5226 matches found
Multiple Cisco TelePresence Products Cross-Site Scripting Vulnerability
A vulnerability within the login page of the web user interface of Cisco TelePresence Collaboration Desk and Room Endpoints devices running TC Software could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to improper input validation of...
Cisco TelePresence Multipoint Control Unit Denial of Service Vulnerability
A vulnerability in the Cisco TelePresence multipoint control unit MCU could allow an unauthenticated, remote attacker to trigger a reload of an affected system. The vulnerability is due to insufficient sanitization of TCP packets. An attacker could exploit this vulnerability by sending a sequence...
Cisco Small Business RV Series Routers HTTP Referer Header Vulnerability
A vulnerability in the administrative web interface of the Cisco RV120W Wireless-N VPN Firewall, Cisco RV180 VPN Router, Cisco RV180W Wireless-N Multifunction VPN Router, and Cisco RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to perform a cross-site...
Cisco TelePresence Management Interface Vulnerability
The Cisco TelePresence administrative web interface login page contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input...
Cisco Unified Communications Manager DNA Arbitrary File Upload Vulnerability
A vulnerability in the Multiple Analyzer of the Cisco Unified Communications Manager Dialed Number Analyzer DNA could allow an authenticated, remote attacker to upload arbitrary files to a restricted location on the filesystem. The vulnerability is due to insufficient parameter validation. An...
Cisco Intelligent Automation for Cloud MyServices Vulnerabilities
A vulnerability in the MyServices action of Cisco Intelligent Automation for Cloud could allow an authenticated, remote attacker to acquire sensitive information. The vulnerability is due to the inclusion of sensitive information in URLs. An attacker could exploit this vulnerability by viewing...
Cisco Wireless LAN Controller Cisco Discovery Protocol Denial of Service Vulnerability
A vulnerability in the Cisco Discovery Protocol subsystem of Cisco Wireless LAN Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition. The vulnerability is due to a failure to properly check for certain NULL values present in a Cisco Discovery...
Cisco Video Surveillance 5000 Series HD IP Dome Camera Multiple Cross-Site Scripting Vulnerabilities
Multiple vulnerabilities in the web user interface of the Cisco Video Surveillance 5000 Series HD IP Dome Cameras could allow an unauthenticated, remote attacker to execute a cross-site scripting XSS attack. The vulnerabilities are due to insufficient validation of user-supplied input. An attacke...
Cisco WebEx Training Center Cross-Site Request Forgery Vulnerabilities
A vulnerability in the web framework of Cisco WebEx Training Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerability by persuading a user to...
Cisco WebEx Training Center Registration ID Exposure Vulnerability
A vulnerability in Cisco WebEx Training Center could allow an unauthenticated, remote attacker to gather the registration ID of other users. The vulnerability is due to inappropriate disclosure of sensitive information to unauthenticated users. An attacker could exploit this vulnerability by...
Cisco Services Portal File Download Vulnerability
A vulnerability in the ''Files Available for Download'' window of Cisco Intelligent Automation for Cloud could allow an authenticated, remote attacker to download arbitrary files from the system. The vulnerability is due to a failure to perform sufficient server-side validation of user-supplied...
Cisco ASA CX Safe Search Policy Bypass Vulnerability
A vulnerability in the Safe Search enforcement component of Cisco ASA CX Context-Aware Security could allow an unauthenticated, remote attacker to bypass security policy enforced by the affected component. The vulnerability is due to improper implementation of the logic that should perform the...
Cisco Virtualization Experience Client Series 6000 Local Arbitrary Command Execution Vulnerability
A vulnerability in the diagnostic module of the Cisco Virtualization Experience Client 6000 Series could allow an authenticated, non-privileged, local attacker to execute arbitrary commands on the underlying operating system. The vulnerability is due to lack of input validation in the diagnostic...
Cisco Digital Media System DMM Open Redirect Vulnerability
Cisco Digital Media Manager DMM contains a vulnerability that could allow an unauthenticated, remote attacker to cause the DMM to issue a redirect to an arbitrary third-party URL. The vulnerability is due to an open redirect issue in the DMM login page. An attacker could exploit this vulnerabilit...
Cisco Unified Communications Manager Stack Trace Web Disclosure Vulnerability
An issue in the web portal of Cisco Unified Communications Manager Unified CM could allow an authenticated, remote attacker to view exception stack trace details. The issue is due to disclosure of exception stack trace details. An attacker could exploit this issue by generating a stack exception ...
Cisco Secure Access Control System Help Index Cross-Site Scripting Vulnerability
A vulnerability in the Access Control System Help index page of Cisco Access Control System ACS could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of the affected system. The vulnerability is due to insufficient input...
Cisco Secure Access Control System Admin/View Page Cross-Site Request Forgery Vulnerability
A vulnerability in the Cisco Access Control System ACS Administration and View pages could allow an unauthenticated, remote attacker to perform a cross-site request forgery CSRF attack. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerability by...
Cisco TC Software SIP Implementation Vulnerability
A vulnerability in the Session Initiation Protocol SIP implementation used in TC Software could allow an unauthenticated, remoteattacker to cause an endpoint to process unintended SIP NOTIFY messages. The vulnerability is due to errors in the SIP implementation. An attacker could exploit this...
Cisco Prime for HCS Assurance Information Disclosure Vulnerability
A vulnerability in web framework could allow an unauthenticated, remote attacker to access information about internal file system resources such as paths and names of files and directories. The vulnerability is due to insufficient security hardening of replies to crafted HTTP requests. An attacke...
Multiple Vulnerabilities in Cisco Content Security Management Appliance
Cisco IronPort AsyncOS Software for Cisco Content Security Management Appliance is affected by the following vulnerabilities: Web Framework Authenticated Command Injection Vulnerability IronPort Spam Quarantine Denial of Service Vulnerability Management GUI Denial of Service Vulnerability These...
Buffer Overflow Vulnerabilities in the Cisco WebEx Player
The Cisco WebEx Recording Format WRF player contains three buffer overflow vulnerabilities. In some cases, exploitation of the vulnerabilities could allow a remote attacker to execute arbitrary code on the system with the privileges of a targeted user. The Cisco WebEx Players are applications tha...
Buffer Overflow Vulnerabilities in the Cisco WebEx Player
Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Recording Format WRF player. In some cases, exploitation of the vulnerabilities could allow a remote attacker to execute arbitrary code on the system with the privileges of a targeted user. The Cisco WebEx Players are applications...
Cisco Unified Service Monitor and Cisco Unified Operations Manager Remote Code Execution Vulnerabilities
...
Cisco IOS Real-time Transport Protocol Packet Processing Denial of Service Vulnerability
Cisco IOS Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on a targeted device. The vulnerability is due to errors in processing malformed packets. An unauthenticated, remote attacker could exploit the vulnerability...
Cisco RVS4000 and WRVS4400N Web Management Interface Vulnerabilities
...
CDS Internet Streamer: Web Server Directory Traversal Vulnerability
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Multiple Cisco WebEx WRF Player Vulnerabilities
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Cisco IOS Software Zone-Based Policy Firewall Vulnerability
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Cisco Network Admission Control Shared Secret Vulnerability
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Cisco Catalyst 6000, 6500 Series and Cisco 7600 Series NAM (Network Analysis Module) Vulnerability
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Cisco Firewall Services Module, PIX and ASA SIP Message Denial of Service Vulnerability
Cisco Firewall Services Module, PIX Security Appliance, and ASA Security Appliance contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability exists due to an error when handling SIP messages. An unauthenticated, remo...
Unintentional Password Modification Vulnerability in Cisco Firewall Products
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Cisco CallManager Administration and User Options Web Interfaces Cross-Site Scripting Vulnerability
Cisco CallManager versions prior to 4.31, 4.23, 4.13SR4 and 3.35SR3 contain a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary script in the user's browser session. The vulnerability exists due to improper input sanitization in the CallManager Administration...
Voice Product Vulnerabilities on IBM Servers
...
Cisco Secure ACS Unix Acme.server Information Disclosure Vulnerability
...
Cisco Catalyst SSH Protocol Mismatch Vulnerability
...
Cisco Unity Connection Cross-Site Scripting, Open Redirect, and SQL Injection Vulnerabilities
Multiple vulnerabilities in Cisco Unity Connection could allow a remote attacker to conduct a cross-site scripting XSS attack, an open redirect attack, and an SQL injection attack. For more information about these vulnerabilities, see the Details "details" section of this advisory. Cisco has...
Cisco Wireless Access Point Software Device Analytics Action Frame Injection Vulnerability
A vulnerability in the Device Analytics action frame processing of Cisco Wireless Access Point AP Software could allow an unauthenticated, adjacent attacker to inject wireless 802.11 action frames with arbitrary information. This vulnerability is due to insufficient verification checks of incomin...
Cisco IOS XE Wireless Controller Software Cisco Discovery Protocol Denial of Service Vulnerability
A vulnerability in Cisco IOS XE Wireless Controller Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to insufficient input validation of access point AP Cisco Discovery Protocol CDP neighbor...
Cisco IOS XR Software Border Gateway Protocol Confederation Denial of Service Vulnerability
A vulnerability in confederation implementation for the Border Gateway Protocol BGP in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. This vulnerability is due to a memory corruption that occurs when a BGP update is created with a...
Cisco 6800, 7800, 8800, and 9800 Series Phones with Multiplatform Firmware Stored Cross-Site Scripting Vulnerabilities
Multiple vulnerabilities in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 6800, 7800, and 8800 Series, and Cisco Video Phone 8875 with Cisco Multiplatform Firmware could allow an authenticated, remote attacker to conduct stored cross-site scripting XSS attacks against users. These...
Cisco Enterprise Chat and Email Denial of Service Vulnerability
A vulnerability in the External Agent Assignment Service EAAS feature of Cisco Enterprise Chat and Email ECE could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to insufficient validation of Media Routing...
Cisco Adaptive Security Appliance and Firepower Threat Defense Software Persistent Local Code Execution Vulnerability
A vulnerability in the VPN web server of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level privileges are required to exploit this...
Cisco Secure Firewall Management Center Software HTML Injection Vulnerability
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to inject arbitrary HTML content into a device-generated document. This vulnerability is due ...
Cisco Meraki MX and Z Series Teleworker Gateway AnyConnect VPN Session Takeover and Denial of Service Vulnerability
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to hijack an AnyConnect VPN session or cause a denial of service DoS condition for individual users of the AnyConnect VPN...
Cisco IOS XR Software Dedicated XML Agent TCP Denial of Service Vulnerability
A vulnerability in the Dedicated XML Agent feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service DoS on XML TCP listen port 38751. This vulnerability is due to a lack of proper error validation of ingress XML packets. An attacker could explo...
Cisco IOS XR Software Segment Routing for Intermediate System-to-Intermediate System Denial of Service Vulnerability
A vulnerability in the segment routing feature for the Intermediate System-to-Intermediate System IS-IS protocol of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to insufficient...
Cisco Routed Passive Optical Network Controller Vulnerabilities
Multiple vulnerabilities in Cisco Routed Passive Optical Network PON Controller Software, which runs as a docker container on hardware that is supported by Cisco IOS XR Software, could allow an authenticated, remote attacker to perform command injection attacks, execute arbitrary commands on the...
Cisco Unified Communications Manager Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user o...
Cisco Secure Web Appliance Privilege Escalation Vulnerability
A vulnerability in the CLI of Cisco AsyncOS for Secure Web Appliance could allow an authenticated, local attacker to execute arbitrary commands and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied input for the CLI. An attacker could exploit this...