5224 matches found
Cisco Firepower Detection Engine Pragmatic General Multicast Protocol Decoding Denial of Service Vulnerability
A vulnerability in the detection engine parsing of Pragmatic General Multicast PGM protocol packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition due to the Snort process unexpectedly restarting. The vulnerability is...
Cisco Integrated Management Controller Remote Code Execution Vulnerability
A vulnerability in the web-based GUI of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to perform unauthorized remote command execution on the affected device. The vulnerability exists because the affected software does not sufficiently sanitize specifi...
Cisco ASA Software IPsec Denial of Service Vulnerability
A vulnerability in the IPsec code of Cisco ASA Software could allow an authenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to improper parsing of malformed IPsec packets. An attacker could exploit this vulnerability by sending malformed IPsec packets ...
Cisco ASA Software SSL/TLS Denial of Service Vulnerability
A vulnerability in the Secure Sockets Layer SSL and Transport Layer Security TLS code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to improper parsing of crafted SSL or TLS packets. An attacker could explo...
Cisco ASA Software Internet Key Exchange Version 1 XAUTH Denial of Service Vulnerability
A vulnerability in the Internet Key Exchange Version 1 IKEv1 XAUTH code of Cisco ASA Software could allow an authenticated, remote attacker to cause a reload of an affected system. The vulnerability is due to insufficient validation of the IKEv1 XAUTH parameters passed during an IKEv1 negotiation...
Cisco Integrated Management Controller Cross-Site Scripting Vulnerability
A vulnerability in the web-based GUI of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker to perform a persistent cross-site scripting XSS attack. The vulnerability is due to insufficient validation of user-supplied input by the affected software. A successf...
Cisco IOS and IOS XE Software Simple Network Management Protocol Subsystem Denial of Service Vulnerability
A vulnerability in the Simple Network Management Protocol SNMP subsystem of Cisco IOS and IOS XE Software could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to a race condition that could occur when the affected software processes an...
Cisco ASA Software DNS Denial of Service Vulnerability
A vulnerability in the DNS code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause an affected device to reload or corrupt the information present in the device's local DNS cache. The vulnerability is due to a flaw in handling crafted DNS response messages. An attacker...
Cisco Prime Infrastructure Web Framework Code Cross-Site Scripting Vulnerability
A vulnerability in the web framework code of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input validation of some...
Cisco IOS and IOS XE Software EnergyWise Denial of Service Vulnerabilities
Multiple vulnerabilities in the EnergyWise module of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a buffer overflow condition or a reload of an affected device, leading to a denial of service DoS condition. These vulnerabilities are due to improper...
Cisco Unified Communications Manager Denial of Service Vulnerability
A vulnerability in the Session Initiation Protocol SIP UDP throttling process of Cisco Unified Communications Manager Cisco Unified CM could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to insufficient rate...
Cisco Integrated Management Controller Privilege Escalation Vulnerability
A vulnerability in the web-based GUI of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker to elevate the privileges of user accounts on the affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerabili...
Cisco Integrated Management Controller User Session Hijacking Vulnerability
A vulnerability in the session identification management functionality of the web-based GUI of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. The vulnerability exists because the affected software do...
Cisco FindIT Network Probe Information Disclosure Vulnerability
A vulnerability in the file-download feature of the web user interface for Cisco FindIT Network Probe Software could allow an authenticated, remote attacker to download and view any system file by using the affected software. The vulnerability is due to the absence of role-based access control RB...
Cisco Prime Network Registrar DNS Denial of Service Vulnerability
A vulnerability in the DNS input packet processor for Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to cause the DNS process to momentarily restart, which could lead to a partial denial of service DoS condition on the affected system. The vulnerability is due to...
Cisco ASA Software and Cisco FTD Software TCP Normalizer Denial of Service Vulnerability
A vulnerability in the TCP normalizer of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause Cisco ASA and FTD to drop any further incoming traffic on all interfaces, resulting in a denial of servi...
Cisco UCS Director Virtual Machine Information Disclosure Vulnerability
A vulnerability in the role-based resource checking functionality of Cisco Unified Computing System UCS Director could allow an authenticated, remote attacker to view unauthorized information for any virtual machine in a UCS domain. The vulnerability is due to improper role-based user checks. An...
Cisco IOS XE Software Startup Script Local Command Execution Vulnerability
A vulnerability in a startup script of Cisco IOS XE Software could allow an unauthenticated attacker with physical access to the targeted system to execute arbitrary commands on the underlying operating system with the privileges of the root user. The vulnerability is due to insufficient validati...
Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance CLI Command Injection Vulnerability
A vulnerability in the CLI of Cisco Unified Computing System UCS Manager, Cisco Firepower 4100 Series Next-Generation Firewall NGFW, and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to...
Cisco ASR 903 and ASR 920 Series Devices IPv6 Packet Processing Denial of Service Vulnerability
A vulnerability in Cisco ASR 903 or ASR 920 Series Devices running with an RSP2 card could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on a targeted system. The vulnerability is due to insufficient processing of IPv6 packets by the affected system. The...
Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance CLI Command Injection Vulnerability
A vulnerability in the CLI of the Cisco Unified Computing System UCS Manager, Cisco Firepower 4100 Series Next-Generation Firewall NGFW, and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to...
Cisco Firepower Detection Engine SSL Denial of Service Vulnerability
A vulnerability in the detection engine that handles Secure Sockets Layer SSL packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition because the Snort process unexpectedly restarts. The vulnerability is due to imprope...
Cisco Registered Envelope Service Open Redirect Vulnerability
A vulnerability in the web interface of the Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to redirect a user to a undesired web page. The vulnerability is due to improper input validation of the parameters of the HTTP request. An attacker could exploit this...
Cisco Aironet 1830 Series and 1850 Series Access Points Mobility Express Default Credential Vulnerability
A vulnerability in Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points running Cisco Mobility Express Software could allow an unauthenticated, remote attacker to take complete control of an affected device. The vulnerability is due to the existence of default credentials for an...
Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance CLI Command Injection Vulnerability
A vulnerability in the CLI of the Cisco Unified Computing System UCS Manager, Cisco Firepower 4100 Series Next-Generation Firewall NGFW, and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to...
Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers Shell Bypass Vulnerability
A vulnerability in the CLI command parser of the Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers could allow an authenticated, local attacker to obtain access to the underlying operating system shell with root-level privileges. The vulnerability is due to incorrect permission...
Cisco Wireless LAN Controller RADIUS Change of Authorization Denial of Service Vulnerability
A vulnerability in RADIUS Change of Authorization CoA request processing in the Cisco Wireless LAN Controller WLC could allow an unauthenticated, remote attacker to cause a denial of service DoS condition by disconnecting a single connection. The vulnerability is due to lack of proper input...
Cisco Wireless LAN Controller Management GUI Denial of Service Vulnerability
A vulnerability in the web management interface of Cisco Wireless LAN Controller WLC Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to a missing internal handler for the specific request. An...
Cisco Aironet 1800, 2800, and 3800 Series Access Point Platforms Shell Bypass Vulnerability
A vulnerability in login authentication management in Cisco Aironet 1800, 2800, and 3800 Series Access Point platforms could allow an authenticated, local attacker to gain unrestricted root access to the underlying Linux operating system. The root Linux shell is provided for advanced...
Cisco Wireless LAN Controller IPv6 UDP Denial of Service Vulnerability
A vulnerability with IPv6 UDP ingress packet processing in Cisco Wireless LAN Controller WLC Software could allow an unauthenticated, remote attacker to cause an unexpected reload of the device. The vulnerability is due to incomplete IPv6 UDP header validation. An attacker could exploit this...
Cisco Wireless LAN Controller 802.11 WME Denial of Service Vulnerability
A vulnerability in 802.11 Wireless Multimedia Extensions WME action frame processing in Cisco Wireless LAN Controller WLC Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition. The vulnerability is due to incomplete input validation of the 802.11 WM...
Cisco Unified Communications Manager SQL Injection Vulnerability
A vulnerability in the Cisco Unified Communications Manager web interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries. The attacker must be authenticated as an administrative user to execute SQL database queries. The...
Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Web Interface Information Disclosure Vulnerability
A vulnerability in the web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network EPN Manager could allow an authenticated, remote attacker to access sensitive data. The attacker does not need administrator credentials and could use this information to conduct additional...
Cisco Unified Communications Manager Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due t...
Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance local-mgmt CLI Command Injection Vulnerability
A vulnerability in the local-mgmt CLI command of the Cisco Unified Computing System UCS Manager, Cisco Firepower 4100 Series Next-Generation Firewall NGFW, and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. The...
Cisco Integrated Management Controller Redirection Vulnerability
A vulnerability in the web interface of Cisco Integrated Management Controller IMC Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of parameters in HTTP requests. An attacker could exploit...
Cisco Firepower Detection Engine SSL Denial of Service Vulnerability
A vulnerability in the detection engine reassembly of Secure Sockets Layer SSL packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition because the Snort process consumes a high level of CPU resources. The vulnerability...
Cisco IOS XR Software Denial of Service Vulnerability
A vulnerability in Google-defined remote procedure call gRPC handling in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon emsd to crash due to a system memory leak, resulting in a denial of service DoS condition. The vulnerability ...
Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance Debug Plug-in Privilege Escalation Vulnerability
A vulnerability in the debug plug-in functionality of the Cisco Unified Computing System UCS Manager, Cisco Firepower 4100 Series Next-Generation Firewall NGFW, and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to execute arbitrary commands. The vulnerabilit...
Cisco IOS and IOS XE Software Layer 2 Tunneling Protocol Denial of Service Vulnerability
A vulnerability in the Layer 2 Tunneling Protocol L2TP parsing function of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient validation of L2TP packets. An attacker could exploit this...
Cisco IOS and IOS XE Software DHCP Client Denial of Service Vulnerability
A vulnerability in the DHCP client implementation of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability occurs during the parsing of a crafted DHCP packet. An attacker could exploit this vulnerability b...
Cisco IOx Data in Motion Stack Overflow Vulnerability
A vulnerability in the Data-in-Motion DMo process installed with the Cisco IOx application environment could allow an unauthenticated, remote attacker to cause a stack overflow that could allow remote code execution with root privileges in the virtual instance running on an affected device. The...
Cisco Application-Hosting Framework Arbitrary File Creation Vulnerability
A vulnerability in the Cisco application-hosting framework CAF component of the Cisco IOx application environment could allow an authenticated, remote attacker to write or modify arbitrary files in the virtual instance running on the affected device. The vulnerability is due to insufficient input...
Cisco IOS XE Software Web User Interface Denial of Service Vulnerability
A vulnerability in the web user interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient resource handling by the affected software when the web user interface is under a high load. An attack...
Cisco Application-Hosting Framework Directory Traversal Vulnerability
A vulnerability in the web framework code of the Cisco application-hosting framework CAF component of the Cisco IOx application environment could allow an unauthenticated, remote attacker to read any file from the CAF in the virtual instance running on the affected device. The vulnerability is du...
Cisco IOS XE Software HTTP Command Injection Vulnerability
A vulnerability in the web framework of Cisco IOS XE Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation of HTTP parameters supplied by the user. An attacker could...
Cisco IOS XE Software for Cisco ASR 920 Series Routers Zero Touch Provisioning Denial of Service Vulnerability
A vulnerability in the DHCP code for the Zero Touch Provisioning feature of Cisco ASR 920 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a format string vulnerability when processing a crafted...
Cisco IOS and IOS XE Software IPv6 Denial of Service Vulnerability
A vulnerability in the Autonomic Networking Infrastructure ANI feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to incomplete input validation on certain crafted packets. An...
Cisco IOS and IOS XE Software Autonomic Networking Infrastructure Registrar Denial of Service Vulnerability
A vulnerability in the Autonomic Networking Infrastructure ANI registrar feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition. The vulnerability is due to incomplete input validation on certain crafted...
Cisco IOS and IOS XE Software Cluster Management Protocol Remote Code Execution Vulnerability
A vulnerability in the Cisco Cluster Management Protocol CMP processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges. The Cluster Management Protocol utilizes...