5224 matches found
Cisco Unified Communications Manager iFrame Data Clickjacking Vulnerability
The Cisco Unified Communications Manager CUCM may be vulnerable to data that can be displayed inside an iframe within a web page, which in turn could lead to a clickjacking attack. Protection mechanisms should be used to prevent this type of attack. The vulnerability is due to a lack of proper...
Cisco IOS Software for Cisco Catalyst 6500 Series Switches and 7600 Series Routers ACL Bypass Vulnerability
A vulnerability in the ternary content addressable memory TCAM share access control list ACL functionality of Cisco IOS Software running on Supervisor Engine 720 and Supervisor Engine 32 Modules for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers could allow an unauthenticated,...
Cisco NX-OS Software Malformed DHCPv4 Packet Denial of Service Vulnerability
A vulnerability in the implementation of the DHCPv4 relay agent in Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper validation of malformed DHCPv4 packets. An attacker could...
Cisco NX-OS Software-Based Products Authentication, Authorization, and Accounting Bypass Vulnerability
A vulnerability in the SSH subsystem of the Cisco Nexus family of products could allow an authenticated, remote attacker to bypass authentication, authorization, and accounting AAA restrictions. The vulnerability is due to the improper processing of certain parameters that are passed to an affect...
Cisco IOS and IOS XE IKEv2 Denial of Service Vulnerability
A vulnerability in the Internet Key Exchange version 2 IKEv2 code of Cisco IOS and IOS XE could allow an unauthenticated, remote attacker to cause a reload of the affected device. The vulnerability is due to improper handling of crafted IKEv2 packets. The vulnerability applies only to IKEv2 devic...
Cisco ASA Software DHCP Relay Denial of Service Vulnerability
A vulnerability in the DHCP Relay feature of Cisco ASA Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition by causing an interface wedge. The vulnerability is due to improper handling of resources linked with the DHCP Relay feature. An attacker...
Cisco Host Scan Package Cross-Site Scripting Vulnerability
A vulnerability in the Cisco Host Scan package could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of a Cisco Adaptive Security Appliance ASA Web VPN deployment. The vulnerability is due to insufficient input validation of a user-supplied...
Cisco NX-OS Software Crafted DHCPv4 Packet Denial of Service Vulnerability
A vulnerability in the implementation of the DHCPv4 relay agent and smart relay agent in Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper validation of crafted DHCPv4 offer...
Cisco Unified Intelligence Center (CUIC) Software Unauthenticated User Account Creation Vulnerability
A vulnerability in the jspringsecurityswitchuser function of Cisco Unified Intelligence Center CUIC Software could allow an unauthenticated, remote attacker to make certain changes to the system. The vulnerability is due to improper implementation of authorization controls when accessing certain...
Cisco IOS XR Software Command-Line Interface Privilege Escalation Vulnerability
A vulnerability in the command-line interface CLI of IOS-XR series software could allow an authenticated, local attacker to execute arbitrary code on a targeted system at the root privilege level. The vulnerability is due to incorrect permissions given to a set of users. An attacker could exploit...
Cisco Unified Intelligence Center (CUIC) Software Cross-Site Scripting Vulnerability
A vulnerability in the HTTP web-based management interface of Cisco Unified Intelligence Center CUIC Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of the affected system. The vulnerability is due to...
Cisco Firepower Management Center Console Authentication Bypass Vulnerability
A vulnerability in the web console of Cisco Firepower Management Center could allow an authenticated, local attacker to bypass authentication and access sensitive information. The vulnerability is due to the use of static credentials by the database on an affected system. An authenticated user wh...
Cisco Nexus 9000 Information Disclosure Vulnerability
A vulnerability in the internal iptables configuration for local interfaces on the Cisco Nexus 9000 Series Switch could allow an unauthenticated, remote attacker to access certain sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerabili...
Cisco Unified Intelligence Center (CUIC) Software Cross-Site Request Forgery Vulnerability
A vulnerability in Cisco Unified Intelligence Center CUIC Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against the user of the web interface. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this...
Cisco Firepower Threat Management Console Remote Command Execution Vulnerability
A vulnerability in Cisco Firepower Threat Management Console could allow an authenticated, remote attacker to execute arbitrary commands on a targeted system. The vulnerability exists because parameters sent to the web application are not properly validated. This may lead an authenticated web use...
Cisco NX-OS Border Gateway Protocol Denial of Service Vulnerability
A vulnerability in the Border Gateway Protocol BGP implementation of Cisco NX-OS System Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition due to the device unexpectedly reloading. The vulnerability is due to incomplete input validation of the BGP...
Cisco Nexus 7000 and 7700 Series Switches Overlay Transport Virtualization Buffer Overflow Vulnerability
A vulnerability in the Overlay Transport Virtualization OTV generic routing encapsulation GRE implementation of the Cisco Nexus 7000 and 7700 Series Switches could allow an unauthenticated, adjacent attacker to cause a reload of the affected system or to remotely execute code. The vulnerability i...
Cisco Firepower Management Center Console Local File Inclusion Vulnerability
A vulnerability in the web console of Cisco Firepower Management Center could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to improper validation of parameters that are sent to the web console of an affected system. The vulnerability could allo...
Cisco IOS and IOS XE Software H.323 Message Validation Denial of Service Vulnerability
A vulnerability in the H.323 subsystem of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to create a denial of service DoS condition on an affected device. The vulnerability is due to a failure to properly validate certain fields in an H.323 protocol suite message...
Cisco IOS XE Software IP Fragment Reassembly Denial of Service Vulnerability
A vulnerability in the IPv4 fragment reassembly function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to the corruption of an internal data structure that occurs when the affected software reassembles an...
Cisco IOS and IOS XE Software Internet Key Exchange Version 1 Fragmentation Denial of Service Vulnerability
A vulnerability in the Internet Key Exchange version 1 IKEv1 fragmentation code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an exhaustion of available memory or a reload of the affected system. The vulnerability is due to the improper handling of...
Cisco Firepower Management Center and FireSIGHT System Software Cross-Site Request Forgery Vulnerability
A cross-site request forgery CSRF vulnerability for Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to a lack of CSRF protections by an affected device. An attacker could...
Cisco IOS and IOS XE Software DNS Forwarder Denial of Service Vulnerability
A vulnerability in the DNS forwarder functionality of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload, corrupt the information present in the device's local DNS cache, or read part of the process memory. The vulnerability is due to a fla...
Cisco IOS and IOS XE Software Smart Install Memory Leak Vulnerability
The Smart Install client feature in Cisco IOS and IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a memory leak and eventual denial of service DoS condition on an affected device. The vulnerability is due to incorrect handling of image list...
Cisco Firepower Management Center SQL Injection Vulnerability
A vulnerability in the web framework of the Cisco Firepower Management Center could allow an authenticated, remote attacker to perform SQL injection on the affected device. The vulnerability is due to a lack of input validation. An attacker could exploit this vulnerability by sending a crafted SQ...
Cisco Videoscape Distribution Suite Service Manager Reflective Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Videoscape Distribution Suite Service Manager VDS-SM could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The...
Cisco Firepower Management Center Privilege Escalation Vulnerability
A vulnerability in the web framework of the Cisco Firepower Management Center could allow authenticated, remote attackers to elevate privileges to access data outside their roles. The vulnerability is due to improper authorization checks for authenticated users of the system. An attacker could...
Cisco IOS XE Software NAT Denial of Service Vulnerability
A vulnerability in the implementation of Network Address Translation NAT functionality in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper handling of malformed ICMP packets by the affected software. ...
Cisco IOS and IOS XE Software Multicast Routing Denial of Service Vulnerabilities
Multiple vulnerabilities in the multicast subsystem of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to create a denial of service DoS condition. The issues are in IPv4 Multicast Source Discovery Protocol MSDP and IPv6 Protocol Independent Multicast PIM. The first...
Cisco AsyncOS File Transfer Protocol Denial of Service Vulnerability
A vulnerability in the local File Transfer Protocol FTP service on the Cisco AsyncOS for Email Security Appliance ESA, Web Security Appliance WSA, and Content Security Management Appliance SMA could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The...
Cisco IOS and IOS XE Software AAA Login Denial of Service Vulnerability
A vulnerability in the Authentication, Authorization, and Accounting AAA service for remote Secure Shell Host SSH connections to the device for Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause the vulnerable device to reload. The vulnerability is due to an...
Cisco IOS and IOS XE Software IP Detail Record Denial of Service Vulnerability
A vulnerability in the IP Detail Record IPDR code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected system to reload. The vulnerability is due to improper handling of IPDR packets. An attacker could exploit this vulnerability by sending crafted...
Cisco IOS XR Software Open Shortest Path First Link State Advertisement Denial of Service Vulnerability
A vulnerability in the implementation of Open Shortest Path First OSPF Link State Advertisement LSA functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to a memory error in OSPF. An attacker...
Cisco IOS Software Common Industrial Protocol Request Denial of Service Vulnerability
A vulnerability in the Common Industrial Protocol CIP feature of Cisco IOS Software could allow an unauthenticated, remote attacker to create a denial of service DoS condition. The vulnerability is due to a failure to properly process an unusual, but valid, set of requests to an affected device. ...
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016
On September 22, 2016, the OpenSSL Software Foundation released an advisory that describes 14 vulnerabilities. Of these 14 vulnerabilities, the OpenSSL Software Foundation classifies one as “Critical Severity,” one as “Moderate Severity,” and the other 12 as “Low Severity.” Subsequently, on...
Cisco Email Security Appliance Internal Testing Interface Vulnerability
A vulnerability in Cisco IronPort AsyncOS for Cisco Email Security Appliances ESA could allow an unauthenticated, remote attacker to obtain complete control of an affected device. The vulnerability is due to the presence of a Cisco internal testing and debugging interface intended for use during...
Cisco Application-Hosting Framework HTTP Header Injection Vulnerability
A vulnerability in the Cisco Application-hosting Framework CAF component for Cisco IOS and IOS XE Software with the IOx feature set could allow an unauthenticated, remote attacker to cause a CAF user to download a file controlled by the attacker. The vulnerability is due to insufficient input...
Cisco Cloud Services Platform 2100 Remote Command Execution Vulnerability
A vulnerability in the web interface of Cisco Cloud Services Platform CSP 2100 could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability is due to insufficient sanitization of specific values received as part of a user-supplied HTTP request...
Cisco Cloud Services Platform 2100 Command Injection Vulnerability
A vulnerability in the web-based GUI of the Cisco Cloud Services Platform 2100 could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system with the privileges of the root user. The vulnerability is due to insufficient sanitization of user-supplie...
Cisco IOS and IOS XE iox Command Injection Vulnerability
A vulnerability exists in the iox command in Cisco IOS and IOS XE Software that could allow an authenticated, local attacker to perform command injection into the IOx Linux guest operating system GOS. This vulnerability is due to insufficient input validation of iox command line arguments. An...
Cisco Application Policy Infrastructure Controller Binary Privilege Escalation Vulnerability
A vulnerability in the installation procedure for Cisco Application Policy Infrastructure Controller APIC devices could allow an authenticated, local attacker to gain root-level privileges. The vulnerability is due to incorrect installation and permissions settings for binary files when installin...
Cisco Prime Home Web-Based User Interface XML External Entity Vulnerability
A vulnerability in the web-based user interface of Cisco Prime Home could allow an unauthenticated, remote attacker to have read access to part of the information stored in the affected system. The vulnerability is due to improper handling of an XML External Entity XXE when parsing an XML file. A...
Cisco Firepower Management Center and FireSIGHT System Software SSLIinspection Bypass Vulnerability
A vulnerability in SSL inspection for Cisco Firepower Management Center and Cisco FireSIGHT System software could allow an unauthenticated, remote attacker to bypass configured do-not-decrypt rules in the SSL policy rule set. The vulnerability is due to lack of verification of the user input...
Cisco IOS and IOS XE Software Application-Hosting Framework Unauthorized File Access Vulnerability
A vulnerability in the Cisco application-hosting framework CAF for Cisco IOS and IOS XE Software with the IOx feature set could allow an authenticated, remote attacker to read arbitrary files on a targeted system. The vulnerability is due to insufficient input validation by the affected framework...
Cisco IOS and IOS XE Software Data in Motion Component Denial of Service Vulnerability
A vulnerability in the Cisco Data in Motion DMo component for Cisco IOS and IOS XE Software with the IOx feature set could allow an unauthenticated, remote attacker to cause a partial denial of service DoS condition for the DMo process on a targeted system. The vulnerability is due to insufficien...
IKEv1 Information Disclosure Vulnerability in Multiple Cisco Products
A vulnerability in Internet Key Exchange version 1 IKEv1 packet processing code in Cisco IOS, Cisco IOS XE, and Cisco IOS XR Software could allow an unauthenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information. The vulnerability is d...
Cisco IOS and IOS XE Software Data in Motion Denial of Service Vulnerability
A vulnerability in the Data in Motion DMo application in Cisco IOS and IOS XE software with the IOx feature set could allow an unauthenticated, remote attacker to to cause a denial of service DoS condition in the DMo process. The vulnerability is due to insufficient input validation by the affect...
Cisco Web Security Appliance HTTP Load Denial of Service Vulnerability
A vulnerability in HTTP request forwarding with Cisco AsyncOS for Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to cause a denial of service DoS condition due to link saturation. The vulnerability is due to how HTTP data ranges are downloaded from the destinatio...
Cisco Carrier Routing System IPv6 Denial of Service Vulnerability
A vulnerability in IPv6 over MPLS packet processing of Cisco IOS XR for Cisco Carrier Routing System CRS platforms could allow an unauthenticated, adjacent attacker to cause a reload of the affected line card. The vulnerability is due to insufficient logic in processing of crafted IPv6 over MPLS...
Cisco WebEx Meetings Server Denial of Service Vulnerability
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on a targeted system. The vulnerability is due to improper validation of user accounts by specific services. An unauthenticated, remote attacker could exploit...