Cisco IOS and IOS XE Software Border Gateway Protocol Message Processing Denial of Service Vulnerability

A vulnerability in Border Gateway Protocol BGP message processing functions of Cisco IOS and IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper processing of crafted BGP attributes. An attacker could exploit th...

Cisco Meeting Server Persistent Cross-Site Scripting Vulnerability

A vulnerability in the web bridge that offers video via a web interface of Cisco Meeting Server Software, formerly Acano Conferencing Server, could allow an unauthenticated, remote attacker to conduct a persistent cross-site scripting XSS attack against a user of the web interface of an affected...

Cisco WebEx Meetings Server Administrator Interface Cross-Site Request Forgery Vulnerability

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against the user of the web interface. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerability by...

Cisco WebEx Meetings Server Administrator Interface Reflected Cross-Site Scripting Vulnerability

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting XSS attacks. The vulnerability is due to insufficient sanitization of user-supplied input by the affected software. An unauthenticated, remote attacker could...

Cisco WebEx Meetings Server Administrator Interface SQL Injection Vulnerability

A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries. The vulnerability is due to a lack of input validation on user-supplied input in SQL queries. An attacker could exploit this...

Cisco WebEx Meetings Server Reflected Cross-Site Scripting Vulnerability

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to perform reflected cross-site scripting XSS attacks. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability b...

Cisco WebEx Meetings Server Command Injection Vulnerability

A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability occurs due to the expectation of a certain file type during an upload. An attacker could exploit this vulnerability by using crafted command...

Cisco IOS XR Software Command Injection Vulnerability

A vulnerability in the command-line utility of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands on the host operating system with elevated privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this...

Cisco ASR 5000 Series SNMP Community String Disclosure Vulnerability

A vulnerability in SNMP configuration management in the Cisco ASR 5000 Series could allow an unauthenticated, remote attacker to read and modify the device configuration using an SNMP read-write community string. The vulnerability occurs because the configured SNMP community string is not...

Cisco IOS XR for NCS 6000 Packet Timer Leak Denial of Service Vulnerability

A vulnerability in the management of system timer resources in Cisco IOS XR for Cisco Network Convergence System 6000 NCS 6000 Series Routers could allow an unauthenticated, remote attacker to cause a leak of system timer resources, leading to a nonoperational state and an eventual reload of the...

Cisco Adaptive Security Appliance Access Control List ICMP Echo Request Code Filtering Vulnerability

A vulnerability in the Cisco Adaptive Security Appliance ASA Software implementation of access control list ACL permit and deny filters for ICMP echo reply messages could allow an unauthenticated, remote attacker to bypass ACL configurations for an affected device. ICMP traffic that should be...

Cisco AMP Threat Grid Unauthorized Clean IP Access Vulnerability

A vulnerability in the virtual network stack of the Cisco AMP Threat Grid Appliance could allow an unauthenticated, remote attacker to access internal interfaces within the appliance. The vulnerability is due to insufficient isolation between the sandbox and other internal components. An attacker...

Cisco Prime Infrastructure Administrative Web Interface HTML Injection Vulnerability

A vulnerability in the administrative web interface of Cisco Prime Infrastructure PI could allow an authenticated, remote attacker to execute arbitrary commands on the affected system and on the devices managed by the system. The vulnerability is due to improper user input validation. An attacker...

Cisco Video Communication Server and Expressway Trusted Certificate Authentication Bypass Vulnerability

A vulnerability in certificate management and validation for the Mobile and Remote Access MRA feature for Cisco Expressway Series and TelePresence Video Communication Server VCS could allow an unauthenticated, remote attacker to bypass authentication and access internal HTTP system resources. The...

Cisco Configuration Assistant Request Processing Unauthorized Access Vulnerability

A vulnerability in Cisco Configuration Assistant CCA could allow an unauthenticated, remote attacker to access sensitive file systems and administrative endpoints without user authentication. The vulnerability is due to lack of controller mechanisms and input validation checks. An attacker could...

Cisco Prime Infrastructure and Evolved Programmable Network Manager Authentication Bypass API Vulnerability

A vulnerability in the application programming interface API of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager EPNM could allow an unauthenticated, remote attacker to access and control the API resources. The vulnerability is due to improper input validation of HTTP...

Cisco Firepower System Software Static Credential Vulnerability

A vulnerability in Cisco Firepower System Software could allow an unauthenticated, remote attacker to log in to the device with a default account. This account does not have full administrator privileges. The vulnerability is due to a user account that has a default and static password. This...

Cisco Prime Collaboration Provisioning Lightweight Directory Access Protocol Authentication Bypass Vulnerability

A vulnerability in the Lightweight Directory Access Protocol LDAP authentication for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges. The vulnerability is due to...

Cisco Prime Infrastructure and Evolved Programmable Network Manager Authenticated Remote Code Execution Vulnerability

A vulnerability in the web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager EPNM could allow an authenticated, remote attacker to upload arbitrary files and execute commands as the prime web user. The prime web user does not have the full privileges of root...

Cisco Web Security Appliance Native FTP Denial of Service Vulnerability

A vulnerability in the native pass-through FTP functionality of the Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to cause a partial denial of service DoS condition due to high CPU utilization. The vulnerability is due to how the FTP client terminates the FTP...

Cisco Email Security Appliance .zip File Scanning Security Bypass Vulnerability

A vulnerability in the Message Filter and Content Filter of the Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass the filtering functionality of an affected system. The vulnerability is due to improper handling of content in .zip files. An attacker could...

Cisco Unified Contact Center Enterprise Web-Based Management Interface Cross-Site Scripting Vulnerability

A vulnerability in the HTTP web-based management interface of Cisco Unified Contact Center Enterprise Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to...

Cisco Prime Collaboration Deployment SQL Injection Vulnerability

A vulnerability in the interface of the Cisco Prime Collaboration Deployment SQL database could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries. The vulnerability is due to a lack of input validation for user-supplied input in...

Cisco ASR 5000 Series Packet Data Network Gateway Denial of Service Vulnerability

A vulnerability in the implementation of General Packet Radio Switching Tunneling Protocol Version 1 GTPv1 in Cisco ASR 5000 Series Packet Data Network Gateways could allow an unauthenticated, remote attacker to cause a denial of service DoS condition due to an unexpected restart of the Session...

Cisco IOS and Cisco IOS XE Software TCP Denial of Service Vulnerability

A vulnerability in the handling of remote TCP connections in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a partial denial of service DoS condition due to low memory. The vulnerability is due to the handling of out-of-order, or otherwise invalid, TC...

Cisco IOS XE Software SNMP Subsystem Denial of Service Vulnerability

A vulnerability in the SNMP subsystem of Cisco IOS XE software could allow an authenticated, remote attacker to create a denial of service DoS condition. The vulnerability is due to an attempt to double free a region of memory when processing a series of SNMP read requests that contains certain...

Cisco 8800 Series IP Phone Directory Traversal Vulnerability

A vulnerability in the license upload interface of Cisco 8800 Series IP Phones could allow an authenticated, remote attacker to delete arbitrary files from the filesystem. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by uploading invalid...

Cisco 8800 Series IP Phone Filesystem Permission Enforcement Unauthorized Access Vulnerability

A vulnerability in the mounted filesystem of Cisco 8800 Series IP Phones could allow an authenticated, remote attacker to access any file, including the right to change the file mode, on a targeted device. The vulnerability is due to insufficient enforcement of filesystem permissions. An attacker...

Cisco cBR-8 Series Converged Broadband Router SNMP Denial of Service Vulnerability

A vulnerability in the Simple Network Management Protocol SNMP subsystem of Cisco IOS XE Software running on Cisco cBR-8 Series Converged Broadband Routers could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability exists because the affected...

Cisco Firepower Management Center Persistent Cross-Site Scripting Vulnerability

A vulnerability in the HTTP framework of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against an affected device. The vulnerability is due to insufficient filtering of output data. An attacker could exploit this...

Cisco IOS Software Link Layer Discovery Protocol Processing Code Denial of Service Vulnerability

A vulnerability in the Link Layer Discovery Protocol LLDP packet processing code of Cisco IOS could allow an unauthenticated, adjacent attacker to cause the crash of an affected device. The vulnerability is due to improper handling of crafted LLDP packets. An attacker could exploit this...

Cisco IOS Software Link Layer Discovery Protocol Processing Code Denial of Service Vulnerability

A vulnerability in the Link Layer Discovery Protocol LLDP packet processing code of Cisco IOS Software could allow an unauthenticated, adjacent attacker to cause an affected device to crash. The vulnerability is due to improper handling of crafted LLDP packets. An attacker could exploit this...

Cisco Prime Network Registrar System Configuration Protocol Information Disclosure Vulnerability

A vulnerability in the System Configuration Protocol SCP core messaging interface of the Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability ...

Cisco RV110W, RV130W, and RV215W Routers Arbitrary Code Execution Vulnerability

A vulnerability in the web interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code as root on a targeted system. The vulnerability is d...

Cisco RV110W, RV130W, and RV215W Routers HTTP Request Buffer Overflow Vulnerability

A vulnerability in the web-based management interface of Cisco RV110W Wireless-N VPN Firewalls, Cisco RV130W Wireless-N Multifunction VPN Routers, and Cisco RV215W Wireless-N VPN Routers could allow an authenticated, remote attacker to cause a buffer overflow on a targeted system, resulting in a...

Cisco RV110W, RV130W, and RV215W Routers HTTP Request Buffer Overflow Vulnerability

A vulnerability in the web-based management interface of Cisco RV110W Wireless-N VPN Firewalls, Cisco RV130W Wireless-N Multifunction VPN Routers, and Cisco RV215W Wireless-N VPN Routers could allow an authenticated, remote attacker to cause a buffer overflow on a targeted system, resulting in a...

Cisco RV110W, RV130W, and RV215W Routers Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco RV110W Wireless-N VPN Firewalls, Cisco RV130W Wireless-N Multifunction VPN Routers, and Cisco RV215W Wireless-N VPN Routers could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of...

Cisco IP Phones Web Application Buffer Overflow Vulnerability

A vulnerability in the web application for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service DoS condition. The vulnerability exists because the affected software fails t...

Cisco Aironet 1800, 2800, and 3800 Series Access Point Platforms ARP Request Handling Denial of Service Vulnerability

A vulnerability exists in Cisco Access Point AP platforms when processing Address Resolution Protocol ARP packets that could allow an unauthenticated, adjacent attacker to inject crafted entries into the ARP table and eventually cause a reload of the affected device. The vulnerability is due to...

Cisco Application Policy Infrastructure Controller Binary Files Privilege Escalation Vulnerability

A vulnerability in the installation procedure for Cisco Application Policy Infrastructure Controller APIC devices could allow an authenticated, local attacker to gain root-level privileges. The vulnerability is due to the use of incorrect installation and permissions settings for binary files...

Cisco Aironet Access Points Command-Line Interpreter Linux Shell Command Injection Vulnerability

A vulnerability in the command-line interpreter of Cisco Aironet 1800, 2800, and 3800 Series Access Points could allow an authenticated, local attacker to inject commands in the Linux shell. The commands could be executed with root-level privileges. The vulnerability is due to improper sanitizati...

Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016

Multiple Cisco products incorporate a version of the Network Time Protocol daemon ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition or modify the time being advertised ...

Cisco IP 8800 Series Phones btcli Utility Command Injection Vulnerability

A vulnerability in a command-line interface CLI utility of the Cisco IP 8800 Series Phones could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted...

Cisco Prime Network Analysis Module Authenticated Remote Code Execution Vulnerability

A vulnerability in the web interface of Cisco Prime Network Analysis Module NAM and Cisco Prime Virtual Network Analysis Module vNAM could allow an authenticated, remote attacker to execute arbitrary commands or code on the host operating system with the privileges of the web server. The...

Cisco Prime Network Analysis Module Local Command Injection Vulnerability

A vulnerability in the command-line interface CLI of Cisco Prime Network Analysis Module NAM and Cisco Prime Virtual Network Analysis Module vNAM could allow a local, authenticated attacker to execute arbitrary commands on the host operating system with elevated privileges. The vulnerability is d...

Cisco Prime Network Analysis Module IPv6 Denial of Service Vulnerability

A vulnerability in the IPv6 packet decode function of the Cisco Network Analysis Module NAM could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to an improper calculation of the IPv6 payload length of certain IPv6 packets. An...

Cisco Prime Network Analysis Module Unauthenticated Remote Code Execution Vulnerability

A vulnerability in the web interface of Cisco Network Analysis Modules could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of the affected device with the privileges of the web server. The vulnerability is due to a failure to properly...

Cisco ESA and WSA AMP ClamAV Denial of Service Vulnerability

A vulnerability in the Clam AntiVirus ClamAV software that is used by Cisco Advance Malware Protection AMP for Cisco Email Security Appliances ESAs and Cisco Web Security Appliances WSAs could allow an unauthenticated, remote attacker to cause the AMP process to restart. The vulnerability is due ...

Cisco Firepower Management Center Web Interface Code Injection Vulnerability

A vulnerability in the web interface of Cisco Firepower Management Center could allow an authenticated, remote attacker to modify a page in the web interface. The vulnerability is due to improper sanitization of some parameter values. An attacker could exploit this vulnerability by injecting...

Cisco WebEx Meeting Center Improved Logging Capabilities

Cisco WebEx Meeting Center user accounts are subject to enumeration via Personal Meeting Rooms PMRs. This advisory documents that an administrative update has been made to improve the logging of connections to the PMRs. This advisory is available at the following link:...