Cisco Email Security Appliance Malformed MIME Header Filtering Bypass Vulnerability

A vulnerability in the Multipurpose Internet Mail Extensions MIME scanner of Cisco AsyncOS Software for Cisco Email Security Appliances ESA could allow an unauthenticated, remote attacker to bypass configured user filters on the device. The vulnerability is due to improper error handling of a...

Cisco Firepower URL Bypass Vulnerability

A vulnerability in Cisco Firepower System Software could allow an unauthenticated, remote attacker to maliciously bypass the appliance's ability to block certain web content. The vulnerability is due to insufficient input validation checks within the system's access control rule criteria. An...

Cisco ASR 1000 Series Aggregation Services Routers SNMP High CPU Denial of Service Vulnerability

A vulnerability in Simple Network Management Protocol SNMP functions of Cisco ASR 1000 Series Aggregation Services Routers running Cisco IOS XE Software Release 3.13.6S, 3.16.2S, or 3.17.1S could allow an authenticated, remote attacker to cause high CPU usage on an affected device, resulting in a...

Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017

On January 26, 2017, the OpenSSL Software Foundation released a security advisory that included three new vulnerabilities. The foundation also released one vulnerability that was already disclosed in the OpenSSL advisory for November 2016 and included in the Cisco Security Advisory Multiple...

Cisco Expressway Series and TelePresence VCS Denial of Service Vulnerability

A vulnerability in the received packet parser of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS software could allow an unauthenticated, remote attacker to cause a reload of the affected system, resulting in a denial of service DoS condition. The vulnerability is du...

Cisco TelePresence Multipoint Control Unit Remote Code Execution Vulnerability

A vulnerability in a proprietary device driver in the kernel of Cisco TelePresence Multipoint Control Unit MCU Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service DoS condition. The vulnerability is due to improper size validation when...

Cisco Adaptive Security Appliance CX Context-Aware Security Denial of Service Vulnerability

A vulnerability in the data plane IP fragment handler of the Adaptive Security Appliance ASA CX Context-Aware Security module could allow an unauthenticated, remote attacker to cause the CX module to be unable to process further traffic, resulting in a denial of service DoS condition. The...

Cisco WebEx Browser Extension Remote Code Execution Vulnerability

A vulnerability in Cisco WebEx browser extensions could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server and Cisco WebEx Centers...

Cisco Email Security Appliance Filter Bypass Vulnerability

A vulnerability in the content scanning engine of Cisco AsyncOS Software for Cisco Email Security Appliances ESA could allow an unauthenticated, remote attacker to bypass configured message or content filters on the device. The vulnerability is due to incomplete input validation of email message...

Cisco ASR 5000 Software ipsecmgr Process IKE Packet Parsing Denial of Service Vulnerability

A vulnerability in the ipsecmgr process of Cisco ASR 5000 Software could allow an unauthenticated, remote attacker to cause the ipsecmgr process to reload. The vulnerability is due to a logical error while parsing IKE packets. An attacker could exploit this vulnerability by submitting malformed I...

Cisco Nexus 5000, 6000, and 7000 Series Switches Software IS-IS Packet Processing Denial of Service Vulnerability

A vulnerability in Intermediate System-to-Intermediate System IS-IS protocol packet processing of Cisco Nexus 5000, 6000, and 7000 Series Switches software could allow an unauthenticated, adjacent attacker to cause a reload of the affected device. The vulnerability is due to improper processing o...

Cisco IOS for Catalyst 2960X and 3750X Switches Denial of Service Vulnerability

A vulnerability in the Cisco IOS Software forwarding queue of Cisco 2960X and 3750X switches could allow an unauthenticated, adjacent attacker to cause a memory leak in the software forwarding queue that would eventually lead to a partial denial of service DoS condition. The vulnerability is due ...

Cisco WebEx Meeting Center Site Redirection Vulnerability

A vulnerability in a URL parameter of Cisco WebEx could allow an unauthenticated, remote attacker to perform site redirection. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including a remote site URL in the affected parameter of the...

Cisco Mobility Express 2800 and 3800 802.11 Denial of Service Vulnerability

A vulnerability in 802.11 ingress packet processing of the Cisco Mobility Express 2800 and 3800 Access Points APs could allow an unauthenticated, adjacent attacker to cause the connection table to be full of invalid connections and be unable to process new incoming requests. The vulnerability is...

Cisco WebEx Meetings Server Information Disclosure Vulnerability

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to view the fully qualified domain name of the Cisco WebEx administration server. The vulnerability is due to insufficient masking of sensitive data in the HTTP response. An attacker could exploit this...

Cisco WebEx Meetings Server Arbitrary Password Change Vulnerability

A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to conduct arbitrary password changes against any non-administrative user. The vulnerability is due to insufficient parameter string security. An attacker could exploit this vulnerability by creating a...

Cisco Hybrid Meeting Server Web Interface Cross-Site Request Forgery Vulnerability

A vulnerability in Cisco Hybrid Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against the user of the web interface. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerability by...

Cisco Unified Communications Manager Cross-Site Scripting Vulnerability

A cross-site scripting XSS filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to mount XSS attacks against a user of an affected device. The vulnerability is due to a failure to properly call XS...

Cisco Mobility Express 2800 and 3800 Denial of Service Vulnerability

A vulnerability in 802.11 ingress connection authentication handling for the Cisco Mobility Express 2800 and 3800 Access Points APs could allow an unauthenticated, adjacent attacker to cause authentication to fail. The vulnerability is due to improper error handling for 802.11 authentication...

Cisco IOS and Cisco IOx Software Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco IOS and Cisco IOx Software could allow an unauthenticated, remote attacker to view confidential information that is displayed without authenticating to the device. The vulnerability is due to lack of proper input validation of the...

Cisco WebEx Meetings Server Command Bypass Vulnerability

A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute predetermined shell commands on other hosts. The vulnerability is due to insufficient security configurations of bash in interactive mode. An attacker could exploit this vulnerability by...

Cisco Unified Communications Manager Web Interface Cross-Site Scripting Vulnerability

Cisco Unified Communications Manager CUCM contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to a failure to properly call XSS filter...

Cisco NetFlow Generation Appliance Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco NetFlow Generation Appliance could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...

Cisco WebEx Meetings Server Cross-Site Request Forgery Vulnerability

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against an administrative user. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerability by convincing...

Cisco Jabber Guest Server HTTP URL Redirection Vulnerability

A vulnerability in the Cisco Jabber Guest Server could allow an unauthenticated, remote attacker to initiate connections to arbitrary hosts. The vulnerability is due to insufficient access control for HTTP traffic directed to the Cisco Jabber Guest Server. An attacker could exploit this...

Cisco Intercloud Fabric Database Static Credentials Vulnerability

A vulnerability in Cisco Intercloud Fabric for Business and Cisco Intercloud Fabric for Providers could allow an unauthenticated, remote attacker to connect to the database used by these products. The vulnerability occurs because the database account uses static credentials. An attacker could...

Cisco CloudCenter Orchestrator Docker Engine Privilege Escalation Vulnerability

A vulnerability in the Docker Engine configuration of Cisco CloudCenter Orchestrator CCO; formerly CliQr could allow an unauthenticated, remote attacker to install Docker containers with high privileges on the affected system. The vulnerability is due to a misconfiguration that causes the Docker...

Cisco Expressway Series Software Security Bypass Vulnerability

A vulnerability in the HTTP traffic server component of Cisco Expressway could allow an unauthenticated, remote attacker to initiate TCP connections to arbitrary hosts. This does not allow for full traffic proxy through the Expressway. The vulnerability is due to insufficient access control for T...

Cisco FireAMP Connector Endpoint Software Denial of Service Vulnerability

A vulnerability in the system management of certain FireAMP system processes in Cisco FireAMP Connector Endpoint software could allow an authenticated, local attacker to stop certain protected FireAMP processes without requiring a password. Stopping certain critical processes could cause a denial...

Cisco ASR 5000 Series IPv6 Packet Processing Denial of Service Vulnerability

A vulnerability in IPv6 packet fragment reassembly of StarOS for Cisco Aggregation Services Router ASR 5000 Series Switch could allow an unauthenticated, remote attacker to cause an unexpected reload of the Network Processing Unit NPU process. The vulnerability is due to lack of proper input...

Cisco FirePOWER Malware Protection Bypass Vulnerability

A vulnerability in TCP processing in Cisco FirePOWER system software could allow an unauthenticated, remote attacker to download files that would normally be blocked. The vulnerability is due to out-of-order TCP segments retransmissions out of the current window, which have already been...

Cisco Unified Communications Manager Administration Page Cross-Site Scripting Vulnerability

A vulnerability in the ccmadmin page of Cisco Unified Communications Manager CUCM could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting XSS attacks. The vulnerability is due to improper sanitization or encoding of user-supplied data by the ccmadmin page of an...

Cisco IOx Application-Hosting Framework Directory Traversal Vulnerability

A vulnerability in the Cisco application-hosting framework CAF of Cisco IOx could allow an authenticated, remote attacker to read arbitrary files on a targeted system. The vulnerability is due to insufficient input validation by the affected framework. An attacker could exploit this vulnerability...

Cisco Web Security Appliance Drop Decrypt Policy Bypass Vulnerability

A vulnerability in the Decrypt for End-User Notification configuration parameter of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to connect to a secure website over Secure Sockets Layer SSL or Transport Layer Security TLS, even if the WS...

Cisco Identity Services Engine Active Directory Integration Component Denial of Service Vulnerability

A vulnerability in the Active Directory integration component of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to perform a denial of service DoS attack. The vulnerability is due to improper handling of Password Authentication Protocol PAP authentication...

Cisco Emergency Responder Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for...

Cisco Identity Services Engine Cross-Site Scripting Vulnerability

Cisco Identity Services Engine ISE contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input validation of some parameters...

Cisco Unified Communications Manager Unified Reporting Upload Tool Directory Traversal Vulnerability

A vulnerability in the Cisco Unified Reporting upload tool accessed via the Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to modify arbitrary files on the file system. The vulnerability is due to insufficient client-side validation checks. An attacker could...

Cisco Email Security Appliance Content Filter Bypass Vulnerability

A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass user filters that are configured for an affected device. The vulnerability is due to improper filtering of certain TAR...

Cisco Web Security Appliance HTTP URL Denial of Service Vulnerability

A vulnerability in HTTP URL parsing of Cisco AsyncOS for Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to cause a denial of service DoS vulnerability due to the proxy process unexpectedly restarting. The vulnerability is due to improper input validation of the...

Cisco IOS and Cisco IOS XE Software Zone-Based Firewall Feature Bypass Vulnerability

A vulnerability in the Zone-Based Firewall feature of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to pass traffic that should otherwise have been dropped based on the configuration. The vulnerability is due to a logic flaw in a corner case scenario. An...

Cisco Unified Communications Manager IM and Presence Service Information Disclosure Vulnerability

A vulnerability in the web management interface of the Cisco Unified Communications Manager IM and Presence Service could allow an unauthenticated, remote attacker to view information on web pages that should be restricted. The vulnerability is due to a lack of proper input validation performed o...

Cisco Firepower Management Center and Cisco FireSIGHT System Software Malicious Software Detection Bypass Vulnerability

A vulnerability in the malicious file detection and blocking features of Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system. The vulnerability is due to the incorrect...

Cisco Emergency Responder Directory Traversal Vulnerability

A vulnerability in the File Management Utility, the Download File form, and the Serviceability application of Cisco Emergency Responder could allow an authenticated, remote attacker to access files in arbitrary locations on the file system of an affected device. The issue is due to improper...

Cisco ONS 15454 Series Multiservice Provisioning Platforms TCP Port Management Denial of Service Vulnerability

A vulnerability in TCP port management in Cisco ONS 15454 Series Multiservice Provisioning Platforms could allow an unauthenticated, remote attacker to cause the controller card to unexpectedly reload. The vulnerability is due to a specific TCP port listening on the local management port when it...

Cisco ASR 5000 Series IKEv2 Denial of Service Vulnerability

A vulnerability in the Internet Key Exchange Version 2 IKEv2 feature of Cisco ASR 5000 Series Software could allow an unauthenticated, remote attacker to cause a reload of the ipsecmgr process. The vulnerability is due to a race condition in the IKEv2 negotiation logic. An attacker could exploit...

Cisco Firepower Management Center Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco Firepower Management Center running FireSIGHT System software could allow an authenticated, remote attacker to view the Remote Storage Password. The vulnerability is due to improper masking of sensitive data in the HTTP response. An...

Cisco IOS Frame Forwarding Denial of Service Vulnerability

A vulnerability in Cisco IOS on Catalysts Switches and Nexus 9300 Series Switches could allow an unauthenticated, adjacent attacker to cause a Layer 2 network storm. The vulnerability occurs because the software forwards Layer 2 frames that should be consumed by the first hop. An attacker could...

Cisco IOS XR Software Default Credentials Vulnerability

A vulnerability in Cisco IOS XR Software could allow an authenticated, local attacker to log in to the device with the privileges of the root user. The vulnerability is due to a user account that has a default and static password. An attacker could exploit this vulnerability by connecting to the...

Cisco Prime Collaboration Assurance Cross-Site Scripting Vulnerability

A vulnerability in the web framework code of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface. The vulnerability is due to insufficient input validation of some parameters that ar...