Cisco IOS and IOS XE Software Privilege Escalation Vulnerability

A vulnerability in the dragonite debugger of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root privilege. The vulnerability is due to the presence of development testing and verification scripts that remained on t...

Cisco IOS XE Software Arbitrary Code Execution Vulnerability

A vulnerability in the boot logic of Cisco IOS XE Software could allow an authenticated, local attacker with level 15 privileges or an unauthenticated attacker with physical access to execute arbitrary code on the underlying Linux operating system of an affected device. This vulnerability is due ...

Cisco Aironet Access Points Arbitrary File Overwrite Vulnerability

A vulnerability in the implementation of a CLI command in Cisco Aironet Access Points AP could allow an authenticated, local attacker to overwrite files in the flash memory of the device. This vulnerability is due to insufficient input validation for a specific command. An attacker could exploit...

Cisco IOS XE SD-WAN Software vDaemon Buffer Overflow Vulnerability

A vulnerability in the vDaemon process in Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. This vulnerability is due to insufficient bounds checking when the device processes traffic. An attacker could exploit this...

Cisco Small Business RV132W and RV134W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability

A vulnerability in the web-based management interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly. The...

Cisco SD-WAN vManage Software Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to elevate privileges on an affected system. To exploit this vulnerability, an attacker would need to have a valid Administrator account on an affected system. The vulnerability is due to...

Cisco Network Services Orchestrator Path Traversal Vulnerability

A vulnerability in the API subsystem and in the web-management interface of Cisco Network Services Orchestrator NSO could allow an unauthenticated, remote attacker to access sensitive data. This vulnerability exists because the web-management interface and certain HTTP-based APIs do not properly...

Cisco ASR 5000 Series Software (StarOS) ipsecmgr Process Denial of Service Vulnerability

A vulnerability in the ipsecmgr process of Cisco ASR 5000 Series Software StarOS could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. This vulnerability is due to insufficient validation of incoming Internet Key Exchange Version 2 IKEv2 packets. An attacker...

Cisco IP Phones Buffer Overflow and Denial of Service Vulnerabilities

Multiple vulnerabilities in the Cisco Discovery Protocol and Link Layer Discovery Protocol LLDP implementations for Cisco IP Phone Series 68xx/78xx/88xx could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP phone. These vulnerabilities are...

Cisco SD-WAN vManage Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying filesystem of an affected system. This vulnerability is due to insufficient access control for sensitive information that ...

Cisco SD-WAN vManage Authorization Bypass Vulnerability

A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization checking and gain restricted access to the configuration information of an affected system. This vulnerability exists because the affected software has insufficient input...

Cisco SD-WAN vManage Directory Traversal Vulnerability

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a directory traversal attack and obtain read access to sensitive files on an affected system. The vulnerability is due to insufficient validation of HTTP...

Cisco SD-WAN Software Signature Verification Bypass Vulnerability

A vulnerability in the Image Signature Verification feature of Cisco SD-WAN Software could allow an authenticated, remote attacker with Administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital...

Cisco Content Security Management Appliance Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Content Security Management Appliance SMA could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability exists because confidential information is bei...

Cisco Webex Meetings Unauthorized Distribution List Update Vulnerability

A vulnerability in the distribution list feature of Cisco Webex Meetings could allow an authenticated, remote attacker to modify a distribution list that belongs to another user of their organization. The vulnerability is due to insufficient authorization enforcement for requests to update...

Cisco SD-WAN vDaemon Buffer Overflow Vulnerability

A vulnerability in the vDaemon service of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to cause a buffer overflow on an affected system, resulting in a denial of service DoS condition. The vulnerability is due to incomplete bounds checks for data that is provided to...

Multiple Cisco Products Snort Ethernet Frame Decoder Denial of Service Vulnerability

Multiple Cisco products are affected by a vulnerability in the Ethernet Frame Decoder of the Snort detection engine that could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition. The vulnerability is due to improper handling of error conditions when processing...

Cisco SD-WAN vManage SQL Injection Vulnerability

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to improper input validation of SQL queries to an affected system. An attacker cou...

Cisco NX-OS Software NX-API Cross-Site Request Forgery Vulnerability

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. This vulnerability is due to insufficient CSRF protections for the NX-API on an affected device. An attacker cou...

Cisco Application Services Engine Unauthorized Access Vulnerabilities

Multiple vulnerabilities in Cisco Application Services Engine could allow an unauthenticated, remote attacker to gain privileged access to host-level operations or to learn device-specific information, create diagnostic files, and make limited configuration changes. For more information about the...

Cisco NX-OS Software IPv6 Netstack Denial of Service Vulnerability

A vulnerability in the network stack of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability exists because the software improperly releases resources when it processes certain IPv6 packets that a...

Cisco NX-OS Software Protocol Independent Multicast Denial of Service Vulnerability

A vulnerability in the Protocol Independent Multicast PIM feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this...

Cisco NX-OS Software ICMP Version 6 Memory Leak Denial of Service Vulnerability

A vulnerability in ICMP Version 6 ICMPv6 processing in Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a slow system memory leak, which over time could lead to a denial of service DoS condition. This vulnerability is due to improper error handling when an...

Cisco NX-OS Software Unauthenticated Arbitrary File Actions Vulnerability

A vulnerability in the implementation of an internal file management service for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode that are running Cisco NX-OS Software could allow an unauthenticated, remote attacker to create, delete, or overwrite...

Cisco Nexus 9000 Series Fabric Switches ACI Mode BGP Route Installation Denial of Service Vulnerability

A vulnerability with the Border Gateway Protocol BGP for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure ACI mode could allow an unauthenticated, remote attacker to cause a routing process to crash, which could lead to a denial of service DoS condition. This...

Cisco FXOS and NX-OS Software Unidirectional Link Detection Denial of Service and Arbitrary Code Execution Vulnerability

A vulnerability in the Unidirectional Link Detection UDLD feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with administrative privileges or cause a denial of service DoS condition on an affected device. This...

Cisco AnyConnect Secure Mobility Client Denial of Service Vulnerability

A vulnerability in the interprocess communication IPC channel of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to cause a denial of service DoS condition on an affected device. To exploit this vulnerability, the attacker would need to have valid credentials ...

Cisco ACI Multi-Site Orchestrator Application Services Engine Deployment Authentication Bypass Vulnerability

A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator MSO installed on the Application Services Engine could allow an unauthenticated, remote attacker to bypass authentication on an affected device. The vulnerability is due to improper token validation on a specific API endpoint...

Cisco Nexus 9000 Series Fabric Switches ACI Mode Fabric Infrastructure VLAN Unauthorized Access Vulnerability

A vulnerability in the fabric infrastructure VLAN connection establishment of Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure ACI Mode could allow an unauthenticated, adjacent attacker to bypass security validations and connect an unauthorized server to the...

Cisco Nexus 9000 Series Fabric Switches ACI Mode Link Layer Discovery Protocol Port Denial of Service Vulnerability

A vulnerability in the Link Layer Discovery Protocol LLDP for Nexus 9000 Series Fabric Switches in Application Centric Infrastructure ACI mode could allow an unauthenticated, adjacent attacker to disable switching on a small form-factor pluggable SFP interface. This vulnerability is due to...

Cisco Webex Meetings Cross-Site Scripting Vulnerability

A vulnerability in the web-based interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface of the affected service. The vulnerability is due to insufficient validation of user-supplied...

Cisco Webex Meetings Desktop App and Webex Productivity Tools for Windows Shared Memory Information Disclosure Vulnerability

A vulnerability in Cisco Webex Meetings Desktop App and Webex Productivity Tools for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system. This vulnerability is due to the unsafe usage of shared memory by the affected software. An...

Cisco AnyConnect Secure Mobility Client for Windows with VPN Posture (HostScan) Module DLL Hijacking Vulnerability

A vulnerability in the interprocess communication IPC channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the VPN Posture HostScan Module is installed on the AnyConnect client. This...

Cisco Identity Services Engine Sensitive Information Disclosure Vulnerabilities

Multiple vulnerabilities in the Admin portal of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to obtain sensitive information. These vulnerabilities are due to improper enforcement of administrator privilege levels for sensitive data. An attacker with read-only...

Cisco StarOS Denial of Service Vulnerability

A vulnerability in the SSH service of the Cisco StarOS operating system could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service DoS condition. The vulnerability is due to a logic error that may occur under specific...

Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers Remote Code Execution Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP...

Cisco Managed Services Accelerator Denial of Service Vulnerability

A vulnerability in the REST API of Cisco Managed Services Accelerator MSX could allow an authenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to the way that the affected software logs certain API requests. An attacker could...

Cisco IOS XR Software SNMP Management Plane Protection ACL Bypass Vulnerability

A vulnerability in the Local Packet Transport Services LPTS programming of the SNMP with the management plane protection feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to allow connections despite the management plane protection that is configured to deny access ...

Cisco IOS XR and Cisco NX-OS Software IPv6 Access Control List Bypass Vulnerability

A vulnerability in the IPv6 traffic processing of Cisco IOS XR Software and Cisco NX-OS Software for certain Cisco devices could allow an unauthenticated, remote attacker to bypass an IPv6 access control list ACL that is configured for an interface of an affected device. The vulnerability is due ...

Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers Arbitrary File Write Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to conduct directory traversal attacks and overwrite certain files that should be restricted on an affected...

Cisco IOS XR Software for Cisco 8000 Series Routers and Network Convergence System 540 Series Routers Image Verification Vulnerabilities

Multiple vulnerabilities in Cisco Network Convergence System NCS 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for the Cisco 8000 Series Routers could allow an authenticated, local attacker to execute unsigned code during the boot process on...

Cisco IOS XR Software Enf Broker Denial of Service Vulnerability

Multiple vulnerabilities in the ingress packet processing function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. For more information about these vulnerabilities, see the Details "details" section of this...

Cisco IOS XR Software for Cisco 8000 Series Routers and Network Convergence System 540 Series Routers Privilege Escalation Vulnerability

A vulnerability in a CLI command of Cisco IOS XR Software for the Cisco 8000 Series Routers and Network Convergence System 540 Series Routers running NCS540L software images could allow an authenticated, local attacker to elevate their privilege to root. To exploit this vulnerability, an attacker...

Cisco Webex Meetings and Cisco Webex Meetings Server Software Hyperlink Injection Vulnerability

A vulnerability in the user interface of Cisco Webex Meetings and Cisco Webex Meetings Server Software could allow an authenticated, remote attacker to inject a hyperlink into a meeting invitation email. The vulnerability is due to insufficient input validation. An attacker could exploit this...

Cisco Small Business RV Series Routers Management Interface Command Injection Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. These vulnerabilities are due to improper...

Cisco IOS XR Software IPv6 Flood Denial of Service Vulnerability

A vulnerability in the IPv6 protocol handling of the management interfaces of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause an IPv6 flood on the management interface network of an affected device. The vulnerability exists because the software incorrectly forward...

Cisco Small Business RV Series Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due t...

Cisco Unified Computing System Central Software Improper Certificate Validation Vulnerability

A vulnerability in the certificate registration process of Cisco Unified Computing System UCS Central Software could allow an authenticated, adjacent attacker to register a rogue Cisco Unified Computing System Manager UCSM. This vulnerability is due to improper certificate validation. An attacker...

Cisco IOS XR Software Unauthorized Information Disclosure Vulnerability

A vulnerability in the CLI parser of Cisco IOS XR Software could allow an authenticated, local attacker to view more information than their privileges allow. The vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker could exploit...

Sudo Privilege Escalation Vulnerability Affecting Cisco Products: January 2021

A vulnerability in the command line parameter parsing code of Sudo could allow an authenticated, local attacker to execute commands or binaries with root privileges. The vulnerability is due to improper parsing of command line parameters that may result in a heap-based buffer overflow. An attacke...