5224 matches found
Cisco Firepower Malware Block Bypass Vulnerability
A vulnerability in the malicious file detection and blocking features of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system. The vulnerability is due to improper input validation of fields in HTTP headers. A...
Cisco Unified Communications Domain Manager Cross-Site Scripting Vulnerability
A vulnerability in the Cisco Unified Communications Domain Manager Unified CDM could allow an authenticated, remote attacker to execute a cross-site scripting XSS attack. The vulnerability is due to insufficient input validation of user-supplied input. An attacker could exploit this vulnerability...
Cisco IOS XR Software SCP and SFTP Modules Denial of Service Vulnerability
A vulnerability in the Secure Copy Protocol SCP and Secure FTP SFTP modules of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite system files and cause a denial of service DoS condition. The vulnerability is due to improper setting of permissions on the filesystem f...
Cisco IOS and IOS XE and Cisco Unified Communications Manager Software Session Initiation Protocol Memory Leak Vulnerability
A vulnerability in the Session Initiation Protocol SIP gateway implementation in Cisco IOS, IOS XE, and Cisco Unified Communications Manager Software could allow an unauthenticated, remote attacker to cause a memory leak and eventual reload of an affected device. The vulnerability is due to...
Cisco IOS and IOS XE Software Smart Install Denial of Service Vulnerability
The Smart Install client feature in Cisco IOS and IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to incorrect handling of image list parameters. An attacker...
Cisco IOS and NX-OS Software Locator/ID Separation Protocol Packet Denial of Service Vulnerability
A vulnerability in the Locator/ID Separation Protocol LISP of Cisco IOS Software running on the Cisco Catalyst 6500 and 6800 Series Switches and Cisco NX-OS Software running on the Cisco Nexus 7000 and Nexus 7700 Series Switches with an M1 Series Gigabit Ethernet Module could allow an...
Cisco IOS and IOS XE Software Internet Key Exchange Version 2 Fragmentation Denial of Service Vulnerability
A vulnerability in the Internet Key Exchange IKE version 2 v2 fragmentation code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to an improper handling of crafted, fragmented IKEv2 packets. An...
Cisco IOS and IOS XE Software DHCPv6 Relay Denial of Service Vulnerability
A vulnerability in the DHCP version 6 DHCPv6 relay feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient validation of DHCPv6 relay messages. An attacker could exploit this...
Cisco IOS Software Wide Area Application Services Express Denial of Service Vulnerability
A vulnerability in the Wide Area Application Services WAAS Express feature of Cisco IOS Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient validation of TCP segments. An attacker could exploit this vulnerability...
Cisco Gigabit Switch Router 12000 Series Routers Denial of Service Vulnerability
A vulnerability in the ASIC UDP ingress receive function of Cisco Gigabit Switch Router GSR 12000 Series Routers could allow an unauthenticated, remote attacker to cause a partial denial of service DoS condition when one line card in the router unexpectedly restarts. The vulnerability is due to...
Cisco Prime LAN Management Solution Default Decryption Key Vulnerability
A vulnerability in Cisco Prime LAN Management Solution LMS could allow an authenticated, local attacker to decrypt and access data fields in LMS databases that are used to manage devices in Cisco networks. The vulnerability is due to the presence of a default database decryption key that is share...
Cisco Cable Modem with Digital Voice Remote Code Execution Vulnerability
A vulnerability in the web server used in the Cisco Cable Modem with Digital Voice Model DPC2203 could allow an unauthenticated, remote attacker to exploit a buffer overflow and cause arbitrary code execution. The vulnerability is due to improper input validation for HTTP requests. An attacker...
Cisco ASA Content Security and Control Security Services Module Denial of Service Vulnerability
A vulnerability in the HTTPS inspection engine of the Cisco ASA Content Security and Control Security Services Module CSC-SSM could allow an unauthenticated, remote attacker to cause exhaustion of available memory, system instability, and a reload of the affected system. The vulnerability is due ...
Cisco Wireless Residential Gateway Information Disclosure Vulnerability
A vulnerability in the web-based administration interface of the Cisco Wireless Residential Gateway could allow an unauthenticated, remote attacker to access sensitive information on the affected device. The vulnerability is caused by improper access restrictions implemented on the affected...
Cisco Wireless Residential Gateway with EDVA Denial of Service Vulnerability
A vulnerability in the web-based administration interface of Cisco Model DPQ3925 8x4 DOCSIS 3.0 Wireless Residential Gateway with EDVA could allow an unauthenticated, remote attacker to cause the device to become unresponsive and restart, creating a denial of service DoS condition. The...
Cisco TelePresence Video Communication Server Denial of Service Vulnerability
A vulnerability in the Session Initiation Protocol SIP message handling process of Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to incorrect processing of specific incoming SIP...
Cisco Prime Infrastructure XML External Entity Denial of Service Vulnerability
A vulnerability in the web-based user interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to have read access to confidential information stored in the affected system. In addition, the attacker could cause a partial denial of service DoS condition due to...
Cisco NX-OS Software TCP Netstack Denial of Service Vulnerability
4A vulnerability in the TCP stack of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to improper processing of certain TCP packets in the closing sequence of a TCP session while the affected device is in a...
Cisco NX-OS Software SNMP Packet Denial of Service Vulnerability
A vulnerability in the Simple Network Management Protocol SNMP input packet processor of Cisco��Nexus 5500 Platform Switches, Cisco��Nexus 5600 Platform Switches, and Cisco��Nexus 6000 Series Switches running Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the SNMP...
Cisco Nexus 3000 Series and 3500 Platform Switches Insecure Default Credentials Vulnerability
A vulnerability in Cisco NX-OS Software running on Cisco Nexus 3000 Series Switches and Cisco Nexus 3500 Platform Switches could allow an unauthenticated, remote attacker to log in to the device with the privileges of the root user with bash shell access. The vulnerability is due to a user accoun...
Cisco Web Security Appliance HTTPS Packet Processing Denial of Service Vulnerability
A vulnerability in the web proxy framework of the Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker with the ability to negotiate a secure connection from within the trusted network to cause a denial of service DoS condition on the affected device. The vulnerability...
Cisco Policy Suite Confidential Information Disclosure Vulnerability
A vulnerability in password management administration of the Cisco Policy Suite CPS application could allow an unauthenticated, remote attacker to gain read-only access to information that is confidential and should have restricted access. The vulnerability is due to the lack of a proper role-bas...
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016
On March 1, 2016, the OpenSSL Software Foundation released a security advisory detailing seven vulnerabilities and a new attack, referred to as the Decrypting RSA with Obsolete and Weakened eNcryption DROWN attack. A total of eight Common Vulnerabilities and Exposures CVEs were assigned. Of the...
Cisco Unified Communications Domain Manager Cross-Site Scripting Vulnerability
A vulnerability in the web framework of Cisco Unified Communications Domain Manager UCDM Software could allow an unauthenticated, remote attacker to perform a cross-site scripting XSS attack. The vulnerability is due to insufficient input validation of user-submitted content. An attacker could...
Cisco FireSIGHT System Software Device Management UI Cross-Site Scripting Vulnerability
A vulnerability in the HTTP web-based management interface of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input...
Cisco FireSIGHT System Software Convert Timing Channel Vulnerability
A vulnerability in credential authentication for valid and invalid username-password pairs for Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to determine a list of valid usernames for an affected device. The vulnerability is due to implementation details of how...
Cisco Prime Infrastructure Log File Remote Code Execution Vulnerability
A vulnerability in the log file handling for Cisco Prime Infrastructure could allow an authenticated, remote attacker to change and modify the system log file. The log file could have executable code added to it that could be executed when the log file is viewed. The vulnerability is due to lack ...
Cisco Videoscape Distribution Suite for Internet Streaming TCP Session Handling Denial of Service Vulnerability
A vulnerability in TCP connection handling when TCP sessions are terminated via a TCP FIN packet for the Cisco Videoscape Distribution Suite for Internet Streaming VDS-IS could allow an unauthenticated, remote attacker to create a denial of service DoS condition. The vulnerability is due to...
Cisco FirePOWER Management Center Unauthenticated Information Disclosure Vulnerability
A vulnerability in the Cisco FirePOWER Management Center could allow an unauthenticated, remote attacker to obtain information about the Cisco FirePOWER Management Center software version from the device login page. The vulnerability is due to verbose output returned when HTML files are retrieved...
Cisco ACE 4710 Application Control Engine Command Injection Vulnerability
A vulnerability in the Device Manager GUI of the Cisco ACE 4710 Application Control Engine could allow an authenticated, remote attacker to execute any command-line interface CLI command on the ACE with admin user privileges. The vulnerability is due to insufficient validation of user-supplied...
Cisco Nexus 2000 Series Fabric Extender Software Default Credential Vulnerability
A vulnerability in the Cisco Nexus 2000 Series Fabric Extender could allow an unauthenticated, local attacker to log in to the system shell with root user privileges. The vulnerability is due to a missing password for the root user account on the affected system. This account is created at...
Cisco ASR 5000 Series StarOS SSH Subsystem Privilege Escalation Vulnerability
A privilege escalation vulnerability in the SSH subsystem in Cisco ASR 5000 Series devices running StarOS could allow an authenticated, remote attacker to elevate privileges. The attacker would need to have a valid and configured SSH authorized key and access to the same device from which the...
Vulnerability in GNU glibc Affecting Cisco Products: February 2016
On February 16, 2016, an industry-wide, critical vulnerability in the GNU C library glibc was publicly disclosed. Multiple Cisco products incorporate a version of glibc that may be affected by the vulnerability. The vulnerability could allow an unauthenticated, remote attacker to trigger a buffer...
Cisco 1000 Series Connected Grid Routers SNMP BRIDGE MIB Denial of Service Vulnerability
A vulnerability in the Simple Network Management Protocol SNMP BRIDGE Management Information Base MIB of the Cisco 1000 Series Connected Grid Routers could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to a faulty implementation of...
Cisco Small Business 500 Series Wireless Access Point Configuration Modification Vulnerability
A vulnerability in the web interface that is used to update the system time on Cisco Small Business 500 Series Wireless Access Point devices could allow an unauthenticated, remote attacker to impact the integrity of a system. The vulnerability is due to insufficient validation of user-controlled...
Cisco IOS Software for Cisco Industrial Ethernet 2000 Series Switches Denial of Service Vulnerability
A vulnerability in the processing of Cisco Discovery Protocol CDP packets by Cisco IOS Software for Cisco Industrial Ethernet 2000 Series Switches could allow an unauthenticated, adjacent attacker to cause an affected device to reload. The vulnerability is due to improper processing of crafted CD...
Cisco Emergency Responder Cross-Site Scripting Vulnerability
A vulnerability in the web framework code of Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of some...
Cisco Universal Small Cell Devices Unauthorized Firmware Retrieval Vulnerability
A vulnerability in Cisco Universal Small Cell devices could allow an unauthenticated, remote attacker to retrieve firmware from a Cisco-hosted binary server. The vulnerability is due to insufficient enforcement of the two-way certificate validation process by the Cisco-hosted binary server to...
Cisco Advanced Malware Protection and Email Security Appliance Proxy Engine Security Bypass Vulnerability
A vulnerability in the proxy engine of the Cisco Advanced Malware Protection AMP and the Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass security restrictions. The vulnerability is due to improper handling of malformed file methods. An attacker could...
Cisco Spark Representational State Transfer Interface Unauthorized Access Vulnerability
A vulnerability in the Representational State Transfer REST interface of Cisco Spark could allow an unauthenticated, remote attacker to make changes to an affected system system. The vulnerability is due to improper implementation of authorization controls when accessing certain web pages of the...
Cisco Spark Representational State Transfer Interface Denial of Service Vulnerability
A vulnerability in the Representational State Transfer REST interface of Cisco Spark could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to missing authorization checks on certain administrative pages. An...
Cisco Spark Representational State Transfer Interface Information Disclosure Vulnerability
A vulnerability in the Representational State Transfer REST interface of Cisco Spark could allow an authenticated, remote attacker to view sensitive information from the underlying operating system. The vulnerability is due to insufficient protections of sensitive data. An attacker could exploit...
Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability
A vulnerability in the Internet Key Exchange IKE version 1 v1 and IKE version 2 v2 code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. The vulnerability is due to a buffer overflow in the affected code...
Cisco Prime Collaboration Provisioning Local Privilege Escalation Vulnerability
A vulnerability in the command-line interface CLI of the Cisco Prime Collaboration server could allow an authenticated, local attacker to access the underlying Linux operating system with the privileges of the root user. The vulnerability is due to insufficient sanitization of user-supplied input...
Cisco Application Policy Infrastructure Controller Enterprise Module Web Framework Cross-Site Scripting Vulnerability
A vulnerability in the web framework of the Cisco Application Policy Infrastructure Controller Enterprise Module APIC-EM could allow an unauthenticated, remote attacker to perform a cross-site scripting XSS attack. The vulnerability is due to insufficient input validation of user-submitted conten...
Cisco Video Communications Server Information Disclosure Vulnerability
Cisco Video Communications Server VCS, when utilized as part of a Jabber Guest deployment, contains an information disclosure vulnerability that could allow and unauthenticated, remote attacker to gain access to potentially sensitive information. The vulnerability exists due to a failure to...
Cisco Unified Communications Manager Information Disclosure Vulnerability
A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables. An attacker could exploit this vulnerability by browsing to a specific URL. An...
Cisco Unified Products Information Disclosure Vulnerability
A vulnerability in the key management feature of multiple Cisco Unified products could allow an unauthenticated, local attacker to read sensitive data. The vulnerability is due to an encryption key that can be read in plain text. An attacker could exploit this vulnerability by determining the key...
Cisco Unity Connection Web Framework Cross-Site Scripting Vulnerability
A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to execute a cross-site scripting XSS attack. The vulnerability is due to insufficient input validation of user-supplied input. An attacker could exploit this vulnerability by convincing...
Cisco Jabber Guest Server HTTP Web-Based Management Interface Cross-Site Scripting Vulnerability
A vulnerability in the HTTP web-based management interface of the Cisco Jabber Guest application could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface. The vulnerability is due to insufficient input validation of the HTTP...