the admin user of the device using a blank password. The vulnerability is due to a coding error that resets the password for the admin user to a blank...

Cisco Prime Central for Hosted Collaboration Solution Denial of Service Vulnerability

A vulnerability in the Impact server Java process of Cisco Prime Central for Hosted Collaboration Solution HCS could allow an unauthenticated, remote attacker to crash the Impact server Java process. The vulnerability is due to the Impact server Java process consuming available resources. An...

Cisco Unified IP Phone 8900/9900 Series Crafted SDP Packet Vulnerability

A vulnerability in the SDP negotiation logic of the Cisco Cisco Unified IP Phone 9951, Cisco Unified IP Phone 9971 and the Cisco Unified IP Phone 8961 could allow an unauthenticated, remote attacker to cause the phone to reboot. The vulnerability is due to improper processing of crafted SDP...

Cisco Video Surveillance Operations Manager Unauthenticated Access to Camera Video Feeds Vulnerability

A vulnerability in the administrative web interface of the Cisco Video Surveillance Operations Manager could allow an unauthenticated, remote attacker to view camera video feeds. The vulnerability is due to incomplete enforcement of authentication requirements. An attacker could exploit this...

Cisco ASA Certificate Processing Denial of Service Vulnerability

Cisco Adaptive Security Appliance ASA Software versions for symmetric multi-processor SMP platforms contain a vulnerability that could allow an unauthenticated, remote attacker to trigger the device to crash. The vulnerability is due to the SSL/TLS certificate handling code. An attacker could...

Multiple Vulnerabilities in the Cisco WebEx Recording Format and Advanced Recording Format Players

Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Recording Format WRF and Advanced Recording Format ARF Players. Exploitation of these vulnerabilities could allow a remote attacker to crash an affected player, and in some cases, could allow a remote attacker to execute arbitrary...

Cisco Unified Operations Manager HTTP Header Injection Vulnerability

A vulnerability in Cisco Unified Operations Manager could allow an unauthenticated, remote attacker to cause arbitrary HTML or scripts to be executed in a user's browser. The vulnerability is due to a failure to properly validate application URLs. An attacker could exploit this vulnerability by...

Cisco Unified Communications Manager Remote Blind SQL Injection Vulnerability

Cisco Unified Communication Manager Unified CM contains a vulnerability that could allow an unauthenticated, remote attacker to execute a blind Structured Query Language SQL injection. The vulnerability is due to improper validation of user-supplied requests by the Cisco Unified CM. An attacker...

Cisco Unified Communications Domain Manager Cross-Site Scripting Vulnerability

A vulnerability in the IptAccountMgmt, IptFeatureDisplayPolicyMgmt, IptFeatureConfigTemplateMgmt, and IptProviderMgmt pages of the Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting attack. The vulnerability is due to...