Cisco IOS XE Software Web UI Command Injection Vulnerability

A vulnerability in the web-based user interface Web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability occurs because the affected software improperly sanitizes...

Cisco Elastic Services Controller REST API Authentication Bypass Vulnerability

A vulnerability in the REST API of Cisco Elastic Services Controller ESC could allow an unauthenticated, remote attacker to bypass authentication on the REST API. The vulnerability is due to improper validation of API requests. An attacker could exploit this vulnerability by sending a crafted...

Cisco Application Policy Infrastructure Controller Privilege Escalation Vulnerability

A vulnerability in the FUSE filesystem functionality for Cisco Application Policy Infrastructure Controller APIC software could allow an authenticated, local attacker to escalate privileges to root on an affected device. The vulnerability is due to insufficient input validation for certain comman...

Cisco Adaptive Security Appliance and Firepower Threat Defense Software WebVPN Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the WebVPN service of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the WebVPN portal of an affected device. Th...

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software WebVPN Denial of Service Vulnerability

A vulnerability in the WebVPN login process of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause increased CPU utilization on an affected device. The vulnerability is due to excessive processing...

Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software TCP Timer Handling Denial of Service Vulnerability

A vulnerability in the TCP processing engine of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. The vulnerability i...

Cisco Prime Network Registrar Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplied input...

Cisco Application Policy Infrastructure Controller Web-Based Management Interface Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller APIC could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability...

Cisco Application Policy Infrastructure Controller Web-Based Management Interface Usage Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller APIC Software could allow an unauthenticated, remote attacker to access sensitive system usage information. The vulnerability is due to a lack of proper data protection mechanisms for certa...

Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Default SSH Key Vulnerability

A vulnerability in the SSH key management for the Cisco Nexus 9000 Series Application Centric Infrastructure ACI Mode Switch Software could allow an unauthenticated, remote attacker to connect to the affected system with the privileges of the root user. The vulnerability is due to the presence of...

Cisco Adaptive Security Appliance Software IPsec Denial of Service Vulnerability

A vulnerability in the software cryptography module of the Cisco Adaptive Security Virtual Appliance ASAv and Firepower 2100 Series running Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to cause an unexpected reload of the device that results in a...

Cisco Firepower Threat Defense Software TCP Ingress Handler Denial of Service Vulnerability

A vulnerability in the TCP ingress handler for the data interfaces that are configured with management access to Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause an increase in CPU and memory usage, resulting in a denial of service DoS condition...

Cisco Firepower Threat Defense Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting commands into argument...

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software TCP Proxy Denial of Service Vulnerability

A vulnerability in the TCP proxy functionality for Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause the device to restart unexpectedly, resulting in a denial of service DoS condition. The...

Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Filter Query Information Disclosure Vulnerability

A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure ACI mode could allow an authenticated, remote attacker to access sensitive information. The vulnerability occurs because the affected software does not properly validate user-supplied input. An attack...

Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Unmeasured Boot Vulnerability

A vulnerability in the Trusted Platform Module TPM functionality of software for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure ACI mode could allow an unauthenticated, local attacker with physical access to view sensitive information on an affected device. The...

Cisco Firepower Threat Defense Software SMB Protocol Preprocessor Detection Engine Denial of Service Vulnerabilities

Multiple vulnerabilities in the Server Message Block SMB Protocol preprocessor detection engine for Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, adjacent or remote attacker to cause a denial of service DoS condition. For more information about these vulnerabilities,...

Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Symbolic Link Path Traversal Vulnerability

A vulnerability in the system shell for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure ACI mode could allow an authenticated, local attacker to use symbolic links to overwrite system files. These system files may be sensitive and should not be overwritable by non-ro...

Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Privilege Escalation Vulnerability

A vulnerability in the background operations functionality of Cisco Nexus 9000 Series Application Centric Infrastructure ACI Mode Switch Software could allow an authenticated, local attacker to gain elevated privileges as root on an affected device. The vulnerability is due to insufficient...

Cisco Adaptive Security Appliance Software VPN Denial of Service Vulnerability

A vulnerability in the remote access VPN session manager of Cisco Adaptive Security Appliance ASA Software could allow a unauthenticated, remote attacker to cause a denial of service DoS condition on the remote access VPN services. The vulnerability is due to an issue with the remote access VPN...

Cisco Email Security Appliance Filter Bypass Vulnerability

A vulnerability in certain attachment detection mechanisms of the Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass the filtering functionality of an affected device. The vulnerability is due to improper detection of certain content sent to an affected...

Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software MOBIKE Denial of Service Vulnerability

A vulnerability in the Internet Key Exchange Version 2 Mobility and Multihoming Protocol MOBIKE feature for the Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a memory leak or a reload of an...

Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Insecure Fabric Authentication Vulnerability

A vulnerability in the Transport Layer Security TLS certificate validation functionality of Cisco Nexus 9000 Series Application Centric Infrastructure ACI Mode Switch Software could allow an unauthenticated, remote attacker to perform insecure TLS client authentication on an affected device. The...

Cisco Firepower Threat Defense Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting commands into argument...

Cisco Small Business RV320 and RV325 Routers Session Hijacking Vulnerability

A vulnerability in the session management functionality of the web-based interface for Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. An attacker could use this impersonated...

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Low-Entropy Keys Vulnerability

A vulnerability in the Deterministic Random Bit Generator DRBG, also known as Pseudorandom Number Generator PRNG, used in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a cryptographic...

Cisco Firepower Threat Defense Software Packet Processing Denial of Service Vulnerability

A vulnerability in the internal packet-processing functionality of Cisco Firepower Threat Defense FTD Software for the Cisco Firepower 2100 Series could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service DoS condition...

Cisco Small Business Switches Secure Shell Certificate Authentication Bypass Vulnerability

A vulnerability in the Secure Shell SSH authentication process of Cisco Small Business Switches software could allow an attacker to bypass client-side certificate authentication and revert to password authentication. The vulnerability exists because OpenSSH mishandles the authentication process. ...

Cisco Umbrella Dashboard Session Management Vulnerability

A vulnerability in the session management functionality of the web UI for the Cisco Umbrella Dashboard could allow an authenticated, remote attacker to access the Dashboard via an active, user session. The vulnerability exists due to the affected application not invalidating an existing session...

Cisco Application Policy Infrastructure Controller Recoverable Encryption Key Vulnerability

A vulnerability in Cisco Application Policy Infrastructure Controller APIC Software could allow an unauthenticated, local attacker with physical access to obtain sensitive information from an affected device. The vulnerability is due to insecure removal of cleartext encryption keys stored on loca...

Cisco Adaptive Security Appliance Software Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. The vulnerability is due to insufficient CSRF protections for the...

Cisco Adaptive Security Appliance and Firepower Threat Defense Software Layer 2 Filtering Bypass Vulnerability

A vulnerability in the detection engine of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, adjacent attacker to send data directly to the kernel of an affected device. The vulnerability exists because the software...

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software WebVPN Denial of Service Vulnerability

A vulnerability in the WebVPN service of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper management o...

Cisco Prime Collaboration Assurance Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance PCA could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to the...

Cisco Web Security Appliance Malformed Request Denial of Service Vulnerability

A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliance could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper validation of HTTP and HTTPS requests. A...

Cisco Expressway Series Directory Traversal Vulnerability

A vulnerability in the management web interface of Cisco Expressway Series could allow an authenticated, remote attacker to perform a directory traversal attack against an affected device. The vulnerability is due to insufficient input validation on the web interface. An attacker could exploit th...

Cisco IP Phone 7800 Series and 8800 Series Session Initiation Protocol XML Denial of Service Vulnerability

A vulnerability in the call-handling functionality of Session Initiation Protocol SIP Software for Cisco IP Phone 7800 Series and 8800 Series could allow an unauthenticated, remote attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of service DoS condition...

Cisco HyperFlex HX-Series Web-Based Management Interface Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco HyperFlex HX-Series could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for...

Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Root Privilege Escalation Vulnerability

A vulnerability in the filesystem management for the Cisco Nexus 9000 Series Application Centric Infrastructure ACI Mode Switch Software could allow an authenticated, local attacker with administrator rights to gain elevated privileges as the root user on an affected device. The vulnerability is...

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software VPN SAML Authentication Bypass Vulnerability

A vulnerability in the implementation of Security Assertion Markup Language SAML 2.0 Single Sign-On SSO for Clientless SSL VPN WebVPN and AnyConnect Remote Access VPN in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated,...

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Lightweight Directory Access Protocol Denial of Service Vulnerability

A vulnerability in the implementation of the Lightweight Directory Access Protocol LDAP feature in Cisco Adaptive Security Appliance ASA Software and Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial ...

Cisco Web Security Appliance Privilege Escalation Vulnerability

A vulnerability in the log subscription subsystem of the Cisco Web Security Appliance WSA could allow an authenticated, local attacker to perform command injection and elevate privileges to root. The vulnerability is due to insufficient validation of user-supplied input on the web and command-lin...

Cisco Aironet Series Access Points Development Shell Access Vulnerability

A vulnerability in the development shell devshell authentication for Cisco Aironet Series Access Points APs running the Cisco AP-COS operating system could allow an authenticated, local attacker to access the development shell without proper authentication, which allows for root access to the...

Cisco IOS XR Software Protocol Independent Multicast Denial of Service Vulnerability

A vulnerability in the Protocol Independent Multicast PIM feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the PIM process to restart, resulting in a denial of service condition on an affected device. The vulnerability is due to the incorrect processing of...

Cisco Unified Communications Manager Denial of Service Vulnerability

A vulnerability in the User Data Services UDS API of Cisco Unified Communications Manager Unified CM could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on the management GUI. The vulnerability is due to improper validation of input parameters in the UDS API...

Cisco DNA Center Unintended Proxy Via SWIM Import Interface Vulnerability

A vulnerability in the Software Image Management feature of Cisco DNA Center could allow an authenticated, remote attacker to access to internal services without additional authentication. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this...

Cisco Expressway Series and Cisco TelePresence Video Communication Server Denial of Service Vulnerability

A vulnerability in the phone book feature of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker to cause the CPU to increase to 100% utilization, causing a denial of service DoS condition on an affected system. The...

Cisco Aironet Series Access Points Denial of Service Vulnerability

A vulnerability in the internal packet processing of Cisco Aironet Series Access Points APs could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected AP if the switch interface where the AP is connected has port security configured. The...

Cisco Wireless LAN Controller Software IAPP Message Handling Denial of Service Vulnerabilities

Multiple vulnerabilities in the handling of Inter-Access Point Protocol IAPP messages by Cisco Wireless LAN Controller WLC Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition. The vulnerabilities exist because the software improperly validates inp...

Cisco Directory Connector Search Order Hijacking Vulnerability

A vulnerability in the search path processing of Cisco Directory Connector could allow an authenticated, local attacker to load a binary of their choosing. The vulnerability is due to uncontrolled search path elements. An attacker could exploit this vulnerability by placing a binary of their...