5218 matches found
Cisco Meshed Wireless LAN Controller Impersonation Vulnerability
A vulnerability in the mesh code of Cisco Wireless LAN Controller WLC software could allow an unauthenticated, remote attacker to impersonate a WLC in a meshed topology. The vulnerability is due to insufficient authentication of the parent access point in a mesh configuration. An attacker could...
Cisco UCS Director Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco UCS Director could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation ...
Cisco Workload Automation and Tidal Enterprise Scheduler Client Manager Server Arbitrary File Read Vulnerability
A vulnerability in the Client Manager Server of Cisco Workload Automation and Cisco Tidal Enterprise Scheduler could allow an unauthenticated, remote attacker to retrieve any file from the Client Manager Server. The vulnerability is due to insufficient input validation. An attacker could exploit...
Cisco TelePresence Server API Privilege Vulnerability
A vulnerability in Cisco TelePresence Server Software could allow an unauthenticated, remote attacker to emulate Cisco TelePresence Server endpoints. The vulnerability is due to how session identification information is maintained by a specific API of the affected software. An attacker could...
Cisco WebEx Meetings Server XML External Entity Vulnerability
A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to have read access to part of the information stored in the affected system. The vulnerability is due to improper handling of an XML External Entity XXE when parsing an XML file. An attacker could exploi...
Cisco Mobility Express 1800 Access Point Series Authentication Bypass Vulnerability
A vulnerability in the web-based GUI of Cisco Mobility Express 1800 Series Access Points could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges. The vulnerability is due to improper implementation of authentication for...
Cisco Prime Optical for Service Providers RADIUS Secret Disclosure Vulnerability
A vulnerability in the web network management interface of Cisco Prime Optical for Service Providers could allow an authenticated, remote attacker to disclose sensitive information in the configuration generated for a device. The attacker must have valid credentials for the device. The...
Cisco Adaptive Security Appliance BGP Bidirectional Forwarding Detection ACL Bypass Vulnerability
A vulnerability in the Border Gateway Protocol BGP Bidirectional Forwarding Detection BFD implementation of Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to bypass the access control list ACL for specific TCP and UDP traffic. The vulnerability occu...
Cisco Unified Communications Manager Web Interface Cross-Site Scripting Vulnerability
A cross-site scripting XSS filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct XSS attacks against a user of an affected device. The vulnerability is due to a failure to properly call...
Cisco Web Security Appliance URL Filtering Bypass Vulnerability
A vulnerability in the URL filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to bypass a configured URL filter rule. The vulnerability is due to incomplete validation of the HTTP request. An attacker could exploit this...
Cisco WebEx Meetings Server Authentication Bypass Vulnerability
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access limited meeting information on the Cisco WebEx Meetings Server. The vulnerability is due to the presence of deprecated code within the Cisco WebEx Meetings Server. An attacker could exploit th...
Cisco Unified Communications Manager Cross-Site Request Forgery Vulnerability
A vulnerability in the web framework of Cisco Unified Communications Manager CallManager could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against a user of the web interface of the affected software. The vulnerability is due to insufficient CSRF...
Cisco Prime Infrastructure API Credentials Management Vulnerability
A vulnerability in the APIs for Cisco Prime Infrastructure could allow an authenticated, remote attacker to access an API that should be restricted to a privileged user. The attacker needs to have valid credentials. The vulnerability is due to a lack of proper role-based access control RBAC for...
Apache Struts2 Jakarta Multipart Parser File Upload Code Execution Vulnerability Affecting Cisco Products
On March 6, 2017, Apache disclosed a vulnerability in the Jakarta Multipart parser used in Apache Struts2 that could allow an attacker to execute commands remotely on a targeted system by using a crafted Content-Type, Content-Disposition, or Content-Length value. This vulnerability has been...
Cisco Prime Infrastructure Cross-Site Scripting Vulnerability
A vulnerability in the HTTP web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of the affected system. The vulnerability is due to insufficient input validati...
Cisco NetFlow Generation Appliance Stream Control Transmission Protocol Denial of Service Vulnerability
A vulnerability in the Stream Control Transmission Protocol SCTP decoder of the Cisco NetFlow Generation Appliance NGA could allow an unauthenticated, remote attacker to cause the device to hang or unexpectedly reload, causing a denial of service DoS condition. The vulnerability is due to...
Cisco Intrusion Prevention System Device Manager Information Disclosure Vulnerability
A vulnerability in the web-based management interface of the Cisco Intrusion Prevention System Device Manager IDM could allow an unauthenticated, remote attacker to view sensitive information stored in certain HTML comments. The vulnerability is due to improper masking of sensitive data in...
Cisco Secure Access Control System Information Disclosure Vulnerability
A vulnerability in the web interface of the Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to disclose sensitive information. The vulnerability is due to the inclusion of sensitive information in a server response when certain pages of the web interface are...
Cisco Prime Collaboration Assurance Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...
Cisco Unified Communications Manager Cross-Site Scripting Vulnerability
A vulnerability in the serviceability page of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting XSS attacks. The vulnerability is due to improper sanitization or encoding of user-supplied data by the serviceability page ...
Cisco Meeting Server API Denial of Service Vulnerability
A vulnerability in an internal API of the Cisco Meeting Server CMS could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on the affected appliance. The vulnerability is due to invalid data being received on a specific port. An attacker could exploit this...
Cisco AsyncOS Software for Cisco ESA Filtering Bypass Vulnerability
A vulnerability in the Multipurpose Internet Mail Extensions MIME scanner of Cisco AsyncOS Software for Cisco Email Security Appliances ESA could allow an unauthenticated, remote attacker to bypass configured user filters on the device. The vulnerability is due to improper error handling of a...
Cisco Secure Access Control System Cross-Site Scripting Vulnerability
A vulnerability in Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to conduct a DOM-based cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input validation of a user-suppli...
Cisco UCS Director Privilege Escalation Vulnerability
A vulnerability in the web-based GUI of Cisco UCS Director could allow an authenticated, local attacker to execute arbitrary workflow items with just an end-user profile. The vulnerability is due to improper role-based access control RBAC after the Developer Menu is enabled in Cisco UCS Director...
Cisco Prime Collaboration Assurance Arbitrary File Download Vulnerability
A vulnerability in the file download functions for Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to download system files that should be restricted. The vulnerability is due to lack of proper input validation of HTTP requests. An attacker could exploit this...
Cisco Identity Services Engine SQL Injection Vulnerability
A vulnerability in the sponsor portal of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to access notices owned by other users. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this...
Cisco Unified Communications Manager Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due ...
Cisco Unified Communications Manager Information Disclosure Vulnerability
A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of sensitive files. An attacker could exploit this vulnerability by modifying parameters of a...
Cisco Prime Collaboration Assurance Directory Listing Unauthorized Access Vulnerability
A vulnerability in exporting functions of the user interface for Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to view file directory listings and download files. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could...
Cisco Unified Communications Manager Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due ...
Cisco Secure Access Control System Open Redirect Vulnerability
A vulnerability in the web interface of the Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters in the HTTP request. An attacker could exploit thi...
Cisco Unified Communications Manager Web Interface Cross-Site Scripting Vulnerability
A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of the affected software. The vulnerability is due to insufficient input validation of...
Cisco Meeting Server HTTP Packet Processing Vulnerability
A vulnerability in the Web Bridge interface of the Cisco Meeting Server CMS, formerly Acano Conferencing Server, could allow an authenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information. In addition, the attacker could potentially...
Cisco Firepower Management Center Web Framework Cross-Site Scripting Vulnerability
A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface. The vulnerability occurs because the affected software fails to perform sufficient validation a...
Cisco Secure Access Control System XML External Entity Vulnerability
A vulnerability in the web-based user interface of the Cisco Secure Access Control System ACS could allow an authenticated, remote attacker to have read access to part of the information stored in the affected system. The vulnerability is due to improper handling of the XML External Entity XXE wh...
Cisco ASA Clientless SSL VPN CIFS Heap Overflow Vulnerability
A vulnerability in Common Internet Filesystem CIFS code in the Clientless SSL VPN functionality of Cisco ASA Software could allow an authenticated, remote attacker to cause a heap overflow. The vulnerability is due to insufficient validation of user supplied input. An attacker could exploit this...
Cisco AnyConnect Secure Mobility Client for Windows SBL Privileges Escalation Vulnerability
A vulnerability in the Start Before Logon SBL module of Cisco AnyConnect Secure Mobility Client Software for Windows could allow an unauthenticated, local attacker to open Internet Explorer with the privileges of the SYSTEM user. The vulnerability is due to insufficient implementation of the acce...
Cisco Industrial Ethernet 2000 Series Switches CIP Denial of Service Vulnerability
A vulnerability in the implementation of Common Industrial Protocol CIP functionality in Cisco Industrial Ethernet 2000 Series Switches could allow an unauthenticated, remote attacker to cause a denial of service DoS condition due to a system memory leak. The vulnerability is due to improper...
Cisco cBR Series Converged Broadband Routers List Headers Denial of Service Vulnerability
A vulnerability in the handling of list headers in Cisco cBR Series Converged Broadband Routers could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a denial of service DoS condition. The vulnerability is due to memory corruption. An attacker could exploit...
Cisco Email Security Appliance Malformed MIME Header Filtering Bypass Vulnerability
A vulnerability in the Multipurpose Internet Mail Extensions MIME scanner of Cisco AsyncOS Software for Cisco Email Security Appliances ESA could allow an unauthenticated, remote attacker to bypass configured user filters on the device. The vulnerability is due to improper error handling of a...
Cisco Firepower 4100 Series NGFW and Firepower 9300 Security Appliance Command Shell Injection Vulnerability
A vulnerability in CLI command processing in the Cisco Firepower 4100 Series Next-Generation Firewall and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to inject arbitrary shell commands that are executed by the device. The vulnerability is due to insufficie...
Cisco Firepower Device Manager Arbitrary Audit Log Entry Vulnerability
A vulnerability in the logging subsystem of the Cisco Firepower Threat Defense FTD Firepower Device Manager FDM could allow an unauthenticated, remote attacker to add arbitrary entries to the audit log. The vulnerability is due to inadequate input validation. An attacker could exploit this...
Cisco Firepower Management Center Incomplete Rule Set Vulnerability
A vulnerability in the Policy deployment module of the Cisco Firepower Management Center FMC could allow an unauthenticated, remote attacker to prevent deployment of a complete and accurate rule base. The vulnerability is due to a lack of condition checks in the rules engine. An attacker could...
Cisco ASR 1000 Series Aggregation Services Routers SNMP High CPU Denial of Service Vulnerability
A vulnerability in Simple Network Management Protocol SNMP functions of Cisco ASR 1000 Series Aggregation Services Routers running Cisco IOS XE Software Release 3.13.6S, 3.16.2S, or 3.17.1S could allow an authenticated, remote attacker to cause high CPU usage on an affected device, resulting in a...
Cisco Firepower URL Bypass Vulnerability
A vulnerability in Cisco Firepower System Software could allow an unauthenticated, remote attacker to maliciously bypass the appliance's ability to block certain web content. The vulnerability is due to insufficient input validation checks within the system's access control rule criteria. An...
Cisco Prime Home Authentication Bypass Vulnerability
A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication and execute actions with administrator privileges. The vulnerability is due to a processing error in the role-based access control RBAC of URLs. An attacker could...
Cisco Prime Service Catalog URL Redirect Attack Vulnerability
A vulnerability in the web framework of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a web URL redirect attack against a user who is logged in to an affected system. The vulnerability is due to insufficient input validation for some of the parameters that a...
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017
On January 26, 2017, the OpenSSL Software Foundation released a security advisory that included three new vulnerabilities. The foundation also released one vulnerability that was already disclosed in the OpenSSL advisory for November 2016 and included in the Cisco Security Advisory Multiple...
Cisco Expressway Series and TelePresence VCS Denial of Service Vulnerability
A vulnerability in the received packet parser of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS software could allow an unauthenticated, remote attacker to cause a reload of the affected system, resulting in a denial of service DoS condition. The vulnerability is du...
Cisco TelePresence Multipoint Control Unit Remote Code Execution Vulnerability
A vulnerability in a proprietary device driver in the kernel of Cisco TelePresence Multipoint Control Unit MCU Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service DoS condition. The vulnerability is due to improper size validation when...