Cisco IOS and NX-OS Software Locator/ID Separation Protocol Packet Denial of Service Vulnerability

A vulnerability in the Locator/ID Separation Protocol LISP of Cisco IOS Software running on the Cisco Catalyst 6500 and 6800 Series Switches and Cisco NX-OS Software running on the Cisco Nexus 7000 and Nexus 7700 Series Switches with an M1 Series Gigabit Ethernet Module could allow an...

Cisco IOS and IOS XE Software Smart Install Denial of Service Vulnerability

The Smart Install client feature in Cisco IOS and IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to incorrect handling of image list parameters. An attacker...

Cisco IOS and IOS XE Software Internet Key Exchange Version 2 Fragmentation Denial of Service Vulnerability

A vulnerability in the Internet Key Exchange IKE version 2 v2 fragmentation code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to an improper handling of crafted, fragmented IKEv2 packets. An...

Cisco Gigabit Switch Router 12000 Series Routers Denial of Service Vulnerability

A vulnerability in the ASIC UDP ingress receive function of Cisco Gigabit Switch Router GSR 12000 Series Routers could allow an unauthenticated, remote attacker to cause a partial denial of service DoS condition when one line card in the router unexpectedly restarts. The vulnerability is due to...

Cisco Prime LAN Management Solution Default Decryption Key Vulnerability

A vulnerability in Cisco Prime LAN Management Solution LMS could allow an authenticated, local attacker to decrypt and access data fields in LMS databases that are used to manage devices in Cisco networks. The vulnerability is due to the presence of a default database decryption key that is share...

Cisco ASA Content Security and Control Security Services Module Denial of Service Vulnerability

A vulnerability in the HTTPS inspection engine of the Cisco ASA Content Security and Control Security Services Module CSC-SSM could allow an unauthenticated, remote attacker to cause exhaustion of available memory, system instability, and a reload of the affected system. The vulnerability is due ...

Cisco Cable Modem with Digital Voice Remote Code Execution Vulnerability

A vulnerability in the web server used in the Cisco Cable Modem with Digital Voice Model DPC2203 could allow an unauthenticated, remote attacker to exploit a buffer overflow and cause arbitrary code execution. The vulnerability is due to improper input validation for HTTP requests. An attacker...

Cisco Wireless Residential Gateway with EDVA Denial of Service Vulnerability

A vulnerability in the web-based administration interface of Cisco Model DPQ3925 8x4 DOCSIS 3.0 Wireless Residential Gateway with EDVA could allow an unauthenticated, remote attacker to cause the device to become unresponsive and restart, creating a denial of service DoS condition. The...

Cisco Wireless Residential Gateway Information Disclosure Vulnerability

A vulnerability in the web-based administration interface of the Cisco Wireless Residential Gateway could allow an unauthenticated, remote attacker to access sensitive information on the affected device. The vulnerability is caused by improper access restrictions implemented on the affected...

Cisco TelePresence Video Communication Server Denial of Service Vulnerability

A vulnerability in the Session Initiation Protocol SIP message handling process of Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to incorrect processing of specific incoming SIP...

Cisco Prime Infrastructure XML External Entity Denial of Service Vulnerability

A vulnerability in the web-based user interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to have read access to confidential information stored in the affected system. In addition, the attacker could cause a partial denial of service DoS condition due to...

Cisco NX-OS Software SNMP Packet Denial of Service Vulnerability

A vulnerability in the Simple Network Management Protocol SNMP input packet processor of Cisco��Nexus 5500 Platform Switches, Cisco��Nexus 5600 Platform Switches, and Cisco��Nexus 6000 Series Switches running Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the SNMP...

Cisco Web Security Appliance HTTPS Packet Processing Denial of Service Vulnerability

A vulnerability in the web proxy framework of the Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker with the ability to negotiate a secure connection from within the trusted network to cause a denial of service DoS condition on the affected device. The vulnerability...

Cisco Nexus 3000 Series and 3500 Platform Switches Insecure Default Credentials Vulnerability

A vulnerability in Cisco NX-OS Software running on Cisco Nexus 3000 Series Switches and Cisco Nexus 3500 Platform Switches could allow an unauthenticated, remote attacker to log in to the device with the privileges of the root user with bash shell access. The vulnerability is due to a user accoun...

Cisco NX-OS Software TCP Netstack Denial of Service Vulnerability

4A vulnerability in the TCP stack of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to improper processing of certain TCP packets in the closing sequence of a TCP session while the affected device is in a...

Cisco Policy Suite Confidential Information Disclosure Vulnerability

A vulnerability in password management administration of the Cisco Policy Suite CPS application could allow an unauthenticated, remote attacker to gain read-only access to information that is confidential and should have restricted access. The vulnerability is due to the lack of a proper role-bas...

Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016

On March 1, 2016, the OpenSSL Software Foundation released a security advisory detailing seven vulnerabilities and a new attack, referred to as the Decrypting RSA with Obsolete and Weakened eNcryption DROWN attack. A total of eight Common Vulnerabilities and Exposures CVEs were assigned. Of the...

Cisco Unified Communications Domain Manager Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Unified Communications Domain Manager UCDM Software could allow an unauthenticated, remote attacker to perform a cross-site scripting XSS attack. The vulnerability is due to insufficient input validation of user-submitted content. An attacker could...

Cisco FireSIGHT System Software Device Management UI Cross-Site Scripting Vulnerability

A vulnerability in the HTTP web-based management interface of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input...

Cisco FireSIGHT System Software Convert Timing Channel Vulnerability

A vulnerability in credential authentication for valid and invalid username-password pairs for Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to determine a list of valid usernames for an affected device. The vulnerability is due to implementation details of how...

Cisco Prime Infrastructure Log File Remote Code Execution Vulnerability

A vulnerability in the log file handling for Cisco Prime Infrastructure could allow an authenticated, remote attacker to change and modify the system log file. The log file could have executable code added to it that could be executed when the log file is viewed. The vulnerability is due to lack ...

Cisco Videoscape Distribution Suite for Internet Streaming TCP Session Handling Denial of Service Vulnerability

A vulnerability in TCP connection handling when TCP sessions are terminated via a TCP FIN packet for the Cisco Videoscape Distribution Suite for Internet Streaming VDS-IS could allow an unauthenticated, remote attacker to create a denial of service DoS condition. The vulnerability is due to...

Cisco FirePOWER Management Center Unauthenticated Information Disclosure Vulnerability

A vulnerability in the Cisco FirePOWER Management Center could allow an unauthenticated, remote attacker to obtain information about the Cisco FirePOWER Management Center software version from the device login page. The vulnerability is due to verbose output returned when HTML files are retrieved...

Cisco ACE 4710 Application Control Engine Command Injection Vulnerability

A vulnerability in the Device Manager GUI of the Cisco ACE 4710 Application Control Engine could allow an authenticated, remote attacker to execute any command-line interface CLI command on the ACE with admin user privileges. The vulnerability is due to insufficient validation of user-supplied...

Cisco Nexus 2000 Series Fabric Extender Software Default Credential Vulnerability

A vulnerability in the Cisco Nexus 2000 Series Fabric Extender could allow an unauthenticated, local attacker to log in to the system shell with root user privileges. The vulnerability is due to a missing password for the root user account on the affected system. This account is created at...

Cisco ASR 5000 Series StarOS SSH Subsystem Privilege Escalation Vulnerability

A privilege escalation vulnerability in the SSH subsystem in Cisco ASR 5000 Series devices running StarOS could allow an authenticated, remote attacker to elevate privileges. The attacker would need to have a valid and configured SSH authorized key and access to the same device from which the...

Vulnerability in GNU glibc Affecting Cisco Products: February 2016

On February 16, 2016, an industry-wide, critical vulnerability in the GNU C library glibc was publicly disclosed. Multiple Cisco products incorporate a version of glibc that may be affected by the vulnerability. The vulnerability could allow an unauthenticated, remote attacker to trigger a buffer...

Cisco 1000 Series Connected Grid Routers SNMP BRIDGE MIB Denial of Service Vulnerability

A vulnerability in the Simple Network Management Protocol SNMP BRIDGE Management Information Base MIB of the Cisco 1000 Series Connected Grid Routers could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to a faulty implementation of...

Cisco Small Business 500 Series Wireless Access Point Configuration Modification Vulnerability

A vulnerability in the web interface that is used to update the system time on Cisco Small Business 500 Series Wireless Access Point devices could allow an unauthenticated, remote attacker to impact the integrity of a system. The vulnerability is due to insufficient validation of user-controlled...

Cisco IOS Software for Cisco Industrial Ethernet 2000 Series Switches Denial of Service Vulnerability

A vulnerability in the processing of Cisco Discovery Protocol CDP packets by Cisco IOS Software for Cisco Industrial Ethernet 2000 Series Switches could allow an unauthenticated, adjacent attacker to cause an affected device to reload. The vulnerability is due to improper processing of crafted CD...

Cisco Emergency Responder Cross-Site Scripting Vulnerability

A vulnerability in the web framework code of Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of some...

Cisco Universal Small Cell Devices Unauthorized Firmware Retrieval Vulnerability

A vulnerability in Cisco Universal Small Cell devices could allow an unauthenticated, remote attacker to retrieve firmware from a Cisco-hosted binary server. The vulnerability is due to insufficient enforcement of the two-way certificate validation process by the Cisco-hosted binary server to...

Cisco Advanced Malware Protection and Email Security Appliance Proxy Engine Security Bypass Vulnerability

A vulnerability in the proxy engine of the Cisco Advanced Malware Protection AMP and the Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass security restrictions. The vulnerability is due to improper handling of malformed file methods. An attacker could...

Cisco Spark Representational State Transfer Interface Unauthorized Access Vulnerability

A vulnerability in the Representational State Transfer REST interface of Cisco Spark could allow an unauthenticated, remote attacker to make changes to an affected system system. The vulnerability is due to improper implementation of authorization controls when accessing certain web pages of the...

Cisco Spark Representational State Transfer Interface Denial of Service Vulnerability

A vulnerability in the Representational State Transfer REST interface of Cisco Spark could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to missing authorization checks on certain administrative pages. An...

Cisco Spark Representational State Transfer Interface Information Disclosure Vulnerability

A vulnerability in the Representational State Transfer REST interface of Cisco Spark could allow an authenticated, remote attacker to view sensitive information from the underlying operating system. The vulnerability is due to insufficient protections of sensitive data. An attacker could exploit...

Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability

A vulnerability in the Internet Key Exchange IKE version 1 v1 and IKE version 2 v2 code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. The vulnerability is due to a buffer overflow in the affected code...

Cisco Prime Collaboration Provisioning Local Privilege Escalation Vulnerability

A vulnerability in the command-line interface CLI of the Cisco Prime Collaboration server could allow an authenticated, local attacker to access the underlying Linux operating system with the privileges of the root user. The vulnerability is due to insufficient sanitization of user-supplied input...

Cisco Application Policy Infrastructure Controller Enterprise Module Web Framework Cross-Site Scripting Vulnerability

A vulnerability in the web framework of the Cisco Application Policy Infrastructure Controller Enterprise Module APIC-EM could allow an unauthenticated, remote attacker to perform a cross-site scripting XSS attack. The vulnerability is due to insufficient input validation of user-submitted conten...

Cisco Video Communications Server Information Disclosure Vulnerability

Cisco Video Communications Server VCS, when utilized as part of a Jabber Guest deployment, contains an information disclosure vulnerability that could allow and unauthenticated, remote attacker to gain access to potentially sensitive information. The vulnerability exists due to a failure to...

Cisco Unified Communications Manager Information Disclosure Vulnerability

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables. An attacker could exploit this vulnerability by browsing to a specific URL. An...

Cisco Unified Products Information Disclosure Vulnerability

A vulnerability in the key management feature of multiple Cisco Unified products could allow an unauthenticated, local attacker to read sensitive data. The vulnerability is due to an encryption key that can be read in plain text. An attacker could exploit this vulnerability by determining the key...

Cisco Unity Connection Web Framework Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to execute a cross-site scripting XSS attack. The vulnerability is due to insufficient input validation of user-supplied input. An attacker could exploit this vulnerability by convincing...

Cisco Jabber Guest Server HTTP Web-Based Management Interface Cross-Site Scripting Vulnerability

A vulnerability in the HTTP web-based management interface of the Cisco Jabber Guest application could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface. The vulnerability is due to insufficient input validation of the HTTP...

Cisco Unified Communications Manager SQL Injection Vulnerability

A vulnerability in the Cisco Unified Communications Manager SQL database interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries. The vulnerability is due to a lack of input validation on user-supplied input in SQL...

Cisco Application Policy Infrastructure Controller Access Control Vulnerability

A vulnerability in the role-based access control RBAC of the Cisco Application Policy Infrastructure Controller APIC could allow an authenticated remote user to make configuration changes outside of their configured access privileges. The vulnerability is due to eligibility logic in the RBAC...

Cisco Nexus 9000 Series ACI Mode Switch ICMP Record Route Vulnerability

A vulnerability in the ICMP implementation in the Cisco Nexus 9000 Series Application Centric Infrastructure ACI Mode Switch could allow an unauthenticated, remote attacker to cause the switch to reload, resulting in a denial of service DoS condition. The vulnerability is due to improper handling...

Cisco ASA-CX and Cisco Prime Security Manager Privilege Escalation Vulnerability

A vulnerability in the role-based access control of Cisco ASA-CX and Cisco Prime Security Manager PRSM could allow an authenticated, remote attacker to change the password of any user on the system. The vulnerability exists because the password change request is not fully qualified. An...

Cisco WebEx Meetings Server Multiple Cross-Site Scripting Vulnerabilities

A vulnerability in the web framework code of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input validation of some...

Cisco Finesse Desktop and Cisco Unified Contact Center Express Applications XMPP Unauthorized Access Vulnerability

A vulnerability in the Extensible Messaging and Presence Protocol XMPP in the Cisco Finesse Desktop and Cisco Unified Contact Center Express applications could allow an unauthenticated, remote attacker to log in to the device with a default account with a static password. This account provides...