5224 matches found
Cisco Unified Communications Domain Manager Reflected Cross-Site Scripting Vulnerability
A vulnerability in Cisco Unified Communications Domain Manager Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack on an affected system. The vulnerability is due to improper validation of input that is passed to the affected software. An attacker...
Cisco Registered Envelope Service Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of the Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of the affected service. The vulnerability is due to...
Cisco Small Business 100 Series and 300 Series Wireless Access Points Denial of Service Vulnerability
A vulnerability in the implementation of Extensible Authentication Protocol over LAN EAPOL functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an authenticated, adjacent attacker to cause a denial of servic...
Cisco Unified Communications Manager IM & Presence Service Denial of Service Vulnerability
A vulnerability in the XCP Router service of the Cisco Unified Communications Manager IM & Presence Service CUCM IM&P and the Cisco TelePresence Video Communication Server VCS and Expressway could allow an unauthenticated, remote attacker to cause a temporary service outage for all IM&P users,...
CPU Side-Channel Information Disclosure Vulnerabilities: August 2018
5On August 14th, 2018, three vulnerabilities were disclosed by Intel and security researchers that leverage a speculative execution side-channel method referred to as L1 Terminal Fault L1TF that affects modern Intel microprocessors. These vulnerabilities could allow an unprivileged, local attacke...
Cisco IOS and IOS XE Software Internet Key Exchange Version 1 RSA-Encrypted Nonces Vulnerability
A vulnerability in the implementation of RSA-encrypted nonces in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to obtain the encrypted nonces of an Internet Key Exchange Version 1 IKEv1 session. The vulnerability exists because the affected software...
Cisco Unified Communications Manager Reflected Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due...
Cisco Small Business 300 Series Managed Switches Persistent Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Small Business 300 Series Sx300 Managed Switches could allow an authenticated, remote attacker to conduct a persistent cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The...
Cisco Small Business 300 Series Managed Switches Authenticated Reflected Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Small Business 300 Series Sx300 Managed Switches could allow an authenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The...
Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF...
Cisco AMP for Endpoints Mac Connector Software Denial of Service Vulnerability
A vulnerability in Cisco AMP for Endpoints Mac Connector Software installed on Apple macOS 10.12 could allow an unauthenticated, remote attacker to cause a kernel panic on an affected system, resulting in a denial of service DoS condition. The vulnerability exists if the affected software is...
Cisco Web Security Appliance Reflected and Document Object Model-Based Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to conduct a reflected or Document Object Model–based DOM-based cross-site scripting XSS attack against a user of the web-based management interface of an...
Cisco Prime Collaboration Provisioning Unauthorized Password Change Denial of Service Vulnerability
A vulnerability in the password change function of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to cause the system to become inoperable. The vulnerability is due to insufficient validation of a password change request. An attacker could exploit this...
Cisco SD-WAN Solution CLI Command Injection Vulnerability
A vulnerability in the CLI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to t...
Cisco Webex DOM-Based Cross-Site Scripting Vulnerability
A vulnerability in the web framework of Cisco Webex could allow an unauthenticated, remote attacker to conduct a Document Object Model-based DOM-based cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input...
Multiple Vulnerabilities in Cisco Finesse
Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a server-side request forgery SSRF attack or retrieve a cleartext password from an affected system. For more information about these vulnerabilities, see the...
Cisco Cloud Services Platform 2100 Web Upload Function Code Injection Vulnerability
A vulnerability in the web upload function of Cisco Cloud Services Platform 2100 could allow an authenticated, remote attacker to obtain restricted shell access on an affected system. The vulnerability is due to insufficient input validation of parameters passed to a specific function within the...
Cisco SD-WAN Solution Arbitrary File Overwrite Vulnerability
A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the request admin-tech command in the CLI of the affected...
Cisco Policy Suite Policy Builder Unauthenticated Access Vulnerability
A vulnerability in the Policy Builder interface of Cisco Policy Suite could allow an unauthenticated, remote attacker to access the Policy Builder interface. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by accessing the Policy Builder interfac...
Cisco SD-WAN Solution Command Injection Vulnerability
A vulnerability in the command-line tcpdump utility in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerabilit...
Cisco Webex Network Recording Players Remote Code Execution Vulnerabilities
Multiple vulnerabilities exist in the Cisco Webex Network Recording Player for Advanced Recording Format ARF and Webex Recording Format WRF files. An attacker could exploit these vulnerabilities by providing a user with a malicious .arf or .wrf file via email or URL and convincing the user to...
Cisco SD-WAN Solution Zero Touch Provisioning Denial of Service Vulnerability
A vulnerability in the Zero Touch Provisioning service of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to incorrect bounds checks for certain values in packets that are sent to...
Cisco Policy Suite Policy Builder Database Unauthenticated Access Vulnerability
A vulnerability in the Policy Builder database of Cisco Policy Suite could allow an unauthenticated, remote attacker to connect directly to the Policy Builder database. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by connecting directly to the...
Cisco Webex Network Recording Players Denial of Service Vulnerabilities
Multiple vulnerabilities exist in the Cisco Webex Network Recording Player for Advanced Recording Format ARF and Webex Recording Format WRF files. An attacker could exploit these vulnerabilities by providing a user with a malicious .arf or .wrf file via email or URL and convincing the user to...
Cisco Webex Teams Remote Code Execution Vulnerability
A vulnerability in Cisco Webex Teams could allow an unauthenticated, remote attacker to execute arbitrary code on the user’s device, possibly with elevated privileges. The vulnerability occurs because Cisco Webex Teams does not properly sanitize input. An attacker could exploit the vulnerability ...
Cisco SD-WAN Solution Command Injection Vulnerability
A vulnerability in the vManage dashboard for the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. The vulnerability is due to insufficient...
Cisco Unified Communications Manager IM And Presence Service Cross-Site Scripting Vulnerability
A vulnerability in the web framework of the Cisco Unified Communications Manager IM and Presence Service software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to...
Cisco Nexus 9000 Series Fabric Switches Application-Centric Infrastructure Mode DHCP Version 6 Denial of Service Vulnerability
A vulnerability in the DHCPv6 feature of the Cisco Nexus 9000 Series Fabric Switches in Application-Centric Infrastructure ACI Mode could allow an unauthenticated, remote attacker to cause the device to run low on system memory, which could result in a Denial of Service DoS condition on an affect...
Cisco Policy Suite OSGi Interface Unauthenticated Access Vulnerability
A vulnerability in the Open Systems Gateway initiative OSGi interface of Cisco Policy Suite could allow an unauthenticated, remote attacker to directly connect to the OSGi interface. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by directly...
Cisco SD-WAN Solution Local Buffer Overflow Vulnerability
A vulnerability in the configuration and monitoring service of the Cisco SD-WAN Solution could allow an authenticated, local attacker to execute arbitrary code with root privileges or cause a denial of service DoS condition on an affected device. The vulnerability is due to incomplete bounds chec...
Multiple Vulnerabilities in Cisco Unified Contact Center Express
Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express Unified CCX could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface, conduct a cross-site request forgery CSRF attack, or...
Cisco Policy Suite World-Readable Sensitive Data Vulnerability
A vulnerability in the CLI of Cisco Policy Suite could allow an authenticated, local attacker to access files owned by another user. The vulnerability is due to insufficient access control permissions. An attacker could exploit this vulnerability by logging in to the CLI. An exploit could allow t...
Cisco SD-WAN Solution VPN Subsystem Command Injection Vulnerability
A vulnerability in the VPN subsystem configuration in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerabilit...
Cisco SD-WAN Solution Zero Touch Provisioning Command Injection Vulnerability
A vulnerability in the Zero Touch Provisioning ZTP subsystem of the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this...
Cisco SD-WAN Solution Remote Code Execution Vulnerability
A vulnerability in the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary code with vmanage user privileges or cause a denial of service DoS condition on an affected system. The vulnerability is due to insufficient...
Cisco SD-WAN Solution Configuration and Management Database Remote Code Execution Vulnerability
A vulnerability in the configuration and management database of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary commands with the privileges of the vmanage user in the configuration management system of the affected software. The vulnerability is due t...
Cisco Policy Suite Cluster Manager Default Password Vulnerability
A vulnerability in the Cluster Manager of Cisco Policy Suite could allow an unauthenticated, remote attacker to log in to an affected system using the root account, which has default, static user credentials. The vulnerability is due to the presence of undocumented, static user credentials for th...
Cisco Policy Suite Read-Only User Effect Change Vulnerability
A vulnerability in the Policy Builder interface of Cisco Policy Suite could allow an authenticated, remote attacker to make policy changes in the Policy Builder interface. The vulnerability is due to insufficient authorization controls. An attacker could exploit this vulnerability by accessing th...
Cisco FireSIGHT System Software URL-Based Access Control Policy Bypass Vulnerability
A vulnerability in the detection engine of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass a URL-based access control policy that is configured to block traffic for an affected system. The vulnerability exists because the affected software incorrectly...
Cisco Web Security Appliance Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...
Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Web UI Command Injection Vulnerability
A vulnerability in the web-based UI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an authenticated, remote attacker to perform a command injection and execute commands with the privileges of the web server. The vulnerability is due to insufficient input...
Cisco Digital Network Architecture Center Credential Logging Information Disclosure Vulnerability
A vulnerability in Cisco Digital Network Architecture DNA Center could allow an authenticated, local attacker to access sensitive information on an affected system. The vulnerability is due to insufficient security restrictions imposed by the affected software. An attacker could exploit this...
Cisco StarOS IPv4 Fragmentation Denial of Service Vulnerability
A vulnerability in the reassembly logic for fragmented IPv4 packets of Cisco StarOS running on virtual platforms could allow an unauthenticated, remote attacker to trigger a reload of the npusim process, resulting in a denial of service DoS condition. There are four instances of the npusim proces...
Cisco Firepower System Software SSL Denial of Service Vulnerability
A vulnerability in the detection engine parsing of Security Socket Layer SSL protocol packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition due to the Snort process unexpectedly restarting. The vulnerability is due t...
Cisco FireSIGHT System Software File Policy Bypass Vulnerability
A vulnerability in the detection engine of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass a file policy that is configured to block the transfer of files to an affected system via FTP. The vulnerability exists because the affected software incorrectly...
Cisco Firepower System Software Detection Engine Denial of Service Vulnerability
A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause one of the detection engine processes to run out of memory and thus slow down traffic processing. The vulnerability is due to improper handling of traffic when the...
Cisco FXOS, NX-OS, and UCS Manager Software Cisco Discovery Protocol Denial of Service Vulnerability
A vulnerability in the Cisco Discovery Protocol formerly known as CDP subsystem of devices running, or based on, Cisco NX-OS Software contain a vulnerability that could allow an unauthenticated, adjacent attacker to create a denial of service DoS condition. The vulnerability is due to a failure t...
Cisco NX-OS Software NX-API Privilege Escalation Vulnerability
A vulnerability in the NX-API management application programming interface API in devices running, or based on, Cisco NX-OS Software could allow an authenticated, remote attacker to execute commands with elevated privileges. The vulnerability is due to a failure to properly validate certain...
Cisco Firepower Management Center Cross-Site Request Forgery Vulnerability
A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF...
Cisco FXOS and NX-OS Software Cisco Fabric Services Denial of Service Vulnerability
A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to obtain sensitive information from memory or cause a denial of service DoS condition on the affected product. The vulnerability exists because t...