5224 matches found
Cisco Unified Communications Manager SQL Injection Vulnerability
A vulnerability in the Cisco Unified Communications Manager SQL database interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries. The vulnerability is due to a lack of input validation on user-supplied input in SQL...
Cisco ASA-CX and Cisco Prime Security Manager Privilege Escalation Vulnerability
A vulnerability in the role-based access control of Cisco ASA-CX and Cisco Prime Security Manager PRSM could allow an authenticated, remote attacker to change the password of any user on the system. The vulnerability exists because the password change request is not fully qualified. An...
Cisco Nexus 9000 Series ACI Mode Switch ICMP Record Route Vulnerability
A vulnerability in the ICMP implementation in the Cisco Nexus 9000 Series Application Centric Infrastructure ACI Mode Switch could allow an unauthenticated, remote attacker to cause the switch to reload, resulting in a denial of service DoS condition. The vulnerability is due to improper handling...
Cisco Application Policy Infrastructure Controller Access Control Vulnerability
A vulnerability in the role-based access control RBAC of the Cisco Application Policy Infrastructure Controller APIC could allow an authenticated remote user to make configuration changes outside of their configured access privileges. The vulnerability is due to eligibility logic in the RBAC...
Cisco WebEx Meetings Server Multiple Cross-Site Scripting Vulnerabilities
A vulnerability in the web framework code of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input validation of some...
Cisco Finesse Desktop and Cisco Unified Contact Center Express Applications XMPP Unauthorized Access Vulnerability
A vulnerability in the Extensible Messaging and Presence Protocol XMPP in the Cisco Finesse Desktop and Cisco Unified Contact Center Express applications could allow an unauthenticated, remote attacker to log in to the device with a default account with a static password. This account provides...
Cisco Application Policy Infrastructure Controller Enterprise Module Cross-Site Scripting Vulnerability
A vulnerability in the web framework of the Cisco Application Policy Infrastructure Controller Enterprise Module APIC-EM could allow an unauthenticated, remote attacker to execute a cross-site scripting XSS attack. The vulnerability is due to insufficient sanitization of HTML entities returned to...
Cisco Fog Director Cross-Site Scripting Vulnerability
A vulnerability in the Cisco Fog Director web framework could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of the affected software. The vulnerability is due to insufficient input validation for some of the parameters...
Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products
On January 28, 2016, the OpenSSL Project released a security advisory detailing two vulnerabilities. Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to conduct man-in-the-middle attac...
Cisco Small Business 500 Series Switches Denial of Service Vulnerability
A vulnerability in the web-based GUI of the Cisco Small Business 500 Series Stackable Managed Switches could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to insufficient handling of HTTP requests. An attacker...
Cisco Unity Connection User Search Cross-Site Scripting Vulnerability
A vulnerability in the HTTP web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the affected system's web interface. The vulnerability is due to insufficient input validation of a...
Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: January 2016
Multiple Cisco products incorporate a version of the Network Time Protocol daemon ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service DoS condition or modify the time being advertised...
Cisco Unity Connection Web Framework Cross-Site Scripting Vulnerability
A vulnerability in the web framework of Cisco Unity Connection UC could allow an unauthenticated, remote attacker to execute a cross-site scripting XSS attack. The vulnerability is due to insufficient input validation of user-supplied input. An attacker could exploit this vulnerability by...
Cisco RV220W Management Authentication Bypass Vulnerability
A vulnerability in the web-based management interface of Cisco RV220W Wireless Network Security Firewall devices could allow an unauthenticated, remote attacker to bypass authentication and gain administrative privileges on a targeted device. The vulnerability is due to insufficient input...
Cisco Wide Area Application Service CIFS Denial of Service Vulnerability
A vulnerability in the Common Internet File System CIFS optimization feature of the Cisco Wide Area Application Service WAAS device could allow an unauthenticated, remote attacker to perform a resource consumption attack which, could result in a complete denial of service DoS condition. The...
Cisco Small Business SG300 Managed Switch Web Framework GUI Function Denial of Service Vulnerability
A vulnerability in the GUI function in the web framework code of Cisco Small Business SG300 Managed Switches could allow an unauthenticated, remote attacker to cause the HTTPS process to become unresponsive, resulting in a partial denial of service DoS condition. The vulnerability is due to...
Cisco Application Policy Infrastructure Controller Enterprise Module SNMP Hostname Cross-Site Scripting Vulnerability
A vulnerability in the Simple Network Management Protocol SNMP query process of the Cisco Application Policy Infrastructure Controller Enterprise Module APIC-EM could allow an unauthenticated, remote attacker to perform a cross-site scripting XSS attack. The vulnerability is due to insufficient...
Cisco Unified Contact Center Express Cross-Site Scripting Vulnerability
A vulnerability in the HTTP web-based management interface of the Cisco Unified Contact Center Express could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of the affected system. This vulnerability applies to all Permane...
Cisco Unified Computing System Manager and Cisco Firepower 9000 Remote Command Execution Vulnerability
A vulnerability in a CGI script in the Cisco Unified Computing System UCS Manager and the Cisco Firepower 9000 Series appliance could allow an unauthenticated, remote attacker to execute arbitrary commands on the Cisco UCS Manager or the Cisco Firepower 9000 Series appliance. The vulnerability is...
Cisco Modular Encoding Platform D9036 Software Default Credentials Vulnerability
A vulnerability in Cisco Modular Encoding Platform D9036 Software could allow an unauthenticated, remote attacker to log in to the system shell with the privileges of the root user. The vulnerability occurs because the root user has a default and static password. This account is created at...
Cisco Web Security Appliance Security Bypass Vulnerability
A vulnerability in the proxy engine of the Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to bypass security restrictions. The vulnerability is due to improper handling of malformed HTTP methods. An attacker could exploit this vulnerability by crafting an imprope...
Cisco Adaptive Security Appliance Information Disclosure Vulnerability
A vulnerability in the Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to access sensitive data, including the ASA Software version that is currently running on the appliance. The vulnerability occurs because the Cisco ASA does not sufficiently protect...
Cisco FireSIGHT Management Center DOM-Based Cross-Site Scripting Vulnerability
Cisco FireSIGHT Management Center MC contains a DOM-based cross-site scripting vulnerability XSS in the management page. An unauthenticated, remote attacker could persuade a user to perform a malicious action, allowing the attacker to perform a XSS attack. The vulnerability is due to mishandling ...
Cisco FireSIGHT Management Center Stored Cross-Site Scripting Vulnerabilities
Multiple vulnerabilities in the web framework of Cisco FireSIGHT Management Center could allow an unauthenticated, remote attacker to execute a stored cross-site scripting XSS attack against a user of the Cisco FireSIGHT Management Center web interface. The vulnerabilities are due to improper...
Cisco Wireless LAN Controller Unauthorized Access Vulnerability
Devices running Cisco Wireless LAN Controller WLC software versions 7.6.120.0 or later, 8.0 or later, or 8.1 or later contain an unauthorized access vulnerability that could allow an unauthenticated, remote attacker to modify the configuration of the device. An attacker who can connect to an...
Cisco Identity Services Engine Unauthorized Access Vulnerability
Cisco Identity Services Engine versions prior to 2.0 contain a vulnerability that could allow a low-privileged authenticated, remote attacker to access specific web resources that are designed to be accessed only by higher-privileged administrative users. The vulnerability occurs because specific...
Cisco Aironet 1800 Series Access Point Denial of Service Vulnerability
A vulnerability in the IP ingress packet handler of Cisco Aironet 1800 Series Access Point devices could allow an unauthenticated, remote attacker to cause a complete denial of service DoS condition. The vulnerability is due to improper input validation of IP packet headers. An attacker could...
Cisco Aironet 1800 Series Access Point Default Static Account Credentials Vulnerability
A vulnerability in Cisco Aironet 1800 Series Access Point devices could allow an unauthenticated, remote attacker to log in to the device by using a default account that has a static password. By default, the account does not have full administrative privileges. The vulnerability is due to the...
Cisco Identity Services Engine Unauthorized Access Vulnerability
A vulnerability in the Admin portal of devices running Cisco Identity Services Engine ISE software could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. An attacker who can connect to the Admin portal of an affected device could potentially exploit thi...
Cisco Adaptive Security Appliance Non-DCERPC Traffic Bypass Vulnerability
A vulnerability in the Distributed Computing Environment/Remote Procedure Calls DCERPC Inspection feature of the Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to send traffic that is not DCERPC between hosts configured only for DCERPC inspection. The DCERPC...
Cisco Unified Communications Manager SQL Injection Vulnerability
A vulnerability in Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a blind SQL injection attack on a specific page. The vulnerability is due to a failure to validate user-supplied input used in SQL queries. An attacker could exploit this vulnerability...
Cisco Prime Infrastructure Frame Injection Vulnerability
A vulnerability in the web interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack. The vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerability by directing a user to an...
Cisco IOS XR Software OSPF Link State Advertisement PCE Vulnerability
A vulnerability in Open Shortest Path First OSPF Link State Advertisement LSA handling by Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to the number of OSPF Path Computation Elements PCEs that are...
Cisco Jabber STARTTLS Downgrade Vulnerability
A vulnerability in the Cisco Jabber client could allow an unauthenticated, remote attacker to perform a STARTTLS downgrade attack. The vulnerability exists because the client does not verify that an Extensible Messaging and Presence Protocol XMPP connection has been established with Transport Lay...
Cisco IOS XE Software Packet Processing Denial of Service Vulnerability
Cisco IOS XE Software Release 16.1.1 contains a vulnerability that could allow an unauthenticated, adjacent attacker to cause an affected device to reload. The vulnerability is due to incorrect processing of packets that have a source MAC address of 0000:0000:0000. An attacker could exploit this...
Cisco IOS and IOS XE Software IKEv1 State Machine Denial of Service Vulnerability
A vulnerability in the Internet Key Exchange IKEv1 state machine of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to tear down valid IPsec connections, resulting in a partial denial of service DoS condition. The vulnerability is due to insufficient condition...
Cisco Model DPQ3925 Wireless Residential Gateway Information Disclosure Vulnerability
A vulnerability in the HTTP server on the Cisco Model DPQ3925 8x4 DOCSIS 3.0 Wireless Residential Gateway with Embedded Digital Voice Adapter EDVA could allow an unauthenticated, remote attacker to access sensitive information located on the device. The vulnerability is due to insufficient input...
Cisco Prime Network Services Controller Arbitrary Command Execution Vulnerability
A vulnerability in the management of local commands of Cisco Prime Network Services Controller could allow an authenticated, local attacker to perform arbitrary command execution. The vulnerability is due to insufficient validation of local commands. An attacker could exploit this vulnerability b...
Cisco FireSIGHT Management Center SSL HTTP Attack Detection Vulnerability
A vulnerability in HTTP attack detection within decrypted SSL traffic of Cisco FireSIGHT Management Center could allow an unauthenticated, remote attacker to bypass HTTP attack detection. The traffic is SSL and the application is configured to decrypt the SSL connection and detect HTTP-based...
Cisco Application Policy Infrastructure Controller Insecure Credentials Vulnerability
A vulnerability in the boot process of the Cisco Application Policy Infrastructure Controller APIC could allow an authenticated, local attacker to access the APIC as the root user. The vulnerability is due to improper implementation of access controls in the APIC system. An attacker could exploit...
Cisco Unified Communications Manager Web Applications Identity Management Subsystem Denial of Service Vulnerability
A vulnerability in the Identity Management subsystem used by the WebApplications of Cisco Unified Communications Manager Cisco UCM software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to invalid session requests. An attacker...
Cisco IOS XE Software IPv6 Neighbor Discovery Denial of Service Vulnerability
A vulnerability in the IPv6 neighbor discovery ND handling of Cisco IOS XE Software on ASR platforms could allow an unauthenticated, adjacent attacker to cause an affected device to crash. The vulnerability is due to insufficient bounds on internal tables. An attacker could exploit this...
Cisco Unified Communications Manager Web Management Interface Cross-Site Scripting Filter Bypass Vulnerability
A cross-site scripting XSS filter bypass vulnerability in the web management interface of Cisco Unified Communications Manager UCM versions 8.0 through 8.6 could allow an unauthenticated, remote attacker to mount XSS attacks against a user of an affected device. The vulnerability is due to a...
Cisco Integrated Management Controller Denial of Service Vulnerability
A vulnerability in Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker to make the IMC IP interface inaccessible. The vulnerability is due to incomplete sanitization of input for certain parameters. An attacker could exploit this vulnerability by sending a...
Cisco Unified Communications Domain Manager Denial of Service Vulnerability
A vulnerability in Cisco Unified Communications Domain Manager CUCDM could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to improper handling of malformed requests by the self-service application on an affected CUCDM device. An...
Cisco FireSIGHT Management Center GET Request Information Disclosure Vulnerability
A vulnerability in the Cisco FireSIGHT Management Center could allow an authenticated, remote attacker to view sensitive information from the underlying operating system. The vulnerability is due to improper sanitation of user-supplied input. An attacker could exploit this vulnerability by sendin...
Cisco Small Business RV Series and SA500 Series Dual WAN VPN Router Generated Key Pair Information Disclosure Vulnerability
A vulnerability in the HTTPS session key exchange process of certain Cisco Small Business RV Series Routers and Cisco SA500 Series Security Appliances could allow an unauthenticated, remote attacker to obtain the key pair used in the Transport Layer Security TLS session from the affected device...
Cisco Hosted Collaboration Mediation Fulfillment SOAP API Sensitive Information Disclosure Vulnerability
A vulnerability in the Simple Object Access Protocol SOAP application programming interface API of the Cisco Hosted Collaboration Mediation Fulfillment application could allow an authenticated, remote attacker to obtain sensitive information that should be restricted. The attacker must authentica...
Cisco Emergency Responder Web Framework Cross-Site Scripting Vulnerability
A vulnerability in the web framework of Cisco Emergency Responder Software could allow an unauthenticated, remote attacker to execute a stored cross-site scripting XSS attack against the user of the web interface. The vulnerability is due to insufficient validation on the input fields of a web...
Cisco Emergency Responder Service Web Framework Cross-Site Request Forgery Vulnerability
A vulnerability in the web framework of Cisco Emergency Responder server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against a user of the web interface. The vulnerability is due to insufficient CSRF protections. An attacker could exploit th...