5218 matches found
Cisco Firepower Management Center Disk Utilization Denial of Service Vulnerability
A vulnerability in the Shell Access Filter feature of Cisco Firepower Management Center FMC, when used in conjunction with remote authentication, could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service DoS condition. The vulnerability occur...
Cisco Policy Suite Graphite Unauthenticated Read-Only Access Vulnerability
A vulnerability in the Graphite web interface of the Policy and Charging Rules Function PCRF of Cisco Policy Suite CPS could allow an unauthenticated, remote attacker to access the Graphite web interface. The attacker would need to have access to the internal VLAN where CPS is deployed. The...
Cisco Email Security Appliance Memory Corruption Denial of Service Vulnerability
A vulnerability in the Secure/Multipurpose Internet Mail Extensions S/MIME Decryption and Verification or S/MIME Public Key Harvesting features of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to cause an affected device to corrupt...
Cisco IP Phone 8800 Series Arbitrary Script Injection Vulnerability
A vulnerability in the Cisco IP Phone 8800 Series Software could allow an unauthenticated, remote attacker to conduct an arbitrary script injection attack on an affected device. The vulnerability exists because the software running on an affected device insufficiently validates user-supplied data...
Cisco IOS and IOS XE Software TCP Denial of Service Vulnerability
A vulnerability in the TCP socket code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a state condition between the socket state and the transmission control block TCB state. While this...
Cisco Unified Communications Manager Digest Credentials Disclosure Vulnerability
A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view digest credentials in clear text. The vulnerability is due to the incorrect inclusion of saved passwords in configuration pages. An attacker could...
Cisco Adaptive Security Appliance Software Privilege Escalation Vulnerability
A vulnerability in the authorization subsystem of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, but unprivileged levels 0 and 1, remote attacker to perform privileged actions by using the web management interface. The vulnerability is due to improper validation of...
Cisco Energy Management Suite Default PostgreSQL Password Vulnerability
A vulnerability in the configuration of a local database installed as part of the Cisco Energy Management Suite CEMS could allow an authenticated, local attacker to access and alter confidential data. The vulnerability is due to the installation of the PostgreSQL database with unchanged default...
Cisco Prime License Manager SQL Injection Vulnerability
Update 2018-December-20: The updated patch ciscocm.CSCvk30822v2.0.k3.cop.sgn that avoids the functional issues identified with the v1.0 patch has been posted to Cisco.com. See the Fixed Releases "fr" section for details. Update 2018-December-10: Installing the ciscocm.CSCvk30822v1.0.k3.cop.sgn...
Cisco Content Security Management Appliance Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Content Security Management Appliance SMA Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface. The vulnerability is due to...
Cisco Integrated Management Controller Supervisor SQL Injection Vulnerability
A vulnerability in the web framework code of Cisco Integrated Management Controller IMC Supervisor could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation of user-supplied input in SQL queries. An attacker could...
Cisco Unity Express Arbitrary Command Execution Vulnerability
A Java deserialization vulnerability in Cisco Unity Express CUE could allow an unauthenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An...
Cisco Registered Envelope Service Information Disclosure Vulnerability
A vulnerability in the user management functions of Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to discover sensitive user information. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to an insecu...
Cisco Meraki Local Status Page Privilege Escalation Vulnerability
A vulnerability in the local status page functionality of the Cisco Meraki MR, MS, MX, Z1, and Z3 product lines could allow an authenticated, remote attacker to modify device configuration files. The vulnerability occurs when handling requests to the local status page. An exploit could allow the...
Cisco Firepower Detection Engine TCP Intrusion Prevention System Rule Bypass Vulnerability
A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a configured Intrusion Prevention System IPS rule that inspects certain types of TCP traffic. The vulnerability is due to incorrect TCP retransmission handling. An...
Cisco Meeting Server Information Disclosure Vulnerability
A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper protections on data that is returned from user meeting requests when the Guest access via ID and passcode option is set to Legacy...
Cisco Energy Management Suite XML External Entity Vulnerability
A vulnerability in the web-based user interface of Cisco Energy Management Suite Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity XXE entri...
Cisco Small Business Switches Privileged Access Vulnerability
A vulnerability in the Cisco Small Business Switches software could allow an unauthenticated, remote attacker to bypass the user authentication mechanism of an affected device. The vulnerability exists because under specific circumstances, the affected software enables a privileged user account...
Cisco Immunet and Cisco AMP for Endpoints System Scan Denial of Service Vulnerability
A vulnerability in the system scanning component of Cisco Immunet and Cisco Advanced Malware Protection AMP for Endpoints running on Microsoft Windows could allow a local attacker to disable the scanning functionality of the product. This could allow executable files to be launched on the system...
Cisco Prime Service Catalog Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplie...
Cisco Stealthwatch Management Console Authentication Bypass Vulnerability
A vulnerability in the Stealthwatch Management Console SMC of Cisco Stealthwatch Enterprise could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected system. The vulnerability is due to an insecure system...
Cisco Energy Management Suite Cross-Site Request Forgery Vulnerability
A vulnerability in the web-based management interface of Cisco Energy Management Suite Software could allow an authenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF...
Cisco Prime Collaboration Assurance File Overwrite Vulnerability
A vulnerability in the web-based UI of Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to overwrite files on the file system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using a specific UI input fiel...
Cisco Video Surveillance Media Server Denial of Service Vulnerability
A vulnerability in the web-based management interface of Cisco Video Surveillance Media Server could allow an unauthenticated, remote attacker to cause a denial of service DoS of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of...
Apache Struts Commons FileUpload Library Remote Code Execution Vulnerability Affecting Cisco Products: November 2018
On November 5, 2018, the Apache Struts Team released a security announcement urging an upgrade of the Commons FileUpload library to version 1.3.3 on systems using Struts 2.3.36 or earlier releases. Systems using earlier versions of this library may be exposed to attacks that could allow execution...
Texas Instruments Bluetooth Low Energy Denial of Service and Remote Code Execution Vulnerability
On November 1st, 2018, Armis announced the presence of a Remote Code Execution RCE or Denial of Service DoS vulnerability in the Bluetooth Low Energy BLE Stack on Texas Instruments TI chips CC2640 and CC2650. This vulnerability has been assigned the Common Vulnerabilities and Exposures CVE ID of...
Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software Denial of Service Vulnerability
A vulnerability in the Session Initiation Protocol SIP inspection engine of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause an affected device to reload or trigger high CPU, resulting in a deni...
Cisco Advanced Malware Protection for Endpoints on Windows DLL Preloading Vulnerability
A vulnerability in the DLL loading component of Cisco Advanced Malware Protection AMP for Endpoints on Windows could allow an authenticated, local attacker to disable system scanning services or take other actions to prevent detection of unauthorized intrusions. To exploit this vulnerability, the...
Cisco Webex Meetings Desktop App Update Service Command Injection Vulnerability
A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user. The vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this...
libssh Authentication Bypass Vulnerability Affecting Cisco Products: October 2018
A vulnerability in libssh could allow an unauthenticated, remote attacker to bypass authentication on a targeted system. The vulnerability is due to improper authentication operations by the server-side state machine of the affected software. An attacker could exploit this vulnerability by...
Cisco Wireless LAN Controller Software Control and Provisioning of Wireless Access Points Protocol Information Disclosure Vulnerability
A vulnerability in the Control and Provisioning of Wireless Access Points CAPWAP protocol component of Cisco Wireless LAN Controller WLC Software could allow an unauthenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information. The...
Cisco Prime Collaboration Assurance Cross-Site Request Forgery Vulnerability
A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF...
Cisco Wireless LAN Controller Software Information Disclosure Vulnerability
A vulnerability in the web-based interface of Cisco Wireless LAN Controller WLC Software could allow an unauthenticated, remote attacker to view system information that under normal circumstances should be prohibited. The vulnerability is due to incomplete input and validation checking mechanisms...
Cisco Wireless LAN Controller Software Directory Traversal Vulnerability
A vulnerability in the web-based interface of Cisco Wireless LAN Controller Software could allow an authenticated, remote attacker to view sensitive information. The issue is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames and pathnames. An...
Cisco Wireless LAN Controller Software Privilege Escalation Vulnerability
A vulnerability in the authentication and authorization checking mechanisms of Cisco Wireless LAN Controller WLC Software could allow an authenticated, adjacent attacker to gain network access to a Cisco TrustSec domain. Under normal circumstances, this access should be prohibited. The...
Cisco Wireless LAN Controller Software GUI Privilege Escalation Vulnerability
A vulnerability in TACACS authentication with Cisco Wireless LAN Controller WLC Software could allow an authenticated, local attacker to perform certain operations within the GUI that are not normally available to that user on the CLI. The vulnerability is due to incorrect parsing of a specific...
Cisco Wireless LAN Controller Software Control and Provisioning of Wireless Access Points Protocol Denial of Service Vulnerability
A vulnerability in the Control and Provisioning of Wireless Access Points CAPWAP protocol component of Cisco Wireless LAN Controller WLC Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to improper input validation on...
Cisco IOS Access Points Software 802.11r Fast Transition Denial of Service Vulnerability
A vulnerability in the 802.11r Fast Transition feature set of Cisco IOS Access Points APs Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to a corruption of certain timer mechanisms triggered by...
Cisco FXOS and NX-OS Software Link Layer Discovery Protocol Denial of Service Vulnerability
A vulnerability in the Link Layer Discovery Protocol LLDP implementation for Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition when the device unexpectedly reloads. The vulnerability is due to improper input...
Cisco NX-OS Software for Nexus 5500, 5600, and 6000 Series Switches Precision Time Protocol Denial of Service Vulnerability
A vulnerability in the Precision Time Protocol PTP feature of Cisco Nexus 5500, 5600, and 6000 Series Switches running Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to a lack of...
Cisco Enterprise NFV Infrastructure Software Cross-Site Request Forgery Vulnerability
A vulnerability in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an unauthenticated, remote attacker to conduct cross-site request forgery CSRF attacks. The vulnerability is due to improper validation of Origin headers on HTTP requests within the management interface. An attacker...
Cisco Aironet 1560, 1800, 2800, and 3800 Series Access Points Denial of Service Vulnerability
A vulnerability in the Cisco Aironet 1560, 1800, 2800, and 3800 Series Access Points APs software could allow an authenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service DoS condition. The vulnerability is due to a deadlock condition th...
Cisco NX-OS Software Authenticated Simple Network Management Protocol Denial of Service Vulnerability
A vulnerability in the Simple Network Management Protocol SNMP input packet processor of Cisco NX-OS Software could allow an authenticated, remote attacker to cause the SNMP application of an affected device to restart unexpectedly. The vulnerability is due to improper validation of SNMP protocol...
Cisco SocialMiner Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco SocialMiner could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied...
Cisco Wireless LAN Controller Software Cross-Site Scripting Vulnerability
A vulnerability in the web-based interface of Cisco Wireless LAN Controller WLC Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web-based interface of an affected system. The vulnerability is due to insufficient validatio...
Cisco HyperFlex HX Data Platform Software Unauthorized Directory Access Vulnerability
A vulnerability in the web-based UI of Cisco HyperFlex HX Data Platform Software could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to a lack of proper input and authorization of HTTP requests. An attacker could exploit...
Cisco HyperFlex World-Readable Sensitive Information Vulnerability
A vulnerability in the installation process of Cisco HyperFlex Software could allow an authenticated, local attacker to read sensitive information. The vulnerability is due to insufficient cleanup of installation files. An attacker could exploit this vulnerability by accessing the residual...
Cisco Prime Collaboration Provisioning Intermittent Hard-Coded Password Vulnerability
A vulnerability in the install function of Cisco Prime Collaboration Provisioning PCP could allow an unauthenticated, remote attacker to access the administrative web interface using a default hard-coded username and password that are used during install. The vulnerability is due to a hard-coded...
Cisco Digital Network Architecture Center Authentication Bypass Vulnerability
A vulnerability in the identity management service of Cisco Digital Network Architecture DNA Center could allow an unauthenticated, remote attacker to bypass authentication and take complete control of identity management functions. The vulnerability is due to insufficient security restrictions f...
Cisco Adaptive Security Appliance Access Control List Bypass Vulnerability
A vulnerability in the per-user-override feature of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass an access control list ACL that is configured for an interface of an affected device. The...