Cisco AsyncOS TCP Flood Denial of Service Vulnerability

A vulnerability in the network stack of Cisco AsyncOS for Cisco Email Security Appliance ESA, Cisco Content Security Management Appliance SMA and Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to exhaust all available memory, preventing the affected device from...

Cisco SocialMiner WeChat Page Cross-Site Scripting Vulnerability

A vulnerability in the WeChat page of Cisco Social Miner could allow an unauthenticated, remote attacker to send a malicious script to an unsuspecting user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by convincing the user of the...

Cisco Unified Computing System Blade Server Information Disclosure Vulnerability

A vulnerability in the web interface of the Cisco Unified Computing System UCS Blade Server could allow an unauthenticated, remote attacker to obtain information about the UCS software version. The vulnerability is due to the verbose output that is returned when a specific URL is submitted to an...

Cisco FireSIGHT Management Center HTML Injection Vulnerability

A vulnerability in the web interface of Cisco FireSIGHT Management Center MC could allow an authenticated, remote attacker to modify a page of the web interface. The vulnerability is due to improper sanitization of parameter values. An attacker could exploit this vulnerability by injecting...

Cisco FireSIGHT Management Center Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco FireSIGHT Management Center MC could allow an authenticated, remote attacker to execute a stored cross-site scripting XSS attack against the user of the web interface. The vulnerability is due to improper sanitization of parameter values. An attacker...

Cisco ASR 5500 SAE Gateway BGP Denial of Service Vulnerability

A vulnerability in the Border Gateway Protocol BGP input packet handler in the Cisco ASR 5500 System Architecture Evolution SAE Gateway could allow an unauthenticated, remote attacker to cause a partial denial of service DoS condition because the BGP process restarts unexpectedly. The vulnerabili...

Cisco Prime Service Catalog SQL Injection Vulnerability

A vulnerability in the web framework of Cisco Prime Service Catalog could allow an authenticated, remote attacker to execute unauthorized Structured Query Language SQL queries. The vulnerability is due to a failure to validate user-supplied input that is used in SQL queries. An attacker could...

Cisco Unified Communications Domain Manager URI Enumeration Vulnerability

A vulnerability in Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to map a file system structure. The vulnerability is due to different handling of existent and nonexistent paths. An attacker could exploit this vulnerability by enumerating all possible...

Cisco ASA CX Context-Aware Security Web GUI Unauthorized Access Vulnerability

A vulnerability in the web-based GUI of Cisco Adaptive Security Appliance ASA CX Context-Aware Security could allow an authenticated, remote attacker to enumerate users and read user information without belonging to a role that allows those operations. The vulnerability is due to insufficient...

Cisco Unified Border Element Denial of Service Vulnerability

A vulnerability in the Session Initiation Protocol SIP functionality of Cisco Unified Border Element CUBE could allow an unauthenticated, remote attacker to trigger a denial of service DoS condition. The vulnerability is due to incorrect processing of SIP messages. An attacker could exploit this...

Cisco Secure Access Control Server Role-Based Access Control Weak Protection Vulnerability

A vulnerability in the role-based access control RBAC implementation of the Cisco Secure Access Control Server ACS could allow an authenticated, remote attacker to view system administrator reports and status. The vulnerability is due to improper RBAC validation when a user accesses the report...

Cisco Secure Access Control Server Dom-Based Cross-Site Scripting Vulnerability

A vulnerability in the Cisco Secure Access Control Server ACS web interface could allow an unauthenticated, remote attacker to impact the integrity of the system by executing a Document Object Model DOM-based, environment or client side, cross-site scripting XSS attack. The vulnerability is due t...

Cisco Secure Access Control Server Reflective Cross-Site Scripting Vulnerability

A vulnerability in the Cisco Secure Access Control Server ACS web interface could allow an unauthenticated, remote attacker to impact the integrity of the system by executing a reflective cross-site scripting XSS attack. The vulnerability is due to a lack of input validation on user-supplied...

Cisco Secure Access Control Server SQL Injection Vulnerability

A vulnerability in the Cisco Secure Access Control Server ACS interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries. The vulnerability is due to a lack of input validation on user-supplied input within SQL queries...

Cisco Secure Access Control Server Role-Based Access Control URL Lack of Protection Vulnerability

A vulnerability in the role-based access control RBAC implementation of the Cisco Secure Access Control Server ACS could allow an authenticated, remote attacker to impact the integrity of the system by modifying dashboard portlets that should be restricted. The vulnerability is due to improper...

Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015

Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service DoS condition or modify the time being advertised by a device acting as a...

Cisco ASA Software VPN ISAKMP Denial of Service Vulnerability

A vulnerability in the Internet Key Exchange IKE version 1 v1 code of Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to cause an affected system to reload. The vulnerability is due to improper handling of Internet Security Association and Key...

Cisco ASA Software DNS Denial of Service Vulnerability

A vulnerability in the DNS code of Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to cause an affected system to reload. The vulnerability is due to improper processing of DNS packets. An attacker could exploit this vulnerability by sending a reques...

Cisco ASA Software DHCPv6 Relay Denial of Service Vulnerability

A vulnerability in the DHCPv6 relay feature of Cisco Adaptive Security Appliance ASA software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient validation of DHCPv6 packets. Cisco ASA Software is affected by this...

Cisco ASA Software DNS Denial of Service Vulnerability

A vulnerability in the DNS code of Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to cause an affected system to reload. The vulnerability is due to improper processing of DNS packets. An attacker could exploit this vulnerability by sending a crafte...

Cisco FireSIGHT Management Center Policy Code for VMware Privilege Escalation Vulnerability

A vulnerability in the policy code of Cisco FireSIGHT Management Center for VMware could allow an authenticated, remote attacker to access the underlying Linux operating system with the privileges of the root user. The vulnerability is due to insufficient sanitization of user-supplied input. An...

Cisco ASR 5000 CDMA PMIpv6 Denial of Service Vulnerability

A vulnerability in the Proxy Mobile IPv6 PMIPv6 protocol implementation of the Cisco Aggregation Services Router ASR ASR 5000 for Cisco Code Division Multiple Access CDMA System Software could allow an unauthenticated, remote attacker to cause a partial denial of service DoS condition due to the...

Cisco Wireless LAN Controller Client Disconnection Vulnerability

A vulnerability in the Web Management GUI of the Cisco Wireless LAN Controller WLC could allow an unauthenticated, remote attacker to trigger client disconnection. The vulnerability is due to a lack of access control to the Cisco WLC Web Management GUI. An attacker could exploit this vulnerabilit...

Cisco ASR 5000 and ASR 5500 TACACS Denial of Service Vulnerability

A vulnerability in the TACACS protocol implementation of the Cisco Aggregation Services Router ASR 5000 and ASR 5500 ASR5K System Software could allow an unauthenticated, remote attacker to cause a partial denial of service DoS condition because the vpnmgr process restarts. The vulnerability is...

Cisco Application Policy Infrastructure Controller Privilege Escalation SSH Key Vulnerability

A vulnerability in SSH key handling for user accounts in Cisco Application Policy Infrastructure Controller APIC could allow an authenticated, local attacker to elevate privileges. The vulnerability is due to improper validation of SSH keys local users add their accounts. An attacker could exploi...

Cisco Prime Renegotiation Request Denial of Service Vulnerability

A vulnerability in Cisco Prime could allow a remote, unauthenticated attacker to cause a denial of service DoS condition. The vulnerability is due to improper handling of SSL renegotiation requests. An unauthenticated, remote attacker could exploit this vulnerability by sending multiple SSL...

Cisco Prime Collaboration Assurance Arbitrary File Retrieval Vulnerability

A vulnerability in the web framework of Cisco Prime Collaboration Assurance PCA could allow an authenticated, remote attacker to retrieve arbitrary files from the underlying file system. The vulnerability is due to incorrect implementation of the access control code. An attacker could exploit thi...

Cisco Prime Collaboration Provisioning SQL Injection Vulnerability

A vulnerability in web framework of Cisco Prime Collaboration Provisioning PCP could allow an authenticated, remote attacker to execute unauthorized SQL queries. The vulnerability is due to a failure to validate user-supplied input used in SQL queries. An attacker could exploit this vulnerability...

Cisco AnyConnect Secure Mobility Client Arbitrary File Move Vulnerability

A vulnerability in interprocess communication IPC channel of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to move arbitrary files with elevated privileges. The vulnerability is due to missing source path validation in certain IPC commands. An attacker could...

Cisco Prime Collaboration Assurance SQL Injection Vulnerability

A vulnerability in web framework of Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to execute unauthorized SQL queries. The vulnerability is due to a failure to validate user-supplied input that is used in SQL queries. An attacker could exploit this vulnerabilit...

Cisco TelePresence Video Communication Server Expressway File Modification Vulnerability

A vulnerability in the symbolic link operation of the Cisco TelePresence Video Communication Server VCS Expressway could allow an authenticated, local attacker to perform a symbolic link attack on the affected system. The vulnerability is due to insufficient protection of files. An attacker could...

Cisco UCS B-Series Blade Servers Denial of Service Vulnerability

A vulnerability in Cisco Unified Computing System UCS B-Series blade servers could allow an unauthenticated, local attacker to cause the host operating system or Baseboard Management Controller BMC to hang. The vulnerability is due to how the various components communicate across the Inter-IC I2C...

Cisco TelePresence Video Communication Server (VCS) Expressway Privilege Escalation Vulnerability

A vulnerability in the process management code of the Cisco TelePresence Video Communication Server VCS Expressway could allow an authenticated, local attacker to run arbitrary programs with elevated privileges. The vulnerability is due to the failure to protect a supervised process. An attacker...

Cisco Aironet 1850 Access Point Privilege Escalation Vulnerability

A vulnerability in the command-line interface CLI of the Cisco Aironet 1850 Series Access Point device could allow an authenticated, local attacker to obtain elevated privileges to the restricted shell on the device. The vulnerability is due to a lack of proper escape protections when validating...

Cisco IOS Software RADIUS Client Denial of Service Vulnerability

A vulnerability in the RADIUS client feature of Cisco IOS Software could allow an authenticated, remote attacker to cause a reload of the affected device. The vulnerability is due to improper parsing of malformed RADIUS packets returned by a RADIUS server. An attacker could exploit this...

Cisco Unified Communications Manager IM and Presence Service REST API Denial of Service Vulnerability

A vulnerability in the Representational State Transfer REST interface of the Cisco Unified Communications Manager IM and Presence Service could allow an unauthenticated, remote attacker to cause a partial denial of service DoS condition because the Cisco Session Initiation Protocol SIP proxy...

Cisco Wireless LAN Controller Devices 802.11i Management Frame Denial of Service Vulnerability

Cisco Wireless LAN Controller WLC devices contain a denial of service vulnerability that could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition. The vulnerability is due to a failure to properly discard certain malformed values in an 802.11i management frame...

Cisco Nexus 3000 Series Switches SNMP Non-Existent OID Denial of Service Vulnerability

A vulnerability in the Simple Network Management Protocol SNMP interface of the Nexus 3000 N3K Series Switch could allow an authenticated, remote attacker to cause a partial denial of service DoS condition to the SNMP service running on the device. The vulnerability is due to improper handling of...

Cisco Email Security Appliance Max Files Denial of Service Vulnerability

A vulnerability in file descriptor handling of the Cisco Email Security Appliance ESA could allow an authenticated, remote attacker to cause a denial of service DoS condition due to the affected device unexpectedly reloading. The vulnerability is due to failure to release file descriptors when th...

Cisco FirePOWER 7000 and Cisco FirePOWER 8000 Series Inspection Engine Stall Vulnerability

A vulnerability in FireSIGHT System Software for Cisco FirePOWER 7000 Series and Cisco FirePOWER 8000 Series devices could allow an unauthenticated, adjacent attacker to cause the inspection engine to stop processing packets. Depending on the affected system configuration, this may cause traffic...

Cisco AnyConnect Secure Mobility Client for Linux and Mac OS X Privilege Escalation Vulnerability

A vulnerability in the code responsible for the self-updating feature of Cisco AnyConnect Secure Mobility Client for Linux and the Cisco AnyConnect Secure Mobility Client for Mac OS X could allow an authenticated, local attacker to execute an arbitrary executable file of its choosing with...

Cisco IOS XE Software Network Address Translation Denial of Service Vulnerability

A vulnerability in the processing of IPv4 packets that require Network Address Translation NAT and Multiprotocol Label Switching MPLS services of Cisco IOS XE Software for Cisco ASR 1000 Series, Cisco ISR 4300 Series, Cisco ISR 4400 Series, and Cisco Cloud Services 1000v Series Routers could allo...

Cisco IOS and IOS XE Software IPv6 First Hop Security Denial of Service Vulnerabilities

Two vulnerabilities in the IPv6 first hop security feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. Cisco has released software updates that address these vulnerabilities. There are no workarounds to mitigate these...

Cisco IOS and IOS XE Software SSH Version 2 RSA-Based User Authentication Bypass Vulnerability

A vulnerability in the SSH version 2 SSHv2 protocol implementation of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to bypass user authentication. Successful exploitation could allow the attacker to log in with the privileges of the user or the privileges configure...

Cisco TelePresence Server Cross-Site Request Forgery Vulnerability

A vulnerability in the web interface of Cisco TelePresence Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against the user of the web interface. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this...

Cisco AnyConnect Secure Mobility Client for Windows Privilege Escalation Vulnerability

A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to execute an arbitrary executable file with privileges equivalent to the Microsoft Windows operating system SYSTEM account. The vulnerability is due to lack of checks in the code f...

Cisco Spark Mobile Application Man-in-the-Middle Vulnerability

A vulnerability in the Cisco Spark mobile application could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack against the affected device. The vulnerability is due to improper validation of the SSL certificate used to manage the device. An attacker could exploit this...

Cisco Wireless LAN Controller RADIUS Packet of Disconnect Vulnerability

A vulnerability in the RADIUS implementation of the Cisco Wireless LAN Controller WLC could allow an unauthenticated, remote attacker to cause a partial denial of service DoS condition by disconnecting user sessions. The vulnerability is due to a lack of proper input validation of the RADIUS...

Cisco ASR 9000 Series Aggregation Services Routers Denial of Service Vulnerability

A vulnerability in the DHCP version 6 DHCPv6 server implementation of Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to improper handling of certain DHCPv6 packets. An attacker could exploit this...

Cisco Unity Connection Web Interface SQL Injection Vulnerability

A vulnerability in the web interface of Cisco Unity Connection UC could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries. The vulnerability is due to a lack of input validation on user-supplied input in SQL queries. An attacker...