Cisco IP Phone 8800 Series File Upload Denial of Service Vulnerability

A vulnerability in the web-based management interface of Session Initiation Protocol SIP Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service DoS condition. The vulnerability exists because the...

Cisco Common Services Platform Collector Static Credential Vulnerability

A vulnerability in the Cisco Common Services Platform Collector CSPC could allow an unauthenticated, remote attacker to access an affected device by using an account that has a default, static password. This account does not have administrator privileges. The vulnerability exists because the...

Cisco Small Business SPA514G IP Phones SIP Denial of Service Vulnerability

A vulnerability in the implementation of Session Initiation Protocol SIP processing in Cisco Small Business SPA514G IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service DoS condition. The vulnerability is du...

Cisco Application Policy Infrastructure Controller IPv6 Link-Local Address Vulnerability

A vulnerability in the management interface of Cisco Application Policy Infrastructure Controller APIC software could allow an unauthenticated, adjacent attacker to gain unauthorized access on an affected device. The vulnerability is due to a lack of proper access control mechanisms for IPv6...

Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1606)

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker coul...

Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1609)

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker coul...

Cisco FXOS and NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1611)

A vulnerability in the CLI of Cisco NX-OS Software and Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI...

Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1612)

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker coul...

Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1613)

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker coul...

Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Shell Escape Vulnerability

A vulnerability in a specific CLI command implementation of Cisco Nexus 9000 Series ACI Mode Switch Software could allow an authenticated, local attacker to escape a restricted shell on an affected device. The vulnerability is due to insufficient sanitization of user-supplied input when issuing a...

Cisco Nexus 5600 and 6000 Series Switches Fibre Channel over Ethernet Denial of Service Vulnerability

A vulnerability in the Fibre Channel over Ethernet FCoE protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to an incorrect allocation of an internal interface...

Action Recommended to Secure the Cisco Nexus PowerOn Auto Provisioning Feature

Cisco Nexus devices support an automatic provisioning or zero-touch deployment feature called PowerOn Auto Provisioning POAP. This feature assists in automating the initial deployment and configuration of Nexus switches. POAP is enabled by default and activates on devices that have no startup...

Cisco Nexus 9000 Series Fabric Switches Application-Centric Infrastructure Mode Arbitrary File Read Vulnerability

A vulnerability in the Cisco Nexus 9000 Series Fabric Switches running in Application-Centric Infrastructure ACI mode could allow an authenticated, local attacker to read arbitrary files on an affected device. The vulnerability is due to a lack of proper input and validation checking mechanisms o...

Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Enterprise Chat and Email could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of the affected software. The vulnerabilities are due...

Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1607)

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker coul...

Cisco NX-OS Software Privilege Escalation Vulnerability

A vulnerability in the user account management interface of Cisco NX-OS Software could allow an authenticated, local attacker to gain elevated privileges on an affected device. The vulnerability is due to an incorrect authorization check of user accounts and their associated Group ID GID. An...

Cisco DNA Center Access Contract Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco DNA Center could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of...

Cisco NX-OS Software Bash Shell Privilege Escalation Vulnerability

A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to escalate their privilege level to root. The attacker must authenticate with valid user credentials. The vulnerability is due to incorrect permissions of a system executable. A...

Cisco Nexus 9000 Series Fabric Switches Application-Centric Infrastructure Mode Privilege Escalation Vulnerability

A vulnerability in the controller authorization functionality of Cisco Nexus 9000 Series ACI Mode Switch Software could allow an authenticated, local attacker to escalate standard users with root privilege on an affected device. The vulnerability is due to a misconfiguration of certain sudoers...

Cisco NX-OS Software Bash Shell Role-Based Access Control Bypass Privilege Escalation Vulnerability

A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to escalate their privilege level by executing commands authorized to other user roles. The attacker must authenticate with valid user credentials. The vulnerability is due to th...

Cisco NX-OS Software Privilege Escalation Vulnerability

A vulnerability in the filesystem permissions of Cisco NX-OS Software could allow an authenticated, local attacker to access sensitive data that could be used to elevate their privileges to administrator. The vulnerability is due to improper implementation of filesystem permissions. An attacker...

Cisco NX-OS Software Image Signature Verification Vulnerability

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability is due to improper verification of digital signature...

Cisco NX-OS Software NX-API Command Injection Vulnerability

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The vulnerability is due to incorrect input validation of user-supplied data by the NX-API subsystem. An attacker could exploit this...

Cisco NX-OS Software Cisco Fabric Services Denial of Service Vulnerability

A vulnerability in the Cisco Fabric Services component of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a buffer overflow, resulting in a denial of service DoS condition. The vulnerability is due to insufficient validation of Cisco Fabric Services packets. An...

Cisco NX-OS Software NX-API Arbitrary Code Execution Vulnerability

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary code as root. The vulnerability is due to incorrect input validation in the NX-API feature. An attacker could exploit this vulnerability by sending a crafted HTTP or HTT...

Cisco NX-OS Software 802.1X Extensible Authentication Protocol over LAN Denial of Service Vulnerability

A vulnerability in the 802.1X implementation for Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to incomplete input validation of Extensible Authentication Protocol over LAN EAPOL...

Cisco NX-OS Software Unauthorized Filesystem Access Vulnerability

A vulnerability in the filesystem permissions of Cisco NX-OS Software could allow an authenticated, local attacker to gain read and write access to a critical configuration file. The vulnerability is due to a failure to impose strict filesystem permissions on the targeted device. An attacker coul...

Cisco NX-OS Software Netstack Denial of Service Vulnerability

A vulnerability in the network stack of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on the affected device. The vulnerability is due to an issue with allocating and freeing memory buffers in the network stack. An attacker could...

Cisco FXOS and NX-OS Lightweight Directory Access Protocol Denial of Service Vulnerabilities

Multiple vulnerabilities in the implementation of the Lightweight Directory Access Protocol LDAP feature in Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. The...

Cisco Nexus 9000 Series Switches Standalone NX-OS Mode Tetration Analytics Agent Arbitrary Code Execution Vulnerability

A vulnerability in the Tetration Analytics agent for Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker to execute arbitrary code as root. The vulnerability is due to an incorrect permissions setting. An attacker could exploit this vulnerability...

Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1608)

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker coul...

Cisco FXOS and NX-OS Software Unauthorized Directory Access Vulnerability

A vulnerability in the file system permissions of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to access sensitive information that is stored in the file system of an affected system. The vulnerability is due to improper implementation of file system...

Cisco Nexus 9000 Series Switches Standalone NX-OS Mode Fibre Channel over Ethernet NPV Denial of Service Vulnerability

A vulnerability in the Fibre Channel over Ethernet FCoE N-port Virtualization NPV protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition. The vulnerability is due to an incorrect processing of FCoE packets when...

Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1610)

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker coul...

Cisco NX-OS Software Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to escalate lower-level privileges to the administrator level. The vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by authenticating to the...

Cisco RV110W, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability

A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The...

Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools Update Service Command Injection Vulnerability

A vulnerability in the update service of Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user. The vulnerability is due to insufficient validation of user-supplied parameters...

Cisco Webex Teams for iOS Arbitrary File Upload Vulnerability

A vulnerability in the client application for iOS of Cisco Webex Teams could allow an authenticated, remote attacker to upload arbitrary files within the scope of the iOS application. The vulnerability is due to improper input validation in the client application. An attacker could exploit this...

Cisco Firepower 9000 Series Firepower 2-Port 100G Double-Width Network Module Queue Wedge Denial of Service Vulnerability

A vulnerability in field-programmable gate array FPGA ingress buffer management for the Cisco Firepower 9000 Series with the Cisco Firepower 2-port 100G double-width network module PID: FPR9K-DNM-2X100G could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition...

Cisco Prime Collaboration Assurance Software Unauthenticated Access Vulnerability

A vulnerability in the Quality of Voice Reporting QOVR service of Cisco Prime Collaboration Assurance PCA Software could allow an unauthenticated, remote attacker to access the system as a valid user. The vulnerability is due to insufficient authentication controls. An attacker could exploit this...

Cisco SPA112, SPA525, and SPA5x5 Series IP Phones Certificate Validation Vulnerability

A vulnerability in the certificate handling component of the Cisco SPA112, SPA525, and SPA5X5 Series IP Phones could allow an unauthenticated, remote attacker to listen to or control some aspects of a Transport Level Security TLS-encrypted Session Initiation Protocol SIP conversation. The...

Cisco Unity Connection Reflected Cross-Site Scripting Vulnerability

A vulnerability in the Security Assertion Markup Language SAML single sign-on SSO interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an affected device. The vulnerability is due to...

Cisco HyperFlex Arbitrary Statistics Write Vulnerability

A vulnerability in the Graphite interface of Cisco HyperFlex software could allow an authenticated, local attacker to write arbitrary data to the Graphite interface. The vulnerability is due to insufficient authorization controls. An attacker could exploit this vulnerability by connecting to the...

Cisco IP Phone 7800 and 8800 Series Cisco Discovery Protocol and Link Layer Discovery Protocol Denial of Service Vulnerability

A vulnerability in the Cisco Discovery Protocol or Link Layer Discovery Protocol LLDP implementation for the Cisco IP Phone 7800 and 8800 Series could allow an unauthenticated, adjacent attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of service DoS...

Cisco Firepower Threat Defense Software SSL or TLS Denial of Service Vulnerability

A vulnerability in the detection engine of Cisco Firepower Threat Defense Software could allow an unauthenticated, remote attacker to cause the unexpected restart of the SNORT detection engine, resulting in a denial of service DoS condition. The vulnerability is due to the incomplete error handli...

Cisco IoT Field Network Director XML External Entity Vulnerability

A vulnerability in the web-based user interface of Cisco Internet of Things Field Network Director IoT-FND Software could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External...

Cisco HyperFlex Software Command Injection Vulnerability

A vulnerability in the cluster service manager of Cisco HyperFlex Software could allow an unauthenticated, adjacent attacker to execute commands as the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by connecting to the cluster...

Cisco Hyperflex Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco HyperFlex software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient...

Cisco Network Convergence System 1000 Series TFTP Directory Traversal Vulnerability

A vulnerability in the TFTP service of Cisco Network Convergence System 1000 Series software could allow an unauthenticated, remote attacker to retrieve arbitrary files from the targeted device, possibly resulting in information disclosure. The vulnerability is due to improper validation of...

Cisco HyperFlex Unauthenticated Statistics Retrieval Vulnerability

A vulnerability in the Graphite service of Cisco HyperFlex software could allow an unauthenticated, remote attacker to retrieve data from the Graphite service. The vulnerability is due to insufficient authentication controls. An attacker could exploit this vulnerability by sending crafted request...