Cisco Videoscape AnyRes Live Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Videoscape AnyRes Live could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient...

Cisco UCS Director Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Computing System UCS Director could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...

Cisco Identity Services Engine Authenticated Privilege Escalation Vulnerability

A vulnerability in the credential reset functionality for Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to gain elevated privileges. The vulnerability is due to a lack of proper input validation. An attacker could exploit this vulnerability by authenticating to...

Cisco Prime Collaboration Provisioning Hard-Coded Password Vulnerability

A vulnerability in Cisco Prime Collaboration Provisioning PCP Software could allow an unauthenticated, local attacker to log in to the underlying Linux operating system. The vulnerability is due to a hard-coded account password on the system. An attacker could exploit this vulnerability by...

Cisco Security Manager DesktopServlet Reflected Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplied...

Cisco Identity Services Engine Authenticated CLI Denial of Service Vulnerability

A vulnerability in specific CLI commands for the Cisco Identity Services Engine could allow an authenticated, local attacker to cause a denial of service DoS condition. The device may need to be manually rebooted to recover. The vulnerability is due to lack of proper input validation of the CLI...

Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF...

Cisco Secure Access Control Server XML External Entity Injection Vulnerability

A vulnerability in the web-based user interface of the Cisco Secure Access Control Server could allow an unauthenticated, remote attacker to gain read access to certain information in the affected system. The vulnerability is due to improper handling of XML External Entities XXEs when parsing an...

Cisco 550X Series Stackable Managed Switches SNMP Denial of Service Vulnerability

A vulnerability in the Simple Network Management Protocol SNMP subsystem communication channel through the Cisco 550X Series Stackable Managed Switches could allow an authenticated, remote attacker to cause the device to reload unexpectedly, causing a denial of service DoS condition. The device n...

Cisco StarOS CLI Command Injection Vulnerability

A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to perform a command injection attack on an affected system. The vulnerability is due to insufficient validation of commands that are...

Cisco Identity Services Engine Local Command Injection Vulnerability

A vulnerability in certain CLI commands of Cisco Identity Services Engine ISE could allow an authenticated, local attacker to execute arbitrary commands on the host operating system with the privileges of the local user. These commands should have been restricted from this user. The vulnerability...

Cisco Identity Services Engine Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...

Cisco Secure Access Control System Java Deserialization Vulnerability

A vulnerability in Java deserialization used by Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An...

Cisco Data Center Network Manager Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Data Center Network Manager could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF...

Cisco Registered Envelope Service Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of the Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of the affected service. The vulnerability is due to...

Cisco StarOS CLI Command Injection Vulnerability

A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected operating system. The vulnerability is due to insufficient validati...

Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF...

Cisco Secure Access Control Server XML External Entity Injection Vulnerability

A vulnerability in the web-based user interface of the Cisco Secure Access Control Server could allow an unauthenticated, remote attacker to gain read access to certain information in the affected system. The vulnerability is due to improper handling of XML External Entities XXEs when parsing an...

Cisco Prime Data Center Network Manager Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Prime Data Center Network Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...

Cisco Web Security Appliance FTP Authentication Bypass Vulnerability

A vulnerability in the FTP server of the Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to log in to the FTP server of the device without a valid password. The attacker does need to have a valid username. The vulnerability is due to incorrect FTP user credential...

Cisco Data Center Analytics Framework Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of the Cisco Data Center Analytics Framework application could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the interface of an affected system. The vulnerability is due to...

Cisco Unified Customer Voice Portal Interactive Voice Response Connection Denial of Service Vulnerability

A vulnerability in the Interactive Voice Response IVR management connection interface for Cisco Unified Customer Voice Portal CVP could allow an unauthenticated, remote attacker to cause the IVR connection to disconnect, creating a system-wide denial of service DoS condition. The vulnerability is...

Cisco Prime Collaboration Provisioning Tool Web Portal Repeated Bad Login Attempts Denial of Service Vulnerability

A vulnerability in the web portal of the Cisco Prime Collaboration Provisioning Tool could allow an unauthenticated, remote attacker to create a denial of service DoS condition for individual users. The vulnerability is due to weak login controls. An attacker could exploit this vulnerability by...

Cisco Elastic Services Controller Service Portal Unauthorized Access Vulnerability

A vulnerability in the use of JSON web tokens by the web-based service portal of Cisco Elastic Services Controller Software could allow an unauthenticated, remote attacker to gain administrative access to an affected system. The vulnerability is due to the presence of static default credentials f...

Multiple Cisco Unified Communications Products Reflected Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Emergency Responder and Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web-based management interface of an affected...

Cisco Jabber Client Framework for Windows and Mac Cross-Site Scripting Vulnerability

A vulnerability in Cisco Jabber Client Framework JCF could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of an affected device. The vulnerability is due to improper neutralization of input during web page generation. An attacker could exploit...

Cisco Unified Communications Domain Manager Remote Code Execution Vulnerability

A vulnerability in Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to bypass security protections, gain elevated privileges, and execute arbitrary code. The vulnerability is due to insecure key generation during application configuration. An attacker...

Cisco Data Center Analytics Framework Cross-Site Request Forgery Vulnerability

A vulnerability in the Cisco Data Center Analytics Framework application could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. The vulnerability is due to improper CSRF protection by the affected application. An attacker could...

Cisco Unity Connection Mail Relay Vulnerability

A vulnerability in the SMTP relay of Cisco Unity Connection could allow an unauthenticated, remote attacker to send unsolicited email messages. The vulnerability is due to improper handling of domain information in the affected software. An unauthenticated, remote attacker could exploit this...

Cisco Elastic Services Controller Service Portal Authentication Bypass Vulnerability

A vulnerability in the authentication functionality of the web-based service portal of Cisco Elastic Services Controller Software could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrator privileges on an affected system. The...

Cisco Prime Service Catalog Cross-Site Scripting Vulnerability

A vulnerability in the web-based interface of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web-based interface of an affected product. The vulnerability is due to insufficient validation of...

Cisco Jabber Client Framework for Windows and Mac Cross-Site Scripting Vulnerability

A vulnerability in Cisco Jabber Client Framework JCF could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of an affected device. The vulnerability is due to improper neutralization of script in attributes in a web page. An attacker could...

Cisco UCS Director and Cisco Integrated Management Controller Supervisor Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco UCS Director Software and Cisco Integrated Management Controller IMC Supervisor Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected...

Cisco Prime Collaboration Provisioning Tool User Provisioning Tab Cross-Site Scripting Vulnerability

A vulnerability in the User Provisioning tab in the Cisco Prime Collaboration Provisioning Tool could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by...

Cisco RV132W and RV134W Wireless VPN Routers Unauthenticated Information Disclosure Vulnerability

A vulnerability in the web interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to view configuration parameters for an affected device, which could lead to the disclosure of confidential information...

Cisco Policy Suite RADIUS Authentication Information Disclosure Vulnerability

A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthenticated, remote attacker to determine whether a subscriber username is valid. The vulnerability occurs because the Cisco Policy Suite RADIUS server component returns different authentication failure...

Cisco Spark Information Disclosure Vulnerability

A vulnerability in certain authentication controls in the account services of Cisco Spark could allow an authenticated, remote attacker to interact with and view information on an affected device that would normally be prohibited. The vulnerability is due to the improper display of user-account...

Cisco IOS XE Software Diagnostic Shell Path Traversal Vulnerability

A vulnerability in the diagnostic shell for Cisco IOS XE Software could allow an authenticated, local attacker to use certain diagnostic shell commands that can overwrite system files. These system files may be sensitive and should not be able to be overwritten by a user of the diagnostic shell...

Cisco RV132W and RV134W Remote Code Execution and Denial of Service Vulnerability

A vulnerability in the web interface of the Cisco RV132W ADSL2+ Wireless-N VPN and RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. The...

Cisco Unified Communications Manager SQL Injection Vulnerability

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct an SQL injection attack against an affected system. The vulnerability exists because the affected software fails to validate user-supplied input in certain SQL...

Cisco Data Center Analytics Framework Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Data Center Analytics Framework could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due t...

Cisco Prime Network TCP Denial of Service Vulnerability

A vulnerability in the TCP throttling process of Cisco Prime Network could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to insufficient rate limiting protection for TCP listening ports. An attacker could explo...

Cisco Unified Communications Manager Information Disclosure Vulnerability

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables. An attacker could exploit this vulnerability by browsing to a specific URL. ...

Cisco Virtualized Packet Core-Distributed Instance Denial of Service Vulnerability

A vulnerability in the ingress packet processing functionality of the Cisco Virtualized Packet Core-Distributed Instance VPC-DI Software could allow an unauthenticated, remote attacker to cause both control function CF instances on an affected system to reload, resulting in a denial of service Do...

Cisco StarOS for Cisco ASR 5000 Series Aggregation Services Routers File Overwrite Vulnerability

A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to overwrite system files that are stored in the flash memory of an affected system. The vulnerability is due to insufficient...

Cisco Data Center Analytics Framework Reflected Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Data Center Analytics Framework could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is du...

Cisco IOS XR Software Routing and Forwarding Inconsistency Denial of Service Vulnerability

A vulnerability in the forwarding information base FIB code of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause inconsistency between the routing information base RIB and the FIB, resulting in a denial of service DoS condition. The vulnerability is due to incorrect...

Cisco Email Security Appliance and Cisco Content Security Management Appliance Spam Quarantine Vulnerability

A vulnerability in the spam quarantine of Cisco Email Security Appliance and Cisco Content Security Management Appliance could allow an authenticated, remote attacker to download any message from the spam quarantine by modifying browser string information. The vulnerability is due to a lack of...

Cisco UCS Central Arbitrary Command Execution Vulnerability

A vulnerability in an operations script of Cisco UCS Central could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the daemon user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by posting...

Cisco Unified Communications Manager Information Disclosure Vulnerability

A vulnerability in Cisco Unified Communications Manager could allow an authenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software improperly validates user-supplied search input. An attacker could exploit this...