Cisco Firepower Management Center and FireSIGHT System Software Session Fixation Vulnerability

A vulnerability in session identification management functionality of the web-based management interface for Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to hijack a valid user session. The vulnerability exists because the...

Cisco Firepower Management Center and FireSIGHT System Software Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The...

Cisco Firepower Management Center and FireSIGHT System Software Malware Bypass Vulnerability

A vulnerability in the malicious file detection and blocking features of Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system. The vulnerability is due to improper input...

Cisco IOS Software Point-to-Point Tunneling Protocol Server Information Disclosure Vulnerability

A vulnerability in the implementation of Point-to-Point Tunneling Protocol PPTP server functionality in Cisco IOS Software could allow an unauthenticated, remote attacker to access data from a packet buffer that was previously used. The vulnerability is due to the use of a previously used packet...

Cisco WebEx Meetings Player Arbitrary Code Execution Vulnerability

A vulnerability in Cisco WebEx Meetings Player could allow an unauthenticated, remote attacker to execute arbitrary code. The vulnerability is due to improper handling of user-supplied files. An attacker could exploit this vulnerability by persuading a user to open a malicious WRF file by using t...

Cisco Hosted Collaboration Mediation Fulfillment Authenticated Directory Traversal Vulnerability

A vulnerability in the web interface of Cisco Hosted Collaboration Mediation Fulfillment could allow an authenticated, remote attacker to access arbitrary files on the system. This vulnerability allows the attacker to perform directory traversal. The vulnerability is due to a lack of proper input...

Cisco Wireless LAN Controller TSM SNMP Denial of Service Vulnerability

A vulnerability in the traffic stream metrics TSM implemented with the Inter-Access Point Protocol IAPP of the Cisco Wireless LAN Controller WLC could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition because the process on the WLC unexpectedly restarts. The D...

Cisco Small Business 220 Series Smart Plus Switches Web Interface Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business 220 Series Smart Plus Sx220 Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The...

Cisco Wireless LAN Controller wIPS Denial of Service Vulnerability

A vulnerability in the Cisco Adaptive Wireless Intrusion Prevention System wIPS implementation in the Cisco Wireless LAN Controller WLC could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition because the wIPS process on the WLC unexpectedly restarts. The...

Cisco Small Business SPA3x/5x Series Denial of Service Vulnerability

A vulnerability in the HTTP framework of Cisco Small Business SPA300 Series IP Phones, Cisco Small Business SPA500 Series IP Phones, and Cisco SPA51x IP Phones could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is du...

Cisco Hosted Collaboration Mediation Fulfillment Directory Traversal File System Vulnerability

A vulnerability in the web interface of Cisco Hosted Collaboration Mediation Fulfillment application could allow an unauthenticated, remote attacker to write arbitrary files to any file system location that the application server has permissions to access. The vulnerability is due to lack of prop...

Cisco Virtual Media Packager PAM API Unauthorized Access Vulnerability

A vulnerability in the application programming interface API for the Platform and Applications Manager PAM for the Cisco Virtual Media Packager VMP could allow an unauthenticated, remote attacker to access the PAM API. The PAM API is only accessible using the SSL or TLS protocol. The vulnerabilit...

Cisco WebEx Meetings Player Denial of Service Vulnerability

A vulnerability in Cisco WebEx Meetings Player could allow an unauthenticated, remote attacker to cause WebEx Meetings Player to crash. The vulnerability is due to improper validation of user-supplied files. An attacker could exploit this vulnerability by persuading a user to open a malicious fil...

Cisco Small Business 220 Series Smart Plus Switches SNMP Unauthorized Access Vulnerability

A vulnerability in the implementation of Simple Network Management Protocol SNMP functionality in Cisco Small Business 220 Series Smart Plus Sx220 Switches could allow an unauthenticated, remote attacker to gain unauthorized access to SNMP objects on an affected device. The vulnerability is due t...

Cisco Small Business 220 Series Smart Plus Switches Web Interface Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business 220 Series Smart Plus Sx220 Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to...

Cisco Small Business 220 Series Smart Plus Switches Web Interface Denial of Service Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business 220 Series Smart Plus Sx220 Switches could allow an unauthenticated, remote attacker to cause the web-based management interface of an affected device to stop responding, resulting in a partial denial of service DoS...

Cisco AnyConnect Secure Mobility Client Local Privilege Escalation Vulnerability

A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and execute an arbitrary executable file with privileges equivalent to the Microsoft Windows operating system SYSTEM account. The vulnerability is due to incomplete input...

Cisco Adaptive Security Appliance CLI Remote Code Execution Vulnerability

A vulnerability in the command-line interface CLI parser of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, local attacker to create a denial of service DoS condition or potentially execute arbitrary code. An attacker could exploit this vulnerability by invoking certa...

Cisco Adaptive Security Appliance SNMP Remote Code Execution Vulnerability

A vulnerability in the Simple Network Management Protocol SNMP code of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker to cause a reload of the affected system or to remotely execute code. The vulnerability is due to a buffer overflow in the affected...

Cisco Smart Call Home Transport Gateway Cross-Site Scripting Vulnerability

A vulnerability in the web framework of the Cisco Smart Call Home Transport Gateway could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. The vulnerability is due to insufficient input validation of a user-supplied value. An attacker could exploit this...

Cisco Identity Services Engine Admin Dashboard Page Cross-Site Scripting Vulnerability

A vulnerability in the web framework code of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. The vulnerability is due to insufficient input validation of some parameters passed to the web server. An attacker could...

Cisco Aironet 1800, 2800, and 3800 Series Access Point Platforms 802.11 Protocol Denial of Service Vulnerability

A vulnerability in the 802.11 wireless LAN protocol for Cisco Access Point AP platforms could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition when the device unexpectedly reloads. The vulnerability is due to rate limiting of 802.11 traffic. An attacker could...

Cisco Firepower Management Center Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation for some of t...

Cisco Aironet 1800, 2800, and 3800 Series Access Point Platforms AMPDU Denial of Service Vulnerability

A vulnerability in the Aggregated MAC Protocol Data Unit AMPDU implementation in Cisco Access Point AP platforms could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition. The vulnerability is due to incomplete input validation of the AMPDU packet header. An...

Cisco Aironet 1800, 2800, and 3800 Series Access Point Platforms CLI Privilege Escalation Vulnerability

A vulnerability in command execution from the command line-interface CLI of Cisco Access Point AP platforms could allow an authenticated, local attacker to perform privilege escalation to root-level privileges. The vulnerability occurs because user input is not properly sanitized for certain...

Cisco Firepower Management Center Remote Command Execution Vulnerability

A vulnerability in the web-based GUI of Cisco Firepower Management Center and Cisco Adaptive Security Appliance ASA 5500-X Series with FirePOWER Services could allow an authenticated, remote attacker to perform unauthorized remote command execution on the affected device. The vulnerability is due...

Cisco WebEx Meetings Server Information Disclosure Vulnerability

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access sensitive data. The vulnerability is due to lack of proper authentication controls. An attacker could exploit this vulnerability to learn sensitive information about the application. Cisco has...

Cisco IP Phone 8800 Series Denial of Service Vulnerability

A vulnerability in the web server of the Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to improper validation of user-supplied input by the affected software. An attacker could exploit this...

Cisco Firepower Management Center Privilege Escalation Vulnerability

A vulnerability in the web-based GUI of Cisco Firepower Management Center and Cisco Adaptive Security Appliance ASA 5500-X Series with FirePOWER Services could allow an authenticated, remote attacker to elevate the privileges of user accounts on the affected device. The vulnerability is due to...

Cisco Application Policy Infrastructure Controller Enterprise Module Remote Code Execution Vulnerability

A vulnerability in the Grapevine update process of the Cisco Application Policy Infrastructure Controller Enterprise Module APIC-EM could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system with the privileges of the root user. The vulnerabilit...

Cisco Unified Communications Manager Information Disclosure Vulnerability

A vulnerability in the User Data Services UDS Application Programming Interface API for Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view confidential information that should require authentication. The vulnerability is due to improper authentication...

Cisco Connected Streaming Analytics Unauthorized Access Vulnerability

A vulnerability in the administrative web interface of Cisco Connected Streaming Analytics could allow an authenticated, remote attacker to obtain sensitive information. The vulnerability is due to the inclusion of sensitive information in a server response when certain pages of the administrativ...

Cisco IP Phone 8800 Series Cross-Site Scripting Vulnerability

A vulnerability in the web application of the Cisco IP Phone 8800 Series could allow an authenticated, remote attacker to perform a stored, cross-site scripting XSS attack. The vulnerability is due to insufficient sanitization of parameter values. An attacker could exploit this vulnerability by...

Cisco IOS XR Software for Cisco ASR 9001 Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability

A vulnerability in the driver processing functions of Cisco IOS XR Software for Cisco ASR 9001 Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a memory leak on the route processor RP of an affected device, which could cause the device to drop all control-plan...

Cisco IOS and IOS XE Software Crafted Network Time Protocol Packets Denial of Service Vulnerability

A vulnerability in the processing of Network Time Protocol NTP packets by Cisco IOS and Cisco IOS XE could allow an unauthenticated, remote attacker to cause an interface wedge and an eventual denial of service DoS condition on the affected device. The vulnerability is due to insufficient checks ...

Cisco Prime Infrastructure Cross-Frame Scripting Vulnerability

A vulnerability in the web interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack. This vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerability by directing a user to a...

Cisco TelePresence Video Communication Server Expressway Command Injection Vulnerability

A vulnerability in the administrative web interface of Cisco TelePresence Video Communication Server Expressway could allow an authenticated, remote attacker to execute arbitrary commands on the affected system. The vulnerability is due to the failure to properly sanitize user input passed to the...

Cisco Unified Communications Manager IM and Presence Service SIP Packet Processing Denial of Service Vulnerability

A vulnerability in Session Initiation Protocol SIP processing functions of the Cisco Unified Communications Manager Instant Messaging IM and Presence Service could allow an unauthenticated, remote attacker to cause the Cisco SIP Proxy Daemon sipd process to restart unexpectedly, resulting in a...

Cisco RV110W, RV130W, and RV215W Routers Command Shell Injection Vulnerability

A vulnerability in the command-line interface CLI command parser of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an authenticated, local attacker to inject arbitrary shell commands that are executed ...

Cisco RV110W, RV130W, and RV215W Routers Static Credential Vulnerability

A vulnerability in the default account when used with a specific configuration of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and the Cisco RV215W Wireless-N VPN Router could allow an authenticated, remote attacker to gain root access to the device...

Cisco RV180 VPN and RV180W Wireless-N Multifunction VPN Routers Unauthorized Access Vulnerability

A vulnerability in the web interface of the Cisco RV180 VPN Router and Cisco RV180W Wireless-N Multifunction VPN Router could allow an unauthenticated, remote attacker to access arbitrary files on the system. This vulnerability allows the attacker to perform directory traversal. The vulnerability...

Cisco RV180 VPN and RV180W Wireless-N Multifunction VPN Routers Remote Code Execution Vulnerability

A vulnerability in the web interface of the Cisco RV180 VPN Router and Cisco RV180W Wireless-N Multifunction VPN Router could allow an authenticated, remote attacker to execute arbitrary commands with root-level privileges. The vulnerability is due to improper input validation of HTTP requests. A...

Cisco Wireless LAN Controller Denial of Service Vulnerability

A vulnerability in wireless frame management service of the Cisco Wireless LAN Controller WLC could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on the affected device. The vulnerability is due to insufficient handling of wireless management frames. An...

Cisco Videoscape Session Resource Manager Denial of Service Vulnerability

A vulnerability in system resource management in the Cisco Videoscape Session Resource Manager VSRM could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition because the device unexpectedly restarts. The vulnerability occurs because the VSRM is not installed usi...

Cisco Prime Service Catalog Reflected Cross-Site Scripting Vulnerability

A vulnerability in the HTTP web-based management interface of the Cisco Prime Service Catalog PSC could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web interface of the affected system. The vulnerability is due to...

Cisco Nexus 1000v Application Virtual Switch Cisco Discovery Protocol Packet Processing Denial of Service Vulnerability

A vulnerability in Cisco Discovery Protocol packet processing for the Cisco Nexus 1000v Application Virtual Switch AVS could allow an unauthenticated, remote attacker to cause the ESXi hypervisor to crash and display a purple diagnostic screen, resulting in a denial of service DoS condition. The...

Cisco Email Security Appliance File Type Filtering Vulnerability

A vulnerability in the email message filtering feature of Cisco AsyncOS for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to cause an ESA to fail to detect and act upon a specific type of file that is attached to an email message. The vulnerability is due to...

Cisco FireSIGHT System Software Snort Rule Bypass Vulnerability

A vulnerability in Snort rule detection in Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass configured rules that use Snort detection. The vulnerability is due to improper handling of HTTP header parameters. An attacker could exploit this vulnerability by...

Vulnerability in Objective Systems ASN1C Compiler Affecting Cisco Products

A vulnerability in the ASN1C compiler by Objective Systems affects Cisco ASR 5000 devices running StarOS and Cisco Virtualized Packet Core VPC systems. The vulnerability could allow an unauthenticated, remote attacker to create a denial of service DoS condition or potentially execute arbitrary...

Cisco Unified Computing System Performance Manager Input Validation Vulnerability

A vulnerability in the web framework of Cisco Unified Computing System UCS Performance Manager could allow an authenticated, remote attacker to execute arbitrary commands. The vulnerability is due to insufficient input validation performed on parameters that are passed via an HTTP GET request. An...