Cisco Aironet Access Point Authentication Flood Denial of Service Vulnerability

A vulnerability in Cisco Aironet Access Point AP Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper handling of clients that are trying to connect to the AP. An attacker could exploit this vulnerability by sending...

Cisco Email Security Appliance Denial of Service Vulnerability

A vulnerability in the Transport Layer Security TLS protocol implementation of Cisco AsyncOS software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to cause high CPU usage on an affected device, resulting in a denial of service DoS condition. The...

Cisco Jabber for Windows Universal Naming Convention Link Handling Vulnerability

A vulnerability in Cisco Jabber for Windows software could allow an authenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of message contents. An attacker could exploit this vulnerability by sending specially crafted messages that...

Cisco FXOS Software Buffer Overflow Vulnerability

A vulnerability in Cisco FXOS Software could allow an authenticated, local attacker with administrative credentials to cause a buffer overflow condition. The vulnerability is due to incorrect bounds checking of values that are parsed from a specific file. An attacker could exploit this...

Cisco Content Security Management Appliance and Cisco Web Security Appliance Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Content Security Management Appliance SMA and Cisco Web Security Appliance WSA could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability exists...

Cisco Jabber for Windows Protocol Handler Command Injection Vulnerability

A vulnerability in the application protocol handling features of Cisco Jabber for Windows could allow an unauthenticated, remote attacker to execute arbitrary commands. The vulnerability is due to improper handling of input to the application protocol handlers. An attacker could exploit this...

Cisco Email Security Appliance Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco AsyncOS software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to insufficient validation of requests that are se...

Cisco Enterprise NFV Infrastructure Software File Overwrite Vulnerability

A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to overwrite certain files that should be restricted on an affected device. The vulnerability is due to insufficient authorization enforcement on an affected system...

Cisco Jabber for Windows Information Disclosure Vulnerability

A vulnerability in Cisco Jabber software could allow an authenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of message contents. An attacker could exploit this vulnerability by sending specially crafted messages to a targeted...

Cisco Jabber for Windows Message Handling Arbitrary Code Execution Vulnerability

A vulnerability in Cisco Jabber for Windows could allow an authenticated, remote attacker to execute arbitrary code. The vulnerability is due to improper validation of message contents. An attacker could exploit this vulnerability by sending specially crafted Extensible Messaging and Presence...

Cisco Webex Meetings Client for Windows, Webex Meetings Desktop App, and Webex Teams Information Disclosure Vulnerability

A vulnerability in the media engine component of Cisco Webex Meetings Client for Windows, Cisco Webex Meetings Desktop App for Windows, and Cisco Webex Teams for Windows could allow an authenticated, local attacker to gain access to sensitive information. The vulnerability is due to unsafe loggin...

Cisco IOS XR Authenticated User Privilege Escalation Vulnerability

A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to execute that command, even though administrative privileges should be required. The attacker must have valid credentials on the affected device. The...

Cisco Enterprise NFV Infrastructure Software Path Traversal Vulnerability

A vulnerability in the directory permissions of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to perform a directory traversal attack on a limited set of restricted directories. The vulnerability is due to a flaw in the logic that governs directo...

Cisco IOS XR Software Authenticated User Privilege Escalation Vulnerability

A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local CLI shell user to elevate privileges and gain full administrative control of the device. The vulnerability is due to incorrect mapping of a command to task groups withi...

Cisco Webex Training Unauthorized Meeting Join Vulnerability

A vulnerability in Cisco Webex Training could allow an authenticated, remote attacker to join a password-protected meeting without providing the meeting password. The vulnerability is due to improper validation of input to API requests that are a part of meeting join flow. An attacker could explo...

Cisco Small Business RV340 Series Routers Command Injection and Remote Code Execution Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system OS as a restricted user. For more information about these vulnerabilities, s...

Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerabilities

Multiple vulnerabilities in the Distance Vector Multicast Routing Protocol DVMRP feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to either immediately crash the Internet Group Management Protocol IGMP process or make it consume available memory and eventually cras...

Cisco NX-OS Software Data Management Engine Remote Code Execution Vulnerability

A vulnerability in the Data Management Engine DME of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with administrative privileges or cause a denial of service DoS condition on an affected device. The vulnerability is due to insufficient input...

Cisco NX-OS Software Call Home Command Injection Vulnerability

A vulnerability in the Call Home feature of Cisco NX-OS Software could allow an authenticated, remote attacker to inject arbitrary commands that could be executed with root privileges on the underlying operating system OS. The vulnerability is due to insufficient input validation of specific Call...

Cisco UCS Manager Software Local Management CLI Denial of Service Vulnerability

A vulnerability in the local management local-mgmt CLI of Cisco UCS Manager Software could allow an authenticated, local attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper handling of CLI command parameters. An attacker could exploit th...

Cisco Nexus 3000 and 9000 Series Switches Privilege Escalation Vulnerability

A vulnerability in the Enable Secret feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker to issue the enable command and get full administrative privileges. To exploit this vulnerability, the attack...

Cisco NX-OS Software Border Gateway Protocol Multicast VPN Session Denial of Service Vulnerability

A vulnerability in the Border Gateway Protocol BGP Multicast VPN MVPN implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a BGP session to repeatedly reset, causing a partial denial of service DoS condition due to the BGP session being down. The...

Cisco NX-OS Software IPv6 Protocol Independent Multicast Denial of Service Vulnerability

A vulnerability in the Protocol Independent Multicast PIM feature for IPv6 networks PIM6 of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper error handling when processing...

Cisco NX-OS Software Border Gateway Protocol Multicast VPN Denial of Service Vulnerability

A vulnerability in the Border Gateway Protocol BGP Multicast VPN MVPN implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service DoS condition. The vulnerability is due to incomplete...

Cisco FXOS and NX-OS Software Cisco Fabric Services Denial of Service Vulnerability

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated attacker to cause process crashes, which could result in a denial of service DoS condition on an affected device. The attack vector is configuration dependent and...

Cisco Vision Dynamic Signage Director Role-Based Access Control Vulnerability

A vulnerability in the role-based access control RBAC functionality of the web management software of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker to access resources that they should not be able to access and perform actions that they should not be able to...

Cisco DNA Center Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco DNA Center software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an affected device. The vulnerabilities exist because the web-based managemen...

Cisco Webex Meetings Desktop App for Windows Arbitrary File Overwrite Vulnerability

A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an unauthenticated, remote attacker to overwrite arbitrary files on an end-user system. The vulnerability is due to improper validation of URL parameters that are sent from a website to the affected application. An attack...

Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Remote Code Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP camera. These vulnerabilities are due to missing checks when t...

Cisco Vision Dynamic Signage Director Directory Traversal Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to view potentially sensitive information on an affected device. The vulnerability is due to incorrect permissions within Apache configuration. An attacke...

Cisco vWAAS for Cisco ENCS 5400-W Series and CSP 5000-W Series Default Credentials Vulnerability

A vulnerability in Cisco Virtual Wide Area Application Services vWAAS with Cisco Enterprise NFV Infrastructure Software NFVIS-bundled images for Cisco ENCS 5400-W Series and CSP 5000-W Series appliances could allow an unauthenticated, remote attacker to log into the NFVIS CLI of an affected devic...

Cisco Data Center Network Manager Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Data Center Network Manager DCNM Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. The vulnerability exists because the web-based management interface...

Cisco Data Center Network Manager Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Data Center Network Manager DCNM Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. The vulnerability is due to insufficient input validation by the...

Cisco Vision Dynamic Signage Director Path Traversal Vulnerability

A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker with administrative privileges to conduct directory traversal attacks and obtain read access to sensitive files on an affected system. The vulnerability...

Cisco Small Business Smart and Managed Switches Denial of Service Vulnerability

A vulnerability in the IPv6 packet processing engine of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to insufficient validation of incoming IPv6 traffic. A...

Cisco Data Center Network Manager Path Traversal Vulnerability

A vulnerability in a certain REST API endpoint of Cisco Data Center Network Manager DCNM Software could allow an authenticated, remote attacker to perform a path traversal attack on an affected device. The vulnerability is due to insufficient path restriction enforcement. An attacker could exploi...

Cisco Data Center Network Manager Path Traversal Vulnerability

A vulnerability in a specific REST API method of Cisco Data Center Network Manager DCNM Software could allow an authenticated, remote attacker to conduct a path traversal attack on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the API. An attack...

Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Memory Leak Vulnerability

A vulnerability in the Cisco Discovery Protocol of Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service DoS condition on an affected device. The vulnerability is due to incorrect processin...

Cisco Data Center Network Manager Authorization Bypass Vulnerability

A vulnerability in the web-based management interface of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. The vulnerability is due to a failure to limit access to resources that are intended for use...

Cisco Vision Dynamic Signage Director Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker with administrative privileges to conduct a cross-site scripting XSS attack against a user of the interface on an affected device. The vulnerability exists...

Cisco Data Center Network Manager Authorization Bypass Vulnerability

A vulnerability in the web-based management interface of Cisco Data Center Network Manager DCNM Software could allow an authenticated, remote attacker to bypass authorization on an affected device and access sensitive information that is related to the device. The vulnerability exists because the...

Cisco Data Center Network Manager Information Disclosure Vulnerability

A vulnerability in Cisco Data Center Network Manager DCNM Software could allow an authenticated, local attacker to obtain confidential information from an affected device. The vulnerability is due to insufficient protection of confidential information on an affected device. An attacker at any...

Cisco Data Center Network Manager Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Data Center Network Manager DCNM Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of the affected software. The vulnerability exists because the...

Cisco Data Center Network Manager Read File Path Traversal Vulnerability

A vulnerability in a specific REST API of Cisco Data Center Network Manager DCNM Software could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the API. An attacker...

Cisco Smart Software Manager On-Prem Privilege Escalation Vulnerability

A vulnerability in Cisco Smart Software Manager On-Prem SSM On-Prem could allow an authenticated, remote attacker to elevate privileges and execute commands with higher privileges. The vulnerability is due to insufficient authorization of the System Operator role capabilities. An attacker could...

Cisco Data Center Network Manager Authorization Bypass Vulnerability

A vulnerability in the web-based management interface of Cisco Data Center Network Manager DCNM Software could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. The vulnerability is due to a failure to limit access to resources that are intende...

Cisco Connected Mobile Experiences Privilege Escalation Vulnerability

A vulnerability in Cisco Connected Mobile Experiences CMX could allow an authenticated, local attacker with administrative credentials to execute arbitrary commands with root privileges. The vulnerability is due to improper user permissions that are configured by default on an affected system. An...

Cisco Connected Mobile Experiences Restricted Shell Escape Vulnerability

A vulnerability in the CLI of Cisco Connected Mobile Experiences CMX could allow an authenticated, local attacker with administrative credentials to bypass restrictions on the CLI. The vulnerability is due to insufficient security mechanisms in the restricted shell implementation. An attacker cou...

Cisco Hyperflex HX-Series Software Weak Storage Vulnerability

A vulnerability in the installation component of Cisco Hyperflex HX-Series Software could allow an authenticated, local attacker to retrieve the password that was configured at installation on an affected device. The vulnerability exists because sensitive information is stored as clear text. An...

Cisco StarOS IPv6 Denial of Service Vulnerability

A vulnerability in the IPv6 implementation of Cisco StarOS could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to insufficient validation of incoming IPv6 traffic. An attacker could exploit this vulnerability b...