5218 matches found
Cisco HyperFlex Software Unauthenticated Root Access Vulnerability
A vulnerability in the hxterm service of Cisco HyperFlex Software could allow an unauthenticated, local attacker to gain root access to all nodes in the cluster. The vulnerability is due to insufficient authentication controls. An attacker could exploit this vulnerability by connecting to the...
Cisco Prime Infrastructure Certificate Validation Vulnerability
A vulnerability in the Identity Services Engine ISE integration feature of Cisco Prime Infrastructure PI could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack against the Secure Sockets Layer SSL tunnel established between ISE and PI. The vulnerability is due to...
Container Privilege Escalation Vulnerability Affecting Cisco Products: February 2019
A vulnerability in the Open Container Initiative runc CLI tool used by multiple products could allow an unauthenticated, remote attacker to escalate privileges on a targeted system. The vulnerability exists because the affected software improperly handles file descriptors related to /proc/self/ex...
Cisco Network Assurance Engine CLI Access with Default Password Vulnerability
A vulnerability in the management web interface of Cisco Network Assurance Engine NAE could allow an unauthenticated, local attacker to gain unauthorized access or cause a Denial of Service DoS condition on the server. The vulnerability is due to a fault in the password management system of NAE. ...
Cisco Meeting Server SIP Processing Denial of Service Vulnerability
A vulnerability in the Session Initiation Protocol SIP call processing of Cisco Meeting Server CMS software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition of the Cisco Meeting Server. The vulnerability is due to insufficient validation of Session...
Cisco Webex Meetings for Android Cross-Site Scripting Vulnerability
A vulnerability in Cisco Webex Meetings for Android could allow an unauthenticated, local attacker to perform a cross-site scripting attack against the application. The vulnerability is due to insufficient validation of the application input parameters. An attacker could exploit this vulnerabilit...
Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server REST API Server-Side Request Forgery Vulnerability
A vulnerability in the web interface of Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server VCS Software could allow an authenticated, remote attacker to trigger an HTTP request from an affected server to an arbitrary host. This type of attack ...
Cisco TelePresence Management Suite Web Services
Cisco TelePresence Management Suite TMS software implements a Simple Object Access Protocol SOAP interface that by design allows unauthenticated access to web services designed to provide management features to devices. At first publication of the advisory, the management feature was not document...
Cisco Unified Intelligence Center Software Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient inpu...
Cisco Identity Services Engine Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface. The vulnerability is due to insufficient input validation of some...
Cisco Webex Meetings Online Content Injection Vulnerability
A vulnerability in Cisco Webex Meetings Online could allow an unauthenticated, remote attacker to inject arbitrary text into a user’s browser. The vulnerability is due to improper validation of input. An attacker could exploit this vulnerability by convincing a targeted user to view a malicious...
Cisco Aironet Active Sensor Static Credentials Vulnerability
A vulnerability in the default configuration of the Cisco Aironet Active Sensor could allow an unauthenticated, remote attacker to restart the sensor. The vulnerability is due to a default local account with a static password. The account has privileges only to reboot the device. An attacker coul...
Cisco Web Security Appliance Decryption Policy Bypass Vulnerability
A vulnerability in the Decryption Policy Default Action functionality of the Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to bypass a configured drop policy and allow traffic onto the network that should have been denied. The vulnerability is due to the incorre...
Cisco Firepower Management Center Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected system. The vulnerability is due to...
Cisco TelePresence Management Suite Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco TelePresence Management Suite TMS software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is d...
Cisco Meeting Server Denial of Service Vulnerability
A vulnerability in Cisco Meeting Server could allow an authenticated, remote attacker to cause a partial denial of service DoS to Cisco Meetings application users who are paired with a Session Initiation Protocol SIP endpoint. The vulnerability is due to improper validation of coSpaces...
Cisco Webex Meetings Server Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface of the affected software. The vulnerability is due to insufficient validation...
Cisco Webex Network Recording Player Arbitrary Code Execution Vulnerabilities
Multiple vulnerabilities in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly validates Advance...
Cisco Prime Infrastructure Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of the affected software. The vulnerability is due to insufficient...
Cisco SD-WAN Solution Privilege Escalation Vulnerability
A vulnerability in the user group configuration of the Cisco SD-WAN Solution could allow an authenticated, local attacker to gain elevated privileges on an affected device. The vulnerability is due to a failure to properly validate certain parameters included within the group configuration. An...
Multiple Privilege Escalation Vulnerabilities in Cisco SD-WAN Solution
Multiple vulnerabilities in the local CLI of the Cisco SD-WAN Solution could allow an authenticated, local attacker to escalate privileges and modify device configuration files. The vulnerabilities exist because user input is not properly sanitized for certain commands at the CLI. An attacker cou...
Cisco Connected Mobile Experiences Information Disclosure Vulnerability
A vulnerability in the Cisco Connected Mobile Experiences CMX software could allow an unauthenticated, adjacent attacker to access sensitive data on an affected device. The vulnerability is due to a lack of input and validation checking mechanisms for certain GET requests to API's on an affected...
Cisco IoT Field Network Director Resource Exhaustion Denial of Service Vulnerability
A vulnerability in the UDP protocol implementation for Cisco IoT Field Network Director IoT-FND could allow an unauthenticated, remote attacker to exhaust system resources, resulting in a denial of service DoS condition. The vulnerability is due to improper resource management for UDP ingress...
Cisco Small Business RV320 and RV325 Routers Command Injection Vulnerability
A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands. The vulnerability is due to improper...
Cisco Unified Intelligence Center Cross-Site Request Forgery Vulnerability
A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF...
Cisco Firepower Management Center Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of the affected software. The vulnerability is...
Cisco SD-WAN Solution Buffer Overflow Vulnerability
A vulnerability in the vContainer of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to cause a denial of service DoS condition and execute arbitrary code as the root user. The vulnerability is due to improper bounds checking by the vContainer. An attacker could exploit th...
Cisco AMP Threat Grid API Key Information Disclosure Vulnerability
A vulnerability in Cisco AMP Threat Grid could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to unsafe creation of API keys. An attacker could exploit this vulnerability by using insecure credentials to gain unauthorized access to the affected...
Cisco Identity Services Engine Privileged Account Sensitive Information Disclosure Vulnerability
A vulnerability in the Admin portal of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to obtain confidential information for privileged accounts. The vulnerability is due to the improper handling of confidential information. An attacker could exploit this...
Cisco Identity Services Engine Logging Cross-Site Scripting Vulnerability
A vulnerability in the logging component of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to the improper validation of requests stored in the system’s logging database. An attacker could exploit th...
Cisco SD-WAN Solution Unauthorized Access Vulnerability
A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, adjacent attacker to bypass authentication and have direct unauthorized access to other vSmart containers. The vulnerability is due to an insecure default configuration of the affected system. An attacker could exploit thi...
Cisco Identity Services Engine Privilege Escalation Vulnerability
A vulnerability in the administrative web interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to gain additional privileges on an affected device. The vulnerability is due to improper controls on certain pages in the web interface. An attacker could explo...
Cisco SocialMiner Chat Feed Cross-Site Scripting Vulnerabilities
Multiple vulnerabilities in the chat feed feature of Cisco SocialMiner could allow an unauthenticated, remote attacker to perform cross-site scripting XSS attacks against a user of the web-based user interface of an affected system. These vulnerabilities are due to insufficient sanitization of...
Cisco SD-WAN Solution Arbitrary File Overwrite Vulnerability
A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the save command in the CLI of the affected software. An...
Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability
A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to retrieve sensitive information. The vulnerability is due to improper access controls for URLs. An attacker could exploit th...
Cisco Enterprise NFV Infrastructure Software Linux Shell Access Vulnerability
A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to access the shell of the underlying Linux operating system on the affected device. The vulnerability is due to improper input validation in the affected software. An...
Cisco Webex Teams URI Handler Insecure Library Loading Vulnerability
A vulnerability in the Cisco Webex Teams client, formerly Cisco Spark, could allow an attacker to execute arbitrary commands on a targeted system. This vulnerability is due to unsafe search paths used by the application URI that is defined in Windows operating systems. An attacker could exploit...
Cisco Firepower Threat Defense Software Packet Inspection and Enforcement Bypass Vulnerability
A vulnerability in the data acquisition DAQ component of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass configured access control policies or cause a denial of service DoS condition. The vulnerability exists because the affected software...
Cisco Prime Infrastructure Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient...
Cisco Jabber Client Framework Insecure Directory Permissions Vulnerability
A vulnerability in the Cisco Jabber Client Framework JCF software, installed as part of the Cisco Jabber for Mac client, could allow an authenticated, local attacker to corrupt arbitrary files on an affected device that has elevated privileges. The vulnerability exists due to insecure directory...
Cisco Webex Business Suite Cross-Site Scripting Vulnerability
A vulnerability in the MyWebex component of Cisco Webex Business Suite could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by convinci...
Cisco Email Security Appliance URL Filtering Denial of Service Vulnerability
A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances ESA could allow an unauthenticated, remote attacker to cause the CPU utilization to increase to 100 percent, causing a denial of service DoS condition on an affected device. The...
Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent Software Redis Server Unauthenticated Access Vulnerability
A vulnerability in the Redis implementation used by the Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent software could allow an unauthenticated, remote attacker to modify key-value pairs for short-lived events stored by the Redis server. The vulnerability is due to...
Cisco Prime Network Control System Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Prime Network Control System could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web interface of the affected system. The vulnerability is due to insufficient...
Cisco Identity Services Engine Multiple Cross-Site Scripting Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting XSS attack or a reflected cross-site scripting XSS attack against a user of the web-based management...
Cisco TelePresence Management Suite Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco TelePresence Management Suite TMS could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...
Cisco IOS and IOS XE Software Secure Shell Connection on VRF Vulnerability
A vulnerability in the access control logic of the Secure Shell SSH server of Cisco IOS and IOS XE Software may allow connections sourced from a virtual routing and forwarding VRF instance despite the absence of the vrf-also keyword in the access-class configuration. The vulnerability is due to a...
Cisco ASR 900 Series Aggregation Services Router Software Denial of Service Vulnerability
A vulnerability in Cisco 900 Series Aggregation Services Router ASR software could allow an unauthenticated, remote attacker to cause a partial denial of service DoS condition on an affected device. The vulnerability is due to insufficient handling of certain broadcast packets ingress to the...
Cisco Jabber Client Framework Instant Message Cross-Site Scripting Vulnerability
A vulnerability in Cisco Jabber Client Framework JCF could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of an affected system. The vulnerability is due to insufficient validation of user-supplied input of an affected client. An attacker could...
Cisco Identity Services Engine Password Recovery Vulnerability
A vulnerability in the Admin Portal of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to view saved passwords in plain text. The vulnerability is due to the incorrect inclusion of saved passwords when loading configuration pages in the Admin Portal. An attacker...