Cisco SD-WAN Solution vManage SQL Injection Vulnerability

A vulnerability in the web UI of Cisco SD-WAN Solution vManage software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web UI improperly validates SQL values. An attacker could exploit this vulnerability b...

Cisco SD-WAN Solution Buffer Overflow Vulnerability

A vulnerability in Cisco SD-WAN Solution software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted traffic to an affected device...

Cisco TelePresence Management Suite Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco TelePresence Management Suite TMS could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface. The vulnerability is due to insufficient input validati...

Cisco IOS XR Software IPsec Packet Processor Denial of Service Vulnerability

A vulnerability in the IPsec packet processor of Cisco IOS XR Software could allow an unauthenticated remote attacker to cause a denial of service DoS condition for IPsec sessions to an affected device. The vulnerability is due to improper handling of packets by the IPsec packet processor. An...

Cisco Email Security Appliance Uncontrolled Resource Exhaustion Vulnerability

A vulnerability in the malware detection functionality in Cisco Advanced Malware Protection AMP in Cisco AsyncOS Software for Cisco Email Security Appliances ESAs could allow an unauthenticated remote attacker to exhaust resources on an affected device. The vulnerability is due to insufficient...

Cisco Webex Meetings Client for MacOS Information Disclosure Vulnerability

A vulnerability in the multicast DNS mDNS protocol configuration of Cisco Webex Meetings Client for MacOS could allow an unauthenticated adjacent attacker to obtain sensitive information about the device on which the Webex client is running. The vulnerability exists because sensitive information ...

Cisco ESA, Cisco WSA, and Cisco SMA GUI Denial of Service Vulnerability

A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Email Security Appliance ESA, Cisco Web Security Appliance WSA, and Cisco Content Security Management Appliance SMA could allow an unauthenticated remote attacker to cause high CPU usage on an affected device,...

Cisco Identity Services Engine Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplied...

Cisco Prime Collaboration Provisioning Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of...

Cisco Remote PHY Device Software Command Injection Vulnerability

A vulnerability in Cisco Remote PHY Device Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exists because the affected software does not properly sanitize user-supplied input. An...

Cisco Intelligent Proximity SSL Certificate Validation Vulnerability

A vulnerability in the SSL implementation of the Cisco Intelligent Proximity solution could allow an unauthenticated, remote attacker to view or alter information shared on Cisco Webex video devices and Cisco collaboration endpoints if the products meet the conditions described in the Vulnerable...

Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities

Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements within a Webex...

Cisco Prime Collaboration Provisioning Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to obtain sensitive information about an affected device. The vulnerability exists because replies from the web-based management interface include...

Cisco Prime Network Registrar Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based interface of Cisco Prime Network Registrar CPNR could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. The vulnerability is due to insufficient CSRF protections in the web-based interface. An...

Wi-Fi Protected Network and Wi-Fi Protected Network 2 Information Disclosure Vulnerability

On February 26th, 2020, researchers Štefan Svorencík and Robert Lipovsky disclosed a vulnerability in the implementation of the wireless egress packet processing of certain Broadcom Wi-Fi chipsets. This vulnerability could allow an unauthenticated, adjacent attacker to decrypt Wi-Fi frames withou...

Cisco NX-OS Software NX-API Denial of Service Vulnerability

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an NX-API system process to unexpectedly restart. The vulnerability is due to incorrect validation of the HTTP header of a request that is sent to the NX-API. An attacker could...

Cisco MDS 9000 Series Switches Denial of Service Vulnerability

A vulnerability in the resource handling system of Cisco NX-OS Software for Cisco MDS 9000 Series Multilayer Switches could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper resource usage control. An...

Cisco FXOS and NX-OS Software Cisco Discovery Protocol Arbitrary Code Execution and Denial of Service Vulnerability

A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code as root or cause a denial of service DoS condition on an affected device. The vulnerability exists because of...

Cisco FXOS Software CLI Command Injection Vulnerability

A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root on an affected device. The vulnerability is due to insufficient validation of arguments passed to a...

Cisco NX-OS Software Border Gateway Protocol MD5 Authentication Bypass Vulnerability

A vulnerability in the implementation of Border Gateway Protocol BGP Message Digest 5 MD5 authentication in Cisco NX-OS Software could allow an unauthenticated, remote attacker to bypass MD5 authentication and establish a BGP connection with the device. The vulnerability occurs because the BGP MD...

Cisco UCS Manager Software Local Management CLI Command Injection Vulnerability

A vulnerability in the local management local-mgmt CLI of Cisco UCS Manager Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system OS on an affected device. The vulnerability is due to insufficient input validation of command...

Cisco FXOS and UCS Manager Software CLI Command Injection Vulnerability

A vulnerability in the CLI of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system OS. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerabilit...

Cisco FXOS Software CLI Arbitrary File Read and Write Vulnerability

A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to read or write arbitrary files on the underlying operating system OS. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including crafted...

Cisco NX-OS Software Anycast Gateway Invalid ARP Vulnerability

A vulnerability in the anycast gateway feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a device to learn invalid Address Resolution Protocol ARP entries. The ARP entries are for nonlocal IP addresses for the subnet. The vulnerability is due to improper...

Cisco FXOS and UCS Manager Software Local Management CLI Command Injection Vulnerability

A vulnerability in the local management local-mgmt CLI of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system OS of an affected device. The vulnerability is due to insufficient input...

Cisco Nexus 1000V Switch for VMware vSphere Secure Login Enhancements Denial of Service Vulnerability

A vulnerability in the Secure Login Enhancements capability of Cisco Nexus 1000V Switch for VMware vSphere could allow an unauthenticated, remote attacker to cause an affected Nexus 1000V Virtual Supervisor Module VSM to become inaccessible to users through the CLI. The vulnerability is due to...

Cisco Unified Contact Center Express Privilege Escalation Vulnerability

A vulnerability in the Administration Web Interface of Cisco Unified Contact Center Express Unified CCX could allow an authenticated, remote attacker to upload arbitrary files and execute commands on the underlying operating system. To exploit this vulnerability, an attacker needs valid...

Cisco Cloud Web Security SQL Injection Vulnerability

A vulnerability in the web UI of Cisco Cloud Web Security could allow an authenticated, remote attacker to execute arbitrary SQL queries. The vulnerability exists because the web-based management interface improperly validates SQL values. An authenticated attacker could exploit this vulnerability...

Cisco Data Center Network Manager Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of...

Cisco Data Center Network Manager Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Data Center Network Manager DCNM could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based...

Cisco Enterprise NFV Infrastructure Software Remote Code Execution Vulnerability

A vulnerability in the upgrade component of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to install a malicious file when upgrading. The vulnerability is due to insufficient signature validation. An attacker could exploit this vulnerability by...

Cisco Email Security Appliance Denial of Service Vulnerability

A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to cause the CPU utilization to increase to 100 percent, causing a denial of service DoS condition on an affected device. The...

Cisco Smart Software Manager On-Prem Static Default Credential Vulnerability

A vulnerability in the High Availability HA service of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to access a sensitive part of the system with a high-privileged account. The vulnerability is due to a system account that has a default and static password...

Cisco Email Security Appliance Shortened URL Denial of Service Vulnerability

A vulnerability in the email message scanning feature of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to cause a temporary denial of service DoS condition on an affected device. The vulnerability is due to inadequate parsing...

Cisco Identity Services Engine Cross-Site Scripting Vulnerability

A vulnerability in the logging component of Cisco Identity Services Engine could allow an unauthenticated remote attacker to conduct cross-site scripting attacks. The vulnerability is due to the improper validation of endpoint data stored in logs used by the web-based interface. An attacker could...

Cisco Unified Contact Center Enterprise Denial of Service Vulnerability

A vulnerability in the Live Data server of Cisco Unified Contact Center Enterprise could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability exists because the affected software improperly manages resources when processing...

Cisco Email Security Appliance and Cisco Content Security Management Appliance Denial of Service Vulnerability

A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliance ESA and Cisco Content Security Management Appliance SMA could allow an unauthenticated, remote attacker to cause repeated crashes in some internal processes that are running on the...

Cisco Meeting Server Extensible Messaging and Presence Protocol Denial of Service Vulnerability

A vulnerability in the Extensible Messaging and Presence Protocol XMPP feature of Cisco Meeting Server software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition for users of XMPP conferencing applications. Other applications and processes are unaffected...

Cisco AnyConnect Secure Mobility Client for Windows Uncontrolled Search Path Vulnerability

A vulnerability in the installer component of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated local attacker to copy user-supplied files to system level directories with system level privileges. The vulnerability is due to the incorrect handling of directory paths...

Multiple Cisco UCS-Based Products UEFI Secure Boot Bypass Vulnerability

A vulnerability in the firmware of the Cisco UCS C-Series Rack Servers could allow an authenticated, physical attacker to bypass Unified Extensible Firmware Interface UEFI Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due to improp...

Cisco Data Center Network Manager Privilege Escalation Vulnerability

A vulnerability in the REST API endpoint of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to elevate privileges on the application. The vulnerability is due to insufficient access control validation. An attacker could exploit this vulnerability by...

Cisco Finesse Web-Based Management Interface Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of the affected software. The vulnerability is due to insufficient validation of...

Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Remote Code Execution and Denial of Service Vulnerability

A vulnerability in the Cisco Discovery Protocol implementation for the Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP Camera. The vulnerability is due to missing checks when processing...

Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE Software could allow an authenticated, remote attacker to perform a stored cross-site scripting XSS attack on an affected device. The vulnerability is due to insufficient input validation by the web-based...

Cisco Digital Network Architecture Center Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Digital Network Architecture DNA Center could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is...

Cisco IOS XR Software Cisco Discovery Protocol Format String Vulnerability

A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability is due to improper validation of string input from certain fields in Cisc...

Cisco FXOS, IOS XR, and NX-OS Software Cisco Discovery Protocol Denial of Service Vulnerability

A vulnerability in the Cisco Discovery Protocol implementation for Cisco FXOS Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service DoS condition. The vulnerability is d...

Cisco NX-OS Software Cisco Discovery Protocol Remote Code Execution Vulnerability

A vulnerability in the Cisco Discovery Protocol implementation for Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability exists because the Cisco Discovery Protocol parser does not properly...

Cisco IP Phone Remote Code Execution and Denial of Service Vulnerability

A vulnerability in the Cisco Discovery Protocol implementation for the Cisco IP Phone could allow an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload of an affected IP phone. The vulnerability is due to missing checks when processing Cisco Discove...

Cisco Small Business Switches Denial of Service Vulnerability

A vulnerability in the web UI of Cisco Small Business Switches could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper validation of requests sent to the web interface. An attacker could exploit this...