5226 matches found
Cisco UCS Central Software File Access Vulnerability
A vulnerability in the web framework of the Cisco UCS Central Software could allow an unauthenticated, remote attacker to download arbitrary files from a targeted device. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by sending a crafted HTTP...
Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability
A vulnerability in the web framework of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against the user of the web interface. The vulnerability is due to insufficient CSRF protections. An attacker could exploit th...
Cisco FireSIGHT Management Center Cross-Site Scripting Vulnerabilities
Multiple vulnerabilities in Cisco FireSIGHT Management Center could allow an unauthenticated, remote attacker to perform reflected cross-site scripting XSS attacks. The vulnerabilities are due to insufficient validation of user-supplied input by the affected software. An attacker could exploit...
Cisco TelePresence IP Gateway Cross-Site Request Forgery Vulnerability
A vulnerability in the Cisco TelePresence IP Gateway Series could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to insufficient cross-site request forgery CSRF protection. An attacker could exploit this vulnerability by tricking the user of a web...
Cisco Nexus Devices NX-OS Software Command-Line Interpreter Local Privilege Escalation Vulnerability
A local privilege escalation vulnerability in the command-line interpreter of Cisco Nexus devices could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with user privileges. The vulnerability exists due to insufficient input sanitization of...
Cisco IOS Software UBR Devices IPv6 to IPv4 Subsystem Denial of Service Vulnerability
A vulnerability in the IPv6 to IPv4 subsystem of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a Performance Routing Engine PRE crash on a targeted system, resulting in a denial of service DoS condition. The vulnerability is due to a race condition that may cause a...
Cisco NX-OS Software Link Layer Discovery Protocol Denial of Service Vulnerability
A vulnerability in the Link Layer Discovery Protocol LLDP code of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to crash an affected device. The vulnerability is due to an error in parsing a malformed LLDP packet. An attacker could exploit this vulnerability by sending a...
Cisco Prime Collaboration Manager SQL Injection Vulnerability
A vulnerability in the Cisco Prime Collaboration Manager interface could allow an unauthenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries. The vulnerability is due to a lack of input validation on user-supplied input in SQL queries. An...
Cisco Unified MeetingPlace Session ID Information Disclosure Vulnerability
A vulnerability in the Cisco Unified MeetingPlace application could allow an unauthenticated, remote attacker to obtain sensitive information. The Cisco Unified MeetingPlace application does not always properly validate the session ID in the HTTP URL. This could allow an attacker to obtain...
Cisco Headend System Release UDP TFTP and DHCP Denial of Service Vulnerability
A vulnerability in the UDP applications TFTP and DHCP of Cisco Headend System Release could allow an unauthenticated, remote attacker to take the TFTP and DHCP listening ports offline for a period of time. The vulnerability is due to a particular UDP traffic pattern in addition to the amount of U...
Cisco Headend Digital Broadband Delivery System HTTP Response-Splitting Vulnerability
A vulnerability in the Cisco Headend Digital Broadband Delivery System could allow an unauthenticated, remote attacker to conduct HTTP response-splitting attacks. The vulnerability is due to improper sanitization on user input performed by the HTTP Header Handler within the affected software...
Cisco Headend Digital Broadband Delivery System Cross-Site Scripting Vulnerability
A vulnerability in the web-based administration interface of the Cisco Headend Digital Broadband Delivery System could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack on the affected device. The vulnerability is due to improper input validation of certain...
Cisco UCS Central Software Arbitrary Command Execution Vulnerability
A vulnerability in the web framework of Cisco UCS Central Software could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by sending a crafted HTTP...
Cisco StarOS for Cisco ASR 5000 Series HTTP Packet Processing Denial of Service Vulnerability
A vulnerability in HTTP packet processing of Cisco StarOS for Cisco ASR 5000 Series devices could allow an unauthenticated, remote attacker to cause a reload of the session manager service on the affected device. The vulnerability is due to improper processing of malformed HTTP packets. An...
Cisco IOS Software Kernel Timer Vulnerability
A vulnerability in the kernel timers in Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of the affected device. The vulnerability is due to improper management of kernel timers. An attacker could exploit this vulnerability by sending crafted traffic, causing...
Cisco Unified IP Phone 9900 Series Insecure Device Permissions Vulnerability
A vulnerability in the Cisco Unified IP Phone 9900 Series could allow an authenticated, local attacker to cause a complete denial of service DoS on an affected device. The vulnerability is due to insecure file permissions on some devices. An attacker could exploit this vulnerability by writing to...
Cisco WebEx Meetings Server Authentication Bypass Vulnerability
A vulnerability in the play/modules of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to be granted authenticated administrator access. The vulnerability is due to an exposed application programming interface API. An attacker could exploit this vulnerability by sendin...
Cisco AsyncOS Software ZIP Filtering Bypass Vulnerability
A vulnerability in the ZIP inspection engine of Cisco AsyncOS for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass the engine protection and deliver malicious ZIP files. The vulnerability is due to improper implementation of the logic for analyzing the...
Cisco Intrusion Prevention System MainApp Denial of Service Vulnerability
A vulnerability in the web framework of Cisco Intrusion Prevention System IPS Software could allow an authenticated, remote attacker to cause MainApp to hang intermittently because the authentication manager process creates a denial of service DoS condition. The vulnerability is due to improper...
Cisco ASA CIFS Share Enumeration Denial of Service Vulnerability
A vulnerability in the WebVPN Common Internet File System CIFS access function of Cisco Adaptive Security Appliance ASA could allow an authenticated, remote attacker to trigger a reload of the affected device. The vulnerability is due to missing bounds checks on the response received from the CIF...
Cisco Unified Communications Manager DNA Cross-Site Scripting Vulnerability
A vulnerability in the Dialed Number Analyzer DNA of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to perform a cross-site scripting XSS attack against the user of a web interface. The vulnerability is due to insufficient input validation of a parameter in t...
Cisco IOS XR Software Punt Policer Denial of Service Vulnerability
A vulnerability in the implementation of the punt policer on Trident line cards in Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to overload the CPU on the Trident line card or route processor RP and eventually cause a denial of service DoS...
Cisco Tidal Enterprise Scheduler Agent Privilege Escalation Vulnerability
A vulnerability in Cisco Tidal Enterprise Scheduler Agent could allow an authenticated, local attacker to execute arbitrary commands on the affected system with the privileges of the root user. The vulnerability is due to insufficient validation of the Tidal Job Buffers TJB parameters when the...
Cisco IOS Software Link Layer Discovery Protocol Denial of Service Vulnerability
A vulnerability in Link Layer Discovery Protocol LLDP in Cisco switches could allow an unauthenticated, adjacent attacker to cause a reload of the affected device. The vulnerability is due to incorrect handling of malformed LLDP packets. An attacker could exploit this vulnerability by sending a...
Cisco IOS Software and IOS XE Software LISP Denial of Service Vulnerability
A vulnerability in Locator/ID Separation Protocol LISP control message processing in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a vulnerable device to disable Cisco Express Forwarding and eventually drop traffic passing through. The...
Cisco Unified Contact Center Express Arbitrary File Upload Vulnerability
A vulnerability in Document Management of Cisco Unified Contact Center Express could allow an authenticated, remote attacker to upload files to arbitrary locations on the filesystem. The vulnerability is due to insufficient parameter validation. An attacker could exploit this vulnerability by...
Cisco Emergency Responder Cross-Site Request Forgery Vulnerability
A vulnerability in the CERUserServlet pages of the Cisco Emergency Responder Cisco ER could allow an unauthenticated, remote attacker to perform a cross-site request forgery CSRF attack against the Cisco ER web interface. The vulnerability is due to insufficient CSRF protections on the Cisco ER w...
Cisco IOS Software High Priority Queue Denial of Service Vulnerability
A vulnerability in the packet driver code of Cisco IOS Software could allow an unauthenticated, remote attacker to cause a reload of the affected device, resulting in a denial of service DoS condition. The vulnerability is due to how the packet driver code handles packets that belong to protocols...
Cisco Unified Contact Center Express Serviceability Page CSRF Vulnerability
A vulnerability in the Cisco Unified Serviceability component of Cisco Unified Contact Center Express Cisco Unified CCX could allow an unauthenticated, remote attacker to perform a cross-site request forgery CSRF attack. The vulnerability is due to insufficient CSRF protections. An attacker could...
Cisco Unified Communications Manager CMIVR Blind SQL Injection Vulnerability
A vulnerability in the Cisco Unified Communications Manager UCM Unified CallManager Interactive Voice Response CMIVR interface could allow an unauthenticated, remote attacker to impact the integrity of the system by executing arbitrary SQL queries. The vulnerability is due to a lack of input...
Cisco Unified Communications Manager IPMA Blind SQL Injection Vulnerability
A vulnerability in the Cisco Unified Communications Manager UCM IP Manager Assistant IPMA interface could allow an unauthenticated, remote attacker to impact the integrity of the system by executing arbitrary SQL queries. The vulnerability is due to a lack of input validation on user-supplied...
Cisco Video Surveillance Operations Manager MySQL Database Insufficient Authentication Controls Vulnerability
A vulnerability in the configuration of the MySQL database as installed by Cisco Video Surveillance Operations Manager VSOM could allow an unauthenticated, remote attacker to access the MySQL database. The vulnerability is due to insufficient authentication controls. An attacker could exploit thi...
Cisco Secure ACS RMI Arbitrary File Read Vulnerability
A vulnerability in the Remote Method Invocation RMI interface of the Cisco Secure Access Control System ACS could allow an authenticated, remote attacker to read arbitrary files on the Cisco Secure ACS server. The vulnerability is due to insufficient authorization enforcement. An attacker could...
Cisco Unified Communications Manager Sensitive Information Disclosure Vulnerability
A vulnerability in the disaster recovery system DRS of Cisco Unified Communications Manager UCM could allow an authenticated, remote attacker to acquire sensitive information about DRS-related devices. The vulnerability is due to extraneous information included in the web page. An attacker could...
Cisco WebEx Sales Center Reflected Cross-Site Scripting Vulnerability
A vulnerability in the administrative page for creating a new product in Cisco WebEx Sales Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit thi...
Cisco WebEx Sales Center Open Redirect Vulnerability
A vulnerability in Cisco WebEx Sales Center could allow an unauthenticated, remote attacker to cause WebEx Sales Center to issue a redirect to an arbitrary attacker-supplied URL. The vulnerability is due to an open redirect issue in Cisco WebEx Sales Center. An attacker could exploit this...
Cisco IOS XE Software IP Header Sanity Check Denial of Service Vulnerability
A vulnerability in the Cisco Express Forwarding processing module that checks the sanity of IP headers on Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, leading to a denial of service DoS condition. The vulnerability is due to improper...
Cisco Enterprise License Manager Path Traversal Vulnerability
A vulnerability in the license upload interface of the Cisco Enterprise License Manager ELM could allow an authenticated, remote attacker to upload files to arbitrary locations on the filesystem. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerabili...
Cisco Adaptive Security Appliance Auto-Update Denial of Service Vulnerability
A vulnerability in the auto-update feature of the Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to cause a reload of the ASA. The vulnerability is due to insufficient input validation of auto-update data. An attacker could exploit this vulnerability by...
Cisco TelePresence VX Clinical Assistant Administrative Password Reset Vulnerability
A vulnerability in the WIL-A module of Cisco TelePresence VX Clinical Assistant could allow an unauthenticated, remote attacker to log in as the admin user of the device using a blank password. The vulnerability is due to a coding error that resets the password for the admin user to a blank...
Cisco 9900 Series Phone webapp Buffer Overflow Vulnerability
A vulnerability in the web application interface of Cisco 9900 series IP phones could allow an unauthenticated, remote attacker to cause the webapp interface to become unavailable. The vulnerability is due to insufficient input validation of certain fields. An attacker could exploit this...
Cisco Unified Communications Manager Administrative Web Interface Directory Traversal Vulnerability
A vulnerability in the administrative web interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to obtain the contents of arbitrary files on an affected device. The vulnerability is due to a failure to properly sanitize user-supplied input passed to a...
Cisco Unified IP Phone 8900/9900 Series Crafted SDP Packet Vulnerability
A vulnerability in the SDP negotiation logic of the Cisco Cisco Unified IP Phone 9951, Cisco Unified IP Phone 9971 and the Cisco Unified IP Phone 8961 could allow an unauthenticated, remote attacker to cause the phone to reboot. The vulnerability is due to improper processing of crafted SDP...
Cisco Unified Communications Domain Manager Blind SQL Injection Vulnerability
A vulnerability in the web framework of Cisco Unified Communications Domain Manager could allow an authenticated, remote attacker to impact the integrity and availability of the affected system by executing arbitrary SQL queries. The vulnerability is due to a failure to validate user-supplied inp...
Cisco Video Surveillance Operations Manager Unauthenticated Access to Camera Video Feeds Vulnerability
A vulnerability in the administrative web interface of the Cisco Video Surveillance Operations Manager could allow an unauthenticated, remote attacker to view camera video feeds. The vulnerability is due to incomplete enforcement of authentication requirements. An attacker could exploit this...
Multiple Vulnerabilities in the Cisco WebEx Recording Format and Advanced Recording Format Players
Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Recording Format WRF and Advanced Recording Format ARF Players. Exploitation of these vulnerabilities could allow a remote attacker to crash an affected player, and in some cases, could allow a remote attacker to execute arbitrary...
Cisco Finesse User Data in Query Vulnerability
A vulnerability in HTTP queries of Cisco Finesse could allow an unauthenticated, remote attacker to collect potentially sensitive user data. The vulnerability is due to insecure transmission of user data in an HTTP query. An attacker could exploit this vulnerability by capturing the HTTP query...
Cisco Unified Communications Manager Web Page Cross-Site Request Forgery Vulnerability
A vulnerability in the web pages of Cisco Unified Communications Manager Unified CM could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerability by...
Multiple Vulnerabilities in the Cisco Video Surveillance Manager
The Cisco Video Surveillance Manager VSM allows operations managers and system integrators to build customized video surveillance networks to meet their needs. Cisco VSM provides centralized configuration, management, display, and control of video from Cisco and third-party surveillance endpoints...
Cisco Unified Operations Manager HTTP Header Injection Vulnerability
A vulnerability in Cisco Unified Operations Manager could allow an unauthenticated, remote attacker to cause arbitrary HTML or scripts to be executed in a user's browser. The vulnerability is due to a failure to properly validate application URLs. An attacker could exploit this vulnerability by...