Cisco IOS Software for Cisco Catalyst 6800 Series Switches VPLS Denial of Service Vulnerability

A vulnerability in the Virtual Private LAN Service VPLS code of Cisco IOS Software for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, adjacent attacker to cause a C6800-16P10G or C6800-16P10G-XL type line card to crash, resulting in a denial of service DoS condition. The...

Cisco Unified Intelligence Center Cross-Site Scripting Vulnerability

A vulnerability in the web interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to perform a Document Object Model DOM-based cross-site scripting attack. The vulnerability is due to insufficient input validation of some parameters passed to the web server...

Cisco Small Business SPA300, SPA500, and SPA51x Series IP Phones Denial of Service Vulnerability

A vulnerability in the handling of IP fragments for the Cisco Small Business SPA300, SPA500, and SPA51x Series IP Phones could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service DoS condition. The vulnerability is due to the...

Cisco Wide Area Application Services HTTP Application Optimization Denial of Service Vulnerability

A vulnerability in the HTTP web interface for Cisco Wide Area Application Services WAAS could allow an unauthenticated, remote attacker to cause an HTTP Application Optimization AO related process to restart, causing a partial denial of service DoS condition. The vulnerability is due to lack of...

Cisco Unified Intelligence Center Cross-Site Scripting Vulnerability

A vulnerability in the web framework code of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation...

Cisco UCS Central Software Command Line Interface Restricted Shell Break Vulnerability

A vulnerability in the CLI of Cisco UCS Central Software could allow an authenticated, local attacker to gain shell access. The vulnerability is due to insufficient input validation of commands entered in the CLI. An attacker could exploit this vulnerability by entering a specific command with...

Cisco Unified Customer Voice Portal Operations Console Privilege Escalation Vulnerability

A vulnerability in the Operations, Administration, Maintenance, and Provisioning OAMP credential reset functionality for Cisco Unified Customer Voice Portal CVP could allow an authenticated, remote attacker to gain elevated privileges. The vulnerability is due to a lack of proper input validation...

Cisco Unified Intelligence Center User Interface Cross-Site Request Forgery Vulnerability

A vulnerability in the Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to a lack of cross-site request forgery CSRF protection. An attacker could exploit this vulnerability by tricking the user of a web...

Cisco FindIT DLL Preloading Vulnerability

A vulnerability in the Cisco FindIT Network Discovery Utility could allow an authenticated, local attacker to perform a DLL preloading attack, potentially causing a partial impact to device availability, confidentiality, and integrity. The vulnerability is due to the application loading a malicio...

Cisco Small Business Managed Switches Denial of Service Vulnerability

A vulnerability in the Secure Shell SSH subsystem of Cisco Small Business Managed Switches software could allow an authenticated, remote attacker to cause a reload of the affected switch, resulting in a denial of service DoS condition. The vulnerability is due to improper processing of SSH...

Cisco Email Security Appliance Denial of Service Vulnerability

A vulnerability in the email message filtering feature of Cisco AsyncOS Software for the Cisco Email Security Appliance could allow an unauthenticated, remote attacker to cause an affected device to run out of memory and stop scanning and forwarding email messages. When system memory is depleted,...

Cisco Meeting Server TURN Server Unauthorized Access and Information Disclosure Vulnerability

A vulnerability in the Traversal Using Relay NAT TURN server included with Cisco Meeting Server CMS could allow an authenticated, remote attacker to gain unauthenticated or unauthorized access to components of or sensitive information in an affected system. The vulnerability is due to an incorrec...

Apache Struts 2 Remote Code Execution Vulnerability Affecting Multiple Cisco Products: September 2017

On September 7, 2017, the Apache Software Foundation released a security bulletin that disclosed a vulnerability in the Freemarker tag functionality of the Apache Struts 2 package. The vulnerability could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. T...

Multiple Vulnerabilities in Apache Struts 2 Affecting Cisco Products: September 2017

On September 5, 2017, the Apache Software Foundation released security bulletins that disclosed three vulnerabilities in the Apache Struts 2 package. Of these vulnerabilities, the Apache Software Foundation classifies one as Critical Severity, one as Medium Severity, and one as Low Severity. For...

Cisco Unified Communications Manager Trust Verification Service Denial of Service Vulnerability

A vulnerability in the Trust Verification Service TVS of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper handling of Transport Layer Security TLS traffic by...

Cisco Catalyst 4000 Series Switches Dynamic ACL Bypass Vulnerability

A vulnerability in the dynamic access control list ACL feature of Cisco IOS XE Software running on Cisco Catalyst 4000 Series Switches could allow an unauthenticated, adjacent attacker to cause dynamic ACL assignment to fail and the port to fail open. This could allow the attacker to pass traffic...

Cisco IOS and Cisco IOS XE Software IPv6 SNMP Message Handling Denial of Service Vulnerability

A vulnerability in the IPv6 Simple Network Management Protocol SNMP code of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to cause high CPU usage or a reload of the device. The vulnerability is due to IPv6 sub block corruption. An attacker could exploit this...

Cisco IoT Field Network Director Memory Exhaustion Denial of Service Vulnerability

A vulnerability in the TCP throttling process for Cisco IoT Field Network Director IoT-FND could allow an unauthenticated, remote attacker to cause the system to consume additional memory, eventually forcing the device to restart. The vulnerability is due to insufficient rate-limiting protection...

Cisco Prime Collaboration Provisioning Tool System File Overwrite Vulnerability

A vulnerability in the batch provisioning feature in Cisco Prime Collaboration Provisioning Tool could allow an authenticated, remote attacker to overwrite system files as root. The vulnerability is due to lack of input validation of the parameters in BatchFileName and Directory. An attacker coul...

Cisco ASR 5500 System Architecture Evolution Gateway GPRS Tunneling Protocol Denial of Service Vulnerability

A vulnerability in the General Packet Radio Service GPRS Tunneling Protocol ingress packet handler of Cisco ASR 5500 System Architecture Evolution SAE Gateways could allow an unauthenticated, remote attacker to cause a partial denial of service DoS condition on an affected device. The vulnerabili...

Cisco SocialMiner XML External Entity Injection Vulnerability

A vulnerability in the web-based user interface of Cisco SocialMiner could allow an unauthenticated, remote attacker to have read and write access to information stored in the affected system. The vulnerability is due to improper handling of XML External Entity XXE entries when parsing an XML fil...

Cisco Prime LAN Management Solution Session Fixation Vulnerability

A vulnerability in the web functionality of the Cisco Prime LAN Management Solution could allow an authenticated, remote attacker to hijack another user's administrative session. The vulnerability is due to the reuse of a preauthentication session token as part of the postauthentication session. ...

Cisco Firepower Management Center Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...

Cisco Meeting Server Guest Hyperlink Information Disclosure Vulnerability

A vulnerability in the ability for guest users to join meetings via a hyperlink with Cisco Meeting Server could allow an authenticated, remote attacker to enter a meeting with a hyperlink URL, even though access should be denied. The vulnerability is due to the incorrect implementation of the...

Cisco Yes Set-Top Box Denial of Service vulnerability

A vulnerability in the HTTP remote procedure call RPC service of set-top box STB receivers manufactured by Cisco for Yes could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability exists because the firmware of an affected...

Cisco Emergency Responder Blind SQL Injection Vulnerability

A vulnerability in the SQL database interface for Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a blind SQL injection attack. The vulnerability is due to a failure to validate user-supplied input used in SQL queries that bypass protection filters. An attacker...

Cisco IR800 Integrated Services Router ROM Monitor Input Validation Vulnerability

A vulnerability in the ROM Monitor ROMMON code of Cisco IR800 Integrated Services Router Software could allow an unauthenticated, local attacker to boot an unsigned Hypervisor on an affected device and compromise the integrity of the system. The vulnerability is due to insufficient sanitization o...

Cisco Unity Connection Reflected Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain...

Cisco IOS XE Software for Cisco ASR 920 Series Routers Arbitrary File Overwrite Vulnerability

A vulnerability in the USB-modem code of Cisco IOS XE Software running on Cisco ASR 920 Series Aggregation Services Routers could allow an authenticated, local attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper inpu...

Cisco Prime Collaboration Provisioning Tool Inventory Management Feature Information Disclosure Vulnerability

A vulnerability in the Inventory Management feature of Cisco Prime Collaboration Provisioning Tool could allow an authenticated, remote attacker to view sensitive information on the system. The vulnerability is due to insufficient protection of restricted information. An attacker could exploit th...

Cisco IOS and Cisco IOS XE Software UDP Packet Processing Denial of Service Vulnerability

A vulnerability in the UDP processing code of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the input queue of an affected system to hold UDP packets, causing an interface queue wedge and a denial of service DoS condition. The vulnerability is due to...

Cisco Email Security Appliance Malformed EML Attachment Bypass Vulnerability

A vulnerability in the malware detection functionality within Advanced Malware Protection AMP of Cisco AsyncOS Software for Cisco Email Security Appliances ESAs could allow an unauthenticated, remote attacker to cause an email attachment containing malware to be delivered to the end user. The...

Cisco Unified Intelligence Center Cross-Site Scripting Vulnerability

A vulnerability in the Cisco Unified Intelligence Center web interface could allow an unauthenticated, remote attacker to impact the integrity of the system by executing a Document Object Model DOM-based, environment or client-side cross-site scripting XSS attack. The vulnerability occurs because...

Cisco Firepower Management Center Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of the affected software. The vulnerability is due to insufficient validation of user-supplied...

Cisco IOS XE Software for Cisco ASR 920 Series Routers Arbitrary Command Execution Vulnerability

A vulnerability in the USB-modem code of Cisco IOS XE Software running on Cisco ASR 920 Series Aggregation Services Routers could allow an authenticated, local attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to...

Cisco Meeting Server Command Injection and Privilege Escalation Vulnerability

A vulnerability in the CLI command-parsing code of Cisco Meeting Server could allow an authenticated, local attacker to perform command injection and escalate their privileges to root. The attacker must first authenticate to the application with valid administrator credentials. The vulnerability ...

Cisco Application Policy Infrastructure Controller SSH Privilege Escalation Vulnerability

A vulnerability in Cisco Application Policy Infrastructure Controller APIC could allow an authenticated, remote attacker to gain higher privileges than the account is assigned. The attacker will be granted the privileges of the last user to log in, regardless of whether those privileges are highe...

Cisco Elastic Services Controller Sensitive Log Information Disclosure Vulnerability

A vulnerability in Cisco Elastic Services Controller could allow an authenticated, local, unprivileged attacker to access sensitive information, including credentials for system accounts, on an affected system. The vulnerability is due to improper protection of sensitive log files. An attacker...

Cisco Elastic Services Controller Configuration Files Information Disclosure Vulnerability

A vulnerability in Cisco Elastic Services Controller ESC could allow an authenticated, remote attacker to view sensitive information. The vulnerability is due to insufficient protection of sensitive data. An attacker could exploit this vulnerability by authenticating to the application and...

Cisco Application Policy Infrastructure Controller Custom Binary Privilege Escalation Vulnerability

A vulnerability in the build procedure for certain executable system files installed at boot time on Cisco Application Policy Infrastructure Controller APIC devices could allow an authenticated, local attacker to gain root-level privileges. The vulnerability is due to a custom executable system...

Cisco Virtual Network Function Element Manager Arbitrary Command Execution Vulnerability

A vulnerability in the Cisco Virtual Network Function VNF Element Manager could allow an authenticated, remote attacker to elevate privileges and run commands in the context of the root user on the server. The vulnerability is due to command settings that allow Cisco VNF Element Manager users to...

Cisco TelePresence Video Communication Server Denial of Service Vulnerability

A vulnerability in the Session Initiation Protocol SIP on the Cisco TelePresence Video Communication Server VCS could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on the targeted appliance. The vulnerability is due to excessive SIP traffic sent to the devic...

Cisco Elastic Services Controller Configuration Parameters Information Disclosure Vulnerability

A vulnerability in the ConfD server of the Cisco Elastic Services Controller ESC could allow an authenticated, remote attacker to acquire sensitive system information. The vulnerability is due to insufficient protection of sensitive files on the system. An attacker could exploit this vulnerabilit...

Cisco Unified Communications Manager Horizontal Privilege Escalation Vulnerability

A vulnerability in configuration modification permissions validation for Cisco Unified Communications Manager could allow an authenticated, remote attacker to perform a horizontal privilege escalation where one user can modify another user's configuration. The vulnerability is due to lack of prop...

Cisco StarOS for ASR 5000 Series Routers Command-Line Interface Security Bypass Vulnerability

A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to bypass the CLI restrictions and execute commands on the underlying operating system. The vulnerability is due to insufficient...

Cisco RV340, RV345, and RV345P Dual WAN Gigabit VPN Routers Information Disclosure Vulnerability

A vulnerability in the web interface of the Cisco RV340, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to Cisco...

Cisco AnyConnect WebLaunch Cross-Site Scripting Vulnerability

The WebLaunch functionality of Cisco AnyConnect Secure Mobility Client Software contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the affected software. The vulnerability is due to insufficient input...

Cisco StarOS for ASR 5000 Series Routers FTP Configuration File Modification Vulnerability

A vulnerability in Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify sensitive system files. The vulnerability is due to the inclusion of sensitive system files within specific FTP...

Cisco Policy Suite Privilege Escalation Vulnerability

A vulnerability in the management of shell user accounts for Cisco Policy Suite CPS Software for CPS appliances could allow an authenticated, local attacker to gain elevated privileges on an affected system. The affected privilege level is not at the root level. The vulnerability is due to...

Cisco Ultra Services Platform Deployment Configuration Information Disclosure Vulnerability

A vulnerability in the Elastic Services Controller ESC web interface of the Cisco Ultra Services Platform could allow an authenticated, remote attacker to acquire sensitive information. The vulnerability is due to the transmission of sensitive information as part of a GET request. An attacker cou...