5224 matches found
Cisco Policy Suite Privilege Escalation Vulnerability
A vulnerability in the management of shell user accounts for Cisco Policy Suite CPS Software for CPS appliances could allow an authenticated, local attacker to gain elevated privileges on an affected system. The affected privilege level is not at the root level. The vulnerability is due to...
Cisco Elastic Services Controller Sensitive Log Information Disclosure Vulnerability
A vulnerability in Cisco Elastic Services Controller could allow an authenticated, local, unprivileged attacker to access sensitive information, including credentials for system accounts, on an affected system. The vulnerability is due to improper protection of sensitive log files. An attacker...
Cisco Application Policy Infrastructure Controller Custom Binary Privilege Escalation Vulnerability
A vulnerability in the build procedure for certain executable system files installed at boot time on Cisco Application Policy Infrastructure Controller APIC devices could allow an authenticated, local attacker to gain root-level privileges. The vulnerability is due to a custom executable system...
Cisco Application Policy Infrastructure Controller SSH Privilege Escalation Vulnerability
A vulnerability in Cisco Application Policy Infrastructure Controller APIC could allow an authenticated, remote attacker to gain higher privileges than the account is assigned. The attacker will be granted the privileges of the last user to log in, regardless of whether those privileges are highe...
Cisco Elastic Services Controller Configuration Parameters Information Disclosure Vulnerability
A vulnerability in the ConfD server of the Cisco Elastic Services Controller ESC could allow an authenticated, remote attacker to acquire sensitive system information. The vulnerability is due to insufficient protection of sensitive files on the system. An attacker could exploit this vulnerabilit...
Cisco Ultra Services Platform Deployment Configuration Information Disclosure Vulnerability
A vulnerability in the Elastic Services Controller ESC web interface of the Cisco Ultra Services Platform could allow an authenticated, remote attacker to acquire sensitive information. The vulnerability is due to the transmission of sensitive information as part of a GET request. An attacker cou...
Cisco RV340, RV345, and RV345P Dual WAN Gigabit VPN Routers Information Disclosure Vulnerability
A vulnerability in the web interface of the Cisco RV340, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to Cisco...
Cisco TelePresence Video Communication Server Denial of Service Vulnerability
A vulnerability in the Session Initiation Protocol SIP on the Cisco TelePresence Video Communication Server VCS could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on the targeted appliance. The vulnerability is due to excessive SIP traffic sent to the devic...
Cisco StarOS for ASR 5000 Series Routers Privilege Escalation Vulnerability
A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to elevate their privileges to admin-level privileges. The vulnerability is due to incorrect permissions that are given to a set o...
Cisco StarOS for ASR 5000 Series Routers Command-Line Interface Security Bypass Vulnerability
A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to bypass the CLI restrictions and execute commands on the underlying operating system. The vulnerability is due to insufficient...
Cisco Elastic Services Controller Cross-Site Scripting Vulnerability
A vulnerability in the web framework of Cisco Elastic Services Controller ESC could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface. The vulnerability is due to insufficient validation of user-supplied input by the affecte...
Cisco Jabber Guest Server Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Jabber Guest Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of the affected software. The vulnerability is due to insufficient...
Cisco Smart Net Total Care Contracts Details Page SQL Injection Vulnerability
A vulnerability in the web-based management interface of the Cisco Smart Net Total Care SNTC Contracts Details Page could allow an authenticated, remote attacker to perform a read-only, blind SQL injection attack, which could allow the attacker to compromise the confidentiality of the system...
Cisco Prime Collaboration Provisioning Tool Pervasive Cross-Site Request Forgery Vulnerability
A vulnerability in the Web UI Application of the Cisco Prime Collaboration Provisioning Tool could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to a lack of defense against cross-site request forgery CSRF attacks. An attacker could exploit this...
Cisco Finesse Reflected Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of...
Cisco Adaptive Security Appliance Username Enumeration Information Disclosure Vulnerability
A vulnerability in the web interface of the Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to determine valid usernames. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to the interaction between...
Cisco Prime Collaboration Provisioning Tool UpgradeManager File Write Vulnerability
A vulnerability in the UpgradeManager of the Cisco Prime Collaboration Provisioning Tool could allow an authenticated, remote attacker to write arbitrary files as root on the system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by...
Cisco Adaptive Security Appliance Authenticated Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance ASA could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...
Cisco Unified Communications Manager Directory Traversal Vulnerability
A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to access arbitrary files in the context of the web root directory structure on an affected device. The vulnerability is due to insufficient input validation by the affected...
Cisco Firepower System Software Secure Sockets Layer Policy Bypass Vulnerability
A vulnerability in the Secure Sockets Layer SSL Decryption and Inspection feature of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass the SSL policy for decrypting and inspecting traffic on an affected system. The vulnerability is due to unexpected...
Cisco Unified Communications Manager SQL Injection Vulnerability
A vulnerability in Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a blind SQL injection attack. The vulnerability is due to a failure to validate user-supplied input used in SQL queries that bypass protection filters. An attacker could exploit this...
Cisco Meeting Server H.264 Protocol Denial of Service Vulnerability
A vulnerability in the implementation of the H.264 protocol in Cisco Meeting Server CMS could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected system. The vulnerability exists because the affected application does not properly validate...
Cisco Videoscape Distribution Suite Cache Server Denial of Service Vulnerability
A vulnerability in the cache server within Cisco Videoscape Distribution Suite VDS for Television could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on a targeted appliance. The vulnerability is due to excessive mapped connections exhausting the allotted...
Cisco Adaptive Security Appliance WebVPN Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...
Cisco Identity Services Engine Authentication Bypass Vulnerability
A vulnerability in the authentication module of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to bypass local authentication. The vulnerability is due to improper handling of authentication requests and policy assignment for externally authenticated users. An...
Multiple Cisco Products OSPF LSA Manipulation Vulnerability
Multiple Cisco products are affected by a vulnerability involving the Open Shortest Path First OSPF Routing Protocol Link State Advertisement LSA database. This vulnerability could allow an unauthenticated, remote attacker to take full control of the OSPF Autonomous System AS domain routing table...
Cisco IOS and IOS XE Software Autonomic Control Plane Channel Information Disclosure Vulnerability
A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to reset the Autonomic Control Plane ACP of an affected system and view ACP packets that are transferred in clear text within an affected system. T...
Cisco IOS XE Software Autonomic Networking Infrastructure Certificate Revocation Vulnerability
A vulnerability in the Autonomic Networking feature of Cisco IOS XE Software could allow an unauthenticated, remote, autonomic node to access the Autonomic Networking infrastructure of an affected system, after the certificate for the autonomic node has been revoked. The vulnerability exists...
Cisco IOS and IOS XE Software Autonomic Networking Infrastructure Denial of Service Vulnerability
A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause autonomic nodes of an affected system to reload, resulting in a denial of service DoS condition. The vulnerability is due to an unknown...
Cisco Access Control System Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of the Cisco Secure Access Control System ACS could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web interface of the affected system. The vulnerability is due to insufficien...
Cisco Web Security Appliance Static Credentials Vulnerability
A vulnerability in AsyncOS for the Cisco Web Security Appliance WSA could allow an unauthenticated, local attacker to log in to the device with the privileges of a limited user or an unauthenticated, remote attacker to authenticate to certain areas of the web GUI. The vulnerability is due to a us...
Cisco Web Security Appliance Command Injection and Privilege Escalation Vulnerability
A vulnerability in the web interface of the Cisco Web Security Appliance WSA could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid administrator credentials. The vulnerability is due to insufficient...
Cisco ASR 5000 Series Aggregation Services Routers Access Control List Security Bypass Vulnerability
A vulnerability in certain filtering mechanisms of access control lists ACLs for Cisco ASR 5000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass ACL rules that have been configured for an affected device. The vulnerability exists because the affected...
Cisco Web Security Appliance Authenticated Command Injection and Privilege Escalation Vulnerability
A vulnerability in the CLI parser of the Cisco Web Security Appliance WSA could allow an authenticated, local attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid operator-level or administrator-level credentials. The vulnerability is due...
Cisco Web Security Appliance Administrative Interface Access Control Bypass Vulnerability
A vulnerability in the web proxy functionality of the Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to forward traffic from the web proxy interface of an affected device to the administrative management interface of an affected device. The vulnerability exists...
Cisco Prime Collaboration Provisioning Tool Web Portal Cross-Site Scripting Vulnerability
A vulnerability in the web portal of the Cisco Prime Collaboration Provisioning PCP Tool could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validatio...
Cisco Web Security Appliance Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Web Security Appliance WSA could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...
Cisco ASR 5000 Series Aggregation Services Routers GGSN Gateway Redirect Vulnerability
A vulnerability in the gateway GPRS support node GGSN of Cisco ASR 5000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to redirect HTTP traffic sent to an affected device. The vulnerability exists because the affected device does not sufficiently validate HTTP...
Cisco WebEx Browser Extension Remote Code Execution Vulnerability
A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx...
Cisco Identity Services Engine Guest Portal Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected device. The vulnerability is due to insufficient...
Cisco FireSIGHT System Software Arbitrary Code Execution Vulnerability
A vulnerability in the backup and restore functionality of Cisco FireSIGHT System Software could allow an authenticated, local attacker to execute arbitrary code on a targeted system. The vulnerability is due to improper handling of modified backup configuration files. An attacker could exploit...
Cisco Prime Network Information Disclosure Vulnerability
A vulnerability in the CLI of the Cisco Prime Network Gateway could allow an authenticated, local attacker to retrieve system process information, which could lead to the disclosure of confidential information. The vulnerability is due to a lack of input and validation checking mechanisms in the...
Cisco IOS XR Software Incorrect Permissions Privilege Escalation Vulnerability
A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary code at the root privilege level on an affected system. The vulnerability is due to incorrect permissions that are given to a set of users. An attacker could exploit this...
Cisco Wide Area Application Services Central Manager Information Disclosure Vulnerability
A vulnerability in the web-based GUI of Cisco Wide Area Application Services WAAS Central Manager could allow an unauthenticated, remote attacker to retrieve completed reports from an affected system. The vulnerability is due to a processing error in how the affected software applies role-based...
Cisco Elastic Services Controller Arbitrary Command Execution Vulnerability
A vulnerability in certain commands of Cisco Elastic Services Controller could allow an authenticated, remote attacker to elevate privileges to root and run dangerous commands on the server. The vulnerability occurs because a "tomcat" user on the system can run certain shell commands, allowing th...
Cisco Prime Network Privilege Escalation Vulnerability
A vulnerability in the installation procedure for Cisco Prime Network Software could allow an authenticated, local attacker to elevate their privileges to root privileges. The vulnerability is due to the use of incorrect installation and permission settings for binary files when the affected...
Cisco StarOS Border Gateway Protocol Process Denial of Service Vulnerability
A vulnerability in the Border Gateway Protocol BGP processing functionality of the Cisco StarOS operating system for Cisco ASR 5000 Series Routers and Cisco Virtualized Packet Core VPC Software could allow an unauthenticated, remote attacker to cause the BGP process on an affected system to reloa...
Cisco Ultra Services Framework AutoVNF Log File User Credential Information Disclosure Vulnerability
A vulnerability in the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to access administrative credentials for Cisco Elastic Services Controller ESC and Cisco OpenStack deployments in an affected system. The vulnerability exists because the...
Cisco Ultra Services Framework AutoVNF Symbolic Link Handling Information Disclosure Vulnerability
A vulnerability in the symbolic link symlink creation functionality of the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to read sensitive files or execute malicious code on an affected system. The vulnerability is due to the absence of...
Cisco StarOS CLI Command Injection Vulnerability
A vulnerability in the CLI command-parsing code of the Cisco StarOS operating system for Cisco ASR 5000 Series, 5500 Series, and 5700 Series devices and Cisco Virtualized Packet Core VPC Software could allow an authenticated, local attacker to break from the StarOS CLI of an affected system and...