5224 matches found
Cisco Elastic Services Controller Insecure Default Credentials Vulnerability
A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux admin user. The vulnerability is due to the existence of a default, weak, hard-coded password for the Linux admin user of an affected system. A successf...
Cisco Email Security and Content Security Management Appliance Message Tracking Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Email Security Appliance ESA and Cisco Content Security Management Appliance SMA could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an...
Cisco Elastic Services Controller Insecure Default Password Vulnerability
A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux root user. The vulnerability is due to the existence of a default, weak, hard-coded password for the Linux root user of an affected system. A successful...
Cisco Elastic Services Controller Information Disclosure Vulnerability
A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to improper permissions that are set for certain files by the affected service. An attacker could...
Cisco Firepower Management Center Information Disclosure Vulnerability
A vulnerability in Cisco Firepower Management Center could allow an authenticated, remote attacker to obtain user information. An attacker could use this information to perform reconnaissance. The vulnerability is due to verbose output in HTTP log files. An attacker could retrieve the log files...
Cisco Email Security Appliance Attachment Filter Bypass Vulnerability
A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass configured filters on the device. The vulnerability is due to improper input validation of an email with an attachment and...
Cisco Ultra Services Platform Plaintext Credential Logging Information Disclosure Vulnerability
A vulnerability in the Virtual Network Function Manager's VNFM logging function of Cisco Ultra Services Platform could allow an authenticated, local attacker to view sensitive data on an affected system. The vulnerability is due to insufficient protection of sensitive data. An attacker could...
Cisco Ultra Services Framework AutoVNF VNFStagingView Information Disclosure Vulnerability
A vulnerability in the AutoVNF VNFStagingView class of Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to execute a relative path traversal attack, enabling an attacker to read sensitive files on the system. The vulnerability is due to insufficient sanity checks...
Cisco Network Convergence System 5500 Series Routers Local Denial of Service Vulnerability
A vulnerability in the forwarding component of Cisco IOS XR Software for Cisco Network Convergence System NCS 5500 Series Routers could allow an authenticated, local attacker to cause the router to stop forwarding data traffic across Traffic Engineering TE tunnels, resulting in a denial of servic...
Cisco Elastic Services Controller Authentication Request Processing Arbitrary Command Execution Vulnerability
A vulnerability in the esclistener.py script of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to execute arbitrary commands as the tomcat user on an affected system. The vulnerability is due to insufficient sanitization of arguments that are passed while...
Cisco NX-OS Software Fibre Channel over Ethernet Denial of Service Vulnerability
A vulnerability in the Fibre Channel over Ethernet FCoE protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition when an FCoE-related process unexpectedly reloads. The vulnerability is due to a lack of proper FCoE...
Cisco Elastic Services Controller Insecure Default Administrator Credentials Vulnerability
A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the admin user. The vulnerability is due to the existence of a default, weak, hard-coded password for the admin user of an affected system. An...
Cisco Ultra Services Framework Element Manager Insecure Default Credentials Vulnerability
A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker with access to the management network to log in as an admin or oper user of the affected device. The vulnerability is due to weak, hard-coded credentials of the admin and oper user...
Vulnerability in Samba Affecting Cisco Products: May 2017
On May 24, 2017, the Samba team disclosed a vulnerability in Samba server software that could allow an authenticated attacker to execute arbitrary code remotely on a targeted system. This vulnerability has been assigned CVE ID CVE-2017-7494 This advisory is available at the following link:...
Cisco Firepower System Software URL Filtering Bypass Vulnerability
A vulnerability in the feature-license management functionality of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass URL filters that have been configured for an affected device. The vulnerability exists because the URL Filtering license for the affected...
Cisco Prime Collaboration Provisioning Authentication Bypass Vulnerability
A vulnerability in the web interface for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to bypass authentication and perform command injection with root privileges. The vulnerability is due to missing security constraints in certain HTTP request methods,...
Cisco Unified Communications Manager Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...
Cisco Prime Collaboration Provisioning Directory Traversal Arbitrary File Deletion Vulnerability
A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software could allow an authenticated, remote attacker to delete any file from an affected system. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests and...
Cisco Remote Expert Manager Virtual Directory Information Disclosure Vulnerability
A vulnerability in the web interface of Cisco Remote Expert Manager Software could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding t...
Cisco Prime Collaboration Provisioning Directory Traversal Information Disclosure Vulnerability
A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software could allow an authenticated, remote attacker to view any file on an affected system. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests and fails ...
Cisco Remote Expert Manager Information Disclosure Vulnerability
A vulnerability in the web interface of Cisco Remote Expert Manager Software could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding t...
Cisco Remote Expert Manager Information Disclosure Vulnerability
A vulnerability in the web interface of Cisco Remote Expert Manager Software could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding t...
Cisco TelePresence IX5000 Series Directory Traversal Vulnerability
A vulnerability in the web framework of the Cisco TelePresence IX5000 Series could allow an unauthenticated, remote attacker to access arbitrary files on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using directory...
Cisco Remote Expert Manager Temporary File Information Disclosure Vulnerability
A vulnerability in the web interface of Cisco Remote Expert Manager Software could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding t...
Cisco Remote Expert Manager Denial of Service Vulnerability
A vulnerability in the TCP connection handling functionality of Cisco Remote Expert Manager Software could allow an unauthenticated, remote attacker to disable TCP ports and cause a denial of service DoS condition on an affected system. The vulnerability is due to a lack of rate-limiting...
Cisco Industrial Ethernet 1000 Series Switches Device Manager Cross-Site Request Forgery Vulnerability
A vulnerability in the Device Manager web interface of Cisco Industrial Ethernet 1000 Series Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against a user of an affected system. The vulnerability is due to insufficient CSRF protection ...
Cisco Prime Collaboration Provisioning Information Disclosure Vulnerability
A vulnerability in the web interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to insufficient protection of...
Cisco Nexus Series Switches Telnet CLI Command Injection Vulnerability
A vulnerability in the Telnet CLI command of Cisco NX-OS System Software running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could...
Cisco Prime Collaboration Provisioning Directory Traversal Arbitrary File Deletion Vulnerability
A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software could allow an authenticated, remote attacker to delete any file from an affected system. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests and...
Cisco Remote Expert Manager Order Information Disclosure Vulnerability
A vulnerability in the web interface of Cisco Remote Expert Manager Software could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding t...
Cisco Policy Suite Privilege Escalation Vulnerability
A vulnerability in a script file that is installed as part of the Cisco Policy Suite CPS Software distribution for the CPS appliance could allow an authenticated, local attacker to escalate their privilege level to root. The vulnerability is due to incorrect sudoers permissions on the script file...
Cisco UCS C-Series Rack Servers TCP Port Denial of Service Vulnerability
A vulnerability in the TCP throttling process of Cisco UCS C-Series Rack Servers could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to insufficient rate-limiting protection. An attacker could exploit this...
Cisco IP Phone 8851 Session Initiation Protocol Denial of Service Vulnerability
A vulnerability in the Session Initiation Protocol SIP implementation of Cisco IP Phone 8851 could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to an abnormal SIP message. An attacker could exploit this vulnerability by manipulatin...
Cisco Nexus Series Switches CLI Command Injection Vulnerability
A vulnerability in the CLI of Cisco NX-OS System Software running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this...
Cisco Identity Services Engine GUI Denial of Service Vulnerability
A vulnerability in the TCP throttling process for the GUI of the Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device where the ISE GUI may fail to respond to new or established connection requests. The...
Cisco Remote Expert Manager Virtual Temporary Directory Information Disclosure Vulnerability
A vulnerability in the web interface of Cisco Remote Expert Manager Software could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding t...
Cisco FirePOWER System Software SSL Logging Denial of Service Vulnerability
A vulnerability in the logging configuration of Secure Sockets Layer SSL policies for Cisco FirePOWER System Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition due to high consumption of system resources. The vulnerability is due to the logging of...
Cisco Snort++ Protocol Decoder Denial of Service Vulnerabilities
Two vulnerabilities in the protocol decoders of Snort++ Snort 3 could allow an unauthenticated, remote attacker to create a Denial of Service DoS condition. The vulnerabilities are due to lack of validation in the protocol decoders. An attacker could exploit these vulnerabilities by crafting a...
Intel Active Management Technology Privilege Escalation Vulnerability
On May 1st, 2017, Intel released a security advisory titled Intel Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability Escalation of Privilege, also known as INTEL-SA-00075. The advisory details a vulnerability in the Intel Active Management AMT, Intel...
Cisco WebEx Meetings Server Information Disclosure Vulnerability
A vulnerability in Cisco WebEx Meetings Server could allow unauthenticated, remote attackers to gain information that could allow them to access scheduled customer meetings. The vulnerability is due to an incomplete configuration of the robots.txt file on customer-hosted WebEx solutions and occur...
Cisco Firepower Threat Defense and Cisco ASA with FirePOWER Module Denial of Service Vulnerability
A vulnerability in the access control policy of Cisco Firepower System Software could allow an authenticated, remote attacker to cause an affected system to stop inspecting and processing packets, resulting in a denial of service DoS condition. The vulnerability is due to improper SSL policy...
Cisco IOS XR Software Denial of Service Vulnerability
A vulnerability in the Event Management Service daemon emsd of Cisco IOS XR routers could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on the affected device. The vulnerability is due to improper handling of gRPC requests. An attacker could exploit this...
Cisco CVR100W Wireless-N VPN Router Universal Plug-and-Play Buffer Overflow Vulnerability
A vulnerability in the Universal Plug-and-Play UPnP implementation in the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, Layer 2–adjacent attacker to execute arbitrary code or cause a denial of service DoS condition. The remote code execution could occur with root privileges...
Cisco CallManager Express Unauthorized Access Vulnerability
A vulnerability in Cisco IOS Software for Cisco CallManager Express CME could allow an unauthenticated, remote attacker to make unauthorized phone calls. The vulnerability is due to a configuration restriction in the toll-fraud protections component of the affected software. An attacker could...
Cisco Aironet 1800, 2800, and 3800 Series Access Points Plug-and-Play Arbitrary Code Execution Vulnerability
A vulnerability in the Plug-and-Play PnP subsystem of the Cisco Aironet 1800, 2800, and 3800 Series Access Points running a Lightweight Access Point AP or Mobility Express image could allow an unauthenticated, adjacent attacker to execute arbitrary code with root privileges. The vulnerability is...
Cisco Wide Area Application Services SMART-SSL Accelerator Denial of Service Vulnerability
A vulnerability in SMART-SSL Accelerator functionality for Cisco Wide Area Application Services WAAS could allow an unauthenticated, remote attacker to cause a denial of service DoS condition where the WAN optimization could stop functioning while the process restarts. The vulnerability is due to...
Cisco TelePresence ICMP Denial of Service Vulnerability
A vulnerability in the ICMP ingress packet processing of Cisco TelePresence Collaboration Endpoint CE Software could allow an unauthenticated, remote attacker to cause the TelePresence endpoint to reload unexpectedly, resulting in a denial of service DoS condition. The vulnerability is due to...
Cisco Finesse for Cisco Unified Contact Center Enterprise Information Disclosure Vulnerability
A vulnerability in the Cisco Finesse Notification Service for Cisco Unified Contact Center Enterprise UCCE could allow an unauthenticated, remote attacker to retrieve information from agents using the Finesse Desktop. The vulnerability is due to the existence of a user account that has an...
Cisco Unity Connection ImageID Parameter Unauthorized Access Vulnerability
A vulnerability in the ImageID parameter of Cisco Unity Connection could allow an unauthenticated, remote attacker to access files in arbitrary locations on the filesystem of an affected device. The issue is due to improper sanitization of user-supplied input in HTTP POST parameters that describe...
Cisco CVR100W Wireless-N VPN Router Remote Management Security Bypass Vulnerability
A vulnerability in the remote management access control list ACL feature of the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, remote attacker to bypass the remote management ACL. The vulnerability is due to incorrect implementation of the ACL decision made during the ingress...