Cisco IOS and IOS XE Software Intermediate System-to-Intermediate System Denial of Service Vulnerability

A vulnerability in the Intermediate System-to-Intermediate System IS-IS protocol of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to insufficient input...

Cisco IOS XE Software Auxiliary Asynchronous Port Denial of Service Vulnerability

A vulnerability in auxiliary asynchronous port AUX functions of Cisco IOS XE Software could allow an authenticated, local attacker to cause an affected device to reload or stop responding. This vulnerability is due to the incorrect handling of specific ingress traffic when flow control hardware i...

Cisco IOS XE Software SD-Access Fabric Edge Node Denial of Service Vulnerability

A vulnerability in the IPv4 Software-Defined Access SD-Access fabric edge node feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause high CPU utilization and stop all traffic processing, resulting in a denial of service DoS condition on an affected device. This...

Cisco IOS XE Software for Wireless LAN Controllers Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, low-privileged, local attacker to access WLAN configuration details including passwords. This vulnerability is due to improper privilege checks. An attacker could exploit this vulnerability by using the show and sho...

Cisco Aironet Access Point Software Resource Exhaustion Denial of Service Vulnerability

A vulnerability in the handling of encrypted wireless frames of Cisco Aironet Access Point AP Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on the affected device. This vulnerability is due to incomplete cleanup of resources when dropping...

Cisco Access Point Software Denial of Service Vulnerability

A vulnerability in the IP packet processing of Cisco Access Point AP Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to insufficient input validation of certain IPv4 packets. An attacker could...

Cisco IOS XE Software NETCONF/RESTCONF IPv4 Access Control List Bypass Vulnerability

A vulnerability in the data model interface DMI services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access resources that should have been protected by a configured IPv4 access control list ACL. This vulnerability is due to improper handling of error conditions wh...

Cisco IOS XE Software OSPFv2 Denial of Service Vulnerability

A vulnerability in the OSPF version 2 OSPFv2 feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service DoS condition. This vulnerability is due to improper validation of OSPF updates that...

Cisco IOS XE Software DHCP Snooping with Endpoint Analytics Denial of Service Vulnerability

A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service DoS condition. This vulnerability is due to a crafted IPv4 DHCP request packet being mishandle...

Cisco IOS and IOS XE Software Locator ID Separation Protocol Denial of Service Vulnerability

A vulnerability in the Locator ID Separation Protocol LISP feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to the incorrect handling of LISP packets. An attacker could exploit...

Cisco Catalyst Center Authorization Bypass Vulnerability

A vulnerability in the web-based management interface of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an authenticated, remote attacker to change specific data within the interface on an affected device. This vulnerability is due to insufficient authorization enforcement. An...

Cisco IOS XE Software Unified Threat Defense Command Injection Vulnerability

A vulnerability in the Unified Threat Defense UTD configuration CLI of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying host operating system. To exploit this vulnerability, an attacker must have level 15 privileges on the...

Cisco Access Point Software Secure Boot Bypass Vulnerability

A vulnerability in the boot process of Cisco Access Point AP Software could allow an unauthenticated, physical attacker to bypass the Cisco Secure Boot functionality and load a software image that has been tampered with on an affected device. This vulnerability exists because unnecessary commands...

Cisco IOS XE Software Privilege Escalation Vulnerability

A vulnerability in the NETCONF feature of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate privileges to root on an affected device. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending craft...

Cisco IOS XE Software for Wireless LAN Controllers Multicast DNS Denial of Service Vulnerability

A vulnerability in the multicast DNS mDNS gateway feature of Cisco IOS XE Software for Wireless LAN Controllers WLCs could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition. This vulnerability is due to improper management of mDNS client entries. An attacker...

Cisco IOS Software for Catalyst 6000 Series Switches Denial of Service Vulnerability

A vulnerability in Cisco IOS Software for Cisco Catalyst 6000 Series Switches could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly. This vulnerability is due to improper handling of process-switched traffic. An attacker could exploit this...

Cisco IOS XR Software for ASR 9000 Series Aggregation Services Routers PPPoE Denial of Service Vulnerability

A vulnerability in the PPP over Ethernet PPPoE termination feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to crash the pppma process, resulting in a denial of service DoS condition. This vulnerability is du...

Cisco IOS XR Software Authenticated CLI Secure Copy Protocol and SFTP Denial of Service Vulnerability

A vulnerability in the Secure Copy Protocol SCP and SFTP feature of Cisco IOS XR Software could allow an authenticated, local attacker to create or overwrite files in a system directory, which could lead to a denial of service DoS condition. The attacker would require valid user credentials to...

Cisco IOS XR Software MPLS and Pseudowire Interfaces Access Control List Bypass Vulnerabilities

Multiple vulnerabilities in the IP access control list ACL processing in the ingress direction on MPLS and Pseudowire PW interfaces of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. For more information about these vulnerabilities, see the Detail...

Cisco IOS XR Software DHCP Version 4 Server Denial of Service Vulnerability

A vulnerability in the DHCP version 4 DHCPv4 server feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to trigger a crash of the dhcpd process, resulting in a denial of service DoS condition. This vulnerability exists because certain DHCPv4 messages are improperly...

Cisco IOS XR Software SNMP Management Plane Protection ACL Bypass Vulnerability

A vulnerability in the UDP forwarding code of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to bypass configured management plane protection policies and access the Simple Network Management Plane SNMP server of an affected device. This vulnerability is due to incorrect...

Cisco IOS XR Software Layer 2 Services Denial of Service Vulnerability

A vulnerability in the Layer 2 Ethernet services of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the line card network processor to reset, resulting in a denial of service DoS condition. This vulnerability is due to the incorrect handling of specific Ethernet...

Cisco IOS XR Software SSH Privilege Escalation Vulnerability

A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System NCS 540 Series and 5700 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to...

Cisco Duo Authentication for Windows Logon and RDP Authentication Bypass Vulnerability

A vulnerability in Cisco Duo Authentication for Windows Logon and RDP could allow an authenticated, physical attacker to bypass secondary authentication and access an affected Windows device. This vulnerability is due to a failure to invalidate locally created trusted sessions after a reboot of t...

Cisco AppDynamics Controller Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco AppDynamics Controller could allow an authenticated, remote attacker to perform a reflected cross-site scripting XSS attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of...

Cisco Small Business 100, 300, and 500 Series Wireless Access Points Command Injection and Buffer Overflow Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business 100, 300, and 500 Series Wireless Access Points APs could allow an authenticated, remote attacker to perform command injection and buffer overflow attacks against an affected device. In order to exploit these...

Cisco AppDynamics Controller Path Traversal Vulnerability

A vulnerability in the file upload functionality of Cisco AppDynamics Controller could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this...

Cisco Secure Client Carriage Return Line Feed Injection Vulnerability

A vulnerability in the SAML authentication process of Cisco Secure Client could allow an unauthenticated, remote attacker to conduct a carriage return line feed CRLF injection attack against a user. This vulnerability is due to insufficient validation of user-supplied input. An attacker could...

Cisco Secure Client for Linux with ISE Posture Module Privilege Escalation Vulnerability

A vulnerability in the ISE Posture System Scan module of Cisco Secure Client for Linux could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to the use of an uncontrolled search path element. An attacker could exploit this vulnerabilit...

Cisco Duo Authentication for Windows Logon and RDP Information Disclosure Vulnerability

A vulnerability in the logging component of Cisco Duo Authentication for Windows Logon and RDP could allow an authenticated, local attacker to view sensitive information in clear text on an affected system. This vulnerability is due to improper storage of an unencrypted registry key in certain...

Cisco UCS 6400 and 6500 Series Fabric Interconnects Intersight Managed Mode Denial of Service Vulnerability

A vulnerability in system resource management in Cisco UCS 6400 and 6500 Series Fabric Interconnects that are in Intersight Managed Mode IMM could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on the Device Console UI of an affected device. This vulnerabilit...

Cisco Nexus 3000 and 9000 Series Switches Port Channel ACL Programming Vulnerability

A vulnerability in the access control list ACL programming for port channel subinterfaces of Cisco Nexus 3000 and 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to send traffic that should be blocked through an affected device. This vulnerability is...

Cisco FXOS and NX-OS Software Link Layer Discovery Protocol Denial of Service Vulnerability

A vulnerability in the Link Layer Discovery Protocol LLDP feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper handling of specific fields i...

Cisco NX-OS Software External Border Gateway Protocol Denial of Service Vulnerability

A vulnerability in the External Border Gateway Protocol eBGP implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability exists because eBGP traffic is mapped to a shared hardware...

Cisco NX-OS Software MPLS Encapsulated IPv6 Denial of Service Vulnerability

A vulnerability with the handling of MPLS traffic for Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the netstack process to unexpectedly restart, which could cause the device to stop processing network traffic or to reload. This vulnerability is due to lack of prop...

Cisco Unified Intelligence Center Insufficient Access Control Vulnerability

A vulnerability in the Live Data server of Cisco Unified Intelligence Center could allow an unauthenticated, local attacker to read and modify data in a repository that belongs to an internal service on an affected device. This vulnerability is due to insufficient access control implementations o...

ClamAV OLE2 File Format Parsing Denial of Service Vulnerability

A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer...

Cisco Expressway Series Cross-Site Request Forgery Vulnerabilities

Multiple vulnerabilities in the Cisco Expressway Series could allow an unauthenticated, remote attacker to conduct cross-site request forgery CSRF attacks, which could allow the attacker to perform arbitrary actions on an affected device. Note: Cisco Expressway Series refers to Cisco Expressway...

Cisco Unified Communications Products Remote Code Execution Vulnerability

A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory...

Cisco Unity Connection Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly valida...

Cisco Small Business Series Switches Stacked Reload ACL Bypass Vulnerability

A vulnerability with the access control list ACL management within a stacked switch configuration of Cisco Business 250 Series Smart Switches and Business 350 Series Managed Switches could allow an unauthenticated, remote attacker to bypass protection offered by a configured ACL on an affected...

Cisco TelePresence Management Suite Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco TelePresence Management Suite TMS Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. These vulnerabilities are due to insufficient input...

Cisco BroadWorks Application Delivery Platform and Xtended Services Platform Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. This...

Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Vulnerabilities

Multiple vulnerabilities in Cisco Evolved Programmable Network Manager EPNM and Cisco Prime Infrastructure could allow an attacker to conduct cross-site scripting XSS attacks, execute arbitrary commands, perform SQL injection attacks, or gain elevated privileges on an affected system. Cisco has...

Cisco WAP371 Wireless Access Point Command Injection Vulnerability

A vulnerability in the web-based management interface of the Cisco WAP371 Wireless-AC/N Dual Radio Access Point AP with Single Point Setup could allow an authenticated, remote attacker to perform command injection attacks against an affected device. This vulnerability is due to improper validatio...

Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to perform a stored cross-site scripting XSS attack against a user of the interface on an affected device. This vulnerability exists because the web-based...

Cisco ThousandEyes Enterprise Agent Virtual Appliance Privilege Escalation Vulnerability

A vulnerability in the web-based management interface of Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type, could allow an authenticated, remote attacker to perform a command injection and elevate privileges to root. This vulnerability is due to insufficient validation of...

Cisco Unity Connection Unauthenticated Arbitrary File Upload Vulnerability

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system and execute commands on the underlying operating system. This vulnerability is due to a lack of authentication in a...

Apache Struts Vulnerability Affecting Cisco Products: December 2023

On December 7, 2023, the following vulnerability in Apache Struts was disclosed: CVE-2023-50164: An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. For...

Cisco Adaptive Security Appliance and Firepower Threat Defense Software VPN Packet Validation Vulnerability

A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, remote attacker to send packets with another VPN user's source IP address. This vulnerability is due to improper...