5224 matches found
Cisco Catalyst 9000 Series Switches Denial of Service Vulnerability
A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on the control plane of an affected device. This vulnerability is due to improper handling of frames with VLAN tag information. An attacker could exploit this...
Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability is due to improper enforcement of administrative privilege levels for high-value...
Cisco IOS XR Software Authenticated CLI Secure Copy Protocol and SFTP Denial of Service Vulnerability
A vulnerability in the Secure Copy Protocol SCP and SFTP feature of Cisco IOS XR Software could allow an authenticated, local attacker to create or overwrite files in a system directory, which could lead to a denial of service DoS condition. The attacker would require valid user credentials to...
Cisco Integrated Management Controller Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An...
Cisco Intersight Private Virtual Appliance Command Injection Vulnerabilities
Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using root-level privileges. The attacker would need to have Administrator privileges on the affected device to exploit these vulnerabilities. These...
Cisco Tetration Command Injection Vulnerability
A vulnerability in the web-based management interface and in the API subsystem of Cisco Tetration could allow an authenticated, remote attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operating system. This vulnerability is due to insufficient inpu...
Cisco Firepower Threat Defense Software Inline Pair/Passive Mode Denial of Service Vulnerability
A vulnerability in the ingress packet processing path of Cisco Firepower Threat Defense FTD Software for interfaces that are configured either as Inline Pair or in Passive mode could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition. The vulnerability is due t...
Cisco Data Center Network Manager Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Data Center Network Manager DCNM could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. The vulnerability exists because the web-based management interface does no...
Cisco SD-WAN Solution Software Privilege Escalation Vulnerability
A vulnerability in Cisco SD-WAN Solution Software could allow an authenticated, local attacker to elevate privileges to Administrator on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted...
Cisco Unified Communications Manager Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of...
Cisco Prime Network Registrar DHCP Denial of Service Vulnerability
A vulnerability in the DHCP server of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to insufficient input validation of incoming DHCP traffic. An attacker could exploit this...
Cisco TelePresence Collaboration Endpoint, TelePresence Codec, and RoomOS Software Path Traversal Vulnerability
A vulnerability in the video endpoint API xAPI of Cisco TelePresence Collaboration Endpoint CE Software, Cisco TelePresence Codec TC Software, and Cisco RoomOS Software could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is...
Cisco Prime Collaboration Provisioning Tool Log File Information Disclosure Vulnerability
A vulnerability in the logging subsystem of the Cisco Prime Collaboration Provisioning tool could allow an unauthenticated, local attacker to acquire sensitive information. The vulnerability is due to the logging of sensitive details of specific user actions. An attacker could exploit this...
Cisco Prime Data Center Network Manager Debug Remote Code Execution Vulnerability
A vulnerability in the role-based access control RBAC functionality of Cisco Prime Data Center Network Manager DCNM could allow an unauthenticated, remote attacker to access sensitive information or execute arbitrary code with root privileges on an affected system. The vulnerability is due to the...
Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers Shell Bypass Vulnerability
A vulnerability in the CLI command parser of the Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers could allow an authenticated, local attacker to obtain access to the underlying operating system shell with root-level privileges. The vulnerability is due to incorrect permission...
Cisco IOS and IOS XE Software Data in Motion Component Denial of Service Vulnerability
A vulnerability in the Cisco Data in Motion DMo component for Cisco IOS and IOS XE Software with the IOx feature set could allow an unauthenticated, remote attacker to cause a partial denial of service DoS condition for the DMo process on a targeted system. The vulnerability is due to insufficien...
Cisco WebEx Meetings Server Denial of Service Vulnerability
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on a targeted system. The vulnerability is due to improper validation of user accounts by specific services. An unauthenticated, remote attacker could exploit...
Cisco Prime Collaboration Assurance Open Redirect Vulnerability
A vulnerability in the web interface of Cisco Prime Collaboration Assurance Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of HTTP request parameters by the affected software. An attacker...
Cisco Adaptive Security Appliance Software DHCPv6 Relay Denial of Service Vulnerability
A vulnerability in the DHCPv6 relay feature of Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient validation of DHCPv6 packets. An attacker could exploit this vulnerability ...
Cisco NX-OS Software SNMP Packet Denial of Service Vulnerability
A vulnerability in the Simple Network Management Protocol SNMP input packet processor of Cisco��Nexus 5500 Platform Switches, Cisco��Nexus 5600 Platform Switches, and Cisco��Nexus 6000 Series Switches running Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the SNMP...
Multiple Cisco Finesse Cross-Site Scripting Vulnerabilities
Multiple vulnerabilities in Cisco Finesse could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks. The vulnerabilities are due to improper input validation of certain parameters passed via HTTP GET or POST methods to an affected device. An unauthenticated, remo...
Cisco TelePresence MCU 4500 Cross-Site Request Forgery Vulnerability
A vulnerability in the Cisco TelePresence MCU 4500 Series could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to insufficient cross-site request forgery CSRF protection. An attacker could exploit this vulnerability by tricking the user of a web...
Cisco Digital Content Manager Message Processing Denial of Service Vulnerability
A vulnerability in Cisco Digital Content Manager DCM could allow an unauthenticated, remote attacker to crash the system mainboard. The vulnerability is due to the DCM receiving malformed ad messages from the ad server, which could trigger a system reboot. An attacker could exploit this...
Cisco Prime Central for HCS Multiple Cross-Site Request Forgery Vulnerabilities
Multiple cross-site request forgery CSRF vulnerabilities in the Cisco Prime Central for HCS PC4HCS application could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerabilities are due to a lack of CSRF protections by an affected device. An attacker could exploit...
Multiple Cisco TelePresence Products Cross-Site Scripting Vulnerability
A vulnerability within the login page of the web user interface of Cisco TelePresence Collaboration Desk and Room Endpoints devices running TC Software could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to improper input validation of...
Cisco TelePresence Multipoint Control Unit Denial of Service Vulnerability
A vulnerability in the Cisco TelePresence multipoint control unit MCU could allow an unauthenticated, remote attacker to trigger a reload of an affected system. The vulnerability is due to insufficient sanitization of TCP packets. An attacker could exploit this vulnerability by sending a sequence...
Cisco Small Business RV Series Routers HTTP Referer Header Vulnerability
A vulnerability in the administrative web interface of the Cisco RV120W Wireless-N VPN Firewall, Cisco RV180 VPN Router, Cisco RV180W Wireless-N Multifunction VPN Router, and Cisco RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to perform a cross-site...
Cisco TelePresence Management Interface Vulnerability
The Cisco TelePresence administrative web interface login page contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input...
Cisco Unified Communications Manager DNA Arbitrary File Upload Vulnerability
A vulnerability in the Multiple Analyzer of the Cisco Unified Communications Manager Dialed Number Analyzer DNA could allow an authenticated, remote attacker to upload arbitrary files to a restricted location on the filesystem. The vulnerability is due to insufficient parameter validation. An...
Cisco Intelligent Automation for Cloud MyServices Vulnerabilities
A vulnerability in the MyServices action of Cisco Intelligent Automation for Cloud could allow an authenticated, remote attacker to acquire sensitive information. The vulnerability is due to the inclusion of sensitive information in URLs. An attacker could exploit this vulnerability by viewing...
Cisco Video Surveillance 5000 Series HD IP Dome Camera Multiple Cross-Site Scripting Vulnerabilities
Multiple vulnerabilities in the web user interface of the Cisco Video Surveillance 5000 Series HD IP Dome Cameras could allow an unauthenticated, remote attacker to execute a cross-site scripting XSS attack. The vulnerabilities are due to insufficient validation of user-supplied input. An attacke...
Cisco WebEx Training Center Cross-Site Request Forgery Vulnerabilities
A vulnerability in the web framework of Cisco WebEx Training Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerability by persuading a user to...
Cisco WebEx Training Center Registration ID Exposure Vulnerability
A vulnerability in Cisco WebEx Training Center could allow an unauthenticated, remote attacker to gather the registration ID of other users. The vulnerability is due to inappropriate disclosure of sensitive information to unauthenticated users. An attacker could exploit this vulnerability by...
Cisco Services Portal File Download Vulnerability
A vulnerability in the ''Files Available for Download'' window of Cisco Intelligent Automation for Cloud could allow an authenticated, remote attacker to download arbitrary files from the system. The vulnerability is due to a failure to perform sufficient server-side validation of user-supplied...
Cisco ASA CX Safe Search Policy Bypass Vulnerability
A vulnerability in the Safe Search enforcement component of Cisco ASA CX Context-Aware Security could allow an unauthenticated, remote attacker to bypass security policy enforced by the affected component. The vulnerability is due to improper implementation of the logic that should perform the...
Cisco Adaptive Security Appliance Software Remote Access VPN Authentication Bypass Vulnerability
A vulnerability in the authentication code of the remote access VPN feature of Cisco ASA Software could allow an unauthenticated, remote attacker to bypass the remote VPN authentication, which could allow remote access to the inside network. The vulnerability is due to improper parsing of the LDA...
Cisco Unified Computing System Cisco Management Controller Denial of Service Vulnerability
A vulnerability in the Cisco Management Controller of the Cisco Unified Computing System could allow an authenticated, local attacker to trigger a denial of service DoS condition. The vulnerability is due to improper parameter input validation. An attacker could exploit this vulnerability by...
Cisco Virtualization Experience Client Series 6000 Local Arbitrary Command Execution Vulnerability
A vulnerability in the diagnostic module of the Cisco Virtualization Experience Client 6000 Series could allow an authenticated, non-privileged, local attacker to execute arbitrary commands on the underlying operating system. The vulnerability is due to lack of input validation in the diagnostic...
Cisco Digital Media System DMM Open Redirect Vulnerability
Cisco Digital Media Manager DMM contains a vulnerability that could allow an unauthenticated, remote attacker to cause the DMM to issue a redirect to an arbitrary third-party URL. The vulnerability is due to an open redirect issue in the DMM login page. An attacker could exploit this vulnerabilit...
Cisco Unified Communications Manager Stack Trace Web Disclosure Vulnerability
An issue in the web portal of Cisco Unified Communications Manager Unified CM could allow an authenticated, remote attacker to view exception stack trace details. The issue is due to disclosure of exception stack trace details. An attacker could exploit this issue by generating a stack exception ...
Cisco Secure Access Control System Help Index Cross-Site Scripting Vulnerability
A vulnerability in the Access Control System Help index page of Cisco Access Control System ACS could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of the affected system. The vulnerability is due to insufficient input...
Cisco Secure Access Control System Admin/View Page Cross-Site Request Forgery Vulnerability
A vulnerability in the Cisco Access Control System ACS Administration and View pages could allow an unauthenticated, remote attacker to perform a cross-site request forgery CSRF attack. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerability by...
Cisco TC Software SIP Implementation Vulnerability
A vulnerability in the Session Initiation Protocol SIP implementation used in TC Software could allow an unauthenticated, remoteattacker to cause an endpoint to process unintended SIP NOTIFY messages. The vulnerability is due to errors in the SIP implementation. An attacker could exploit this...
Cisco Prime for HCS Assurance Information Disclosure Vulnerability
A vulnerability in web framework could allow an unauthenticated, remote attacker to access information about internal file system resources such as paths and names of files and directories. The vulnerability is due to insufficient security hardening of replies to crafted HTTP requests. An attacke...
Multiple Vulnerabilities in Cisco Content Security Management Appliance
Cisco IronPort AsyncOS Software for Cisco Content Security Management Appliance is affected by the following vulnerabilities: Web Framework Authenticated Command Injection Vulnerability IronPort Spam Quarantine Denial of Service Vulnerability Management GUI Denial of Service Vulnerability These...
Buffer Overflow Vulnerabilities in the Cisco WebEx Player
The Cisco WebEx Recording Format WRF player contains three buffer overflow vulnerabilities. In some cases, exploitation of the vulnerabilities could allow a remote attacker to execute arbitrary code on the system with the privileges of a targeted user. The Cisco WebEx Players are applications tha...
Buffer Overflow Vulnerabilities in the Cisco WebEx Player
Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Recording Format WRF player. In some cases, exploitation of the vulnerabilities could allow a remote attacker to execute arbitrary code on the system with the privileges of a targeted user. The Cisco WebEx Players are applications...
Cisco Unified Service Monitor and Cisco Unified Operations Manager Remote Code Execution Vulnerabilities
...
Cisco IOS Real-time Transport Protocol Packet Processing Denial of Service Vulnerability
Cisco IOS Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on a targeted device. The vulnerability is due to errors in processing malformed packets. An unauthenticated, remote attacker could exploit the vulnerability...
Cisco RVS4000 and WRVS4400N Web Management Interface Vulnerabilities
...