5226 matches found
Cisco Identity Services Engine RADIUS Suppression Denial of Service Vulnerability
A vulnerability in the RADIUS setting Reject RADIUS requests from clients with repeated failures on Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to cause Cisco ISE to restart unexpectedly. This vulnerability is due to a logic error when processing a RADIUS...
Cisco Identity Services Engine Unauthenticated Remote Code Execution Vulnerabilities
Multiple vulnerabilities in Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC could allow an unauthenticated, remote attacker to issue commands on the underlying operating system as the root user. For more information about these vulnerabilities, see the Details...
Cisco Webex Services Cross-Site Scripting Vulnerabilities
Multiple vulnerabilities in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. These vulnerabilities are due to improper filtering of user-supplied input. An attacker could exploit these vulnerabilities by persuading a user to follow a...
Cisco Catalyst SD-WAN Manager Arbitrary File Overwrite Vulnerability
A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. To exploit this vulnerability, the attacker must have valid read-only credentials...
Cisco IOS, IOS XE, and IOS XR Software TWAMP Denial of Service Vulnerability
A vulnerability in the Two-Way Active Measurement Protocol TWAMP server feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service DoS condition. For Cisco IOS XR Software, this...
Cisco IOS XE Software for WLC Wireless IPv6 Clients Denial of Service Vulnerability
A vulnerability in the Wireless Network Control daemon wncd of Cisco IOS XE Software for Wireless LAN Controllers WLCs could allow an unauthenticated, adjacent wireless attacker to cause a denial of service DoS condition. This vulnerability is due to improper memory management. An attacker could...
Cisco Adaptive Security Appliance Software, Firepower Threat Defense Software, IOS Software, and IOS XE Software IKEv2 Denial of Service Vulnerability
A vulnerability in the Internet Key Exchange version 2 IKEv2 protocol processing of Cisco Adaptive Security Appliance ASA Software, Cisco Firepower Threat Defense FTD Software, Cisco IOS Software, and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of servi...
Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance Vulnerabilities
Multiple vulnerabilities in Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance could allow an attacker to execute arbitrary commands locally or remotely. For more information about these vulnerabilities, see the Details...
Cisco Nexus 3550-F Switches Access Control List Programming Vulnerability
A vulnerability in the access control list ACL programming of Cisco Nexus 3550-F Switches could allow an unauthenticated, remote attacker to send traffic that should be blocked to the management interface of an affected device. This vulnerability exists because ACL deny rules are not properly...
Cisco Adaptive Security Appliance and Firepower Threat Defense Software Dynamic Access Policies Denial of Service Vulnerability
A vulnerability in the Dynamic Access Policies DAP feature of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, remote attacker to cause an affected device to reload unexpectedly. To exploit this vulnerability, an attacker...
Cisco Secure Firewall Management Center Software Cross-Site Scripting and Information Disclosure Vulnerabilities
Multiple vulnerabilities in Cisco Secure Firewall Management Center FMC Software, formerly Firepower Management Center Software, could allow an attacker to conduct cross-site scripting XSS attacks or access unauthorized information on an affected device. For more information about these...
Cisco IOS XE Software HTTP Server Telephony Services Denial of Service Vulnerability
A vulnerability in the HTTP Server feature of Cisco IOS XE Software when the Telephony Service feature is enabled could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to a null pointer dereference when accessin...
Cisco IOS Software on Cisco Industrial Ethernet Series Switches Access Control List Bypass Vulnerability
A vulnerability in the access control list ACL programming of Cisco IOS Software running on Cisco Industrial Ethernet 4000, 4010, and 5000 Series Switches could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to the incorrect handling of IPv4 ACLs o...
Cisco IOS XR Software CLI Arbitrary File Read Vulnerability
A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to read any file in the file system of the underlying Linux operating system. The attacker must have valid credentials on the affected device. This vulnerability is due to incorrect validation of the...
Cisco RV340 and RV345 Dual WAN Gigabit VPN Routers Authenticated Remote Code Execution Vulnerability
A vulnerability in the upload module of Cisco RV340 and RV345 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to insufficient boundary checks when processing specific HTTP requests. An attacker...
Cisco StarOS Privilege Escalation Vulnerability
A vulnerability in the CLI of Cisco StarOS operating system for Cisco ASR 5000 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. The vulnerability is due to insufficient input validation of CLI commands. An attacker could exploit this...
Cisco IoT Field Network Director Denial of Service Vulnerability
A vulnerability in the Constrained Application Protocol CoAP implementation of Cisco IoT Field Network Director could allow an unauthenticated remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to insufficient input validation of incoming Co...
Cisco Aironet 1830 Series and 1850 Series Access Points Mobility Express Default Credential Vulnerability
A vulnerability in Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points running Cisco Mobility Express Software could allow an unauthenticated, remote attacker to take complete control of an affected device. The vulnerability is due to the existence of default credentials for an...
Cisco Cloud Services Platform 2100 Remote Command Execution Vulnerability
A vulnerability in the web interface of Cisco Cloud Services Platform CSP 2100 could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability is due to insufficient sanitization of specific values received as part of a user-supplied HTTP request...
Cisco Application Policy Infrastructure Controller Enterprise Module Remote Code Execution Vulnerability
A vulnerability in the Grapevine update process of the Cisco Application Policy Infrastructure Controller Enterprise Module APIC-EM could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system with the privileges of the root user. The vulnerabilit...
Cisco Virtualization Experience Client 6215 Devices Command Injection Vulnerability
A vulnerability in the diagnostics portion of the administrative web interface of Cisco Virtualization Experience VXC Client 6215 devices could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with elevated privileges. The vulnerability is du...
Cisco Email Security Appliance Anti-Spam Scanner Bypass Vulnerability
A vulnerability in the anti-spam scanner of the Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass the anti-spam functionality of the ESA. The vulnerability is due to improper handling of a malformed packet in the anti-spam scanner. An attacker could...
Cisco IOS Software Autonomic Networking Infrastructure Overwrite Vulnerability
A vulnerability in the Autonomic Networking Infrastructure ANI feature of Cisco IOS software could allow an unauthenticated, remote attacker to overwrite some configuration values received via ANI. The vulnerability is due to insufficient validation of received Autonomic Networking AN messages. A...
Cisco Prime Security Manager Cross-Site Scripting Vulnerability
A vulnerability in the web framework of Cisco Prime Security Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface on the affected system. The vulnerability is due to insufficient input validation of several...
Cisco IOS XR Software Information Disclosure Vulnerability
A vulnerability in the command-line interface CLI of Cisco IOS XR Software could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to insufficient data protection of sensitive information. An attacker could exploit this vulnerability by issuing...
Cisco Security Manager Cross-Site Request Forgery Vulnerability
A vulnerability in the web framework of Cisco Security Manager could allow an unauthenticated, remote attacker to perform a cross-site request forgery CSRF attack against the web interface. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerability by...
Cisco Unified Communications Domain Manager Cross-Site Scripting Vulnerability
A vulnerability in the web framework of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface on the affected system. The vulnerability is due to insufficient input validation of...
Cisco WebEx Sales Center Mobile Browser Open Redirect Vulnerability
A vulnerability in Cisco WebEx Sales Center could allow an unauthenticated, remote attacker to cause WebEx Sales Center to redirect mobile browsers to an attacker-supplied URL. The vulnerability is due to an open redirect issue in Cisco WebEx Sales Center. An attacker could exploit this...
Cisco WebEx Business Suite Site Access Control Bypass Vulnerability
A vulnerability in the site access control implementation of Cisco WebEx Business Suite could allow an authenticated, remote attacker to inject content from the attacker-controlled WebEx site into another WebEx site. The vulnerability is due to insufficient validation of user-supplied input. An...
Cisco WebEx Multiple Cross-Site Scripting Vulnerabilities
Multiple vulnerabilities in Cisco WebEx Business Suite could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. The vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by convincing a user ...
Cisco Prime Network Control System Cross-Site Scripting Vulnerability
A vulnerability in the health monitor login page of Cisco Prime Network Control System NCS could allow an unauthenticated, remote attacker to conduct cross-site XSS scripting attacks. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by...
Cisco MARS Information Disclosure Vulnerability
A vulnerability in the configuration of the XML parser of the Cisco Security Monitoring, Analysis and Response System MARS could allow an unauthenticated, remote attacker to have "read" access to part of information stored in the affected system. The vulnerability is due to improper handling of X...
Cisco Identity Services Engine Database Default Credentials Vulnerability
...
Apache HTTPd Range Header Denial of Service Vulnerability
The Apache HTTPd server contains a denial of service vulnerability when it handles multiple, overlapping ranges. Multiple Cisco products may be affected by this vulnerability. Mitigations that can be deployed on Cisco devices within the network are available in the Cisco Applied Intelligence...
Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client
...
Cisco Firewall Services Module Skinny Client Control Protocol Inspection Denial of Service Vulnerability
...
Cisco Router and Security Device Manager Cross-Site Scripting Vulnerability
Cisco Router and Security Device Manager versions 2.5 and prior contain a vulnerability that could allow attackers to conduct cross-site scripting attacks. The vulnerability exists due to improper validation of parameters processed by the application. An unauthenticated, remote attacker could...
Local Privilege Escalation Vulnerabilities in Cisco VPN Client
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Cisco CallManager Web Interface Input Validation Bypass Vulnerability
Cisco CallManager versions 4.31 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to bypass security restrictions and conduct cross-site scripting attacks. This vulnerability exists due to insufficient sanitization of user-supplied input to the CallManager web...
Cisco Unified Contact Center and IP Contact Center JTapi Gateway Vulnerability
...
Default Password in Wireless Location Appliance
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Cisco Intrusion Prevention System Scanning Bypass Vulnerability
Cisco Intrusion Prevention System versions prior to 5.12 contain a vulnerability that could allow an unauthenticated, remote attacker to bypass security scanning. This vulnerability is due to a failure to properly handle fragmented packets. An unauthenticated, remote attacker can exploit this...
Windows VPN Client Local Privilege Escalation Vulnerability
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Cisco IOS XR MPLS Vulnerabilities
...
Crafted ICMP Messages Can Cause Denial of Service
...
Cisco 6000/6500/7600 Crafted Layer 2 Frame Vulnerability
...
Denial-of-Service of TCP-based Services in CatOS
...
CBOS - Improving Resilience to Denial-of-Service Attacks
...
Aironet Telnet Vulnerability
...
ICMP Unreachable Vulnerability in Cisco 12000 Series Internet Router
...