Cisco MediaSense Search and Play Authorization Vulnerability

A vulnerability in the Search and Play interface of Cisco MediaSense could allow an authenticated, remote attacker to access recordings in the Search and Play interface. The vulnerability is due to insufficient authorization controls. An attacker could exploit this vulnerability by accessing the...

Cisco Webex Training Center Session Password and Access Code Disclosure Vulnerability

A vulnerability in the registration pages of Cisco WebEx Training Center could allow an unauthenticated, remote attacker to obtain the password and access code for a paid training without paying or registering for the training. The vulnerability is due to disclosure of the training session...

Cisco WebEx Training Center Registered Attendee Email Enumeration Vulnerability

A vulnerability in the training registration page in Cisco WebEx Training Center could allow an unauthenticated, remote attacker to enumerate email addresses of registered attendees. The vulnerability is due to registration error messages that allow a user to determine that an email address...

Cisco Video Surveillance 4000 Series IP Camera Default Credential Vulnerability

A vulnerability in the analytics page of the Cisco Video Surveillance 4000 Series IP Camera could allow an unauthenticated, remote attacker to gain access to the analytics pages of a Cisco Video Surveillance 4000 Series IP Camera. The vulnerability is due to an undocumented user account with a...

Cisco NX-OS Software Input Validation Vulnerability

A vulnerability in the command-line interface CLI parser of Cisco NX-OS Software could allow an authenticated, local attacker to create or overwrite files. The vulnerability is due to improper input filtering. An attacker could exploit this vulnerability by using a shell output redirection. A...

Cisco IPS Authentication Manager Denial of Service Vulnerability

A vulnerability in the web framework of Cisco IPS Software could allow an unauthenticated, remote attacker to cause MainApp to hang intermittently due to the authentication manager process creating a denial of service DoS condition. The vulnerability is due to improper handling of user tokens. An...

Cisco SocialMiner administration.jsp HTTP Information Disclosure Vulnerability

A vulnerability in the administration.jsp page of Cisco SocialMiner could allow an unauthenticated, remote attacker to access sensitive information. The vulnerability exists because the affected software implements an insecure HTTP connection between a Cisco SocialMiner client and server when...

Cisco Wireless LAN Controller Multiple Parameter Handling Denial of Service Vulnerability

A vulnerability in the Web Administrator Interface of Cisco Wireless LAN Controllers WLC could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to a failure to properly validate certain parameters prior to processing them on the device. ...

Cisco ASA Protocol Inspection Connection Table Denial of Service Vulnerability

Cisco Adaptive Security Appliance ASA Software contains a vulnerability that could allow an unauthenticated, remote attacker to fill the connection table in the ASA preventing new connections to be established through the device. The vulnerability is due to the ASA not honoring the idle timeout f...

Cisco UCS 6100 Fabric Interconnect Memory Leak Denial of Service Vulnerability

A vulnerability in the memory management when executing either the show monitor session all or show monitor session command-line interface CLI commands on the Cisco Unified Computing System UCS 6100 Series Fabric Interconnects could allow an authenticated, local attacker to trigger a memory leak...

Cisco Finesse User Data in Query Vulnerability

A vulnerability in HTTP queries of Cisco Finesse could allow an unauthenticated, remote attacker to collect potentially sensitive user data. The vulnerability is due to insecure transmission of user data in an HTTP query. An attacker could exploit this vulnerability by capturing the HTTP query...

Authenticated Command Injection Vulnerability in Multiple Cisco Content Network and Video Delivery Products

Multiple Cisco content network and video delivery products contain a vulnerability when they are configured to run in central management mode. This vulnerability could allow an authenticated but unprivileged, remote attacker to execute arbitrary code on the affected system and on the devices...

Cisco Unified Communications Manager Blind SQL Injection Vulnerability

A vulnerability in Cisco Unified Communication Manager Unified CM could allow an authenticated, remote attacker to execute a blind Structured Query Language SQL injection. The vulnerability is due to improper validation of user-supplied requests by the Cisco Unified CM. An attacker could exploit...

Cisco Identity Services Engine Software Administration Panel Cross-Site Scripting Vulnerability

A vulnerability in the search form of the Cisco ISE administration/monitoring panel could allow an unauthenticated, remote attacker to send a malicious script to an unsuspecting user. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by convincing...

Cisco Unified Communications Domain Manager Memory Exhaustion Vulnerability

A vulnerability in the web framework of Cisco Unified Communications Domain Manager could allow an authenticated, remote attacker to exhaust available memory and crash several critical processes. The vulnerability is due to improper memory allocation when the affected system receives crafted HTTP...

Cisco Content Filtering Devices Cross-Site Request Forgery Vulnerability

A vulnerability in the web framework could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against the user of the web interface. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerability by convincing the...

Cisco ASA-CX TCP Traffic Denial of Service Vulnerability

A vulnerability processing TCP traffic on Cisco ASA CX could allow an unauthenticated, remote attacker to cause a reload of the affected device. The vulnerability is due to invalid parsing of TCP packet data forwarded to Cisco ASA CX by the Cisco ASA. An attacker could exploit this vulnerability ...

Cisco IOS XR Software SNMP Denial of Service Vulnerability

A vulnerability in the SNMP process on Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a reload of the affected process and a limited memory leak that affects the process. The vulnerability is due to not freeing allocated memory. An attacker could exploit this...

Cisco WebEx Social Client-Side Restriction Bypass Attribute Change Vulnerability

A vulnerability in the user management page of WebEx Social could allow an authenticated, remote attacker to inject arbitrary values into the Screen Name, Email Address, First Name, Middle Name, Last Name, and Job Title fields. The vulnerability is due to insufficient server-side validation of...

Cisco Unified Computing System Central Software DOM-Based Cross-Site Scripting Vulnerability

Cisco Unified Computing System Central Software contains a vulnerability that could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability exists because the affected software fails to perform sufficient validation and sanitation of user-supplied inpu...

Cisco Small Business Wireless Access Points SSID Validation Vulnerability

Cisco Small Business Wireless Access Points contain a vulnerability that could allow an unauthenticated, adjacent attacker cause a denial of service DoS condition. The vulnerability is due to improper validation of the Service Set Identifier SSID when the affected product is performing a "site...

Cisco Wireless LAN Controller Software Form Post Denial of Service Vulnerability

Cisco Wireless LAN Controller Software contains a vulnerability that could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient validation of user-supplied input to the affected software. An authenticated, remote attacker cou...

Cisco Unified MeetingPlace Web Conferencing SQL Injection Vulnerability

Cisco Unified MeetingPlace Web Conferencing contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a SQL injection attack. The vulnerability is due to insufficient validation of user-supplied input to an HTTP POST method. An unauthenticated, remote attacker could...

Cisco AnyConnect Secure Mobility Client WebLaunch Session Hijack Vulnerability

Cisco AnyConnect Secure Mobility Client contains a vulnerability that could allow an unauthenticated, remote attacker to hijack WebLaunch sessions, which could allow the attacker to intercept sensitive information. The vulnerability is due to the failure to perform certificate name checking in an...

Cisco Unified MeetingPlace SQL Injection Vulnerability

Cisco Unified MeetingPlace contains a vulnerability that could allow an authenticated, remote attacker to execute arbitrary SQL code on a targeted system. The vulnerability is due to improper validation of user-supplied input to the web-based application interface. An authenticated, remote attack...

Cisco Show and Share Security Vulnerabilities

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

Cisco Content Delivery System Internet Streamer: Web Server Vulnerability

...

Cisco Secure Access Control System Unauthorized Password Change Vulnerability

...

Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

Multiple Vulnerabilities in Cisco Digital Media Manager

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

Cisco ONS Platform Crafted Packet Vulnerability

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

Cisco IOS on Catalyst 6500 and Cisco 7600 Access Control List Bypass Vulnerability

Cisco IOS running on Catalyst 6500 and Cisco 7600 contains a vulnerability that could allow an unauthenticated, remote attacker to bypass configured ACLs. The vulnerability exists because the affected devices accept traffic to IP addresses that are reserved for use by the Ethernet Out-of-Band...

Cisco Video Surveillance IP Gateway and Services Platform Authentication Vulnerabilities

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

Cisco Unified MeetingPlace Template Cross-Site Scripting Vulnerability

Cisco Unified MeetingPlace versions prior to 5.3.235.0 contain a vulnerability that could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. This vulnerability exists due to insufficient filtering of parameters by Cisco Unified MeetingPlace. An unauthenticated,...

Cisco PIX and ASA TCP Traffic Inspection Denial of Service Vulnerability

Cisco PIX 500 Series Security Appliances and Cisco ASA 5500 Series Adaptive Security Appliances ASA contain a vulnerability that could allow an unauthenticated, remote attacker to crash an affected device, causing a denial of service DoS condition. This vulnerability exists due to insufficient...

Multiple Vulnerabilities in Cisco Clean Access

...

Cisco Intrusion Prevention System Malformed Packet Denial of Service

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

TACACS+ Authentication Bypass in Cisco Anomaly Detection and Mitigation Products

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

IOS Stack Group Bidding Protocol Crafted Packet DoS

The Cisco IOS Stack Group Bidding Protocol SGBP feature in certain versions of Cisco IOS software is vulnerable to a remotely-exploitable denial of service condition. Devices that do not support or have not enabled the SGBP protocol are not affected by this vulnerability. Cisco has made free...

Cisco VPN 5000 Client Multiple Vulnerabilities

...

Hardening of Solaris OS for MGC

...

Multiple Vulnerabilities in CBOS

...

Cisco Smart Software Manager On-Prem Arbitrary Command Execution Vulnerability

A vulnerability in Cisco Smart Software Manager On-Prem SSM On-Prem could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected SSM On-Prem host. This vulnerability is due to the unintentional exposure of an internal service. An...

Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Stored Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Evolved Programmable Network Manager EPNM and Cisco Prime Infrastructure could allow a remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface on an affected system. For more...

Cisco ThousandEyes Endpoint Agent for MacOS and RoomOS Certificate Validation Vulnerability

A vulnerability in certification validation routines of Cisco ThousandEyes Endpoint Agent for macOS and RoomOS could allow an unauthenticated, remote attacker to intercept or manipulate metrics information. This vulnerability exists because the affected software does not properly validate...

Cisco Unified Industrial Wireless Software for Ultra-Reliable Wireless Backhaul Access Point Command Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul URWB Access Points could allow an unauthenticated, remote attacker to perform command injection attacks with root privileges on the underlying operating...

Cisco IOS XE Software Web UI Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a cross-site request forgery CSRF attack and execute commands on the CLI of an affected device. This vulnerability is due to insufficient CSRF protections for...

Cisco Crosswork Network Services Orchestrator Open Redirect Vulnerability

A vulnerability in the web-based management interface of Cisco Crosswork Network Services Orchestrator NSO could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of a parameter in an HTTP request. An...

Cisco IOS XR Software Authenticated CLI Secure Copy Protocol and SFTP Denial of Service Vulnerability

A vulnerability in the Secure Copy Protocol SCP and SFTP feature of Cisco IOS XR Software could allow an authenticated, local attacker to create or overwrite files in a system directory, which could lead to a denial of service DoS condition. The attacker would require valid user credentials to...

Cisco Intersight Private Virtual Appliance Command Injection Vulnerabilities

Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using root-level privileges. The attacker would need to have Administrator privileges on the affected device to exploit these vulnerabilities. These...