Reports about Cyber Actors Hiding in Router Firmware

On September 27, 2023, the U.S. National Security Agency NSA, the U.S. Federal Bureau of Investigation FBI, the U.S. Cybersecurity and Infrastructure Security Agency CISA, the Japan National Police Agency NPA, and the Japan National Center of Incident Readiness and Strategy for Cybersecurity NISC...

Cisco IOS XR Software Model-Driven Programmability Behavior with AAA Authorization

Cisco IOS XR Software supports a programmatic way of configuring and collecting operational data on a network device using data models. Data models provide access to the capabilities of the devices in a network using NETCONF or gRPC. According to Cisco IOS XR Software configuration guides, if...

Cisco IOS XR Software iPXE Boot Signature Bypass Vulnerability

A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device. This vulnerability is due to insufficient image verification. An attacker could exploit this vulnerability by manipulating...

Cisco IOS XR Software Image Verification Vulnerability

A vulnerability in Cisco IOS XR Software image verification checks could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system. This vulnerability is due to a time-of-check, time-of-use TOCTOU race condition when an install query regarding an ISO imag...

Cisco IOS XR Software Connectivity Fault Management Denial of Service Vulnerability

A vulnerability in the Connectivity Fault Management CFM feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to incorrect processing of invalid continuity check messages CCMs. ...

Cisco IOS XR Software Compression ACL Bypass Vulnerability

A vulnerability in the classic access control list ACL compression feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass the protection that is offered by a configured ACL on an affected device. This vulnerability is due to incorrect destination address range...

Cisco IOS XR Software Access Control List Bypass Vulnerability

A vulnerability in the access control list ACL processing on MPLS interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incomplete support for this feature. An attacker could exploit th...

Cisco BroadWorks Application Delivery Platform and Xtended Services Platform Authentication Bypass Vulnerability

A vulnerability in the single sign-on SSO implementation of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow an unauthenticated, remote attacker to forge the credentials required to access an affected system. This vulnerability is due to th...

Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Stack Overflow Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to improper validation of requests that are sent to the...

Cisco Identity Services Engine RADIUS Denial of Service Vulnerability

A vulnerability in the RADIUS message processing feature of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to cause the affected system to stop processing RADIUS packets. This vulnerability is due to improper handling of certain RADIUS accounting requests. An...

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Access VPN Unauthorized Access Vulnerability

A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to conduct a brute force attack in an attempt to identify valid username and password combinations or ...

Cisco Identity Services Engine Privilege Escalation Vulnerabilities

Multiple vulnerabilities in Cisco Identity Services Engine ISE could allow an authenticated attacker to perform privilege escalation attacks to read or modify arbitrary files on the underlying operating system. To exploit these vulnerabilities, an attacker must have valid Administrator-level...

Cisco HyperFlex HX Data Platform Open Redirect Vulnerability

A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in an HTTP request. An attacker could...

Cisco Unified Communications Products Privilege Escalation Vulnerability

A vulnerability in Cisco Emergency Responder, Cisco Unified Communications Manager Unified CM, Cisco Unified Communications Manager Session Management Edition Unified CM SME, and Cisco Unity Connection could allow an authenticated, remote attacker to elevate privileges to root on an affected...

Cisco Firepower 4100 Series, Firepower 9300 Security Appliances, and UCS 6300 Series Fabric Interconnects SNMP Denial of Service Vulnerability

A vulnerability in the Simple Network Management Protocol SNMP service of Cisco FXOS Software for Firepower 4100 Series and Firepower 9300 Security Appliances and of Cisco UCS 6300 Series Fabric Interconnects could allow an authenticated, remote attacker to cause a denial of service DoS condition...

Cisco NX-OS Software TACACS+ or RADIUS Remote Authentication Directed Request Denial of Service Vulnerability

A vulnerability in TACACS+ and RADIUS remote authentication for Cisco NX-OS Software could allow an unauthenticated, local attacker to cause an affected device to unexpectedly reload. This vulnerability is due to incorrect input validation when processing an authentication attempt if the directed...

Cisco Nexus 3000 and 9000 Series Switches IS-IS Protocol Denial of Service Vulnerability

A vulnerability in the Intermediate System-to-Intermediate System IS-IS protocol of Cisco NX-OS Software for the Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the IS-IS process to...

Cisco Nexus 3000 and 9000 Series Switches SFTP Server File Access Vulnerability

A vulnerability in the SFTP server implementation for Cisco Nexus 3000 Series Switches and 9000 Series Switches in standalone NX-OS mode could allow an authenticated, remote attacker to download or overwrite files from the underlying operating system of an affected device. This vulnerability is d...

Cisco FXOS Software Arbitrary File Write Vulnerability

A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to create a file or overwrite any file on the filesystem of an affected device, including system files. The vulnerability occurs because there is no validation of parameters when a specific CLI command ...

Cisco Application Policy Infrastructure Controller Unauthorized Policy Actions Vulnerability

A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller APIC could allow an authenticated, remote attacker to read, modify, or delete non-tenant policies for example, access policies created by users associated with a different securi...

Cisco Umbrella Virtual Appliance Undocumented Support Tunnel Vulnerability

A vulnerability in the remote support feature of Cisco Umbrella Virtual Appliance could allow an authenticated, remote attacker to obtain full control of an affected device. This vulnerability is due to an undocumented support mechanism that is present on the product. An attacker could exploit th...

Cisco Unified Contact Center Express Finesse Portal Web Cache Poisoning Vulnerability

A vulnerability in the Tomcat implementation for Cisco Unified Contact Center Express Unified CCX could allow an unauthenticated, remote attacker to cause a web cache poisoning attack on an affected device. This vulnerability is due to improper input validation of HTTP requests. An attacker could...

Cisco Expressway Series and Cisco TelePresence Video Communication Server Command Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker with read-write privileges on the application to perform a command injection attack that could result in remote code...

Cisco Intersight Private Virtual Appliance Command Injection Vulnerabilities

Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using root-level privileges. The attacker would need to have Administrator privileges on the affected device to exploit these vulnerabilities. These...

Cisco Prime Infrastructure and Evolved Programmable Network Manager Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager EPNM could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface on an affected device. The...

Cisco ThousandEyes Enterprise Agent Virtual Appliance Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type, could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient input validation by the operating system CLI. An attacker cou...

Cisco Integrated Management Controller Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An...

Cisco Identity Services Engine Device Credential Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to access sensitive information. This vulnerability is due to the improper storage of sensitive information within the web-based management interface. An...

ClamAV AutoIt Module Denial of Service Vulnerability

A vulnerability in the AutoIt module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to a logic error in the memory management of an affected device. An attacker could exploit this vulnerability ...

Cisco ThousandEyes Enterprise Agent Virtual Appliance Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type, could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to insufficient input validation of user-supplied CLI arguments. An...

Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against a user of the web-based management interface of an affected...

Cisco Intersight Virtual Appliance Unauthenticated Port Forwarding Vulnerability

A vulnerability in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access internal HTTP services that are otherwise inaccessible. This vulnerability is due to insufficient restrictions on internally accessible http proxies. An attacker could exploit this...

Cisco Duo Device Health Application for Windows Arbitrary File Write Vulnerability

A vulnerability in the CryptoService function of Cisco Duo Device Health Application for Windows could allow an authenticated, local attacker with low privileges to conduct directory traversal attacks and overwrite arbitrary files on an affected system. This vulnerability is due to insufficient...

Cisco Unified Communications Products Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM, Cisco Unified CM Session Management Edition Unified CM SME, and Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P could allow an unauthenticated, remote attacker to...

Cisco Prime Infrastructure and Evolved Programmable Network Manager Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager EPNM could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface on an affected device...

ClamAV HFS+ File Scanning Infinite Loop Denial of Service Vulnerability

A vulnerability in the filesystem image parser for Hierarchical File System Plus HFS+ of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an incorrect check for completion when a file is...

Cisco Unified Communications Manager SQL Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This...

Bypassing Tunnels: Leaking VPN Client Traffic by Abusing Routing Tables Affecting Cisco AnyConnect Secure Mobility Client and Cisco Secure Client

On August 8, 2023, the paper Bypassing Tunnels: Leaking VPN Client Traffic by Abusing Routing Tables was made public. The paper discusses two attacks that can cause VPN clients to leak traffic outside the protected VPN tunnel. In both instances, an attacker can manipulate routing exceptions that...

Cisco Secure Web Appliance Content Encoding Filter Bypass Vulnerability

A vulnerability in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass a configured rule, allowing traffic onto a network that should have been blocked. This vulnerability is due to improper detection of malicious...

Cisco BroadWorks CommPilot Application Software Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the web-based management interface...

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software ACLs Not Installed upon Reload

An issue with the boot-time programming of access control lists ACLs for Cisco Adaptive Security Appliance ASA Software and Firepower Threat Defense FTD Software could allow a device to boot without all of its ACLs being correctly installed. This issue is due to a logic error that occurs when ACL...

Cisco BroadWorks Privilege Escalation Vulnerability

A vulnerability in the privilege management functionality of all Cisco BroadWorks server types could allow an authenticated, local attacker to elevate privileges to root on an affected system. This vulnerability is due to incorrect implementation of user role permissions. An attacker could exploi...

Cisco Small Business SPA500 Series IP Phones Web UI Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS or HTML injection attacks. For more information about these vulnerabilities, see the Details "details"...

Cisco SD-WAN vManage Unauthenticated REST API Access Vulnerability

A vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to gain read permissions or limited write permissions to the configuration of an affected Cisco SD-WAN vManage instance. This vulnerability is...

Cisco Webex Meetings Web UI Vulnerabilities

Multiple vulnerabilities in the web UI of Cisco Webex Meetings could allow a remote attacker to conduct stored cross-site scripting XSS or cross-site request forgery CSRF attacks. For more information about these vulnerabilities, see the Details "details" section of this advisory. Cisco has...

Cisco Duo Authentication Proxy Information Disclosure Vulnerability

A vulnerability in the logging component of Cisco Duo Authentication Proxy could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability exists because certain unencrypted credentials are stored. An attacker could exploit this...

Cisco BroadWorks Privilege Escalation Vulnerability

A vulnerability in Cisco BroadWorks could allow an authenticated, local attacker to elevate privileges to the root user on an affected device. The vulnerability is due to insufficient input validation by the operating system CLI. An attacker could exploit this vulnerability by issuing a crafted...

Cisco ACI Multi-Site CloudSec Encryption Information Disclosure Vulnerability

A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, remote attacker to read or modify intersite encrypted traffic. This vulnerability is due to an issue with the implementation of the cipher...

Cisco Duo Two-Factor Authentication for macOS Authentication Bypass Vulnerability

A vulnerability in Cisco Duo Two-Factor Authentication for macOS could allow an authenticated, physical attacker to bypass secondary authentication and access an affected macOS device. This vulnerability is due to the incorrect handling of responses from Cisco Duo when the application is configur...

Cisco Secure Email Gateway, Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Cisco Secure Email Gateway, formerly Cisco Email Security Appliance ESA; and Cisco Secure Web Appliance, formerly Cisco Web Security Appliance WSA, could allow a remote...