Cisco IOS and IOS XE Software IP Ident Denial of Service Vulnerability

A vulnerability in the Ident protocol handler of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability exists because the affected software incorrectly handles memory structures, leading to a NULL pointer dereference...

Cisco IOx Application Environment Denial of Service Vulnerability

A vulnerability in the IOx application environment of multiple Cisco platforms could allow an unauthenticated, remote attacker to cause the IOx web server to stop processing HTTPS requests, resulting in a denial of service DoS condition. The vulnerability is due to a Transport Layer Security TLS...

Cisco IOS and IOS XE Software Session Initiation Protocol Denial of Service Vulnerability

A vulnerability in the common Session Initiation Protocol SIP library of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service DoS condition. The vulnerability is due to insufficient sanity checks ...

Cisco NX-OS and IOS XE Software Virtual Service Image Signature Bypass Vulnerability

A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service image and bypass signature verification on an affected device. The vulnerability is due to improper...

Cisco IOS XE Software ISDN Data Leak Vulnerability

A vulnerability in the Dialer interface feature for ISDN connections in Cisco IOS XE Software for Cisco 4000 Series Integrated Services Routers ISRs could allow an unauthenticated, adjacent attacker to pass IPv4 traffic through an ISDN channel prior to successful PPP authentication. The...

Cisco IOS XE Software Arbitrary Code Execution Vulnerability

A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker with physical access to an affected device to execute arbitrary code on the underlying operating system OS with root privileges. The vulnerability is due to insufficient file location validatio...

Cisco IOS XE Software Stored Cross-Site Scripting Vulnerability

A vulnerability in the web framework code of Cisco IOS XE Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web interface of the affected software. The vulnerability is due to insufficient input validation of some...

Cisco IOS and IOS XE Software Change of Authorization Denial of Service Vulnerability

A vulnerability in the RADIUS Change of Authorization CoA code of Cisco TrustSec, a feature within Cisco IOS XE Software, could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper handling of a malformed...

Cisco IOS and IOS XE Software HTTP Client Information Disclosure Vulnerability

A vulnerability in the HTTP client feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to read and modify data that should normally have been sent via an encrypted channel. The vulnerability is due to TCP port information not being considered when matching new...

Cisco IOS XE Software Path Traversal Vulnerability

A vulnerability in the Guest Shell of Cisco IOS XE Software could allow an authenticated, local attacker to perform directory traversal on the base Linux operating system of Cisco IOS XE Software. The vulnerability is due to incomplete validation of certain commands. An attacker could exploit thi...

Cisco IOS XE Software Web UI Command Injection Vulnerabilities

Multiple vulnerabilities in the web-based user interface Web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands with elevated privileges on the affected device. For more information about these vulnerabilities, see the Details "details" section of this...

Cisco IOS XE Software IOx Guest Shell Namespace Protection Vulnerability

A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker within the IOx Guest Shell to modify the namespace container protections on an affected device. The vulnerability is due to insufficient file permissions. An attacker could exploit this...

Cisco IOS XE Software ASIC Register Write Vulnerability

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to write values to the underlying memory of an affected device. The vulnerability is due to improper input validation and authorization of specific commands that a user can execute within the CLI. An...

Cisco IOS XE Software Filesystem Exhaustion Denial of Service Vulnerability

A vulnerability in the filesystem resource management code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to exhaust filesystem resources on an affected device and cause a denial of service DoS condition. The vulnerability is due to ineffective management of the underlyi...

Cisco IOS XE Software Virtualization Manager CLI Command Injection Vulnerability

A vulnerability in a Virtualization Manager VMAN related CLI command of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root. The vulnerability is due to insufficient validation of...

Cisco IOS XE Software Raw Socket Transport Denial of Service Vulnerability

A vulnerability in the Raw Socket Transport feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service DoS condition. The vulnerability is due to improper parsing of Raw Socket Transport payloads. An...

Cisco IOS XE Software FTP Application Layer Gateway for NAT, NAT64, and ZBFW Denial of Service Vulnerability

A vulnerability in the FTP application layer gateway ALG functionality used by Network Address Translation NAT, NAT IPv6 to IPv4 NAT64, and the Zone-Based Policy Firewall ZBFW in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The...

Cisco IOx for IOS Software Guest Operating System Unauthorized Access Vulnerability

A vulnerability in the IOx application environment for Cisco IOS Software could allow an authenticated, remote attacker to gain unauthorized access to the Guest Operating System Guest OS running on an affected device. The vulnerability is due to incorrect role-based access control RBAC evaluation...

Cisco HyperFlex Software Cross-Frame Scripting Vulnerability

A vulnerability in the web-based interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack on an affected device. This vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerabilit...

Cisco HyperFlex Software Counter Value Injection Vulnerability

A vulnerability in the statistics collection service of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to inject arbitrary values on an affected device. The vulnerability is due to insufficient authentication for the statistics collection service. An attacker could explo...

Cisco Jabber Client Framework for Mac Code Execution Vulnerability

A vulnerability in Cisco Jabber Client Framework JCF for Mac Software, installed as part of the Cisco Jabber for Mac client, could allow an authenticated, local attacker to execute arbitrary code on an affected device The vulnerability is due to improper file level permissions on an affected devi...

Cisco Webex Teams Logging Feature Command Execution Vulnerability

A vulnerability in the Cisco Webex Teams client for Windows could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. This vulnerability is due to improper restrictions on software logging features used by the application on Windows operating systems. An...

Cisco Industrial Network Director Configuration Data Information Disclosure Vulnerability

A vulnerability in the “plug-and-play” services component of Cisco Industrial Network Director IND could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper access restrictions on the web-based management interface...

Cisco Unified Contact Center Express Request Processing Server-Side Request Forgery Vulnerability

A vulnerability in Cisco Unified Contact Center Express Unified CCX could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery SSRF attack on a targeted system. The vulnerability is due to improper validation of user-supplied input on the...

Cisco Identity Services Engine Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability exists...

Cisco Finesse Request Processing Server-Side Request Forgery Vulnerability

A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery SSRF attack on an affected system. The vulnerability exists because the affected system does not properly validate user-supplied input. An attacker...

Cisco Content Security Management Appliance and Cisco Email Security Appliance Information Disclosure Vulnerability

A vulnerability in the authorization module of Cisco Content Security Management Appliance SMA Software and Cisco Email Security Appliance ESA could allow an authenticated, remote attacker to gain out-of-scope access to email. The vulnerability exists because the affected software does not...

Cisco NX-OS Software Network Time Protocol Denial of Service Vulnerability

A vulnerability in the Network Time Protocol NTP feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to excessive use of system resources when the affected device is logging a dr...

Cisco Nexus 9000 Series Fabric Switches ACI Mode Border Leaf Endpoint Learning Vulnerability

A vulnerability within the Endpoint Learning feature of Cisco Nexus 9000 Series Switches running in Application Centric Infrastructure ACI mode could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an endpoint device in certain circumstances. The...

Cisco REST API Container for IOS XE Software Authentication Bypass Vulnerability

A vulnerability in the Cisco REST API virtual service container for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication on the managed Cisco IOS XE device. The vulnerability is due to an improper check performed by the area of code that manages the REST...

Cisco NX-OS Software SNMP Access Control List Configuration Name Bypass Vulnerability

A vulnerability in the implementation of the Simple Network Management Protocol SNMP Access Control List ACL feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to perform SNMP polling of an affected device, even if it is configured to deny SNMP traffic. The...

Cisco NX-OS Software IPv6 Denial of Service Vulnerability

A vulnerability in the IPv6 traffic processing of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an unexpected restart of the netstack process on an affected device. The vulnerability is due to improper validation of IPv6 traffic sent through an affected device. An...

Cisco FXOS and NX-OS Software Authenticated Simple Network Management Protocol Denial of Service Vulnerability

A vulnerability in the Simple Network Management Protocol SNMP input packet processor of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, remote attacker to cause the SNMP application on an affected device to restart unexpectedly. The vulnerability is due to improper...

Cisco NX-OS Software Cisco Fabric Services over IP Denial of Service Vulnerability

A vulnerability in the Cisco Fabric Services component of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause process crashes, which can result in a denial of service DoS condition on an affected system. The vulnerability is due to insufficient validation of TCP packets...

Cisco Unified Computing System Fabric Interconnect root Privilege Escalation Vulnerability

A vulnerability in a specific CLI command within the local management local-mgmt context for Cisco UCS Fabric Interconnect Software could allow an authenticated, local attacker to gain elevated privileges as the root user on an affected device. The vulnerability is due to extraneous subcommand...

Cisco NX-OS Software NX-API Denial of Service Vulnerability

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an NX-API system process to unexpectedly restart. The vulnerability is due to incorrect validation of the HTTP header of a request that is sent to the NX-API. An attacker could...

Cisco NX-OS Software Remote Management Memory Leak Denial of Service Vulnerability

A vulnerability in the Virtual Shell VSH session management for Cisco NX-OS Software could allow an authenticated, remote attacker to cause a VSH process to fail to delete upon termination. This can lead to a build-up of VSH processes that overtime can deplete system memory. When there is no syst...

Cisco Integrated Management Controller Information Disclosure Vulnerability

A vulnerability in the Intelligent Platform Management Interface IPMI implementation of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to view sensitive system information. The vulnerability is due to insufficient security restrictions imposed by the...

Cisco Integrated Management Controller Unauthenticated Denial of Service Vulnerability

A vulnerability in the web server of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to cause the web server process to crash, causing a denial of service DoS condition on an affected system. The vulnerability is due to insufficient validation of...

Cisco Unified Contact Center Express Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Contact Center Express Unified CCX could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability...

Cisco Integrated Management Controller Command Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on an affected device. The vulnerability is due to insufficient validation...

Cisco Enterprise Network Functions Virtualization Infrastructure Software File Enumeration Vulnerability

A vulnerability in the web server functionality of Cisco Enterprise Network Functions Virtualization Infrastructure Software NFVIS could allow an authenticated, remote attacker to perform file enumeration on an affected system. The vulnerability is due to the web server responding with different...

Cisco Integrated Management Controller Command Injection Vulnerability

A vulnerability in the Redfish protocol of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker to inject and execute arbitrary commands with root privileges on an affected device. The vulnerability is due to insufficient validation of user-supplied input by th...

Cisco Integrated Management Controller Command Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on an affected device. The vulnerability is due to insufficient validation...

Cisco Integrated Management Controller Privilege Escalation Vulnerability

A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC Software could allow an authenticated, remote attacker to make unauthorized changes to the system configuration. The vulnerability is due to insufficient authorization enforcement. An attacker coul...

Cisco Firepower Threat Defense Software Information Disclosure Vulnerability

A vulnerability in the application policy configuration of the Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data. The vulnerability is due to insufficient application identification. An attacker could...

Cisco IOS XE NGWC Legacy Wireless Device Manager GUI Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco IOS XE New Generation Wireless Controller NGWC could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to...

Cisco RoomOS Software Privilege Escalation Vulnerability

A vulnerability in Cisco RoomOS Software could allow an authenticated, local attacker to write files to the underlying filesystem with root privileges. The vulnerability is due to insufficient permission restrictions on a specific process. An attacker could exploit this vulnerability by logging i...

Cisco Webex Meetings Mobile (iOS) SSL Certificate Validation Vulnerability

A vulnerability in Cisco Webex Meetings Mobile iOS could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data by using an invalid Secure Sockets Layer SSL certificate. The vulnerability is due to insufficient SSL certificate validation by the affected...

Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data SCP User Default Credentials Vulnerability

A vulnerability in Cisco Integrated Management Controller IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to log in to the CLI of an affected system by using the SCP User account scpuser, which has default user...