5226 matches found
Cisco Unified Computing System Cisco Management Controller Denial of Service Vulnerability
A vulnerability in the Cisco Management Controller of the Cisco Unified Computing System could allow an authenticated, local attacker to trigger a denial of service DoS condition. The vulnerability is due to improper parameter input validation. An attacker could exploit this vulnerability by...
Cisco SocialMiner administration.jsp HTTP Information Disclosure Vulnerability
A vulnerability in the administration.jsp page of Cisco SocialMiner could allow an unauthenticated, remote attacker to access sensitive information. The vulnerability exists because the affected software implements an insecure HTTP connection between a Cisco SocialMiner client and server when...
Cisco Identity Services Engine Software Administration Panel Cross-Site Scripting Vulnerability
A vulnerability in the search form of the Cisco ISE administration/monitoring panel could allow an unauthenticated, remote attacker to send a malicious script to an unsuspecting user. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by convincing...
Cisco IOS XR Software SNMP Denial of Service Vulnerability
A vulnerability in the SNMP process on Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a reload of the affected process and a limited memory leak that affects the process. The vulnerability is due to not freeing allocated memory. An attacker could exploit this...
Cisco Prime Central for Hosted Collaboration Solution Directory Traversal Vulnerability
A vulnerability in Cisco Prime Central for Hosted Collaboration Solution could allow an unauthenticated, remote attacker to view system files. The vulnerability is due to insufficient path traversal prevention. An attacker could exploit this vulnerability by submitting a crafted URL. An exploit...
Cisco Connected Grid Network Management System Cross-Site Scripting Vulnerabilities
Cisco Connected Grid Network Management System CG-NMS contains multiple vulnerabilities that could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. Cisco Connected Grid Network Management System is susceptible to cross-site scripting XSS vulnerabilities in the...
Cisco Adaptive Security Appliance Xlates Table Exhaustion Vulnerability
Cisco Adaptive Security Appliance ASA Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to the improper implementation of the Network Address Translation NAT process by the affected software...
Cisco Small Business Wireless Access Points SSID Validation Vulnerability
Cisco Small Business Wireless Access Points contain a vulnerability that could allow an unauthenticated, adjacent attacker cause a denial of service DoS condition. The vulnerability is due to improper validation of the Service Set Identifier SSID when the affected product is performing a "site...
Cisco Wireless LAN Controller Software Form Post Denial of Service Vulnerability
Cisco Wireless LAN Controller Software contains a vulnerability that could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient validation of user-supplied input to the affected software. An authenticated, remote attacker cou...
Cisco Unified MeetingPlace Web Conferencing SQL Injection Vulnerability
Cisco Unified MeetingPlace Web Conferencing contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a SQL injection attack. The vulnerability is due to insufficient validation of user-supplied input to an HTTP POST method. An unauthenticated, remote attacker could...
Cisco Show and Share Security Vulnerabilities
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Default Credentials Vulnerability in Cisco Network Registrar
...
Cisco Content Delivery System Internet Streamer: Web Server Vulnerability
...
CiscoWorks Common Services Framework Help Servlet Cross-Site Scripting Vulnerability
CiscoWorks Common Services contains a cross-site scripting vulnerability that could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to improper validation of malformed user input supplied via URL parameters to the affected application. A...
Cisco Physical Access Gateway Denial of Service Vulnerability
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Cisco ONS Platform Crafted Packet Vulnerability
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Cisco IOS on Catalyst 6500 and Cisco 7600 Access Control List Bypass Vulnerability
Cisco IOS running on Catalyst 6500 and Cisco 7600 contains a vulnerability that could allow an unauthenticated, remote attacker to bypass configured ACLs. The vulnerability exists because the affected devices accept traffic to IP addresses that are reserved for use by the Ethernet Out-of-Band...
Cisco Unified MeetingPlace Template Cross-Site Scripting Vulnerability
Cisco Unified MeetingPlace versions prior to 5.3.235.0 contain a vulnerability that could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. This vulnerability exists due to insufficient filtering of parameters by Cisco Unified MeetingPlace. An unauthenticated,...
Cisco Intrusion Prevention System Malformed Packet Denial of Service
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
AVS TCP Relay Vulnerability
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Default SNMP Community Strings in Cisco IP/VC Products
...
Cisco VPN 5000 Client Multiple Vulnerabilities
...
Hardening of Solaris OS for MGC
...
Cisco Secure PIX Firewall FTP Vulnerabilities
...
Cisco Unity Connection Remote Code Execution and Server-Side Request Forgery Vulnerabilities
Multiple vulnerabilities in Cisco Unity Connection could allow a remote attacker to execute arbitrary code on or conduct server-side request forgery SSRF attacks through an affected device. For more information about these vulnerabilities, see the Details "details" section of this advisory. Cisco...
Cisco Identity Services Engine RADIUS Suppression Denial of Service Vulnerability
A vulnerability in the RADIUS setting Reject RADIUS requests from clients with repeated failures on Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to cause Cisco ISE to restart unexpectedly. This vulnerability is due to a logic error when processing a RADIUS...
Multiple Cisco Products Switch Integrated Security Features DHCPv6 Denial of Service Vulnerability
A vulnerability in the Switch Integrated Security Features SISF of Cisco IOS Software, Cisco IOS XE Software, Cisco NX-OS Software, and Cisco Wireless LAN Controller WLC AireOS Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected...
Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Stored Cross-Site Scripting Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Evolved Programmable Network Manager EPNM and Cisco Prime Infrastructure could allow a remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface on an affected system. For more...
Cisco Nexus 3000 and 9000 Series Switches Command Injection Vulnerability
A vulnerability in the software upgrade process of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker with valid Administrator credentials to execute a command injection attack on the underlying operating...
Cisco ThousandEyes Endpoint Agent for MacOS and RoomOS Certificate Validation Vulnerability
A vulnerability in certification validation routines of Cisco ThousandEyes Endpoint Agent for macOS and RoomOS could allow an unauthenticated, remote attacker to intercept or manipulate metrics information. This vulnerability exists because the affected software does not properly validate...
Cisco NX-OS Software Image Verification Bypass Vulnerability
A vulnerability in the bootloader of Cisco NX-OS Software could allow an unauthenticated attacker with physical access to an affected device, or an authenticated, local attacker with administrative credentials, to bypass NX-OS image signature verification. This vulnerability is due to insecure...
Cisco Unified Communications Manager Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user o...
Cisco Catalyst 9000 Series Switches Denial of Service Vulnerability
A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on the control plane of an affected device. This vulnerability is due to improper handling of frames with VLAN tag information. An attacker could exploit this...
Cisco IOS XE Software HTTP Server Telephony Services Denial of Service Vulnerability
A vulnerability in the HTTP Server feature of Cisco IOS XE Software when the Telephony Service feature is enabled could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to a null pointer dereference when accessin...
Cisco IOS XR Software Authenticated CLI Secure Copy Protocol and SFTP Denial of Service Vulnerability
A vulnerability in the Secure Copy Protocol SCP and SFTP feature of Cisco IOS XR Software could allow an authenticated, local attacker to create or overwrite files in a system directory, which could lead to a denial of service DoS condition. The attacker would require valid user credentials to...
Cisco Integrated Management Controller Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An...
Cisco Tetration Command Injection Vulnerability
A vulnerability in the web-based management interface and in the API subsystem of Cisco Tetration could allow an authenticated, remote attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operating system. This vulnerability is due to insufficient inpu...
Cisco Webex Teams Web Interface Cross-Site Scripting Vulnerability
A vulnerability in the web-based interface of Cisco Webex Teams could allow an authenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to improper validation of usernames. An attacker could exploit this vulnerability by creating an account that contains...
Cisco Firepower Threat Defense Software Inline Pair/Passive Mode Denial of Service Vulnerability
A vulnerability in the ingress packet processing path of Cisco Firepower Threat Defense FTD Software for interfaces that are configured either as Inline Pair or in Passive mode could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition. The vulnerability is due t...
Cisco Data Center Network Manager Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Data Center Network Manager DCNM could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. The vulnerability exists because the web-based management interface does no...
Cisco SD-WAN Solution Software Privilege Escalation Vulnerability
A vulnerability in Cisco SD-WAN Solution Software could allow an authenticated, local attacker to elevate privileges to Administrator on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted...
Cisco Unified Communications Manager Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of...
Cisco Prime Network Registrar DHCP Denial of Service Vulnerability
A vulnerability in the DHCP server of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to insufficient input validation of incoming DHCP traffic. An attacker could exploit this...
Cisco TelePresence Collaboration Endpoint, TelePresence Codec, and RoomOS Software Path Traversal Vulnerability
A vulnerability in the video endpoint API xAPI of Cisco TelePresence Collaboration Endpoint CE Software, Cisco TelePresence Codec TC Software, and Cisco RoomOS Software could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is...
Cisco Prime Data Center Network Manager Debug Remote Code Execution Vulnerability
A vulnerability in the role-based access control RBAC functionality of Cisco Prime Data Center Network Manager DCNM could allow an unauthenticated, remote attacker to access sensitive information or execute arbitrary code with root privileges on an affected system. The vulnerability is due to the...
Cisco Ultra Services Platform Plaintext Credential Logging Information Disclosure Vulnerability
A vulnerability in the Virtual Network Function Manager's VNFM logging function of Cisco Ultra Services Platform could allow an authenticated, local attacker to view sensitive data on an affected system. The vulnerability is due to insufficient protection of sensitive data. An attacker could...
Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers Shell Bypass Vulnerability
A vulnerability in the CLI command parser of the Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers could allow an authenticated, local attacker to obtain access to the underlying operating system shell with root-level privileges. The vulnerability is due to incorrect permission...
Cisco IOS and IOS XE Software Data in Motion Component Denial of Service Vulnerability
A vulnerability in the Cisco Data in Motion DMo component for Cisco IOS and IOS XE Software with the IOx feature set could allow an unauthenticated, remote attacker to cause a partial denial of service DoS condition for the DMo process on a targeted system. The vulnerability is due to insufficien...
Cisco Adaptive Security Appliance Software DHCPv6 Relay Denial of Service Vulnerability
A vulnerability in the DHCPv6 relay feature of Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient validation of DHCPv6 packets. An attacker could exploit this vulnerability ...
Cisco NX-OS Software SNMP Packet Denial of Service Vulnerability
A vulnerability in the Simple Network Management Protocol SNMP input packet processor of Cisco��Nexus 5500 Platform Switches, Cisco��Nexus 5600 Platform Switches, and Cisco��Nexus 6000 Series Switches running Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the SNMP...