Cisco Unified Communications Domain Manager Memory Exhaustion Vulnerability

A vulnerability in the web framework of Cisco Unified Communications Domain Manager could allow an authenticated, remote attacker to exhaust available memory and crash several critical processes. The vulnerability is due to improper memory allocation when the affected system receives crafted HTTP...

Cisco ASA-CX TCP Traffic Denial of Service Vulnerability

A vulnerability processing TCP traffic on Cisco ASA CX could allow an unauthenticated, remote attacker to cause a reload of the affected device. The vulnerability is due to invalid parsing of TCP packet data forwarded to Cisco ASA CX by the Cisco ASA. An attacker could exploit this vulnerability ...

Cisco IOS XR Software SNMP Denial of Service Vulnerability

A vulnerability in the SNMP process on Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a reload of the affected process and a limited memory leak that affects the process. The vulnerability is due to not freeing allocated memory. An attacker could exploit this...

Cisco Prime Central for Hosted Collaboration Solution Directory Traversal Vulnerability

A vulnerability in Cisco Prime Central for Hosted Collaboration Solution could allow an unauthenticated, remote attacker to view system files. The vulnerability is due to insufficient path traversal prevention. An attacker could exploit this vulnerability by submitting a crafted URL. An exploit...

Cisco Unified Computing System Central Software DOM-Based Cross-Site Scripting Vulnerability

Cisco Unified Computing System Central Software contains a vulnerability that could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability exists because the affected software fails to perform sufficient validation and sanitation of user-supplied inpu...

Cisco Adaptive Security Appliance Xlates Table Exhaustion Vulnerability

Cisco Adaptive Security Appliance ASA Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to the improper implementation of the Network Address Translation NAT process by the affected software...

Cisco Small Business Wireless Access Points SSID Validation Vulnerability

Cisco Small Business Wireless Access Points contain a vulnerability that could allow an unauthenticated, adjacent attacker cause a denial of service DoS condition. The vulnerability is due to improper validation of the Service Set Identifier SSID when the affected product is performing a "site...

Cisco Wireless LAN Controller Software Form Post Denial of Service Vulnerability

Cisco Wireless LAN Controller Software contains a vulnerability that could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient validation of user-supplied input to the affected software. An authenticated, remote attacker cou...

Cisco Unified MeetingPlace Web Conferencing SQL Injection Vulnerability

Cisco Unified MeetingPlace Web Conferencing contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a SQL injection attack. The vulnerability is due to insufficient validation of user-supplied input to an HTTP POST method. An unauthenticated, remote attacker could...

Cisco Show and Share Security Vulnerabilities

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

Default Credentials Vulnerability in Cisco Network Registrar

...

Cisco Content Delivery System Internet Streamer: Web Server Vulnerability

...

Cisco Secure Access Control System Unauthorized Password Change Vulnerability

...

Multiple Vulnerabilities in Cisco Digital Media Manager

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

Cisco ONS Platform Crafted Packet Vulnerability

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

Cisco IOS on Catalyst 6500 and Cisco 7600 Access Control List Bypass Vulnerability

Cisco IOS running on Catalyst 6500 and Cisco 7600 contains a vulnerability that could allow an unauthenticated, remote attacker to bypass configured ACLs. The vulnerability exists because the affected devices accept traffic to IP addresses that are reserved for use by the Ethernet Out-of-Band...

Cisco Unified MeetingPlace Template Cross-Site Scripting Vulnerability

Cisco Unified MeetingPlace versions prior to 5.3.235.0 contain a vulnerability that could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. This vulnerability exists due to insufficient filtering of parameters by Cisco Unified MeetingPlace. An unauthenticated,...

Multiple Vulnerabilities in Cisco Clean Access

...

Cisco Intrusion Prevention System Malformed Packet Denial of Service

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

Cisco VPN 5000 Client Multiple Vulnerabilities

...

Hardening of Solaris OS for MGC

...

Cisco Integrated Management Controller Command Injection and Remote Code Execution Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker to execute arbitrary code or commands on the underlying operating system of an affected system and elevate privileges to root. For more...

Cisco IOS XE Software for Catalyst 9000 Series Switches DHCP Snooping Denial of Service Vulnerability

A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause BOOTP packets to be forwarded between VLANs, resulting in a denial of service DoS condition. This vulnerability is due to improper handling of BOOTP packets on Cisco...

Cisco Unified Communications Products Remote Code Execution Vulnerability

A vulnerability in Cisco Unified Communications Manager Unified CM, Cisco Unified Communications Manager Session Management Edition Unified CM SME, Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P, Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance could...

Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Stored Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Evolved Programmable Network Manager EPNM and Cisco Prime Infrastructure could allow a remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface on an affected system. For more...

Cisco Secure Client for Windows with Secure Firewall Posture Engine DLL Hijacking Vulnerability

A vulnerability in the interprocess communication IPC channel of Cisco Secure Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the Secure Firewall Posture Engine, formerly HostScan, is installed on Cisco Secure Client. This...

Cisco Nexus 3000 and 9000 Series Switches Command Injection Vulnerability

A vulnerability in the software upgrade process of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker with valid Administrator credentials to execute a command injection attack on the underlying operating...

Cisco ThousandEyes Endpoint Agent for MacOS and RoomOS Certificate Validation Vulnerability

A vulnerability in certification validation routines of Cisco ThousandEyes Endpoint Agent for macOS and RoomOS could allow an unauthenticated, remote attacker to intercept or manipulate metrics information. This vulnerability exists because the affected software does not properly validate...

Cisco Unified Communications Manager Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user o...

Cisco Catalyst 9000 Series Switches Denial of Service Vulnerability

A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on the control plane of an affected device. This vulnerability is due to improper handling of frames with VLAN tag information. An attacker could exploit this...

Cisco IOS XE Software Web UI Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a cross-site request forgery CSRF attack and execute commands on the CLI of an affected device. This vulnerability is due to insufficient CSRF protections for...

Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability is due to improper enforcement of administrative privilege levels for high-value...

Cisco IOS XR Software Authenticated CLI Secure Copy Protocol and SFTP Denial of Service Vulnerability

A vulnerability in the Secure Copy Protocol SCP and SFTP feature of Cisco IOS XR Software could allow an authenticated, local attacker to create or overwrite files in a system directory, which could lead to a denial of service DoS condition. The attacker would require valid user credentials to...

Cisco Intersight Private Virtual Appliance Command Injection Vulnerabilities

Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using root-level privileges. The attacker would need to have Administrator privileges on the affected device to exploit these vulnerabilities. These...

Cisco Integrated Management Controller Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An...

Cisco Firepower Management Center Software Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to access sensitive information. This vulnerability is due to missing authorization for certain resources in the web-based management interface...

Cisco Identity Services Engine Administrator Password Lifetime Expiration Issue

An issue in the Password Policy settings of Cisco Identity Services Engine ISE could allow an administrator to use expired credentials to gain access to the web management interface. When the Password Lifetime setting for the administrator password policy is used to set the password to expire, th...

Cisco Tetration Command Injection Vulnerability

A vulnerability in the web-based management interface and in the API subsystem of Cisco Tetration could allow an authenticated, remote attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operating system. This vulnerability is due to insufficient inpu...

Cisco Firepower Threat Defense Software Inline Pair/Passive Mode Denial of Service Vulnerability

A vulnerability in the ingress packet processing path of Cisco Firepower Threat Defense FTD Software for interfaces that are configured either as Inline Pair or in Passive mode could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition. The vulnerability is due t...

Cisco IOS XR Software Authenticated User Privilege Escalation Vulnerability

A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local CLI shell user to elevate privileges and gain full administrative control of the device. The vulnerability is due to incorrect mapping of a command to task groups withi...

Cisco Data Center Network Manager Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Data Center Network Manager DCNM could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. The vulnerability exists because the web-based management interface does no...

Cisco RV110W, RV130, RV130W, and RV215W Routers Authentication Bypass Vulnerability

A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary commands...

Cisco SD-WAN Solution Software Privilege Escalation Vulnerability

A vulnerability in Cisco SD-WAN Solution Software could allow an authenticated, local attacker to elevate privileges to Administrator on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted...

Cisco Unified Communications Manager Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of...

Cisco TelePresence Collaboration Endpoint, TelePresence Codec, and RoomOS Software Path Traversal Vulnerability

A vulnerability in the video endpoint API xAPI of Cisco TelePresence Collaboration Endpoint CE Software, Cisco TelePresence Codec TC Software, and Cisco RoomOS Software could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is...

Cisco Prime Collaboration Provisioning Tool Log File Information Disclosure Vulnerability

A vulnerability in the logging subsystem of the Cisco Prime Collaboration Provisioning tool could allow an unauthenticated, local attacker to acquire sensitive information. The vulnerability is due to the logging of sensitive details of specific user actions. An attacker could exploit this...

Cisco Prime Data Center Network Manager Debug Remote Code Execution Vulnerability

A vulnerability in the role-based access control RBAC functionality of Cisco Prime Data Center Network Manager DCNM could allow an unauthenticated, remote attacker to access sensitive information or execute arbitrary code with root privileges on an affected system. The vulnerability is due to the...

Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers Shell Bypass Vulnerability

A vulnerability in the CLI command parser of the Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers could allow an authenticated, local attacker to obtain access to the underlying operating system shell with root-level privileges. The vulnerability is due to incorrect permission...

Cisco Security Appliances AsyncOS Software Update Server Certificate Validation Vulnerability

A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance ESA, Cisco Web Security Appliance WSA, and Cisco Content Management Security Appliance SMA could allow an unauthenticated, remote attacker to impersonate the update server. The vulnerability i...

Cisco IOS and IOS XE Software Data in Motion Component Denial of Service Vulnerability

A vulnerability in the Cisco Data in Motion DMo component for Cisco IOS and IOS XE Software with the IOx feature set could allow an unauthenticated, remote attacker to cause a partial denial of service DoS condition for the DMo process on a targeted system. The vulnerability is due to insufficien...