5224 matches found
Cisco Unity Connection Cross-Site Scripting Vulnerability
A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters...
Cisco Unified Computing System Role-Based Access Vulnerability
A vulnerability in the role-based access-checking mechanisms of Cisco Unified Computing System UCS Software could allow an authenticated, local attacker to execute arbitrary commands on an affected system. The vulnerability exists because the affected software lacks proper input and validation...
Cisco AnyConnect Secure Mobility Client Certificate Bypass Vulnerability
A vulnerability in the certificate management subsystem of Cisco AnyConnect Network Access Manager and of Cisco AnyConnect Secure Mobility Client for iOS, Mac OS X, Android, Windows, and Linux could allow an unauthenticated, remote attacker to bypass the TLS certificate check when downloading...
Cisco IOS XE Software Authentication, Authorization, and Accounting Login Authentication Remote Code Execution Vulnerability
A vulnerability in the authentication, authorization, and accounting AAA security services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device or cause an affected device to reload, resulting in a denial of service DoS condition...
Cisco Wide Area Application Services Software Scripts Privilege Escalation Vulnerability
A vulnerability in Cisco-provided scripts disk-check.sh and harcap.sh for Cisco Wide Area Application Services WAAS Software could allow an authenticated, local attacker to elevate their privilege level to root. The attacker must have valid user credentials with super user privileges level 15 to...
Cisco Adaptive Security Appliance Web Services Denial of Service Vulnerability
A vulnerability in the web interface of the Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service DoS condition. It is also possible on certain software releases that the ASA will...
Cisco Network Services Orchestrator Arbitrary Command Execution Vulnerability
A vulnerability in the CLI parser of Cisco Network Services Orchestrator NSO could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this...
Cisco Prime Collaboration Provisioning Unauthenticated Remote Method Invocation Vulnerability
A vulnerability in Cisco Prime Collaboration Provisioning PCP could allow an unauthenticated, remote attacker to access the Java Remote Method Invocation RMI system. The vulnerability is due to an open port in the Network Interface and Configuration Engine NICE service. An attacker could exploit...
CPU Side-Channel Information Disclosure Vulnerabilities: May 2018
On May 21, 2018, researchers disclosed two vulnerabilities that take advantage of the implementation of speculative execution of instructions on many modern microprocessor architectures to perform side-channel information disclosure attacks. These vulnerabilities could allow an unprivileged, loca...
Cisco IP Phone 7800 Series and 8800 Series and Cisco Wireless IP Phone 8821 Denial of Service Vulnerability
A vulnerability in the Session Initiation Protocol SIP call-handling functionality of Cisco IP Phone 7800 Series, IP Phone 8800 Series, and Wireless IP Phone 8821 could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected phone. The vulnerability is...
Cisco Enterprise NFV Infrastructure Software Web Management Interface Path Traversal Vulnerability
A vulnerability in the web management interface of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to conduct a path traversal attack on a targeted system. The vulnerability is due to insufficient validation of web request parameters. An attacker w...
Cisco Identity Services Engine EAP TLS Certificate Denial of Service Vulnerability
A vulnerability in the Extensible Authentication Protocol-Transport Layer Security EAP-TLS certificate validation during EAP authentication for the Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to cause the ISE application server to restart unexpectedly, causi...
Cisco Unified Communications Manager and Cisco Unified Presence Cross-Site Scripting Vulnerability
A vulnerability in the web framework of Cisco Unified Communications Manager and Cisco Unified Presence could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient...
Cisco TelePresence IX5000 Series and TelePresence TX9000 Series Cross-Frame Scripting Vulnerability
A vulnerability in the web UI of Cisco TelePresence IX5000 Series Software and Cisco TelePresence TX9000 Series Software could allow an unauthenticated, remote attacker to conduct a cross-frame scripting XFS attack against a user of the web UI of the affected software. The vulnerability is due to...
Cisco Identity Services Engine Logs Cross-Site Scripting Vulnerability
A vulnerability in the logs component of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to improper validation of requests stored in logs in the application management interface. An attacker could...
Cisco Enterprise NFV Infrastructure Software CLI Command Injection Vulnerability
A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, high-privileged, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command parameters in the CLI parser. An attacker coul...
Cisco IoT Field Network Director Cross-Site Request Forgery Vulnerability
A vulnerability in the web-based management interface of Cisco IoT Field Network Director IoT-FND could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and alter the data of existing users and groups on an affected device. The vulnerability is due to...
Cisco Digital Network Architecture Center Authentication Bypass Vulnerability
A vulnerability in the API gateway of the Cisco Digital Network Architecture DNA Center could allow an unauthenticated, remote attacker to bypass authentication and access critical services. The vulnerability is due to a failure to normalize URLs prior to servicing requests. An attacker could...
Cisco SocialMiner Notification System Denial of Service Vulnerability
A vulnerability in the TCP stack of Cisco SocialMiner could allow an unauthenticated, remote attacker to cause a denial of service DoS condition in the notification system. The vulnerability is due to faulty handling of new TCP connections to the affected application. An attacker could exploit th...
Cisco Digital Network Architecture Center Static Credentials Vulnerability
A vulnerability in Cisco Digital Network Architecture DNA Center could allow an unauthenticated, remote attacker to log in to an affected system by using an administrative account that has default, static user credentials. The vulnerability is due to the presence of undocumented, static user...
Cisco Identity Services Engine Cross-Site Scripting Vulnerability
A vulnerability in the web framework of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain...
Cisco Digital Network Architecture Center Unauthorized Access Vulnerability
A vulnerability in the container management subsystem of Cisco Digital Network Architecture DNA Center could allow an unauthenticated, remote attacker to bypass authentication and gain elevated privileges. This vulnerability is due to an insecure default configuration of the Kubernetes container...
Cisco Firepower Threat Defense Software Policy Bypass Vulnerability
A vulnerability in the detection engine of Cisco Firepower Threat Defense software could allow an unauthenticated, remote attacker to bypass a configured Secure Sockets Layer SSL Access Control AC policy to block SSL traffic. The vulnerability is due to the incorrect handling of TCP SSL packets...
Cisco Meeting Server Media Services Denial of Service Vulnerability
A vulnerability in the Real-Time Transport Protocol RTP bitstream processing of the Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient input validation of incoming RTP bitstreams. An attacker...
Cisco Enterprise NFV Infrastructure Software Linux Shell Access Vulnerability
A vulnerability in the Secure Copy Protocol SCP server of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to access the shell of the underlying Linux operating system on the affected device. The vulnerability is due to improper input validation of...
Cisco Firepower System Software Transport Layer Security Denial of Service Vulnerability
A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to restart an instance of the Snort detection engine on an affected device, resulting in a brief denial of service DoS condition. The vulnerability is due to the incorrect...
Cisco Aironet Access Points Central Web Authentication FlexConnect Client ACL Bypass Vulnerability
A vulnerability in Central Web Authentication CWA with FlexConnect Access Points APs for Cisco Aironet 1560, 1810, 1810w, 1815, 1830, 1850, 2800, and 3800 Series APs could allow an authenticated, adjacent attacker to bypass a configured FlexConnect access control list ACL. The vulnerability is du...
Cisco Aironet 1800 Series Access Point 802.11 Denial of Service Vulnerability
A vulnerability when handling incoming 802.11 Association Requests for Cisco Aironet 1800 Series Access Point APs on Qualcomm Atheros QCA based hardware platforms could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected system. A successful explo...
Cisco Aironet 1800, 2800, and 3800 Series Access Points Secure Shell Privilege Escalation Vulnerability
A vulnerability in the assignment and management of default user accounts for Secure Shell SSH access to Cisco Aironet 1800, 2800, and 3800 Series Access Points that are running Cisco Mobility Express Software could allow an authenticated, remote attacker to gain elevated privileges on an affecte...
Cisco Prime File Upload Servlet Path Traversal and Remote Code Execution Vulnerability
A vulnerability in the Cisco Prime File Upload servlet affecting multiple Cisco products could allow a remote attacker to upload arbitrary files to any directory of a vulnerable device and execute those files. For more information about this vulnerability per Cisco product, see the Details...
Cisco Secure Access Control System Remote Code Execution Vulnerability
A vulnerability in the ACS Report component of Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. Commands executed by the attacker are processed at the targeted user's privilege level. The vulnerability is d...
Cisco WebEx Recording Format Player Information Disclosure Vulnerability
A vulnerability in Cisco WebEx Recording Format WRF Player could allow an unauthenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The vulnerability is due to a...
Cisco Firepower System Software Cross-Origin Domain Protection Vulnerability
A vulnerability in the management console of Cisco Firepower System Software could allow an unauthenticated, remote attacker to access sensitive data about the system. The vulnerability is due to improper cross-origin domain protections for the WebSocket protocol. An attacker could exploit this...
Cisco IOS XR Software netconf Denial of Service Vulnerability
A vulnerability in the netconf interface of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on affected system. The vulnerability is due to improper handling of malformed requests processed by the netconf process. An attacker could...
Cisco Aironet 1810, 1830, and 1850 Series Access Points Point-to-Point Tunneling Protocol Denial of Service Vulnerability
A vulnerability in the implementation of Point-to-Point Tunneling Protocol PPTP functionality in Cisco Aironet 1810, 1830, and 1850 Series Access Points could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. The...
Cisco WebEx Advanced Recording Format Player Remote Code Execution Vulnerability
A vulnerability in the Cisco WebEx Network Recording Player for Advanced Recording Format ARF files could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability is due to a design flaw in the affected software. An attacker could exploit this...
Cisco Prime Service Catalog User Interface Denial of Service Vulnerability
A vulnerability in service logging for Cisco Prime Service Catalog could allow an authenticated, remote attacker to deny service to the user interface. The vulnerability is due to exhaustion of disk space. An attacker could exploit this vulnerability by performing certain operations that lead to...
Cisco Wireless LAN Controller IP Fragment Reassembly Denial of Service Vulnerability
A vulnerability in the IP Version 4 IPv4 fragment reassembly function of Cisco 3500, 5500, and 8500 Series Wireless LAN Controller Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service DoS condition. The...
Cisco Wireless LAN Controller 802.11 Management Frame Denial of Service Vulnerability
A vulnerability in the 802.11 frame validation functionality of the Cisco Wireless LAN Controller WLC could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service DoS condition. The vulnerability is due to incomplete input...
Cisco Wireless LAN Controller and Aironet Access Points IOS WebAuth Client Authentication Bypass Vulnerability
A vulnerability in Web Authentication WebAuth clients for the Cisco Wireless LAN Controller WLC and Aironet Access Points running Cisco IOS Software could allow an unauthenticated, adjacent attacker to bypass authentication and pass traffic. The vulnerability is due to incorrect implementation of...
Cisco 5500 and 8500 Series Wireless LAN Controller Information Disclosure Vulnerability
A vulnerability in the REST API of Cisco 5500 and 8500 Series Wireless LAN Controller WLC Software could allow an unauthenticated, remote attacker to view system information that under normal circumstances should be prohibited. The vulnerability is due to incomplete input and validation checking...
Cisco Meeting Server Remote Code Execution Vulnerability
A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain unauthorized access to components of, or sensitive information in, an affected system. The vulnerability is due to incorrect default configuration of the device, which can expose internal interfaces an...
Cisco Firepower System Software Transport Layer Security Extensions Denial of Service Vulnerability
A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to restart an instance of the Snort detection engine on an affected device, resulting in a brief denial of service DoS condition. The vulnerability is due to the incorrect...
Cisco WebEx Advanced Recording Format Remote Code Execution Vulnerability
A vulnerability in the Cisco WebEx Network Recording Player for Advanced Recording Format ARF files could allow an unauthenticated, remote attacker to execute arbitrary code on the system of a targeted user. An attacker could exploit this vulnerability by sending the user a link or email attachme...
Cisco Unified Communications Manager HTTP Interface Information Disclosure Vulnerability
A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables over the web interface. An attacker could exploit this vulnerability by browsin...
Cisco Firepower Threat Defense SSL Engine High CPU Denial of Service Vulnerability
A vulnerability in the Secure Sockets Layer SSL Engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to improper error handling while processing SSL traffic. An attacker could exploit this...
Cisco AMP for Endpoints macOS Connector DMG File Malware Bypass Vulnerability
A vulnerability in the file type detection mechanism of the Cisco Advanced Malware Protection AMP for Endpoints macOS Connector could allow an unauthenticated, remote attacker to bypass malware detection. The vulnerability occurs because the software relies on only the file extension for detectin...
Cisco Firepower System Software Server Message Block File Policy Bypass Vulnerability
A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a configured file action policy to drop the Server Message Block SMB protocol if a malware file is detected. The vulnerability is due to how the SMB protocol handle...
Cisco MATE Live Directory Information Disclosure Vulnerability
A vulnerability in the web interface of Cisco MATE Live could allow an unauthenticated, remote attacker to view and download the contents of certain web application virtual directories. The vulnerability is due to lack of proper input validation and authorization of HTTP requests. An attacker cou...
Cisco ASA Software, FTD Software, and AnyConnect Secure Mobility Client SAML Authentication Session Fixation Vulnerability
A vulnerability in the implementation of Security Assertion Markup Language SAML Single Sign-On SSO authentication for Cisco AnyConnect Secure Mobility Client for Desktop Platforms, Cisco Adaptive Security Appliance ASA Software, and Cisco Firepower Threat Defense FTD Software could allow an...