5226 matches found
Cisco Unified Contact Center and IP Contact Center JTapi Gateway Vulnerability
...
Default Password in Wireless Location Appliance
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Cisco Intrusion Prevention System Scanning Bypass Vulnerability
Cisco Intrusion Prevention System versions prior to 5.12 contain a vulnerability that could allow an unauthenticated, remote attacker to bypass security scanning. This vulnerability is due to a failure to properly handle fragmented packets. An unauthenticated, remote attacker can exploit this...
Windows VPN Client Local Privilege Escalation Vulnerability
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Cisco IOS XR MPLS Vulnerabilities
...
Cisco 6000/6500/7600 Crafted Layer 2 Frame Vulnerability
...
MS SQL Worm Mitigation Recommendations
...
CBOS - Improving Resilience to Denial-of-Service Attacks
...
Aironet Telnet Vulnerability
...
ICMP Unreachable Vulnerability in Cisco 12000 Series Internet Router
...
VPN3000 Concentrator TELNET Vulnerability
...
Cisco 7xx TCP and HTTP Vulnerabilities
...
Cisco IOS Syslog Crash
...
Cisco Web Cache Control Protocol Router Vulnerability
...
Cisco ThousandEyes Enterprise Agent Arbitrary File Overwrite Vulnerability
A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent could allow an authenticated, local attacker with low privileges to overwrite arbitrary files on the local system of an affected device. This vulnerability is due to improper access controls on files that are on the local file syst...
Cisco Integrated Management Controller Cross-Site Scripting Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Integrated Management Controller IMC could allow a remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. For more information about these vulnerabilities, see the Details "details"...
Cisco Catalyst Center REST API Command Injection Vulnerability
A vulnerability in the REST API of Cisco Catalyst Center could allow an authenticated, remote attacker to execute arbitrary commands in a restricted container as the root user. This vulnerability is due to insufficient validation of user-supplied input in REST API request parameters. An attacker...
Cisco IOS XE Software HTTP API Command Injection Vulnerability
A vulnerability in the HTTP API subsystem of Cisco IOS XE Software could allow a remote attacker to inject commands that will execute with root privileges into the underlying operating system. This vulnerability is due to insufficient input validation. An attacker with administrative privileges...
Cisco Application Policy Infrastructure Controller Vulnerabilities
Multiple vulnerabilities in Cisco Application Policy Infrastructure Controller APIC could allow an authenticated attacker to access sensitive information, execute arbitrary commands, cause a denial of service DoS condition, or perform cross-site scripting XSS attacks. To exploit these...
Cisco Identity Services Engine Vulnerabilities
Multiple vulnerabilities in Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to either bypass the authorization mechanisms or conduct a cross-site scripting XSS attack. For more information about these vulnerabilities, see the Details "details" section of this...
Cisco Firepower Threat Defense Software and Cisco FirePOWER Services TCP/IP Traffic with Snort 2 and Snort 3 Denial of Service Vulnerability
A vulnerability in the TCP/IP traffic handling function of the Snort Detection Engine of Cisco Firepower Threat Defense FTD Software and Cisco FirePOWER Services could allow an unauthenticated, remote attacker to cause legitimate network traffic to be dropped, resulting in a denial of service DoS...
Cisco Adaptive Security Appliance Software SSH Server Resource Denial of Service Vulnerability
A vulnerability in the SSH server of Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition for the SSH server of an affected device. This vulnerability is due to a logic error when an SSH session is established. A...
Cisco Secure Firewall Management Center Software Arbitrary File Read Vulnerability
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to read arbitrary files from the underlying operating system. This vulnerability exists becau...
Cisco Firepower Threat Defense Software for Firepower 2100 Series TLS Denial of Service Vulnerability
A vulnerability in the TLS processing feature of Cisco Firepower Threat Defense FTD Software for Cisco Firepower 2100 Series could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an issue that occurs when TLS...
Cisco ATA 190 Series Analog Telephone Adapter Firmware Vulnerabilities
Multiple vulnerabilities in Cisco ATA 190 Series Analog Telephone Adapter firmware, both on-premises and multiplatform, could allow a remote attacker to delete or change the configuration, execute commands as the root user, conduct a cross-site scripting XSS attack against a user of the interface...
Cisco Nexus Dashboard Orchestrator SSL/TLS Certificate Validation Vulnerability
A vulnerability in the SSL/TLS implementation of Cisco Nexus Dashboard Orchestrator NDO could allow an unauthenticated, remote attacker to intercept sensitive information from an affected device. This vulnerability exists because the Cisco NDO Validate Peer Certificate site management feature...
Cisco Expressway Series Privilege Escalation Vulnerability
A vulnerability in the restricted shell of Cisco Expressway Series could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have Administrator-level...
Cisco Meraki Systems Manager Agent for Windows Privilege Escalation Vulnerability
A vulnerability in Cisco Meraki Systems Manager SM Agent for Windows could allow an authenticated, local attacker to execute arbitrary code with elevated privileges. This vulnerability is due to incorrect handling of directory search paths at runtime. A low-privileged attacker could exploit this...
Cisco NX-OS Software Command Injection Vulnerability
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments for a specific CLI command. An...
Cisco Expressway Series Open Redirect Vulnerability
A vulnerability in the web-based management interface of Cisco Expressway Series could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this...
Cisco IOS XR Software Secure Boot Bypass Vulnerability
A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker with high privileges to bypass the Cisco Secure Boot functionality and load unverified software on an affected device. To exploit this successfully, the attacker must have root-system...
Cisco IOS XR Software Intermediate System-to-Intermediate System Denial of Service Vulnerability
A vulnerability in the implementation of the Intermediate System-to-Intermediate System IS-IS routing protocol functionality in Cisco IOS XR Software could allow an authenticated, remote attacker to cause a denial of service DoS condition in the IS-IS process. The vulnerability is due to improper...
Cisco Prime Collaboration Assurance Cross-Site Scripting Vulnerability
A vulnerability in the web framework code of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface. The vulnerability is due to insufficient input validation of some parameters that ar...
Cisco Unified Call Manager Arbitrary File Retrieval Vulnerability
A vulnerability in Cisco Unified Call Manager Cisco Unified CM could allow an authenticated, remote attacker to retrieve arbitrary files. The vulnerability is due to improper security restrictions by the affected application while handling requests for resources. An authenticated, remote attacker...
Cisco Unified Communications Domain Manager High CPU Utilization Vulnerability
A vulnerability in Cisco Unified Communications Domain Manager Platform Software could allow an unauthenticated, remote attacker to cause high CPU utilization. The vulnerability is due to improper handling of crafted TCP packets. An attacker could exploit this vulnerability by sending crafted TCP...
Cisco Small Cell Command Execution Vulnerability
A vulnerability in the DHCP client implementation of Cisco Small Cell products could allow an unauthenticated, adjacent attacker to execute commands and possibly take full control of the affected device. The vulnerability is due to improper parsing of crafted DHCP messages. An attacker could...
Cisco Intelligent Automation for Cloud Cryptographic Implementation Issues
Issues in the cryptographic implementation of Cisco Intelligent Automation for Cloud Cisco IAC may allow an unauthenticated, remote attacker to recover cryptographic material used in all Cisco IAC installations. The issues are due to the inclusion of fixed cryptographic material in the product...
Cisco Unified Communications Manager Privilege Escalation Vulnerability
A vulnerability in Cisco Unified Communications Manager Unified CM could allow an authenticated, local attacker to escalate privileges on the system. The vulnerability is due to improper file permissions on a privileged system binary. An attacker could exploit this vulnerability by modifying a...
Cisco Content Services Gateway Denial of Service Vulnerability
...
Cisco Network Admission Control Guest Server System Software Authentication Bypass Vulnerability
...
IPv6 Routing Header Vulnerability
...
Cisco Call Manager Privilege Escalation
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Cisco Airespace Wireless LAN Controllers Allow Unencrypted Network Access
...
Cisco Unity Integrated with Exchange Has Default Passwords
...
Crafted Timed Attack Evades Cisco Security Agent Protections
...
A Default Username and Password in WLSE and HSE Devices
...
Vulnerability in Authentication Library for ACNS
...
SNMP Trap Reveals WEP Key in Cisco Aironet Access Point
...
Cisco IOS Software Processing of SAA Packets
...
Content Service Switch Web Management HTTP Processing Vulnerabilities
...