Cisco Prime Collaboration Assurance Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF...

Cisco Context Service SDK Arbitrary Code Execution Vulnerability

A vulnerability in the update process for the dynamic JAR file of the Cisco Context Service software development kit SDK could allow an unauthenticated, remote attacker to execute arbitrary code on the affected device with the privileges of the web server. The vulnerability is due to insufficient...

Cisco Unified Communications Domain Manager SQL Injection Vulnerabilities

Vulnerabilities in the web-based GUI of Cisco Unified Communications Domain Manager CUCDM could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries. The vulnerabilities are due to insufficient validation of user-supplied input in...

Cisco StarOS Arbitrary File Modification Vulnerability

A vulnerability in the file check operation of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify arbitrary files on an affected system. The vulnerability is due to insufficient input...

Cisco Elastic Services Controller Web Interface System Credentials Information Disclosure Vulnerability

A vulnerability in the web interface of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive credentials that are stored in an affected system. The vulnerability exists because the affected software does not sufficiently control access to the...

Cisco Firepower Management Center Information Disclosure Vulnerability

A vulnerability in Cisco Firepower Management Center could allow an authenticated, remote attacker to obtain user information. An attacker could use this information to perform reconnaissance. The vulnerability is due to verbose output in HTTP log files. An attacker could retrieve the log files...

Cisco Ultra Services Platform Plaintext Credential Logging Information Disclosure Vulnerability

A vulnerability in the Virtual Network Function Manager's VNFM logging function of Cisco Ultra Services Platform could allow an authenticated, local attacker to view sensitive data on an affected system. The vulnerability is due to insufficient protection of sensitive data. An attacker could...

Vulnerability in Samba Affecting Cisco Products: May 2017

On May 24, 2017, the Samba team disclosed a vulnerability in Samba server software that could allow an authenticated attacker to execute arbitrary code remotely on a targeted system. This vulnerability has been assigned CVE ID CVE-2017-7494 This advisory is available at the following link:...

Cisco Firepower System Software URL Filtering Bypass Vulnerability

A vulnerability in the feature-license management functionality of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass URL filters that have been configured for an affected device. The vulnerability exists because the URL Filtering license for the affected...

Cisco Policy Suite Privilege Escalation Vulnerability

A vulnerability in a script file that is installed as part of the Cisco Policy Suite CPS Software distribution for the CPS appliance could allow an authenticated, local attacker to escalate their privilege level to root. The vulnerability is due to incorrect sudoers permissions on the script file...

Cisco Nexus Series Switches CLI Command Injection Vulnerability

A vulnerability in the CLI of Cisco NX-OS System Software running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this...

Cisco FirePOWER System Software SSL Logging Denial of Service Vulnerability

A vulnerability in the logging configuration of Secure Sockets Layer SSL policies for Cisco FirePOWER System Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition due to high consumption of system resources. The vulnerability is due to the logging of...

Cisco Prime Collaboration Provisioning Directory Traversal Arbitrary File Deletion Vulnerability

A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software could allow an authenticated, remote attacker to delete any file from an affected system. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests and...

Cisco UCS C-Series Rack Servers TCP Port Denial of Service Vulnerability

A vulnerability in the TCP throttling process of Cisco UCS C-Series Rack Servers could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to insufficient rate-limiting protection. An attacker could exploit this...

Cisco Prime Collaboration Provisioning Authentication Bypass Vulnerability

A vulnerability in the web interface for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to bypass authentication and perform command injection with root privileges. The vulnerability is due to missing security constraints in certain HTTP request methods,...

Cisco Remote Expert Manager Temporary File Information Disclosure Vulnerability

A vulnerability in the web interface of Cisco Remote Expert Manager Software could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding t...

Cisco Identity Services Engine GUI Denial of Service Vulnerability

A vulnerability in the TCP throttling process for the GUI of the Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device where the ISE GUI may fail to respond to new or established connection requests. The...

Cisco Remote Expert Manager Information Disclosure Vulnerability

A vulnerability in the web interface of Cisco Remote Expert Manager Software could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding t...

Cisco Prime Collaboration Provisioning Information Disclosure Vulnerability

A vulnerability in the web interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to insufficient protection of...

Cisco Remote Expert Manager Information Disclosure Vulnerability

A vulnerability in the web interface of Cisco Remote Expert Manager Software could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding t...

Cisco Remote Expert Manager Virtual Directory Information Disclosure Vulnerability

A vulnerability in the web interface of Cisco Remote Expert Manager Software could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding t...

Cisco Remote Expert Manager Virtual Temporary Directory Information Disclosure Vulnerability

A vulnerability in the web interface of Cisco Remote Expert Manager Software could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding t...

Cisco Nexus Series Switches Telnet CLI Command Injection Vulnerability

A vulnerability in the Telnet CLI command of Cisco NX-OS System Software running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could...

Cisco Unified Communications Manager Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...

Cisco Prime Collaboration Provisioning Directory Traversal Arbitrary File Deletion Vulnerability

A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software could allow an authenticated, remote attacker to delete any file from an affected system. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests and...

Cisco Prime Collaboration Provisioning Directory Traversal Information Disclosure Vulnerability

A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software could allow an authenticated, remote attacker to view any file on an affected system. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests and fails ...

Cisco IP Phone 8851 Session Initiation Protocol Denial of Service Vulnerability

A vulnerability in the Session Initiation Protocol SIP implementation of Cisco IP Phone 8851 could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to an abnormal SIP message. An attacker could exploit this vulnerability by manipulatin...

Cisco Remote Expert Manager Order Information Disclosure Vulnerability

A vulnerability in the web interface of Cisco Remote Expert Manager Software could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding t...

Cisco TelePresence IX5000 Series Directory Traversal Vulnerability

A vulnerability in the web framework of the Cisco TelePresence IX5000 Series could allow an unauthenticated, remote attacker to access arbitrary files on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using directory...

Cisco Remote Expert Manager Denial of Service Vulnerability

A vulnerability in the TCP connection handling functionality of Cisco Remote Expert Manager Software could allow an unauthenticated, remote attacker to disable TCP ports and cause a denial of service DoS condition on an affected system. The vulnerability is due to a lack of rate-limiting...

Cisco Industrial Ethernet 1000 Series Switches Device Manager Cross-Site Request Forgery Vulnerability

A vulnerability in the Device Manager web interface of Cisco Industrial Ethernet 1000 Series Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against a user of an affected system. The vulnerability is due to insufficient CSRF protection ...

Cisco Snort++ Protocol Decoder Denial of Service Vulnerabilities

Two vulnerabilities in the protocol decoders of Snort++ Snort 3 could allow an unauthenticated, remote attacker to create a Denial of Service DoS condition. The vulnerabilities are due to lack of validation in the protocol decoders. An attacker could exploit these vulnerabilities by crafting a...

Intel Active Management Technology Privilege Escalation Vulnerability

On May 1st, 2017, Intel released a security advisory titled Intel Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability Escalation of Privilege, also known as INTEL-SA-00075. The advisory details a vulnerability in the Intel Active Management AMT, Intel...

Cisco WebEx Meetings Server Information Disclosure Vulnerability

A vulnerability in Cisco WebEx Meetings Server could allow unauthenticated, remote attackers to gain information that could allow them to access scheduled customer meetings. The vulnerability is due to an incomplete configuration of the robots.txt file on customer-hosted WebEx solutions and occur...

Cisco Firepower Threat Defense and Cisco ASA with FirePOWER Module Denial of Service Vulnerability

A vulnerability in the access control policy of Cisco Firepower System Software could allow an authenticated, remote attacker to cause an affected system to stop inspecting and processing packets, resulting in a denial of service DoS condition. The vulnerability is due to improper SSL policy...

Cisco Wide Area Application Services SMART-SSL Accelerator Denial of Service Vulnerability

A vulnerability in SMART-SSL Accelerator functionality for Cisco Wide Area Application Services WAAS could allow an unauthenticated, remote attacker to cause a denial of service DoS condition where the WAN optimization could stop functioning while the process restarts. The vulnerability is due to...

Cisco CallManager Express Unauthorized Access Vulnerability

A vulnerability in Cisco IOS Software for Cisco CallManager Express CME could allow an unauthenticated, remote attacker to make unauthorized phone calls. The vulnerability is due to a configuration restriction in the toll-fraud protections component of the affected software. An attacker could...

Cisco Unity Connection ImageID Parameter Unauthorized Access Vulnerability

A vulnerability in the ImageID parameter of Cisco Unity Connection could allow an unauthenticated, remote attacker to access files in arbitrary locations on the filesystem of an affected device. The issue is due to improper sanitization of user-supplied input in HTTP POST parameters that describe...

Cisco CVR100W Wireless-N VPN Router Remote Management Security Bypass Vulnerability

A vulnerability in the remote management access control list ACL feature of the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, remote attacker to bypass the remote management ACL. The vulnerability is due to incorrect implementation of the ACL decision made during the ingress...

Cisco Finesse for Cisco Unified Contact Center Enterprise Information Disclosure Vulnerability

A vulnerability in the Cisco Finesse Notification Service for Cisco Unified Contact Center Enterprise UCCE could allow an unauthenticated, remote attacker to retrieve information from agents using the Finesse Desktop. The vulnerability is due to the existence of a user account that has an...

Cisco TelePresence ICMP Denial of Service Vulnerability

A vulnerability in the ICMP ingress packet processing of Cisco TelePresence Collaboration Endpoint CE Software could allow an unauthenticated, remote attacker to cause the TelePresence endpoint to reload unexpectedly, resulting in a denial of service DoS condition. The vulnerability is due to...

Cisco IOS XR Software Denial of Service Vulnerability

A vulnerability in the Event Management Service daemon emsd of Cisco IOS XR routers could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on the affected device. The vulnerability is due to improper handling of gRPC requests. An attacker could exploit this...

Cisco CVR100W Wireless-N VPN Router Universal Plug-and-Play Buffer Overflow Vulnerability

A vulnerability in the Universal Plug-and-Play UPnP implementation in the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, Layer 2–adjacent attacker to execute arbitrary code or cause a denial of service DoS condition. The remote code execution could occur with root privileges...

Cisco Aironet 1800, 2800, and 3800 Series Access Points Plug-and-Play Arbitrary Code Execution Vulnerability

A vulnerability in the Plug-and-Play PnP subsystem of the Cisco Aironet 1800, 2800, and 3800 Series Access Points running a Lightweight Access Point AP or Mobility Express image could allow an unauthenticated, adjacent attacker to execute arbitrary code with root privileges. The vulnerability is...

Cisco FindIT Network Probe Information Disclosure Vulnerability

A vulnerability in the file-download feature of the web user interface for Cisco FindIT Network Probe Software could allow an authenticated, remote attacker to download and view any system file by using the affected software. The vulnerability is due to the absence of role-based access control RB...

Cisco ASA Software DNS Denial of Service Vulnerability

A vulnerability in the DNS code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause an affected device to reload or corrupt the information present in the device's local DNS cache. The vulnerability is due to a flaw in handling crafted DNS response messages. An attacker...

Cisco IOS and IOS XE Software Simple Network Management Protocol Subsystem Denial of Service Vulnerability

A vulnerability in the Simple Network Management Protocol SNMP subsystem of Cisco IOS and IOS XE Software could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to a race condition that could occur when the affected software processes an...

Cisco Integrated Management Controller Privilege Escalation Vulnerability

A vulnerability in the web-based GUI of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker to elevate the privileges of user accounts on the affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerabili...

Cisco Prime Infrastructure Web Framework Code Cross-Site Scripting Vulnerability

A vulnerability in the web framework code of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input validation of some...

Cisco Unified Communications Manager Denial of Service Vulnerability

A vulnerability in the Session Initiation Protocol SIP UDP throttling process of Cisco Unified Communications Manager Cisco Unified CM could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to insufficient rate...