Cisco TelePresence Server Cross-Site Request Forgery Vulnerability

A vulnerability in the web interface of Cisco TelePresence Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against the user of the web interface. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this...

Cisco AnyConnect Secure Mobility Client for Windows Privilege Escalation Vulnerability

A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to execute an arbitrary executable file with privileges equivalent to the Microsoft Windows operating system SYSTEM account. The vulnerability is due to lack of checks in the code f...

Cisco Spark Mobile Application Man-in-the-Middle Vulnerability

A vulnerability in the Cisco Spark mobile application could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack against the affected device. The vulnerability is due to improper validation of the SSL certificate used to manage the device. An attacker could exploit this...

Cisco Wireless LAN Controller RADIUS Packet of Disconnect Vulnerability

A vulnerability in the RADIUS implementation of the Cisco Wireless LAN Controller WLC could allow an unauthenticated, remote attacker to cause a partial denial of service DoS condition by disconnecting user sessions. The vulnerability is due to a lack of proper input validation of the RADIUS...

Cisco ASR 9000 Series Aggregation Services Routers Denial of Service Vulnerability

A vulnerability in the DHCP version 6 DHCPv6 server implementation of Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to improper handling of certain DHCPv6 packets. An attacker could exploit this...

Cisco Unity Connection Web Interface SQL Injection Vulnerability

A vulnerability in the web interface of Cisco Unity Connection UC could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries. The vulnerability is due to a lack of input validation on user-supplied input in SQL queries. An attacker...

Cisco Secure Access Control Server SSH Login Denial of Service Vulnerability

A vulnerability in the Secure Shell SSH feature of the Cisco Secure Access Control Server ACS could allow an authenticated, remote attacker to cause a partial denial of service DoS condition due to the SSH screen process unexpectedly terminating. The vulnerability is due to improper input...

Cisco IOS Software DHCPv6 Server Implementation Denial of Service Vulnerability

A vulnerability in the DHCP version 6 DHCPv6 server implementation of Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to improper handling of crafted DHCPv6 packets. An attacker could exploit this vulnerabilit...

Cisco Prime Network Registrar Privilege Escalation Vulnerability

A vulnerability in the default configuration of the Cisco Prime Network Registrar CPNR virtual appliance OVA which could allow an authenticated, local attacker to gain root privileges. The vulnerability is due to an insecure default account present on the affected device. A local attacker could...

Cisco IOS XE Cisco Discovery Protocol Packet Processing Denial of Service Vulnerability

A vulnerability in Cisco Catalyst 4500 Series Switches running Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper processing of valid crafted Cisco Discovery Protocol packet...

Cisco Prime Collaboration Assurance Information Disclosure Vulnerability

A vulnerability in the web framework of Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to access information about any device imported into the system database. The vulnerability is due to improper implementation of authorization and access controls. An attacker...

Cisco Nexus 9000 Series Switches Reserved VLAN Number Vulnerability

A vulnerability in the handling of incoming Layer 2 packets tagged with a Cisco Nexus 9000 Series Switch N9K reserved VLAN number could allow an unauthenticated, adjacent attacker to cause a partial denial of service DoS condition due to increased CPU utilization and possible control plane...

Multiple Vulnerabilities in Cisco Prime Collaboration Assurance

Cisco Prime Collaboration Assurance Software contains the following vulnerabilities: Cisco Prime Collaboration Assurance Web Framework Access Controls Bypass Vulnerability Cisco Prime Collaboration Assurance Information Disclosure Vulnerability Cisco Prime Collaboration Assurance Session ID...

Cisco TelePresence Server Denial of Service Vulnerability

Cisco TelePresence Server contains a buffer overflow vulnerability in the Conference Control Protocol API that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. Cisco has released software updates that address this vulnerability. No workarounds that...

Cisco Prime Collaboration Provisioning Web Framework Access Controls Bypass Vulnerability

A vulnerability in the web framework of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to access higher-privileged functions. An exploit could allow the attacker to access functions, some of which should be accessible only to users who have administrative...

Cisco Web Security Appliance Malformed HTTP Response Denial of Service Vulnerability

A vulnerability in the web interface of the Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to cause a partial denial of service DoS condition due to memory management failures during processing of TCP connections. The vulnerability is due to the improper handling...

Cisco Email Security Appliance Format String Vulnerability

The Cisco Email Security Appliance ESA contains a vulnerability that could allow an unauthenticated, remote attacker to impact the integrity and availability of services and data on the affected device. The impact includes a partial denial of service DoS. In addition, the attacker could override...

Cisco Web Security Appliance DNS Resolution Vulnerability

A vulnerability in the DNS resolution function of the Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to cause a partial denial of service DoS condition due to DNS name resolution failing through the device. The vulnerability is due to the handling of DNS requests...

Cisco Security Management Appliance Log Rollover Denial of Service Vulnerability

A vulnerability in the web interface of the Cisco Security Management Appliance SMA could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on a targeted device. The vulnerability is due to inadequate validation of user credentials for incoming HTTP requests,...

Cisco Application Visibility and Control FlexConnect UDP Vulnerability

A vulnerability in Cisco Application Visibility and Control AVC software for wireless networking could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition. The vulnerability is due to improper validation of UDP packets in the configuration of FlexConnect mode. A...

Cisco TelePresence IX5000 Systems Certificate Information Disclosure Vulnerability

A vulnerability in the directory on the Web Management Interface of Cisco TelePresence IX5000 Systems could allow an unauthenticated, remote attacker to decrypt captured traffic on the affected device or perform a man-in-the-middle attack. The vulnerability is due to the inclusion of the...

Cisco Integrated Management Controller Supervisor and Cisco UCS Director Remote File Overwrite Vulnerability

Cisco Integrated Management Controller IMC Supervisor and Cisco UCS Director contain a remote file overwrite vulnerability that could allow an unauthenticated, remote attacker to overwrite arbitrary system files, resulting in system instability or a denial of service DoS condition. Cisco has...

Cisco NX-OS Malformed ARP Header Denial of Service Vulnerability

A vulnerability in Address Resolution Protocol ARP feature of the Cisco Nexus Operating System NX-OS could allow an unauthenticated, adjacent attacker to cause a partial denial of service DoS condition because the ARP process unexpectedly restarts. The vulnerability is due to improper input...

Cisco TelePresence Video Communication Server Expressway Command Injection Vulnerability

A vulnerability in a local file script in Cisco TelePresence Video Communication Server VCS Expressway could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with elevated privilege. The vulnerability is due to insufficient protection of a...

Cisco ASR 1000 Series Aggregation Services Routers Data-Plane Processing Denial of Service Vulnerability

A vulnerability in the Cisco ASR 1000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to the processing of excessive number of IPv4 packets that require fragmentation and reassembly. An attack...

Cisco Identity Services Engine Guest Portal Unauthorized Access Vulnerability

A vulnerability in the Cisco Identity Services Engine ISE guest portal could allow an unauthenticated, remote attacker to view a customized page on the guest portal. The vulnerability is due to lack of access control for the uploaded HTML files. An attacker could exploit this vulnerability by...

Cisco ACE 4710 and ACE30 Application Control Engine CLI Privilege Escalation Vulnerability

A vulnerability in the command-line interface CLI of Cisco Application Control Engine ACE could allow an authenticated, local attacker to elevate privileges to read and alter the content of files that belong to other contexts. The vulnerability is due to insufficient file access controls. An...

Cisco TelePresence Video Communication Server Expressway TFTP Information Disclosure Vulnerability

A vulnerability in TFTP in Cisco TelePresence Video Communication Server VCS Expressway could allow an authenticated, remote attacker to obtain unauthorized access to configuration files from the device by using TFTP. The vulnerability is due to lack of TFTP authentication and control for the...

Cisco Prime Infrastructure Web Interface Cross-Site Request Forgery Vulnerability

A vulnerability in the web interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against the user of the web interface. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this...

Cisco Wireless LAN Controller IPv6 IAPP WIPS Report Vulnerability

A vulnerability in the Internet Access Point Protocol IAPP module of the Cisco Wireless LAN Controller WLC could allow an unauthenticated, remote attacker to cause network traffic to be forwarded to an unexpected destination network. The vulnerability is due to improper input validation of the IP...

Cisco Prime Infrastructure Privilege Escalation Vulnerability

A vulnerability in the Cisco Prime Infrastructure PI username storage and authentication process could allow an authenticated, remote attacker to gain elevated privileges on a targeted system. The vulnerability occurs because the affected software saves case-sensitive usernames and performs...

Cisco Aggregation Services Router ASR 5000 and ASR 5500 OSPF Denial of Service Vulnerability

A vulnerability in the Open Shortest Path First OSPF protocol implementation of the Cisco Aggregation Services Router ASR 5000 and ASR 5500 System Software could allow an unauthenticated, remote attacker to cause a partial denial of service DoS condition because the OSPF process restarts. The...

Cisco TelePresence Video Communication Server Expressway Arbitrary File Injection Vulnerability

A vulnerability in the command-line interface CLI of the Cisco TelePresence Video Communication Server VCS Expressway could allow an authenticated, local attacker to inject arbitrary arguments to a script on an affected system. The vulnerability is due to insufficient input validation of content ...

Multiple Cisco Finesse Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in Cisco Finesse could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks. The vulnerabilities are due to improper input validation of certain parameters passed via HTTP GET or POST methods to an affected device. An unauthenticated, remo...

Cisco Unified Interaction Manager Cross-Site Scripting Vulnerability

A vulnerability in the web chat interface of Cisco Unified Interaction Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the chat on the affected system. The vulnerability is due to insufficient input validation of user-supplied...

Cisco TelePresence Video Communication Server Expressway Command Execution Vulnerability

A vulnerability in the web framework of the Cisco TelePresence Video Communication Server VCS Expressway could allow an authenticated, remote attacker to execute commands on the underlying operating system. The vulnerability is due to improper authorization of read-only users. An attacker could...

Cisco TelePresence Video Communication Server Expressway Command Injection Vulnerability

A vulnerability in the administrator web interface of the Cisco TelePresence Video Communication Server VCS Expressway could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of a targeted device. The vulnerability is due to insufficient inpu...

Cisco NX-OS Internet Group Management Protocol Denial of Service Vulnerability

A vulnerability in the Internet Group Management Protocol version 3 IGMPv3 input packet processing of Cisco NX-OS could allow an unauthenticated, adjacent attacker to cause the IGMP process to restart due to a malformed IGMP packet, which could cause a denial of service DoS condition on the devic...

Cisco TelePresence Video Communication Server Expressway Access Vulnerability

A vulnerability in the Password Change functionality in the Administrative Web Interface of the Cisco TelePresence Video Communication Server VCS Expressway could allow an authenticated, remote attacker to make unauthorized changes to user passwords. The vulnerability is due to insufficient...

Cisco Nexus Operating System Address Resolution Protocol Denial of Service Vulnerability

A vulnerability in the Address Resolution Protocol ARP input packet processing of the Cisco Nexus Operating System NX-OS devices could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition. The vulnerability is due to improper validation of the ARP packet and the...

Cisco Security Mail Appliance Email Spam Quarantine Privilege Escalation Vulnerability

A vulnerability in the email Spam Quarantine, Lightweight Directory Access Protocol LDAP authentication of the Cisco Content Security Management Appliance SMA could allow an authenticated, remote attacker to escalate privileges to those of the Spam Quarantine. The vulnerability is due to improper...

Cisco Unified Interaction Manager Web Interface Authorization Bypass Vulnerability

A vulnerability in the Cisco Unified Interaction Manager web interface could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. The vulnerability is due to insufficient validation of user-supplied data against the application authorization contr...

Cisco Unified Interaction Manager Web Interface Security Bypass Vulnerability

A vulnerability in the Cisco Unified Interaction Manager web interface could allow an authenticated, remote attacker to delete default system folders for the messaging queues. The vulnerability is due insufficient validation of user-supplied data against the application authorization control logi...

Cisco Telepresence Video Communication Server Expressway Call Policy Configuration Page Denial of Service Vulnerability

A vulnerability in the Call Policy Configuration page of the Cisco TelePresence Video Communication Server VCS Expressway could allow an authenticated, remote attacker to cause a denial of service DoS condition or read arbitrary files on an affected system. The vulnerability is due to insufficien...

Cisco TelePresence Video Communication Server Expressway Access Vulnerability

A vulnerability in of the Cisco TelePresence Video Communication Server VCS Expressway could allow an authenticated, remote attacker to falsely register their Mobile and Remote Access MRA endpoint. The vulnerability is due to insufficient validation of the registering phone line. An attacker coul...

Cisco TelePresence Video Communication Server Expressway Information Disclosure Vulnerability

A vulnerability in Configuration Log File of the Cisco TelePresence Video Communication Server VCS Expressway could allow an authenticated, remote attacker to obtain sensitive information stored on an affected system. The vulnerability is due to the inclusion of sensitive information in certain l...

Cisco TelePresence Video Communication Server Expressway Denial of Service Vulnerability

A vulnerability in the Cisco TelePresence Video Communication Server VCS Expressway could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient handling of malformed authentication messages. An attacker could exploit this...

Cisco TelePresence Video Communication Server Expressway Denial of Service Vulnerability

A vulnerability in the Cisco TelePresence Video Communication Server VCS Expressway could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient handling of malformed GET request messages. An attacker could exploit this...

Cisco Edge 340 Series Digital Media Player File Disclosure Vulnerability

A vulnerability in the Cisco Edge 340 webGUI configuration export functionality could allow an authenticated, remote attacker to gain access to sensitive information. The vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability to view sensitive...

Cisco FireSIGHT Management Center System Policy Deletion Vulnerability

A vulnerability in the web interface function to delete a system policy configured in the Cisco FireSIGHT Management Center application could allow unauthenticated, remote attackers to delete a system policy other than their own. The vulnerability is due to improper input validation of certain...