Cisco FXOS and NX-OS Software Cisco Fabric Services Arbitrary Code Execution Vulnerability

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service DoS condition. The vulnerability exists because the affected software insufficiently...

Cisco Unified Communications Manager IM & Presence Service CSRF Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service formerly CUPS could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The...

Cisco FXOS and NX-OS Software Cisco Fabric Services Arbitrary Code Execution Vulnerability

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to read sensitive memory content, create a denial of service DoS condition, or execute arbitrary code as root. The vulnerability exists because th...

Cisco AnyConnect Secure Mobility Client for Windows Desktop Denial of Service Vulnerability

A vulnerability in vpnva-6.sys for 32-bit Windows and vpnva64-6.sys for 64-bit Windows of Cisco AnyConnect Secure Mobility Client for Windows Desktop could allow an authenticated, local attacker to cause a denial of service DoS condition on an affected system. The vulnerability is due to improper...

Cisco FXOS and NX-OS Software Cisco Discovery Protocol Arbitrary Code Execution Vulnerability

A vulnerability in the Cisco Discovery Protocol component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code as root or cause a denial of service DoS condition on the affected device. The vulnerability exists because of...

Cisco Unified Communications Domain Manager Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CS...

Cisco Meeting Server Web Admin Interface Denial of Service Vulnerability

A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient validation of incoming HTTP requests. An attacker could exploit this vulnerability by sending a...

Cisco Nexus 3000 and 9000 Series CLI and Simple Network Management Protocol Polling Denial of Service Vulnerability

A vulnerability in the implementation of a specific CLI command and the associated Simple Network Management Protocol SNMP MIB for Cisco Nexus 3000 and 9000 Series Switches could allow an authenticated, remote attacker to exhaust system memory on an affected device, resulting in a denial of servi...

Cisco NX-OS Software NX-API Arbitrary Command Execution Vulnerability

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to send a malicious packet to the management interface on an affected system and execute a command-injection exploit. The vulnerability is due to incorrect input validation of user-supplied...

Cisco FXOS Software and UCS Fabric Interconnect Web UI Denial of Service Vulnerability

A vulnerability in the web UI of Cisco FXOS and Cisco UCS Fabric Interconnect Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected system. The vulnerability is due to incorrect input validation in the web UI. An attacker could exploit this vulnerabili...

Cisco FXOS and NX-OS Software Cisco Fabric Services Arbitrary Code Execution Vulnerability

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service DoS condition on an affected device. The vulnerability exists because the affected software...

Cisco Firepower 4100 Series Next-Generation Firewall and Firepower 9300 Security Appliance Path Traversal Vulnerability

A vulnerability in the process of uploading new application images to the Cisco Firepower 4100 Series Next-Generation Firewall NGFW and Firepower 9300 Security Appliance could allow an authenticated, remote attacker using path traversal techniques to create or overwrite arbitrary files on an...

Cisco FXOS and NX-OS Software Cisco Fabric Services Denial of Service Vulnerability

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on the affected device. The vulnerability exists because the affected software insufficiently validates...

NVIDIA TX1 Boot ROM Vulnerability

On April 24, 2018, researchers disclosed a vulnerability that takes advantage of a buffer overflow vulnerability in NVIDIA TX1 BootROM when Recovery Mode RCM is active. This vulnerability could allow an unprivileged, local attacker to bypass secure boot and execute unverified code on an affected...

Cisco TelePresence Video Communication Server Expressway Denial of Service Vulnerability

A vulnerability in the file descriptor handling of Cisco TelePresence Video Communication Server VCS Expressway could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to exhaustion of file descriptors while processing a high volume of...

Cisco NX-OS Software Internet Group Management Protocol Snooping Remote Code Execution and Denial of Service Vulnerability

A vulnerability in the Internet Group Management Protocol IGMP Snooping feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code and gain full control of an affected system. The attacker could also cause an affected system to reload, resulting in...

Cisco NX-OS Software CLI Arbitrary Command Execution Vulnerability

A vulnerability in the CLI parser of Cisco NX-OS Software could allow an authenticated, local attacker to perform a command-injection attack on an affected device. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by...

Cisco Firepower Management Center Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF...

Cisco NX-OS Software NX-API Arbitrary Code Execution Vulnerability

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to craft a packet to the management interface on an affected system, causing a buffer overflow. The vulnerability is due to incorrect input validation in the authentication module of the...

Cisco FXOS and NX-OS Software Cisco Fabric Services Denial of Service Vulnerability

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability exists because the affected software insufficiently validates...

Cisco FXOS, NX-OS, and UCS Manager Software Cisco Discovery Protocol Denial of Service Vulnerability

A vulnerability in the Cisco Discovery Protocol formerly known as CDP subsystem of devices running, or based on, Cisco NX-OS Software contain a vulnerability that could allow an unauthenticated, adjacent attacker to create a denial of service DoS condition. The vulnerability is due to a failure t...

Cisco Nexus 4000 Series Switch Simple Network Management Protocol Polling Denial of Service Vulnerability

A vulnerability in the Simple Network Management Protocol SNMP feature of the Cisco Nexus 4000 Series Switch could allow an authenticated, remote attacker to cause the device to unexpectedly reload, resulting in a denial of service DoS condition. The vulnerability is due to incomplete validation ...

Cisco NX-OS Software NX-API Privilege Escalation Vulnerability

A vulnerability in the NX-API management application programming interface API in devices running, or based on, Cisco NX-OS Software could allow an authenticated, remote attacker to execute commands with elevated privileges. The vulnerability is due to a failure to properly validate certain...

Cisco NX-OS Software Role-Based Access Control Elevated Privileges Vulnerability

A vulnerability in role-based access control RBAC for Cisco NX-OS Software could allow an authenticated, remote attacker to execute CLI commands that should be restricted for a nonadministrative user. The attacker would have to possess valid user credentials for the device. The vulnerability is d...

Multiple Cisco Products Disk Utilization Denial of Service Vulnerability

Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service DoS condition. The vulnerability occu...

Cisco Unified Computing System Role-Based Access Vulnerability

A vulnerability in the role-based access-checking mechanisms of Cisco Unified Computing System UCS Software could allow an authenticated, local attacker to execute arbitrary commands on an affected system. The vulnerability exists because the affected software lacks proper input and validation...

Cisco Unified IP Phone Software Denial of Service Vulnerability

A vulnerability in the Session Initiation Protocol SIP ingress packet processing of Cisco Unified IP Phone software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to a lack of flow-control mechanisms in the software. An attacke...

Cisco Prime Collaboration Provisioning Cleartext Passwords Written to World-Readable File Vulnerability

A vulnerability in the web portal authentication process of Cisco Prime Collaboration Provisioning could allow an unauthenticated, local attacker to view sensitive data. The vulnerability is due to improper logging of authentication data. An attacker could exploit this vulnerability by monitoring...

Cisco Prime Collaboration Provisioning SQL Injection Vulnerability

A vulnerability in the web framework code of Cisco Prime Collaboration Provisioning PCP could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation on user-supplied input in SQL queries. An attacker could exploit this...

Cisco AnyConnect Secure Mobility Client Certificate Bypass Vulnerability

A vulnerability in the certificate management subsystem of Cisco AnyConnect Network Access Manager and of Cisco AnyConnect Secure Mobility Client for iOS, Mac OS X, Android, Windows, and Linux could allow an unauthenticated, remote attacker to bypass the TLS certificate check when downloading...

Cisco WebEx Cross-Site Scripting Vulnerability

A vulnerability in the web framework of the https://try.webex.com page of Cisco WebEx could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation...

Cisco Prime Collaboration Provisioning Unauthorized Password Recovery Vulnerability

A vulnerability in the password recovery function of Cisco Prime Collaboration Provisioning PCP could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to insufficient validation of a password recovery request. An attacker could...

Cisco Network Services Orchestrator Arbitrary Command Execution Vulnerability

A vulnerability in the CLI parser of Cisco Network Services Orchestrator NSO could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this...

Cisco Wide Area Application Services Software Static SNMP Credentials Vulnerability

A vulnerability in the default configuration of the Simple Network Management Protocol SNMP feature of Cisco Wide Area Application Services WAAS Software could allow an unauthenticated, remote attacker to read data from an affected device via SNMP. The vulnerability is due to a hard-coded,...

Cisco Meeting Server Information Disclosure Vulnerability

A vulnerability in Cisco Meeting Server CMS could allow an unauthenticated, adjacent attacker to access services running on internal device interfaces of an affected system. The vulnerability is due to incorrect default configuration of the device, which can expose internal interfaces and ports o...

Cisco Prime Collaboration Provisioning Access Control Bypass Vulnerability

A vulnerability in the web interface of Cisco Prime Collaboration Provisioning PCP could allow an authenticated, remote attacker to escalate their privileges. The vulnerability is due to insufficient web portal access control checks. An attacker could exploit this vulnerability by modifying an...

Cisco IOS XE Software Authentication, Authorization, and Accounting Login Authentication Remote Code Execution Vulnerability

A vulnerability in the authentication, authorization, and accounting AAA security services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device or cause an affected device to reload, resulting in a denial of service DoS condition...

Cisco Prime Collaboration Provisioning Unauthorized Password Reset Vulnerability

A vulnerability in the password reset function of Cisco Prime Collaboration Provisioning PCP could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to insufficient validation of a password reset request. An attacker could exploi...

Cisco Web Security Appliance Layer 4 Traffic Monitor Security Bypass Vulnerability

A vulnerability in traffic-monitoring functions in Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to circumvent Layer 4 Traffic Monitor L4TM functionality and bypass security protections. The vulnerability is due to a change in the underlying operating system...

Cisco Prime Collaboration Provisioning Access Control Deficiency in Batch Function Privilege Escalation Vulnerability

A vulnerability in the batch provisioning feature of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to escalate privileges to the Administrator level. The vulnerability is due to insufficient authorization enforcement on batch processing. An attacker could...

Cisco WebEx Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco WebEx could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are...

Cisco Unity Connection Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters...

Cisco FireSIGHT System VPN Policy Bypass Vulnerability

A vulnerability in the VPN configuration management of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass VPN security due to unintended side effects of dynamic configuration changes that could allow an attacker to bypass configured policies. The vulnerabili...

Cisco Adaptive Security Appliance Web Services Denial of Service Vulnerability

A vulnerability in the web interface of the Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service DoS condition. It is also possible on certain software releases that the ASA will...

Cisco Integrated Management Controller Supervisor and Cisco UCS Director DOM Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Integrated Management Controller Supervisor Software and Cisco UCS Director Software could allow an authenticated, remote attacker to conduct a Document Object Model-based DOM-based, stored cross-site scripting XSS attack against a us...

Cisco Wide Area Application Services Software Scripts Privilege Escalation Vulnerability

A vulnerability in Cisco-provided scripts disk-check.sh and harcap.sh for Cisco Wide Area Application Services WAAS Software could allow an authenticated, local attacker to elevate their privilege level to root. The attacker must have valid user credentials with super user privileges level 15 to...

Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Session Initiation Protocol Denial of Service Vulnerability

A vulnerability in the Session Initiation Protocol SIP call-handling functionality of Cisco IP Phone 6800, 7800, and 8800 Series Phones with Multiplatform Firmware could allow an unauthenticated, remote attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of...

Cisco Prime Collaboration Provisioning Access Control Vulnerability

A vulnerability in the web management interface of Cisco Prime Collaboration Provisioning PCP could allow an authenticated, remote attacker to modify sensitive data that is associated with arbitrary accounts on an affected device. The vulnerability is due to a failure to enforce access restrictio...

Cisco Unified Communications Manager Cross-Frame Scripting Vulnerability

A vulnerability in the web UI of Cisco Unified Communications Manager Unified CM could allow an unauthenticated, remote attacker to conduct a cross-frame scripting XFS attack against the user of the web UI of an affected system. The vulnerability is due to insufficient protections for HTML inline...

Cisco Prime Collaboration Provisioning Unauthenticated Remote Method Invocation Vulnerability

A vulnerability in Cisco Prime Collaboration Provisioning PCP could allow an unauthenticated, remote attacker to access the Java Remote Method Invocation RMI system. The vulnerability is due to an open port in the Network Interface and Configuration Engine NICE service. An attacker could exploit...