5218 matches found
Cisco IOS XR 64-Bit Software for Cisco ASR 9000 Series Aggregation Services Routers Network Isolation Vulnerability
A vulnerability in the sysadmin virtual machine VM on Cisco ASR 9000 Series Aggregation Services Routers running Cisco IOS XR 64-bit Software could allow an unauthenticated, remote attacker to access internal applications running on the sysadmin VM. The vulnerability is due to incorrect isolation...
Cisco Firepower Management Center Persistent Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected system. The vulnerability is due to...
Cisco Identity Services Engine SSL Renegotiation Denial of Service Vulnerability
A vulnerability in the web interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to trigger high CPU usage, resulting in a denial of service DoS condition. The vulnerability is due to improper handling of Secure Sockets Layer SSL renegotiation requests. A...
Cisco Wireless LAN Controller Locally Significant Certificate Denial of Service Vulnerability
A vulnerability in Locally Significant Certificate LSC management for the Cisco Wireless LAN Controller WLC could allow an authenticated, remote attacker to cause the device to unexpectedly restart, which causes a denial of service DoS condition. The attacker would need to have valid administrato...
Cisco Expressway Series and Cisco TelePresence Video Communication Server Denial of Service Vulnerability
A vulnerability in the XML API of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker to cause the CPU to increase to 100% utilization, causing a denial of service DoS condition on an affected system. The vulnerability is due...
Cisco Prime Network Registrar Denial of Service Vulnerability
A vulnerability in the DHCPv6 input packet processor of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to restart the server and cause a denial of service DoS condition on the affected system. The vulnerability is due to incomplete user-supplied input validation whe...
Cisco Wireless LAN Controller Software GUI Configuration Denial of Service Vulnerabilities
Multiple vulnerabilities in the administrative GUI configuration feature of Cisco Wireless LAN Controller WLC Software could allow an authenticated, remote attacker to cause the device to reload unexpectedly during device configuration when the administrator is using this GUI, causing a denial of...
Cisco Registered Envelope Service Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based interface of the Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against another user of the service. The vulnerability is due to insufficient validation of user-supplied input by the...
Cisco Wireless LAN Controller Software Session Hijacking Vulnerability
A vulnerability in the session identification management functionality of the web-based interface of Cisco Wireless LAN Controller WLC Software could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. The vulnerability exists because the affected...
Cisco Wireless LAN Controller Secure Shell Unauthorized Access Vulnerability
A vulnerability in certain access control mechanisms for the Secure Shell SSH server implementation for Cisco Wireless LAN Controller WLC Software could allow an unauthenticated, adjacent attacker to access a CLI instance on an affected device. The vulnerability is due to a lack of proper input-...
Cisco UCS B-Series Blade Servers Local Management CLI Arbitrary File Creation or CLI Parameter Injection Vulnerability
A vulnerability in the local management CLI implementation for specific commands on the Cisco UCS B-Series Blade Servers could allow an authenticated, local attacker to overwrite an arbitrary file on disk. It is also possible the attacker could inject CLI command parameters that should not be...
Cisco Aironet Series Access Points Quality of Service Denial of Service Vulnerability
A vulnerability in the quality of service QoS feature of Cisco Aironet Series Access Points APs could allow an authenticated, adjacent attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper input validation on QoS fields within Wi-Fi frames...
Cisco Aironet Series Access Points Command Injection Vulnerability
A vulnerability in the CLI of Cisco Aironet Series Access Points APs could allow an authenticated, local attacker to gain access to the underlying Linux operating system OS without the proper authentication. The attacker would need valid administrator device credentials. The vulnerability is due ...
Cisco Expressway Series and Cisco TelePresence Video Communication Server Cross-Site Request Forgery Vulnerability
A vulnerability in the FindMe feature of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected system. The vulnerability is due ...
Cisco Umbrella Cross-Site Scripting Vulnerability
A vulnerability in the URL block page of Cisco Umbrella could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user in a network protected by Umbrella. The vulnerability is due to insufficient validation of input parameters passed to that page. An...
Cisco Aironet Series Access Points Directory Traversal Vulnerability
A vulnerability in the CLI of Cisco Aironet Access Points APs could allow an authenticated, local attacker to access sensitive information stored in an AP. The vulnerability is due to improper sanitization of user-supplied input in specific CLI commands. An attacker could exploit this vulnerabili...
Cisco ASR 9000 Series Aggregation Services Routers ACL Bypass Vulnerability
A vulnerability in the TCP flags inspection feature for access control lists ACLs on Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass protection offered by a configured ACL on an affected device. The vulnerability is due to incorrect...
Cisco Wireless LAN Controller Software Cross-Site Request Forgery Vulnerability
A vulnerability in the web-based management interface of Cisco Wireless LAN Controller WLC Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on the device with the privileges of the user, including modifying...
Cisco IOS XR gRPC Software Denial of Service Vulnerability
A vulnerability in the Event Management Service daemon emsd of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper handling of gRPC requests. An attacker could exploit this...
Cisco Identity Services Engine Cross-Site Scripting Vulnerability
A vulnerability in the web-based guest portal of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied...
Cisco Email Security Appliance Content Filter Bypass Vulnerability
A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass configured content filters on the device. The vulnerability is due to improper input validation of the email body. An attacker...
Cisco Small Business RV320 and RV325 Routers Weak Credential Encryption Vulnerability
A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to access administrative credentials. The vulnerability exists because affected devices use weak encryption algorithms for use...
Cisco Small Business RV320 and RV325 Routers Online Help Reflected Cross-Site Scripting Vulnerability
A vulnerability in the Online Help web service of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the service. The vulnerability exists because the Online Hel...
Cisco Aggregation Services Router 900 Route Switch Processor 3 OSPFv2 Denial of Service Vulnerability
A vulnerability in the ingress traffic validation of Cisco IOS XE Software for Cisco Aggregation Services Router ASR 900 Route Switch Processor 3 RSP3 could allow an unauthenticated, adjacent attacker to trigger a reload of an affected device, resulting in a denial of service DoS condition. The...
Cisco IOS XE Software Command Injection Vulnerability
A vulnerability in the Web Services Management Agent WSMA function of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary Cisco IOS commands as a privilege level 15 user. The vulnerability occurs because the affected software improperly sanitizes user-supplied...
Cisco IOS and IOS XE Software Network Plug-and-Play Agent Certificate Validation Vulnerability
A vulnerability in the Cisco Network Plug-and-Play PnP agent of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability exists because the affected software insufficiently validates certificates...
Cisco IOS and IOS XE Software IP Service Level Agreement Denial of Service Vulnerability
A vulnerability in the processing of IP Service Level Agreement SLA packets by Cisco IOS Software and Cisco IOS XE software could allow an unauthenticated, remote attacker to cause an interface wedge and an eventual denial of service DoS condition on the affected device. The vulnerability is due ...
Cisco IOS XE Software Command Injection Vulnerability
A vulnerability in Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attacker who has...
Cisco IOS and IOS XE Software ISDN Interface Denial of Service Vulnerability
A vulnerability in the ISDN functions of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect processing of specific values in the Q.931 information elements. An attacker could exploit thi...
Cisco IOS and IOS XE Software Smart Call Home Certificate Validation Vulnerability
A vulnerability in the Cisco Smart Call Home feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected...
Cisco IOS Software Catalyst 6500 Series 802.1x Authentication Bypass Vulnerability
A vulnerability in 802.1x function of Cisco IOS Software on the Catalyst 6500 Series Switches could allow an unauthenticated, adjacent attacker to access the network prior to authentication. The vulnerability is due to how the 802.1x packets are handled in the process path. An attacker could...
Cisco IOS and IOS XE Software Information Disclosure Vulnerability
A vulnerability in the Secure Storage feature of Cisco IOS and IOS XE Software could allow an authenticated, local attacker to access sensitive system information on an affected device. The vulnerability is due to improper memory operations performed at encryption time, when affected software...
Cisco IOS XE Software Performance Routing Version 3 Denial of Service Vulnerability
A vulnerability in Performance Routing Version 3 PfRv3 of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the affected device to reload. The vulnerability is due to the processing of malformed smart probe packets. An attacker could exploit this vulnerability by...
Cisco IOS and IOS XE Software Short Message Service Denial of Service Vulnerability
A vulnerability in the implementation of the Short Message Service SMS handling functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a denial of service DoS condition on an affected device. The vulnerability is due to improper...
Cisco IOS XE Software Information Disclosure Vulnerability
A vulnerability in the web UI of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access sensitive configuration information. The vulnerability is due to improper access control to files within the web UI. An attacker could exploit this vulnerability by sending a malicious...
Cisco IOS and IOS XE Software Network-Based Application Recognition Denial of Service Vulnerabilities
Multiple vulnerabilities in the Network-Based Application Recognition NBAR feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. These vulnerabilities are due to a parsing issue on DNS packets. An attacker...
Cisco IOS XE Software Gigabit Ethernet Management Interface Access Control List Bypass Vulnerability
A vulnerability in access control list ACL functionality of the Gigabit Ethernet Management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to reach the configured IP addresses on the Gigabit Ethernet Management interface. The vulnerability is due to a logic err...
Cisco IOS XE Software Encrypted Traffic Analytics Denial of Service Vulnerability
A vulnerability in the Cisco Encrypted Traffic Analytics ETA feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to a logic error that exists when handling a malformed incoming packet, leading to...
Cisco IOS XE Software Catalyst 4500 Cisco Discovery Protocol Denial of Service Vulnerability
A vulnerability in the Easy Virtual Switching System VSS of Cisco IOS XE Software on Catalyst 4500 Series Switches could allow an unauthenticated, adjacent attacker to cause the switches to reload. The vulnerability is due to incomplete error handling when processing Cisco Discovery Protocol CDP...
Cisco IOS XE Software Privilege Escalation Vulnerability
A vulnerability in the authorization subsystem of Cisco IOS XE Software could allow an authenticated but unprivileged level 1, remote attacker to run privileged Cisco IOS commands by using the web UI. The vulnerability is due to improper validation of user privileges of web UI users. An attacker...
Cisco IOS XE Software Privilege Escalation Vulnerability
A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated but unprivileged level 1, remote attacker to run privileged Cisco IOS commands by using the web UI. The vulnerability is due to a failure to validate and sanitize input in Web Services Management Agent WSMA...
Cisco IOS Software NAT64 Denial of Service Vulnerability
A vulnerability in the Network Address Translation 64 NAT64 functions of Cisco IOS Software could allow an unauthenticated, remote attacker to cause either an interface queue wedge or a device reload. The vulnerability is due to the incorrect handling of certain IPv4 packet streams that are sent...
Cisco IOS XE Software Arbitrary File Upload Vulnerability
A vulnerability in the web UI framework of Cisco IOS XE Software could allow an authenticated, remote attacker to make unauthorized changes to the filesystem of the affected device. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by crafting a...
Cisco IOS XE Software Command Injection Vulnerability
A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with elevated privileges. The vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability b...
Cisco IOS and IOS XE Software Cluster Management Protocol Denial of Service Vulnerability
A vulnerability in the Cluster Management Protocol CMP processing code in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service DoS condition on an affected device. The vulnerability is due to insufficient input validation wh...
Cisco IOS and IOS XE Software Hot Standby Router Protocol Information Leak Vulnerability
A vulnerability in the Hot Standby Router Protocol HSRP subsystem of Cisco IOS and IOS XE Software could allow an unauthenticated, adjacent attacker to receive potentially sensitive information from an affected device. The vulnerability is due to insufficient memory initialization. An attacker...
Cisco IP Phone 8800 Series Cross-Site Request Forgery Vulnerability
A vulnerability in the web-based management interface of Session Initiation Protocol SIP Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack. The vulnerability is due to insufficient CSRF protections for the...
Cisco IP Phone 7800 Series and 8800 Series Remote Code Execution Vulnerability
A vulnerability in the web-based management interface of Session Initiation Protocol SIP Software for Cisco IP Phone 7800 Series and Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service DoS condition or execute arbitrary code. The vulnerability...
Cisco IP Phone 8800 Series Path Traversal Vulnerability
A vulnerability in the web-based management interface of Session Initiation Protocol SIP Software for Cisco IP Phone 8800 Series could allow an authenticated, remote attacker to write arbitrary files to the filesystem. The vulnerability is due to insufficient input validation and file-level...
Cisco IP Phone 8800 Series Authorization Bypass Vulnerability
A vulnerability in the web-based management interface of Session Initiation Protocol SIP Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to bypass authorization, access critical services, and cause a denial of service DoS condition. The vulnerability exists...