5224 matches found
Cisco Firepower Threat Defense Software CLI Arbitrary File Write Vulnerability
A vulnerability in Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to overwrite or append arbitrary data to system files using root-level privileges. The attacker must have administrative credentials on the device. This vulnerability is due to incomplete...
Cisco Firepower Threat Defense Software Ethernet Industrial Protocol Policy Bypass Vulnerabilities
Multiple vulnerabilities in the payload inspection for Ethernet Industrial Protocol ENIP traffic for Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass configured rules for ENIP traffic. These vulnerabilities are due to incomplete processing duri...
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Identity-Based Rule Bypass Vulnerability
A vulnerability in the identity-based firewall IDFW rule processing feature of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass security protections. This vulnerability is due to improper...
Cisco Firepower Threat Defense Software Command Injection Vulnerabilities
Multiple vulnerabilities in the CLI of Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details "details" section of this advisory. Cisco has...
Multiple Cisco Products Snort Memory Leak Denial of Service Vulnerability
Multiple Cisco products are affected by a vulnerability in the way the Snort detection engine processes ICMP traffic that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper memory resource manageme...
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SSL/TLS Denial of Service Vulnerability
A vulnerability in SSL/TLS message handler for Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability exists because incomin...
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software IKEv2 Site-to-Site VPN Denial of Service Vulnerability
A vulnerability in the Internet Key Exchange Version 2 IKEv2 implementation of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, remote attacker to trigger a denial of service DoS condition on an affected device. This...
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Denial of Service Vulnerabilities
Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to trigger a denial of service DoS condition. These vulnerabilities are due to improper input...
Multiple Cisco Products Snort Rule Denial of Service Vulnerability
Multiple Cisco products are affected by a vulnerability in Snort rules that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper handling of the Block with Reset or Interactive Block with Reset actio...
Cisco Tetration Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Tetration could allow an authenticated, remote attacker to perform a stored cross-site scripting XSS attack on an affected system. This vulnerability exists because the web-based management interface does not sufficiently validate...
Cisco TelePresence Management Suite Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco TelePresence Management Suite TMS Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient input validation by the...
Cisco Webex Software Application Authorization Bypass Vulnerability
A vulnerability in the application integration feature of Cisco Webex Software could allow an unauthenticated, remote attacker to authorize an external application to integrate with and access a user's account without that user's express consent. This vulnerability is due to improper validation o...
Cisco IOS XE SD-WAN Software Command Injection Vulnerability
A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation by the system CLI. An attacker could exploit this vulnerability by authenticating t...
Cisco Integrated Management Controller GUI Denial of Service Vulnerability
A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC Software could allow an unauthenticated, remote attacker to cause the web-based management interface to unexpectedly restart. The vulnerability is due to insufficient input validation on the...
Cisco Identity Services Engine File Download Vulnerability
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker with administrative read-only privileges to download files that should be restricted. This vulnerability is due to incorrect permissions settings on an affecte...
Cisco Meeting Server Call Bridge Denial of Service Vulnerability
A vulnerability in an API of the Call Bridge feature of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. This vulnerability is due to improper handling of large series of message requests. An attacker could exploit this vulnerability...
Cisco Identity Services Engine Cross-Site Scripting Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ISE Software could allow an attacker to conduct a cross-site scripting XSS attack against a user of the interface. For more information about these vulnerabilities, see the Details "details" section o...
Apache HTTP Server Vulnerabilities: October 2021
On October 5, 2021 and October 7, 2021, the Apache Software Foundation released two security announcements for the Apache HTTP Server that disclosed the following vulnerabilities: CVE-2021-41524: Null Pointer Dereference Vulnerability CVE-2021-41773: Path Traversal and Remote Code Execution...
Cisco Vision Dynamic Signage Director Reflected Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation o...
Cisco IP Phone Software Arbitrary File Read Vulnerability
A vulnerability in the debug shell of Cisco IP Phone software could allow an authenticated, local attacker to read any file on the device file system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by providing crafted input to a debug she...
Cisco Orbital Open Redirect Vulnerability
A vulnerability in the web-based management interface of Cisco Orbital could allow an unauthenticated, remote attacker to redirect users to a malicious webpage. This vulnerability is due to improper validation of URL paths in the web-based management interface. An attacker could exploit this...
Cisco Smart Software Manager Privilege Escalation Vulnerability
A vulnerability in the web UI of Cisco Smart Software Manager On-Prem SSM On-Prem could allow an authenticated, remote attacker to elevate privileges and create, read, update, or delete records and settings in multiple functions. This vulnerability is due to insufficient authorization of the Syst...
Cisco Identity Services Engine Privilege Escalation Vulnerability
A vulnerability in the REST API of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to perform a command injection attack and elevate privileges to root. This vulnerability is due to insufficient input validation for specific API endpoints. An attacker in a...
Cisco Intersight Virtual Appliance Command Injection Vulnerability
A vulnerability in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to perform a command injection attack on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this...
Cisco Identity Services Engine XML External Entity Injection Vulnerability
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to access sensitive information or conduct a server-side request forgery SSRF attack through an affected device. This vulnerability is due to improper handling...
Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to obtain sensitive information. This vulnerability is due to improper enforcement of administrator privilege levels for low-value sensitive data. An attacker...
Cisco AnyConnect Secure Mobility Client for Linux and Mac OS with VPN Posture (HostScan) Module Shared Library Hijacking Vulnerability
A vulnerability in the shared library loading mechanism of Cisco AnyConnect Secure Mobility Client for Linux and Mac OS could allow an authenticated, local attacker to perform a shared library hijacking attack on an affected device if the VPN Posture HostScan Module is installed on the AnyConnect...
Cisco ATA 190 Series Analog Telephone Adapter Software Vulnerabilities
Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone Adapter Software could allow an attacker to perform a command injection attack resulting in remote code execution or cause a denial of service DoS condition on an affected device. For more information about these vulnerabilitie...
Cisco DNA Center Information Disclosure Vulnerability
A vulnerability in the API endpoints for Cisco DNA Center could allow an authenticated, remote attacker to gain access to sensitive information that should be restricted. The attacker must have valid device credentials. This vulnerability is due to improper access controls on API endpoints. An...
Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities
Multiple vulnerabilities exist in the Link Layer Discovery Protocol LLDP implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database...
Cisco Web Security Appliance Proxy Service Denial of Service Vulnerability
A vulnerability in the proxy service of Cisco AsyncOS for Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to exhaust system memory and cause a denial of service DoS condition on an affected device. This vulnerability is due to improper memory management in the pro...
Cisco Email Security Appliance URL Filtering Bypass Vulnerability
A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. This vulnerability is due to improper processing of URLs. An attacker...
Cisco Business 220 Series Smart Switches Static Key and Password Vulnerabilities
Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account. For more information about these vulnerabilities, see the Details "details"...
Cisco TelePresence Collaboration Endpoint and RoomOS Software Denial of Service Vulnerability
It was previously published that a vulnerability in the memory management of Cisco TelePresence Collaboration Endpoint CE Software and Cisco RoomOS Software could allow an authenticated, local attacker to corrupt a shared memory segment, resulting in a denial of service DoS condition. This...
Cisco IOS XE SD-WAN Software Command Injection Vulnerability
A vulnerability in the CLI of Cisco IOS XE SD-WAN Software and Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges on an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI...
Cisco IOS XE Software Interface Queue Wedge Denial of Service Vulnerability
A vulnerability in the Layer 2 punt code of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a queue wedge on an interface that receives specific Layer 2 frames, resulting in a denial of service DoS condition. This vulnerability is due to improper handling of certa...
Cisco Aironet Access Points WLAN Control Protocol Packet Buffer Leak Denial of Service Vulnerability
A vulnerability in the WLAN Control Protocol WCP implementation for Cisco Aironet Access Point AP software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service DoS condition. This vulnerability is due to incorrect error handli...
Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers IPv6 Denial of Service Vulnerability
A vulnerability in IPv6 traffic processing of Cisco IOS XE Wireless Controller Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a Layer 2 L2 loop in a configured VLAN, resulting in a denial of service DoS condition for that...
Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers EoGRE Denial of Service Vulnerability
A vulnerability in Ethernet over GRE EoGRE packet processing of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9800 Family Wireless Controller, Embedded Wireless Controller, and Embedded Wireless on Catalyst 9000 Series Switches could allow an unauthenticated, remote attacker to...
Cisco IOS XE Software for Catalyst 9000 Family Wireless Controllers CAPWAP Denial of Service Vulnerabilities
Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points CAPWAP protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected...
Cisco Access Points SSH Management Privilege Escalation Vulnerability
A vulnerability in the SSH management feature of multiple Cisco Access Points APs platforms could allow a local, authenticated user to modify files on the affected device and possibly gain escalated privileges. The vulnerability is due to improper checking on file operations within the SSH...
Cisco IOS XE Software H.323 Application Level Gateway Bypass Vulnerability
A vulnerability in the H.323 application level gateway ALG used by the Network Address Translation NAT feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass the ALG. This vulnerability is due to insufficient data validation of traffic that is traversing the AL...
Cisco IOS XE SD-WAN Software Privilege Escalation Vulnerability
A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an authenticated, local attacker to elevate privileges and execute arbitrary code on the underlying operating system as the root user. An attacker must be authenticated on an affected device as a PRIV15 user. This vulnerability i...
Cisco IOS XE SD-WAN Software Arbitrary File Overwrite Vulnerability
A vulnerability in a specific CLI command that is run on Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the configuration database of an affected device. This vulnerability is due to insufficient validation of specific CLI command...
Cisco IOS and IOS XE Software TrustSec CLI Parser Denial of Service Vulnerability
A vulnerability in the TrustSec CLI parser of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is due to an improper interaction between the web UI and the CLI parser. An attacker could exploit this...
Multiple Cisco Operating Systems Unidirectional Link Detection Denial of Service Vulnerability
A vulnerability in the Unidirectional Link Detection UDLD feature of Cisco FXOS Software, Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload. This vulnerability is due t...
Cisco IOS and IOS XE Software IKEv2 AutoReconnect Feature Denial of Service Vulnerability
A vulnerability in the Internet Key Exchange Version 2 IKEv2 support for the AutoReconnect feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to exhaust the free IP addresses from the assigned local pool. This vulnerability occurs because the cod...
Cisco IOS XE Software Rate Limiting Network Address Translation Denial of Service Vulnerability
A vulnerability in the Rate Limiting Network Address Translation NAT feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause high CPU utilization in the Cisco QuantumFlow Processor of an affected device, resulting in a denial of service DoS condition. This...
Cisco IOS XE Software Protection Against Distributed Denial of Service Attacks Feature Vulnerability
A vulnerability in the Protection Against Distributed Denial of Service Attacks feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct denial of service DoS attacks to or through the affected device. This vulnerability is due to incorrect programming of the...
Cisco IOS and IOS XE Software FXO Interface Destination Pattern Bypass Vulnerability
A vulnerability in the Voice Telephony Service Provider VTSP service of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured destination patterns and dial arbitrary numbers. This vulnerability is due to insufficient validation of dial...