Cisco Intrusion Prevention System IP Logging Denial of Service Vulnerability

A vulnerability in the IP logging feature of Cisco Intrusion Prevention System IPS Software could allow an unauthenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to a race condition when writing the IP logging file. An attacker could exploit this...

Cisco IOS XE Software Autonomic Networking Infrastructure Routing Protocol for Low-Power and Lossy Networks Vulnerability

A vulnerability in the IPv6 Routing Protocol for Low-Power and Lossy Networks RPL of Cisco IOS XE could allow an unauthenticated, adjacent attacker to inject routes into the autonomic control plane ACP. The vulnerability is due to RPL being active on ACP as well as the external Autonomic Networki...

Cisco Intrusion Prevention System MainApp Denial of Service Vulnerability

A vulnerability in the web framework of Cisco Intrusion Prevention System IPS Software could allow an authenticated, remote attacker to cause MainApp to hang intermittently because the authentication manager process creates a denial of service DoS condition. The vulnerability is due to improper...

Cisco Unified Computing System E-Series Blade Servers Cisco Integrated Management Controller SSH Denial of Service Vulnerability

A vulnerability in the Cisco Integrated Management Controller Cisco IMC SSH module of the Cisco Unified Computing System E-Series Blade servers could allow an unauthenticated, remote attacker to cause a denial of service condition. The vulnerability is due to a failure to properly handle a crafte...

Cisco Wireless Residential Gateway Remote Code Execution Vulnerability

A vulnerability in the web server used in multiple Cisco Wireless Residential Gateway products could allow an unauthenticated, remote attacker to exploit a buffer overflow and cause arbitrary code execution. The vulnerability is due to incorrect input validation for HTTP requests. An attacker cou...

Cisco ASA CIFS Share Enumeration Denial of Service Vulnerability

A vulnerability in the WebVPN Common Internet File System CIFS access function of Cisco Adaptive Security Appliance ASA could allow an authenticated, remote attacker to trigger a reload of the affected device. The vulnerability is due to missing bounds checks on the response received from the CIF...

Cisco Unified Communications Manager DNA Cross-Site Scripting Vulnerability

A vulnerability in the Dialed Number Analyzer DNA of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to perform a cross-site scripting XSS attack against the user of a web interface. The vulnerability is due to insufficient input validation of a parameter in t...

Cisco IOS XR Software Punt Policer Denial of Service Vulnerability

A vulnerability in the implementation of the punt policer on Trident line cards in Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to overload the CPU on the Trident line card or route processor RP and eventually cause a denial of service DoS...

Multiple Vulnerabilities in Cisco Unified Communications Domain Manager

Cisco Unified Communications Domain Manager Cisco Unified CDM is affected by the following vulnerabilities: Cisco Unified Communications Domain Manager Privilege Escalation Vulnerability Cisco Unified Communications Domain Manager Default SSH Key Vulnerability Cisco Unified Communications Domain...

Cisco IOS XE Software Autonomic Networking Infrastructure Overwrite Vulnerability

A vulnerability in the multicast Domain Name System mDNS used for autonomic networking in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to read or overwrite autonomic networking services discovered via mDNS. The vulnerability is due to unconstrained autonomic networking...

Cisco ONS 15454 Controller Card Denial of Service Vulnerability

A vulnerability in the session termination function of the Cisco ONS 15454 Controller Cards could allow an authenticated, remote attacker to cause the control card to reset. The vulnerability is due to an uninitialized pointer. An attacker could exploit this vulnerability by closing sessions in a...

Cisco Emergency Responder Cross-Site Request Forgery Vulnerability

A vulnerability in the CERUserServlet pages of the Cisco Emergency Responder Cisco ER could allow an unauthenticated, remote attacker to perform a cross-site request forgery CSRF attack against the Cisco ER web interface. The vulnerability is due to insufficient CSRF protections on the Cisco ER w...

Cisco Unified Contact Center Express Serviceability Page CSRF Vulnerability

A vulnerability in the Cisco Unified Serviceability component of Cisco Unified Contact Center Express Cisco Unified CCX could allow an unauthenticated, remote attacker to perform a cross-site request forgery CSRF attack. The vulnerability is due to insufficient CSRF protections. An attacker could...

Cisco Unified Communications Manager CAPF Unauthenticated Device Information Update Vulnerability

A vulnerability in the Certificate Authority Proxy Function CAPF of Cisco Unified Communications Manager Cisco Unified CM could allow an unauthenticated, remote attacker to change information related to registered devices. The vulnerability is due to insufficient authentication enforcement. An...

Cisco Adaptive Security Appliance Phone Proxy CTL Authentication Vulnerability

A vulnerability in the Phone Proxy function of the Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to modify the trust of the Certificate Trust List CTL of a remote IP phone. The vulnerability is due to insufficient authentication of the CTL file. An attacker...

Cisco Unified Communications Manager CMIVR Blind SQL Injection Vulnerability

A vulnerability in the Cisco Unified Communications Manager UCM Unified CallManager Interactive Voice Response CMIVR interface could allow an unauthenticated, remote attacker to impact the integrity of the system by executing arbitrary SQL queries. The vulnerability is due to a lack of input...

Cisco Video Surveillance Operations Manager MySQL Database Insufficient Authentication Controls Vulnerability

A vulnerability in the configuration of the MySQL database as installed by Cisco Video Surveillance Operations Manager VSOM could allow an unauthenticated, remote attacker to access the MySQL database. The vulnerability is due to insufficient authentication controls. An attacker could exploit thi...

Cisco Secure ACS RMI Arbitrary File Read Vulnerability

A vulnerability in the Remote Method Invocation RMI interface of the Cisco Secure Access Control System ACS could allow an authenticated, remote attacker to read arbitrary files on the Cisco Secure ACS server. The vulnerability is due to insufficient authorization enforcement. An attacker could...

Cisco ONS 15454 Transport Node Controller Denial of Service Vulnerability

An issue in the tNetTaskLimit process of the Cisco ONS 15454 Transport Node Controller TNC could allow an unauthenticated, remote attacker to cause the TNC to reload due to a watchdog timeout. The issue is due to a packet processing services process missing health pings due to excessive traffic...

Cisco WebEx Sales Center Reflected Cross-Site Scripting Vulnerability

A vulnerability in the administrative page for creating a new product in Cisco WebEx Sales Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit thi...

Cisco WebEx Sales Center Open Redirect Vulnerability

A vulnerability in Cisco WebEx Sales Center could allow an unauthenticated, remote attacker to cause WebEx Sales Center to issue a redirect to an arbitrary attacker-supplied URL. The vulnerability is due to an open redirect issue in Cisco WebEx Sales Center. An attacker could exploit this...

Cisco TelePresence VX Clinical Assistant Administrative Password Reset Vulnerability

A vulnerability in the WIL-A module of Cisco TelePresence VX Clinical Assistant could allow an unauthenticated, remote attacker to log in as the admin user of the device using a blank password. The vulnerability is due to a coding error that resets the password for the admin user to a blank...

Cisco Prime Central for Hosted Collaboration Solution Denial of Service Vulnerability

A vulnerability in the Impact server Java process of Cisco Prime Central for Hosted Collaboration Solution HCS could allow an unauthenticated, remote attacker to crash the Impact server Java process. The vulnerability is due to the Impact server Java process consuming available resources. An...

Cisco Unified IP Phone 8900/9900 Series Crafted SDP Packet Vulnerability

A vulnerability in the SDP negotiation logic of the Cisco Cisco Unified IP Phone 9951, Cisco Unified IP Phone 9971 and the Cisco Unified IP Phone 8961 could allow an unauthenticated, remote attacker to cause the phone to reboot. The vulnerability is due to improper processing of crafted SDP...

Cisco Video Surveillance Operations Manager Unauthenticated Access to Camera Video Feeds Vulnerability

A vulnerability in the administrative web interface of the Cisco Video Surveillance Operations Manager could allow an unauthenticated, remote attacker to view camera video feeds. The vulnerability is due to incomplete enforcement of authentication requirements. An attacker could exploit this...

Cisco ASA Certificate Processing Denial of Service Vulnerability

Cisco Adaptive Security Appliance ASA Software versions for symmetric multi-processor SMP platforms contain a vulnerability that could allow an unauthenticated, remote attacker to trigger the device to crash. The vulnerability is due to the SSL/TLS certificate handling code. An attacker could...

Multiple Vulnerabilities in the Cisco WebEx Recording Format and Advanced Recording Format Players

Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Recording Format WRF and Advanced Recording Format ARF Players. Exploitation of these vulnerabilities could allow a remote attacker to crash an affected player, and in some cases, could allow a remote attacker to execute arbitrary...

Cisco Finesse User Data in Query Vulnerability

A vulnerability in HTTP queries of Cisco Finesse could allow an unauthenticated, remote attacker to collect potentially sensitive user data. The vulnerability is due to insecure transmission of user data in an HTTP query. An attacker could exploit this vulnerability by capturing the HTTP query...

Cisco Unified Operations Manager HTTP Header Injection Vulnerability

A vulnerability in Cisco Unified Operations Manager could allow an unauthenticated, remote attacker to cause arbitrary HTML or scripts to be executed in a user's browser. The vulnerability is due to a failure to properly validate application URLs. An attacker could exploit this vulnerability by...

Cisco Unified Communications Manager Remote Blind SQL Injection Vulnerability

Cisco Unified Communication Manager Unified CM contains a vulnerability that could allow an unauthenticated, remote attacker to execute a blind Structured Query Language SQL injection. The vulnerability is due to improper validation of user-supplied requests by the Cisco Unified CM. An attacker...

Cisco Unified Communications Domain Manager Cross-Site Scripting Vulnerability

A vulnerability in the IptAccountMgmt, IptFeatureDisplayPolicyMgmt, IptFeatureConfigTemplateMgmt, and IptProviderMgmt pages of the Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting attack. The vulnerability is due to...

Cisco Virtualization Experience Client Privilege Escalation Vulnerability

A vulnerability in the function handling the operating system permissions of Cisco Virtualization Experience Client 6000 Series could allow an authenticated, local attacker to take full control of the affected system. The vulnerability is due to improper implementation of the permissions for the...

Cisco Prime Infrastructure Rogue AP SSID Cross-Site Scripting Vulnerability

A vulnerability in the wireless configuration module of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to insert scripts into the listing of rogue access points. The vulnerability is due to a failure to properly sanitize SSIDs before inserting them into the XML windowi...

Cisco Nexus 7000 Frame Forwarding Loop Denial of Service Vulnerability

Cisco NX-OS Software running on Nexus 7000 Series Switches contains a vulnerability that could allow an unauthenticated, remote attacker with access to an adjacent network to cause a denial of service DoS condition. The vulnerability is due to mishandling of a specific type of nonstandard Etherne...

Cisco Adaptive Security Appliance Software and Firewall Services Module Software Time-Range Object Access List Bypass Vulnerability

A vulnerability in the implementation of the time-range object could allow an unauthenticated, remote attacker to bypass access lists that are using the time-range option. The vulnerability is due to improper implementation of the code for the time-range object, when the periodic command is used...

Cisco TelePresence Infrastructure Denial of Service Vulnerability

Cisco TelePresence multipoint control unit MCU and Cisco TelePresence Server contain a vulnerability that could allow an unauthenticated, remote attacker to trigger the reload of an affected system. Cisco has released software updates that address this vulnerability. Workarounds that mitigate thi...

Cisco Host Scan Component of AnyConnect Secure Mobility and Secure Desktop Privilege Elevation Vulnerability

The Cisco Host Scan component of Cisco AnyConnect Secure Mobility and Cisco Secure Desktop contains multiple vulnerabilities that could allow a local, unprivileged user to elevate privileges to those of SYSTEM. Cisco has confirmed the vulnerability in a security notice and software updates are...

Cisco Small Business Switches SSH Packet Processing Denial of Service Vulnerability

Cisco Small Business Switches contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition to features that rely on SSH or SSL protocols. The vulnerability is due to the processing flaw in malformed packets in the code used by SSH and SSL...

Cisco NAC Appliance Cross-Site Scripting Vulnerability

Cisco NAC Appliance contains a vulnerability that could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to insufficient validation of user-supplied input processed by the affected software. An unauthenticated, remote attacker could explo...

Cisco Unity Express Cross-Site Scripting Vulnerabilities

Cisco Unity Express contains multiple vulnerabilities that could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerabilities are due to insufficient sanitization of user-supplied input processed by the Cisco Unity Express software. An unauthenticated,...

Cisco Unified IP Phones Local Kernel System Call Input Validation Vulnerability

Cisco Unified IP Phones 7900 Series versions 9.31SR1 and prior contain an arbitrary code execution vulnerability that could allow a local attacker to execute code or modify arbitrary memory with elevated privileges. This vulnerability is due to a failure to properly validate input passed to kerne...

Cisco IOS Software DHCP Denial of Service Vulnerability

Cisco IOS Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. An attacker could exploit this vulnerability by sending a single DHCP packet to or through an affected device, causing the device to reload. Cisco has...

Cisco Unified Presence and Jabber Extensible Communications Platform Stream Header Denial of Service Vulnerability

A denial of service DoS vulnerability exists in Cisco Unified Presence and Jabber Extensible Communications Platform Jabber XCP. An unauthenticated, remote attacker could exploit this vulnerability by sending a specially crafted Extensible Messaging and Presence Protocol XMPP stream header to an...

Cisco AnyConnect Secure Mobility Client IPsec Certificate Validation Vulnerability

Cisco AnyConnect Secure Mobility Client contains a vulnerability that could allow an unauthenticated, remote attacker to conduct man-in-the-middle attacks. The vulnerability exists because the affected software does not perform certificate name checking in an X.509 certificate when the software i...

Cisco ASA 5500 Series Adaptive Security Appliance Clientless WebVPN Remote Denial of Service Vulnerability

The Cisco ASA 5500 Series Adaptive Security Appliance contains a vulnerability that could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to the improper handling of user-supplied requests by an affected system when configured to use th...

Cisco Application Control Engine Administrator IP Address Overlap Vulnerability

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

Cisco Unified Communications Manager Skinny Client Control Protocol Vulnerabilities

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

Cisco Small Business SRP500 Series Command Injection Vulnerability

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

Cisco Unified Operations Manager Common Services Device Center Cross-Site Scripting Vulnerability

Cisco Unified Operations Manager contains a cross-site scripting vulnerability that could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to improper validation of user input supplied to the Common Services Device Center component used b...

Cisco IOS Software H.323 Denial of Service Vulnerability

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...