Cisco Wireless LAN Controller Simple Network Management Protocol Memory Leak Denial of Service Vulnerability

A vulnerability in the Simple Network Management Protocol SNMP subsystem of Cisco Wireless LAN Controllers could allow an authenticated, remote attacker to cause an affected device to restart, resulting in a denial of service DoS condition. The vulnerability is due to a memory leak that occurs on...

Cisco Wireless LAN Controller Access Network Query Protocol Denial of Service Vulnerability

A vulnerability in the Access Network Query Protocol ANQP ingress frame processing functionality of Cisco Wireless LAN Controllers could allow an unauthenticated, Layer 2 RF-adjacent attacker to cause an affected device to restart unexpectedly, resulting in a denial of service DoS condition. The...

Cisco Aironet 1800, 2800, and 3800 Series Access Points MAC Authentication Bypass Vulnerability

A vulnerability in the implementation of Protected Extensible Authentication Protocol PEAP functionality for standalone configurations of Cisco Aironet 1800, 2800, and 3800 Series Access Points could allow an unauthenticated, adjacent attacker to bypass authentication and connect to an affected...

Cisco WebEx Meetings Server Information Disclosure Vulnerability

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The vulnerability is due to the HTTP header...

Cisco Spark Hybrid Calendar Service Information Disclosure Vulnerability

A vulnerability in the auto discovery phase of Cisco Spark Hybrid Calendar Service could allow an unauthenticated, remote attacker to view sensitive information in the unencrypted headers of an HTTP method request. The attacker could use this information to conduct additional reconnaissance attac...

Cisco AMP for Endpoints Static Key Vulnerability

On October 20th, 2017, Cisco PSIRT was notified by the internal product team of a security vulnerability in the Cisco AMP For Endpoints application that would allow an authenticated, local attacker to access a static key value stored in the local application software. The vulnerability is due to...

Cisco IOS XE Software Verbose Debug Logging Information Disclosure Vulnerability

A vulnerability in conditional, verbose debug logging for the IPsec feature of Cisco IOS XE Software could allow an authenticated, local attacker to display sensitive IPsec information in the system log file. The vulnerability is due to incorrect implementation of IPsec conditional, verbose debug...

Cisco IOS XE Software Web Framework Cross-Site Scripting Vulnerability

A vulnerability in the web framework code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of the affected software. The vulnerability is due to insufficient input validation of some parameter...

Cisco Expressway Series, Cisco TelePresence Video Communication Server, and Cisco TelePresence Conductor REST API Denial of Service Vulnerability

A vulnerability in the cluster database CDB management component of Cisco Expressway Series Software, Cisco TelePresence Video Communication Server VCS Software, and Cisco TelePresence Conductor Software could allow an authenticated, remote attacker to cause the CDB process on an affected system ...

Cisco WebEx Meetings Server Cross-Site Scripting Vulnerability

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the...

Cisco Webex Messenger Information Disclosure Vulnerability

A vulnerability in the web interface of Cisco Webex Messenger could allow an authenticated, local attacker to retrieve user profile information from the affected software, which could lead to the disclosure of confidential information. The vulnerability is due to a lack of input and validation...

Cisco WebEx Meetings Server Denial of Service Vulnerability

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient limitations on the number of connections that can be made to the affected software. An attacker could exploit this...

Cisco FXOS and NX-OS System Software Authentication, Authorization, and Accounting Denial of Service Vulnerability

A vulnerability in the authentication, authorization, and accounting AAA implementation of Cisco Firepower Extensible Operating System FXOS and NX-OS System Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability occurs because AAA process...

Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones SIP Denial of Service Vulnerability

A vulnerability in the implementation of Session Initiation Protocol SIP functionality in Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service DoS...

Cisco SPA300 and SPA500 Series IP Phones Cross-Site Request Forgery Vulnerability

A vulnerability in Cisco SPA300 and SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device. The vulnerability is due to a lack of cross-site request forgery CSRF protection. An attacker could exploit this vulnerability by tricking...

Cisco NX-OS Software Python Parser Escape Vulnerability

A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and gain unauthorized access to the underlying operating system of the device. The vulnerability exists due to insufficient sanitization of...

Cisco Network Analysis Module Parameter Directory Traversal Arbitrary File Deletion Vulnerability

A vulnerability in the web interface of Cisco Network Analysis Module Software could allow an unauthenticated, remote attacker to delete arbitrary files from an affected system. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests that i...

Cisco WebEx Meeting Center Cross-Site Scripting Vulnerability

A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the...

Cisco Unified Contact Center Express Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Contact Center Express could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of an affected device. The vulnerability is due to insufficient validation of user-supplied inp...

Cisco Jabber for Windows Client Information Disclosure Vulnerability

A vulnerability in the web interface of Cisco Jabber for Windows Client could allow an authenticated, local attacker to retrieve user profile information, which could lead to the disclosure of confidential information. The vulnerability is due to a lack of input- and validation-checking mechanism...

Cisco Cloud Services Platform 2100 Unauthorized Access Vulnerability

A vulnerability in the web console of the Cisco Cloud Services Platform CSP 2100 could allow an authenticated, remote attacker to interact maliciously with the services or virtual machines VMs operating remotely on an affected CSP device. The vulnerability is due to weaknesses in the generation o...

Cisco Small Business SPA51x Series IP Phones SIP Denial of Service Vulnerability

A vulnerability in the implementation of Session Initiation Protocol SIP functionality in Cisco Small Business SPA51x Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service DoS condition. The...

Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II

On October 16, 2017, a research paper with the title “Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2” was made publicly available. This paper discusses seven vulnerabilities affecting session key negotiation in both the Wi-Fi Protected Access WPA and the Wi-Fi Protected Access II WPA2...

Cisco Meeting Server Denial of Service Vulnerability

A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient bound checks performed by the affected software. An attacker could exploit this vulnerability by...

Cisco Unified Communications Manager Cross-Frame Scripting Vulnerability

A vulnerability in the web-based UI of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack. The vulnerability exists because the affected software does not provide sufficient protections for HTML inline frames iframes...

Cisco Adaptive Security Appliance Software Direct Authentication Denial of Service Vulnerability

A vulnerability in the implementation of the direct authentication feature in Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service DoS condition. The vulnerability is due...

Cisco IOS XR Software Denial of Service Vulnerability

A vulnerability in the gRPC code of Cisco IOS XR Software for Cisco Network Convergence System NCS 5500 Series Routers could allow an unauthenticated, remote attacker to cause a denial of service DoS condition when the emsd service stops. The vulnerability is due to the software's inability to...

Cisco AnyConnect Network Access Manager Dual-Homed Interface Vulnerability

A vulnerability in the Network Access Manager NAM of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to enable multiple network adapters. The vulnerability is due to insufficient NAM policy enforcement. An attacker could exploit this vulnerability by...

Cisco Meeting App Local Privilege Escalation Vulnerability

A vulnerability in the routine that loads DLL files in Cisco Meeting App for Windows could allow an authenticated, local attacker to run an executable file with privileges equivalent to those of Cisco Meeting App. The vulnerability is due to incomplete input validation of the path name for DLL...

Cisco Firepower Detection Engine IPv6 Denial of Service Vulnerability

A vulnerability in the detection engine parsing of IPv6 packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause high CPU utilization or to cause a denial of service DoS condition because the Snort process restarts unexpectedly. The vulnerability is due...

Cisco Wide Area Application Services ICA Accelerator Denial of Service Vulnerability

A vulnerability in the Independent Computing Architecture ICA accelerator feature for the Cisco Wide Area Application Services WAAS could allow an unauthenticated, remote attacker to cause an ICA application optimization-related process to restart, resulting in a partial denial of service DoS...

Cisco Firepower Detection Engine SSL Decryption Memory Consumption Denial of Service Vulnerability

A vulnerability in SSL traffic decryption for Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause depletion of system memory. If this memory leak persists over time, a denial of service DoS condition could develop because traffic can cease to be...

Cisco Adaptive Security Appliance Software HREF Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due...

Cisco WebEx Meetings Server Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of some parameters...

Cisco License Manager Directory Traversal Information Disclosure Vulnerability

A vulnerability in the web interface of Cisco License Manager software could allow an unauthenticated, remote attacker to download and view files within the application which should be restricted. The issue is due to improper sanitization of user-supplied input in HTTP request parameters that...

Cisco Spark Messaging Stored Cross-Site Scripting Vulnerability

A vulnerability in the web UI of Cisco Spark Messaging Software could allow an authenticated, remote attacker to perform a stored cross-site scripting XSS attack. The vulnerability is due to insufficient input validation by the web UI of the affected software. An attacker could exploit this...

Cisco Wide Area Application Services Denial-of-Service Vulnerability

A vulnerability in the Akamai Connect feature of Cisco Wide Area Application Services WAAS Appliances could allow an unauthenticated, remote attacker to cause a denial-of-service DoS condition on an affected device. The vulnerability is due to certain file-handling inefficiencies of the affected...

Cisco IOS XE Software Web UI REST API Authentication Bypass Vulnerability

A vulnerability in the REST API of the web-based user interface web UI of Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication to the REST API of the web UI of the affected software. The vulnerability is due to insufficient input validation for the REST A...

Cisco IOS Software for Cisco Industrial Ethernet Switches PROFINET Denial of Service Vulnerability

A vulnerability in the implementation of the PROFINET Discovery and Configuration Protocol PN-DCP for Cisco IOS Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. The vulnerability is due to the improper...

Cisco IOS Software Network Address Translation Denial of Service Vulnerability

A vulnerability in the implementation of Network Address Translation NAT functionality in Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to the improper translation of H.323 messages tha...

Cisco IOS Software for Cisco Integrated Services Routers Generation 2 Denial of Service Vulnerability

A vulnerability in the implementation of a protocol in Cisco Integrated Services Routers Generation 2 ISR G2 Routers running Cisco IOS Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload, resulting in a denial of service DoS condition. The vulnerabilit...

Cisco IOS and IOS XE Software DHCP Remote Code Execution Vulnerability

The DHCP relay subsystem of Cisco IOS and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system. The attacker could also cause an affected system to reload, resulting in a denial of...

Cisco IOS XE Wireless Controller Manager Denial of Service Vulnerability

A vulnerability in the wireless controller manager of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a restart of the switch and result in a denial of service DoS condition. The vulnerability is due to insufficient input validation. An attacker could exploit this...

Cisco IOS and IOS XE Software Plug-and-Play PKI API Certificate Validation Vulnerability

A vulnerability in the Cisco Network Plug and Play application of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate. The vulnerability is due to insufficient certificate...

Cisco IOS XE Software for Cisco ASR 1000 Series and cBR-8 Routers Line Card Console Access Vulnerability

A vulnerability in motherboard console ports of line cards for Cisco ASR 1000 Series Aggregation Services Routers and Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, physical attacker to access an affected device's operating system. The vulnerability exists because an...

Cisco IOS XE Software for Cisco 5760 WLC, Cisco Catalyst 4500E Supervisor Engine 8-E, and Cisco NGWC 3850 GUI Privilege Escalation Vulnerability

A vulnerability in the web-based Wireless Controller GUI of Cisco IOS XE Software for Cisco 5760 Wireless LAN Controllers, Cisco Catalyst 4500E Supervisor Engine 8-E Wireless Switches, and Cisco New Generation Wireless Controllers NGWC 3850 could allow an authenticated, remote attacker to elevate...

Cisco IOS XE Software Locator/ID Separation Protocol Authentication Bypass Vulnerability

A vulnerability in the implementation of the Locator/ID Separation Protocol LISP in Cisco IOS XE Software could allow an unauthenticated, remote attacker using an x tunnel router to bypass authentication checks performed when registering an Endpoint Identifier EID to a Routing Locator RLOC in the...

Cisco IOS Software Common Industrial Protocol Request Denial of Service Vulnerabilities

Multiple vulnerabilities in the implementation of the Common Industrial Protocol CIP feature in Cisco IOS Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. The vulnerabilities are due to the improper...

Cisco IOS XE Software Web UI Privilege Escalation Vulnerability

A vulnerability in the web-based user interface web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate their privileges on an affected device. The vulnerability is due to incorrect default permission settings for new users who are created by using the web UI of t...

Cisco IOS and IOS XE Software Internet Key Exchange Denial of Service Vulnerability

A vulnerability in the Internet Key Exchange Version 2 IKEv2 module of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, or a reload of an affected device that leads to a denial of service DoS condition...