5218 matches found
Cisco Email Security Appliance Content Filter Bypass Vulnerability
A vulnerability in the attachment scanning of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass configured content filters on the device. The vulnerability is due to improper input validation of the email body. An attacker coul...
Cisco Email Security Appliance Content Filter Bypass Vulnerability
A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass configured filters on the device. The vulnerability is due to improper input validation of certain email fields. An attacker cou...
Cisco Web Security Appliance HTTPS Certificate Denial of Service Vulnerability
A vulnerability in the HTTPS decryption feature of Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient validation of Secure Sockets Layer SSL server certificates. An attacker could...
Cisco Jabber for Windows DLL Preloading Vulnerability
A vulnerability in the loading mechanism of specific dynamic link libraries in Cisco Jabber for Windows could allow an authenticated, local attacker to perform a DLL preloading attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The...
Cisco Enterprise NFV Infrastructure Software Arbitrary File Read and Write Vulnerability
A vulnerability in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker with administrator privileges to overwrite or read arbitrary files on the underlying operating system OS of an affected device. The vulnerability is due to improper input validation...
Cisco IP Phone 7800 and 8800 Series Session Initiation Protocol Denial of Service Vulnerability
A vulnerability in Cisco SIP IP Phone Software for Cisco IP Phone 7800 Series and 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected phone. The vulnerability is due to insufficient validation of input Session Initiation Protocol S...
Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability
A vulnerability in the Session Initiation Protocol SIP protocol implementation of Cisco Unified Communications Manager and Unified Communications Manager Session Management Edition could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due...
Cisco Firepower Management Center RSS Cross-Site Scripting Vulnerabilities
Multiple vulnerabilities in the RSS dashboard in the web-based management interface of Cisco Firepower Management Center FMC could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The...
Cisco IOS XR Software Border Gateway Protocol Denial of Service Vulnerability
A vulnerability in the implementation of Border Gateway Protocol BGP functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected system. The vulnerability is due to incorrect processing of certain BGP update...
Cisco Unified Communications Domain Manager Restricted Shell Escape Vulnerability
A vulnerability in the CLI of Cisco Unified Communications Domain Manager Cisco Unified CDM Software could allow an authenticated, local attacker to escape the restricted shell. The vulnerability is due to insufficient input validation of shell commands. An attacker could exploit this vulnerabili...
Cisco Small Business Series Switches HTTP Denial of Service Vulnerability
A vulnerability in the web interface of Cisco Small Business 200, 300, and 500 Series Managed Switches could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper validation of requests sent to the web...
Cisco Small Business Series Switches Memory Corruption Vulnerability
A vulnerability in the Secure Sockets Layer SSL input packet processor of Cisco Small Business 200, 300, and 500 Series Managed Switches could allow an unauthenticated, remote attacker to cause a memory corruption on an affected device. The vulnerability is due to improper validation of HTTPS...
Cisco Web Security Appliance Web Proxy Denial of Service Vulnerability
A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliance WSA could allow an authenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to insufficient input validation mechanisms for...
Cisco Application Policy Infrastructure Controller REST API Privilege Escalation Vulnerability
A vulnerability in the REST API for software device management in Cisco Application Policy Infrastructure Controller APIC Software could allow an authenticated, remote attacker to escalate privileges to root on an affected device. The vulnerability is due to incomplete validation and error checki...
Cisco Nexus 9000 Series Fabric Switches ACI Mode Fabric Infrastructure VLAN Unauthorized Access Vulnerability
A vulnerability in the fabric infrastructure VLAN connection establishment of the Cisco Nexus 9000 Series Application Centric Infrastructure ACI Mode Switch Software could allow an unauthenticated, adjacent attacker to bypass security validations and connect an unauthorized server to the...
Cisco Data Center Network Manager Information Disclosure Vulnerability
A vulnerability in the web-based management interface of Cisco Data Center Network Manager DCNM could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device. The vulnerability is due to improper access controls for certain URLs on affected DCNM softwar...
Cisco Data Center Network Manager Authentication Bypass Vulnerability
A vulnerability in the web-based management interface of Cisco Data Center Network Manager DCNM could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability is due to improper session...
Cisco Data Center Network Manager Arbitrary File Upload and Remote Code Execution Vulnerability
A vulnerability in the web-based management interface of Cisco Data Center Network Manager DCNM could allow an unauthenticated, remote attacker to upload arbitrary files on an affected device. The vulnerability is due to incorrect permission settings in affected DCNM software. An attacker could...
Cisco Data Center Network Manager Arbitrary File Download Vulnerability
A vulnerability in the web-based management interface of Cisco Data Center Network Manager DCNM could allow an unauthenticated, remote attacker to gain access to sensitive files on an affected device. The vulnerability is due to incorrect permissions settings on affected DCNM software. An attacke...
Cisco Email Security Appliance GZIP Content Filter Bypass Vulnerability
A vulnerability in the GZIP decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass configured content filters on the device. The vulnerability is due to improper validation of GZIP-formatted files. An attacke...
Cisco Integrated Management Controller Denial of Service Vulnerability
A vulnerability in the firmware signature checking program of Cisco Integrated Management Controller IMC could allow an authenticated, local attacker to cause a buffer overflow, resulting in a denial of service DoS condition. The vulnerability is due to insufficient checking of an input buffer. A...
Cisco Prime Service Catalog Cross-Site Request Forgery Vulnerability
A vulnerability in the web-based management interface of Cisco Prime Service Catalog Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. The vulnerability is due to insufficient CSRF protection mechanisms on the...
Cisco RV110W, RV130W, and RV215W Routers Unauthenticated syslog File Access Vulnerability
A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to access the syslog file on an affected device. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this...
Cisco Integrated Management Controller Information Disclosure Vulnerability
A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to access potentially sensitive system usage information. The vulnerability is due to a lack of proper data protection mechanisms. An attacker could...
Cisco SD-WAN Solution Privilege Escalation Vulnerability
A vulnerability in the vManage web-based UI Web UI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to gain elevated privileges on an affected vManage device. The vulnerability is due to a failure to properly authorize certain user actions in the device configuration. An...
Cisco TelePresence Endpoint Command Shell Injection Vulnerability
A vulnerability in the Cisco Discovery Protocol CDP implementation for the Cisco TelePresence Codec TC and Collaboration Endpoint CE Software could allow an unauthenticated, adjacent attacker to inject arbitrary shell commands that are executed by the device. The vulnerability is due to...
Cisco DNA Center Authentication Bypass Vulnerability
A vulnerability in Cisco Digital Network Architecture DNA Center could allow an unauthenticated, adjacent attacker to bypass authentication and access critical internal services. The vulnerability is due to insufficient access restriction to ports necessary for system operation. An attacker could...
Cisco Integrated Management Controller Cross-Site Request Forgery Vulnerability
A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF...
Cisco SD-WAN Solution Command Injection Vulnerability
A vulnerability in the vManage web-based UI Web UI in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerabilit...
Cisco StarOS Denial of Service Vulnerability
A vulnerability in the internal packet-processing functionality of the Cisco StarOS operating system running on virtual platforms could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service DoS condition. The vulnerabili...
Cisco Integrated Management Controller CLI Command Injection Vulnerability
A vulnerability in the CLI of Cisco Integrated Management Controller IMC could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient validation of user-supplied input at the CLI. An attacker could explo...
Cisco Integrated Management Controller Arbitrary File Write Vulnerability
A vulnerability in the configuration import utility of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to have write access and upload arbitrary data to the filesystem. The vulnerability is due to a failure to delete temporarily uploaded files. An attack...
Cisco SD-WAN Solution Privilege Escalation Vulnerability
A vulnerability in the CLI of Cisco SD-WAN Solution could allow an authenticated, local attacker to elevate lower-level privileges to the root user on an affected device. The vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by...
Cisco Meeting Server CLI Command Injection Vulnerability
A vulnerability in the CLI configuration shell of Cisco Meeting Server could allow an authenticated, local attacker to inject arbitrary commands as the root user. The vulnerability is due to insufficient input validation during the execution of a vulnerable CLI command. An attacker with...
Cisco RV110W, RV130W, and RV215W Routers Management Interface Denial of Service Vulnerability
A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denia...
Cisco Prime Service Catalog Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplied input by...
Cisco Integrated Management Controller Information Disclosure Vulnerability
A vulnerability in the Server Utilities of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker to gain unauthorized access to sensitive user information from the configuration data that is stored on the affected system. The vulnerability is due to insufficient...
Cisco RV110W, RV130W, and RV215W Routers Denial of Service Vulnerability
A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to disconnect clients that are connected to the guest network on an affected router. The vulnerability is due to improper authorization of an HTTP...
Cisco RV110W, RV130W, and RV215W Routers Information Disclosure Vulnerability
A vulnerability in the web interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to acquire the list of devices that are connected to the guest network. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit...
Cisco Enterprise Chat and Email Attachment Download Vulnerability
A vulnerability in the HTTP API of Cisco Enterprise Chat and Email could allow an unauthenticated, remote attacker to download files attached through chat sessions. The vulnerability is due to insufficient authentication mechanisms on the file download function of the API. An attacker could explo...
Cisco Wide Area Application Services Software HTTPS Proxy Authentication Bypass Vulnerability
A vulnerability in the HTTPS proxy feature of Cisco Wide Area Application Services WAAS Software could allow an unauthenticated, remote attacker to use the Central Manager as an HTTPS proxy. The vulnerability is due to insufficient authentication of proxy connection requests. An attacker could...
Cisco Prime Infrastructure and Evolved Programmable Network Manager Virtual Domain Privilege Escalation Vulnerability
A vulnerability in the Virtual Domain system of Cisco Prime Infrastructure PI and Evolved Programmable Network Manager EPN Manager could allow an authenticated, remote attacker to change the virtual domain configuration, which could lead to privilege escalation. The vulnerability is due to improp...
Cisco Security Manager XML Entity Expansion Vulnerability
A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information or cause a denial of service DoS condition. The vulnerability is due to improper restrictions on XML entities. An attacker could exploit this vulnerability by sending maliciou...
Cisco Integrated Management Controller Denial of Service Vulnerability
A vulnerability in the web server of Cisco Integrated Management Controller IMC could allow an authenticated, local attacker to cause a buffer overflow, resulting in a denial of service DoS condition on an affected device. The vulnerability is due to incorrect bounds checking. An attacker could...
Cisco IOS XE Software Web UI Cross-Site Request Forgery Vulnerability
A vulnerability in the web-based UI web UI of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attacke...
Cisco Industrial Network Director Remote Code Execution Vulnerability
A vulnerability in the software update feature of Cisco Industrial Network Director could allow an authenticated, remote attacker to execute arbitrary code. The vulnerability is due to improper validation of files uploaded to the affected application. An attacker could exploit this vulnerability ...
Cisco TelePresence Video Communication Server and Cisco Expressway Series Server-Side Request Forgery Vulnerability
A vulnerability in Cisco TelePresence Video Communication Server VCS and Cisco Expressway Series software could allow an unauthenticated, remote attacker to cause an affected system to send arbitrary network requests. The vulnerability is due to improper restrictions on network services in the...
Cisco Unified Computing System BIOS Signature Bypass Vulnerability
A vulnerability in the BIOS upgrade utility of Cisco Unified Computing System UCS C-Series Rack Servers could allow an authenticated, local attacker to install compromised BIOS firmware on an affected device. The vulnerability is due to insufficient validation of the firmware image file. An...
Cisco Unified Communications Manager IM&P Service, Cisco TelePresence VCS, and Cisco Expressway Series Denial of Service Vulnerability
A vulnerability in the authentication service of the Cisco Unified Communications Manager IM and Presence Unified CM IM&P Service, Cisco TelePresence Video Communication Server VCS, and Cisco Expressway Series could allow an unauthenticated, remote attacker to cause a service outage for users...
Cisco Industrial Network Director Stored Cross-Site Scripting Vulnerability
A vulnerability in Cisco Industrial Network Director could allow an authenticated, remote attacker to conduct stored cross-site scripting XSS attacks. The vulnerability is due to improper validation of content submitted to the affected application. An attacker could exploit this vulnerability by...