Cisco AsyncOS TCP Flood Denial of Service Vulnerability

A vulnerability in the network stack of Cisco AsyncOS for Cisco Email Security Appliance ESA, Cisco Content Security Management Appliance SMA and Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to exhaust all available memory, preventing the affected device from...

Cisco Web Security Appliance Certificate Generation Command Injection Vulnerability

A vulnerability in the certificate generation process in the admin web interface of the Cisco Web Security Appliance WSA could allow an authenticated, remote attacker to execute arbitrary commands on an affected system with root-level privileges. The vulnerability is due to the improper...

Cisco Mobility Services Engine Privilege Escalation Vulnerability

A vulnerability in the installation procedure of the Cisco Mobility Services Engine MSE appliance could allow an authenticated, local attacker to escalate to the root level. The vulnerability is due to incorrect installation and permissions settings on binary files during the MSE physical or...

Cisco Web Security Appliance Cache Reply Denial of Service Vulnerability

A vulnerability in the proxy cache functionality of Cisco AsyncOS for Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to cause a denial of service DoS condition because the device runs out of system memory. The vulnerability is due to improper memory operations by...

Cisco Mobility Services Engine Static Credential Vulnerability

A vulnerability in the Cisco Mobility Services Engine MSE could allow an unauthenticated, remote attacker to log in to the MSE with the default oracle account. This account does not have full administrator privileges. The vulnerability is due to a user account that has a default and static...

Cisco Web Security Appliance Range Request Denial of Service Vulnerability

A vulnerability in the file-range request functionality of Cisco AsyncOS for Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an appliance because the appliance runs out of system memory. The vulnerability is due to a...

Cisco Email Security Appliance Email Scanner Denial of Service Vulnerability

A vulnerability in the email message filtering feature of Cisco AsyncOS for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to cause an ESA device to become unavailable due to a denial of service DoS condition. The vulnerability is due to improper input validati...

Cisco SocialMiner WeChat Page Cross-Site Scripting Vulnerability

A vulnerability in the WeChat page of Cisco Social Miner could allow an unauthenticated, remote attacker to send a malicious script to an unsuspecting user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by convincing the user of the...

Cisco Unified Computing System Blade Server Information Disclosure Vulnerability

A vulnerability in the web interface of the Cisco Unified Computing System UCS Blade Server could allow an unauthenticated, remote attacker to obtain information about the UCS software version. The vulnerability is due to the verbose output that is returned when a specific URL is submitted to an...

Cisco FireSIGHT Management Center Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco FireSIGHT Management Center MC could allow an authenticated, remote attacker to execute a stored cross-site scripting XSS attack against the user of the web interface. The vulnerability is due to improper sanitization of parameter values. An attacker...

Cisco FireSIGHT Management Center HTML Injection Vulnerability

A vulnerability in the web interface of Cisco FireSIGHT Management Center MC could allow an authenticated, remote attacker to modify a page of the web interface. The vulnerability is due to improper sanitization of parameter values. An attacker could exploit this vulnerability by injecting...

Cisco ASR 5500 SAE Gateway BGP Denial of Service Vulnerability

A vulnerability in the Border Gateway Protocol BGP input packet handler in the Cisco ASR 5500 System Architecture Evolution SAE Gateway could allow an unauthenticated, remote attacker to cause a partial denial of service DoS condition because the BGP process restarts unexpectedly. The vulnerabili...

Cisco Prime Service Catalog SQL Injection Vulnerability

A vulnerability in the web framework of Cisco Prime Service Catalog could allow an authenticated, remote attacker to execute unauthorized Structured Query Language SQL queries. The vulnerability is due to a failure to validate user-supplied input that is used in SQL queries. An attacker could...

Cisco Unified Communications Domain Manager URI Enumeration Vulnerability

A vulnerability in Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to map a file system structure. The vulnerability is due to different handling of existent and nonexistent paths. An attacker could exploit this vulnerability by enumerating all possible...

Cisco ASA CX Context-Aware Security Web GUI Unauthorized Access Vulnerability

A vulnerability in the web-based GUI of Cisco Adaptive Security Appliance ASA CX Context-Aware Security could allow an authenticated, remote attacker to enumerate users and read user information without belonging to a role that allows those operations. The vulnerability is due to insufficient...

Cisco Unified Border Element Denial of Service Vulnerability

A vulnerability in the Session Initiation Protocol SIP functionality of Cisco Unified Border Element CUBE could allow an unauthenticated, remote attacker to trigger a denial of service DoS condition. The vulnerability is due to incorrect processing of SIP messages. An attacker could exploit this...

Cisco Secure Access Control Server Dom-Based Cross-Site Scripting Vulnerability

A vulnerability in the Cisco Secure Access Control Server ACS web interface could allow an unauthenticated, remote attacker to impact the integrity of the system by executing a Document Object Model DOM-based, environment or client side, cross-site scripting XSS attack. The vulnerability is due t...

Cisco Secure Access Control Server Reflective Cross-Site Scripting Vulnerability

A vulnerability in the Cisco Secure Access Control Server ACS web interface could allow an unauthenticated, remote attacker to impact the integrity of the system by executing a reflective cross-site scripting XSS attack. The vulnerability is due to a lack of input validation on user-supplied...

Cisco Secure Access Control Server SQL Injection Vulnerability

A vulnerability in the Cisco Secure Access Control Server ACS interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries. The vulnerability is due to a lack of input validation on user-supplied input within SQL queries...

Cisco Secure Access Control Server Role-Based Access Control URL Lack of Protection Vulnerability

A vulnerability in the role-based access control RBAC implementation of the Cisco Secure Access Control Server ACS could allow an authenticated, remote attacker to impact the integrity of the system by modifying dashboard portlets that should be restricted. The vulnerability is due to improper...

Cisco Secure Access Control Server Role-Based Access Control Weak Protection Vulnerability

A vulnerability in the role-based access control RBAC implementation of the Cisco Secure Access Control Server ACS could allow an authenticated, remote attacker to view system administrator reports and status. The vulnerability is due to improper RBAC validation when a user accesses the report...

Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015

Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service DoS condition or modify the time being advertised by a device acting as a...

Cisco ASA Software VPN ISAKMP Denial of Service Vulnerability

A vulnerability in the Internet Key Exchange IKE version 1 v1 code of Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to cause an affected system to reload. The vulnerability is due to improper handling of Internet Security Association and Key...

Cisco ASA Software DHCPv6 Relay Denial of Service Vulnerability

A vulnerability in the DHCPv6 relay feature of Cisco Adaptive Security Appliance ASA software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient validation of DHCPv6 packets. Cisco ASA Software is affected by this...

Cisco ASA Software DNS Denial of Service Vulnerability

A vulnerability in the DNS code of Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to cause an affected system to reload. The vulnerability is due to improper processing of DNS packets. An attacker could exploit this vulnerability by sending a crafte...

Cisco ASA Software DNS Denial of Service Vulnerability

A vulnerability in the DNS code of Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to cause an affected system to reload. The vulnerability is due to improper processing of DNS packets. An attacker could exploit this vulnerability by sending a reques...

Cisco FireSIGHT Management Center Policy Code for VMware Privilege Escalation Vulnerability

A vulnerability in the policy code of Cisco FireSIGHT Management Center for VMware could allow an authenticated, remote attacker to access the underlying Linux operating system with the privileges of the root user. The vulnerability is due to insufficient sanitization of user-supplied input. An...

Cisco ASR 5000 CDMA PMIpv6 Denial of Service Vulnerability

A vulnerability in the Proxy Mobile IPv6 PMIPv6 protocol implementation of the Cisco Aggregation Services Router ASR ASR 5000 for Cisco Code Division Multiple Access CDMA System Software could allow an unauthenticated, remote attacker to cause a partial denial of service DoS condition due to the...

Cisco Wireless LAN Controller Client Disconnection Vulnerability

A vulnerability in the Web Management GUI of the Cisco Wireless LAN Controller WLC could allow an unauthenticated, remote attacker to trigger client disconnection. The vulnerability is due to a lack of access control to the Cisco WLC Web Management GUI. An attacker could exploit this vulnerabilit...

Cisco ASR 5000 and ASR 5500 TACACS Denial of Service Vulnerability

A vulnerability in the TACACS protocol implementation of the Cisco Aggregation Services Router ASR 5000 and ASR 5500 ASR5K System Software could allow an unauthenticated, remote attacker to cause a partial denial of service DoS condition because the vpnmgr process restarts. The vulnerability is...

Cisco Application Policy Infrastructure Controller Privilege Escalation SSH Key Vulnerability

A vulnerability in SSH key handling for user accounts in Cisco Application Policy Infrastructure Controller APIC could allow an authenticated, local attacker to elevate privileges. The vulnerability is due to improper validation of SSH keys local users add their accounts. An attacker could exploi...

Cisco Prime Renegotiation Request Denial of Service Vulnerability

A vulnerability in Cisco Prime could allow a remote, unauthenticated attacker to cause a denial of service DoS condition. The vulnerability is due to improper handling of SSL renegotiation requests. An unauthenticated, remote attacker could exploit this vulnerability by sending multiple SSL...

Cisco Prime Collaboration Assurance Arbitrary File Retrieval Vulnerability

A vulnerability in the web framework of Cisco Prime Collaboration Assurance PCA could allow an authenticated, remote attacker to retrieve arbitrary files from the underlying file system. The vulnerability is due to incorrect implementation of the access control code. An attacker could exploit thi...

Cisco Prime Collaboration Provisioning SQL Injection Vulnerability

A vulnerability in web framework of Cisco Prime Collaboration Provisioning PCP could allow an authenticated, remote attacker to execute unauthorized SQL queries. The vulnerability is due to a failure to validate user-supplied input used in SQL queries. An attacker could exploit this vulnerability...

Cisco AnyConnect Secure Mobility Client Arbitrary File Move Vulnerability

A vulnerability in interprocess communication IPC channel of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to move arbitrary files with elevated privileges. The vulnerability is due to missing source path validation in certain IPC commands. An attacker could...

Cisco Prime Collaboration Assurance SQL Injection Vulnerability

A vulnerability in web framework of Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to execute unauthorized SQL queries. The vulnerability is due to a failure to validate user-supplied input that is used in SQL queries. An attacker could exploit this vulnerabilit...

Cisco TelePresence Video Communication Server Expressway File Modification Vulnerability

A vulnerability in the symbolic link operation of the Cisco TelePresence Video Communication Server VCS Expressway could allow an authenticated, local attacker to perform a symbolic link attack on the affected system. The vulnerability is due to insufficient protection of files. An attacker could...

Cisco UCS B-Series Blade Servers Denial of Service Vulnerability

A vulnerability in Cisco Unified Computing System UCS B-Series blade servers could allow an unauthenticated, local attacker to cause the host operating system or Baseboard Management Controller BMC to hang. The vulnerability is due to how the various components communicate across the Inter-IC I2C...

Cisco TelePresence Video Communication Server (VCS) Expressway Privilege Escalation Vulnerability

A vulnerability in the process management code of the Cisco TelePresence Video Communication Server VCS Expressway could allow an authenticated, local attacker to run arbitrary programs with elevated privileges. The vulnerability is due to the failure to protect a supervised process. An attacker...

Cisco Aironet 1850 Access Point Privilege Escalation Vulnerability

A vulnerability in the command-line interface CLI of the Cisco Aironet 1850 Series Access Point device could allow an authenticated, local attacker to obtain elevated privileges to the restricted shell on the device. The vulnerability is due to a lack of proper escape protections when validating...

Cisco IOS Software RADIUS Client Denial of Service Vulnerability

A vulnerability in the RADIUS client feature of Cisco IOS Software could allow an authenticated, remote attacker to cause a reload of the affected device. The vulnerability is due to improper parsing of malformed RADIUS packets returned by a RADIUS server. An attacker could exploit this...

Cisco Unified Communications Manager IM and Presence Service REST API Denial of Service Vulnerability

A vulnerability in the Representational State Transfer REST interface of the Cisco Unified Communications Manager IM and Presence Service could allow an unauthenticated, remote attacker to cause a partial denial of service DoS condition because the Cisco Session Initiation Protocol SIP proxy...

Cisco Wireless LAN Controller Devices 802.11i Management Frame Denial of Service Vulnerability

Cisco Wireless LAN Controller WLC devices contain a denial of service vulnerability that could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition. The vulnerability is due to a failure to properly discard certain malformed values in an 802.11i management frame...

Cisco Nexus 3000 Series Switches SNMP Non-Existent OID Denial of Service Vulnerability

A vulnerability in the Simple Network Management Protocol SNMP interface of the Nexus 3000 N3K Series Switch could allow an authenticated, remote attacker to cause a partial denial of service DoS condition to the SNMP service running on the device. The vulnerability is due to improper handling of...

Cisco Email Security Appliance Max Files Denial of Service Vulnerability

A vulnerability in file descriptor handling of the Cisco Email Security Appliance ESA could allow an authenticated, remote attacker to cause a denial of service DoS condition due to the affected device unexpectedly reloading. The vulnerability is due to failure to release file descriptors when th...

Cisco FirePOWER 7000 and Cisco FirePOWER 8000 Series Inspection Engine Stall Vulnerability

A vulnerability in FireSIGHT System Software for Cisco FirePOWER 7000 Series and Cisco FirePOWER 8000 Series devices could allow an unauthenticated, adjacent attacker to cause the inspection engine to stop processing packets. Depending on the affected system configuration, this may cause traffic...

Cisco AnyConnect Secure Mobility Client for Linux and Mac OS X Privilege Escalation Vulnerability

A vulnerability in the code responsible for the self-updating feature of Cisco AnyConnect Secure Mobility Client for Linux and the Cisco AnyConnect Secure Mobility Client for Mac OS X could allow an authenticated, local attacker to execute an arbitrary executable file of its choosing with...

Cisco IOS and IOS XE Software IPv6 First Hop Security Denial of Service Vulnerabilities

Two vulnerabilities in the IPv6 first hop security feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. Cisco has released software updates that address these vulnerabilities. There are no workarounds to mitigate these...

Cisco IOS and IOS XE Software SSH Version 2 RSA-Based User Authentication Bypass Vulnerability

A vulnerability in the SSH version 2 SSHv2 protocol implementation of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to bypass user authentication. Successful exploitation could allow the attacker to log in with the privileges of the user or the privileges configure...

Cisco IOS XE Software Network Address Translation Denial of Service Vulnerability

A vulnerability in the processing of IPv4 packets that require Network Address Translation NAT and Multiprotocol Label Switching MPLS services of Cisco IOS XE Software for Cisco ASR 1000 Series, Cisco ISR 4300 Series, Cisco ISR 4400 Series, and Cisco Cloud Services 1000v Series Routers could allo...