Cisco Secure Access Control Server SSH Login Denial of Service Vulnerability

A vulnerability in the Secure Shell SSH feature of the Cisco Secure Access Control Server ACS could allow an authenticated, remote attacker to cause a partial denial of service DoS condition due to the SSH screen process unexpectedly terminating. The vulnerability is due to improper input...

Cisco IOS Software DHCPv6 Server Implementation Denial of Service Vulnerability

A vulnerability in the DHCP version 6 DHCPv6 server implementation of Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to improper handling of crafted DHCPv6 packets. An attacker could exploit this vulnerabilit...

Cisco Prime Network Registrar Privilege Escalation Vulnerability

A vulnerability in the default configuration of the Cisco Prime Network Registrar CPNR virtual appliance OVA which could allow an authenticated, local attacker to gain root privileges. The vulnerability is due to an insecure default account present on the affected device. A local attacker could...

Cisco IOS XE Cisco Discovery Protocol Packet Processing Denial of Service Vulnerability

A vulnerability in Cisco Catalyst 4500 Series Switches running Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper processing of valid crafted Cisco Discovery Protocol packet...

Cisco Prime Collaboration Assurance Information Disclosure Vulnerability

A vulnerability in the web framework of Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to access information about any device imported into the system database. The vulnerability is due to improper implementation of authorization and access controls. An attacker...

Cisco Nexus 9000 Series Switches Reserved VLAN Number Vulnerability

A vulnerability in the handling of incoming Layer 2 packets tagged with a Cisco Nexus 9000 Series Switch N9K reserved VLAN number could allow an unauthenticated, adjacent attacker to cause a partial denial of service DoS condition due to increased CPU utilization and possible control plane...

Cisco Prime Collaboration Provisioning Web Framework Access Controls Bypass Vulnerability

A vulnerability in the web framework of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to access higher-privileged functions. An exploit could allow the attacker to access functions, some of which should be accessible only to users who have administrative...

Cisco TelePresence Server Denial of Service Vulnerability

Cisco TelePresence Server contains a buffer overflow vulnerability in the Conference Control Protocol API that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. Cisco has released software updates that address this vulnerability. No workarounds that...

Multiple Vulnerabilities in Cisco Prime Collaboration Assurance

Cisco Prime Collaboration Assurance Software contains the following vulnerabilities: Cisco Prime Collaboration Assurance Web Framework Access Controls Bypass Vulnerability Cisco Prime Collaboration Assurance Information Disclosure Vulnerability Cisco Prime Collaboration Assurance Session ID...

Cisco Web Security Appliance Malformed HTTP Response Denial of Service Vulnerability

A vulnerability in the web interface of the Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to cause a partial denial of service DoS condition due to memory management failures during processing of TCP connections. The vulnerability is due to the improper handling...

Cisco Email Security Appliance Format String Vulnerability

The Cisco Email Security Appliance ESA contains a vulnerability that could allow an unauthenticated, remote attacker to impact the integrity and availability of services and data on the affected device. The impact includes a partial denial of service DoS. In addition, the attacker could override...

Cisco Web Security Appliance DNS Resolution Vulnerability

A vulnerability in the DNS resolution function of the Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to cause a partial denial of service DoS condition due to DNS name resolution failing through the device. The vulnerability is due to the handling of DNS requests...

Cisco Security Management Appliance Log Rollover Denial of Service Vulnerability

A vulnerability in the web interface of the Cisco Security Management Appliance SMA could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on a targeted device. The vulnerability is due to inadequate validation of user credentials for incoming HTTP requests,...

Cisco Application Visibility and Control FlexConnect UDP Vulnerability

A vulnerability in Cisco Application Visibility and Control AVC software for wireless networking could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition. The vulnerability is due to improper validation of UDP packets in the configuration of FlexConnect mode. A...

Cisco TelePresence IX5000 Systems Certificate Information Disclosure Vulnerability

A vulnerability in the directory on the Web Management Interface of Cisco TelePresence IX5000 Systems could allow an unauthenticated, remote attacker to decrypt captured traffic on the affected device or perform a man-in-the-middle attack. The vulnerability is due to the inclusion of the...

Cisco Integrated Management Controller Supervisor and Cisco UCS Director Remote File Overwrite Vulnerability

Cisco Integrated Management Controller IMC Supervisor and Cisco UCS Director contain a remote file overwrite vulnerability that could allow an unauthenticated, remote attacker to overwrite arbitrary system files, resulting in system instability or a denial of service DoS condition. Cisco has...

Cisco NX-OS Malformed ARP Header Denial of Service Vulnerability

A vulnerability in Address Resolution Protocol ARP feature of the Cisco Nexus Operating System NX-OS could allow an unauthenticated, adjacent attacker to cause a partial denial of service DoS condition because the ARP process unexpectedly restarts. The vulnerability is due to improper input...

Cisco TelePresence Video Communication Server Expressway Command Injection Vulnerability

A vulnerability in a local file script in Cisco TelePresence Video Communication Server VCS Expressway could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with elevated privilege. The vulnerability is due to insufficient protection of a...

Cisco ASR 1000 Series Aggregation Services Routers Data-Plane Processing Denial of Service Vulnerability

A vulnerability in the Cisco ASR 1000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to the processing of excessive number of IPv4 packets that require fragmentation and reassembly. An attack...

Cisco Identity Services Engine Guest Portal Unauthorized Access Vulnerability

A vulnerability in the Cisco Identity Services Engine ISE guest portal could allow an unauthenticated, remote attacker to view a customized page on the guest portal. The vulnerability is due to lack of access control for the uploaded HTML files. An attacker could exploit this vulnerability by...

Cisco ACE 4710 and ACE30 Application Control Engine CLI Privilege Escalation Vulnerability

A vulnerability in the command-line interface CLI of Cisco Application Control Engine ACE could allow an authenticated, local attacker to elevate privileges to read and alter the content of files that belong to other contexts. The vulnerability is due to insufficient file access controls. An...

Cisco TelePresence Video Communication Server Expressway TFTP Information Disclosure Vulnerability

A vulnerability in TFTP in Cisco TelePresence Video Communication Server VCS Expressway could allow an authenticated, remote attacker to obtain unauthorized access to configuration files from the device by using TFTP. The vulnerability is due to lack of TFTP authentication and control for the...

Cisco Prime Infrastructure Web Interface Cross-Site Request Forgery Vulnerability

A vulnerability in the web interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against the user of the web interface. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this...

Cisco Wireless LAN Controller IPv6 IAPP WIPS Report Vulnerability

A vulnerability in the Internet Access Point Protocol IAPP module of the Cisco Wireless LAN Controller WLC could allow an unauthenticated, remote attacker to cause network traffic to be forwarded to an unexpected destination network. The vulnerability is due to improper input validation of the IP...

Cisco Prime Infrastructure Privilege Escalation Vulnerability

A vulnerability in the Cisco Prime Infrastructure PI username storage and authentication process could allow an authenticated, remote attacker to gain elevated privileges on a targeted system. The vulnerability occurs because the affected software saves case-sensitive usernames and performs...

Cisco Aggregation Services Router ASR 5000 and ASR 5500 OSPF Denial of Service Vulnerability

A vulnerability in the Open Shortest Path First OSPF protocol implementation of the Cisco Aggregation Services Router ASR 5000 and ASR 5500 System Software could allow an unauthenticated, remote attacker to cause a partial denial of service DoS condition because the OSPF process restarts. The...

Cisco TelePresence Video Communication Server Expressway Arbitrary File Injection Vulnerability

A vulnerability in the command-line interface CLI of the Cisco TelePresence Video Communication Server VCS Expressway could allow an authenticated, local attacker to inject arbitrary arguments to a script on an affected system. The vulnerability is due to insufficient input validation of content ...

Multiple Cisco Finesse Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in Cisco Finesse could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks. The vulnerabilities are due to improper input validation of certain parameters passed via HTTP GET or POST methods to an affected device. An unauthenticated, remo...

Cisco Unified Interaction Manager Cross-Site Scripting Vulnerability

A vulnerability in the web chat interface of Cisco Unified Interaction Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the chat on the affected system. The vulnerability is due to insufficient input validation of user-supplied...

Cisco TelePresence Video Communication Server Expressway Command Execution Vulnerability

A vulnerability in the web framework of the Cisco TelePresence Video Communication Server VCS Expressway could allow an authenticated, remote attacker to execute commands on the underlying operating system. The vulnerability is due to improper authorization of read-only users. An attacker could...

Cisco TelePresence Video Communication Server Expressway Command Injection Vulnerability

A vulnerability in the administrator web interface of the Cisco TelePresence Video Communication Server VCS Expressway could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of a targeted device. The vulnerability is due to insufficient inpu...

Cisco NX-OS Internet Group Management Protocol Denial of Service Vulnerability

A vulnerability in the Internet Group Management Protocol version 3 IGMPv3 input packet processing of Cisco NX-OS could allow an unauthenticated, adjacent attacker to cause the IGMP process to restart due to a malformed IGMP packet, which could cause a denial of service DoS condition on the devic...

Cisco TelePresence Video Communication Server Expressway Access Vulnerability

A vulnerability in the Password Change functionality in the Administrative Web Interface of the Cisco TelePresence Video Communication Server VCS Expressway could allow an authenticated, remote attacker to make unauthorized changes to user passwords. The vulnerability is due to insufficient...

Cisco Nexus Operating System Address Resolution Protocol Denial of Service Vulnerability

A vulnerability in the Address Resolution Protocol ARP input packet processing of the Cisco Nexus Operating System NX-OS devices could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition. The vulnerability is due to improper validation of the ARP packet and the...

Cisco Security Mail Appliance Email Spam Quarantine Privilege Escalation Vulnerability

A vulnerability in the email Spam Quarantine, Lightweight Directory Access Protocol LDAP authentication of the Cisco Content Security Management Appliance SMA could allow an authenticated, remote attacker to escalate privileges to those of the Spam Quarantine. The vulnerability is due to improper...

Cisco Unified Interaction Manager Web Interface Authorization Bypass Vulnerability

A vulnerability in the Cisco Unified Interaction Manager web interface could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. The vulnerability is due to insufficient validation of user-supplied data against the application authorization contr...

Cisco Unified Interaction Manager Web Interface Security Bypass Vulnerability

A vulnerability in the Cisco Unified Interaction Manager web interface could allow an authenticated, remote attacker to delete default system folders for the messaging queues. The vulnerability is due insufficient validation of user-supplied data against the application authorization control logi...

Cisco Telepresence Video Communication Server Expressway Call Policy Configuration Page Denial of Service Vulnerability

A vulnerability in the Call Policy Configuration page of the Cisco TelePresence Video Communication Server VCS Expressway could allow an authenticated, remote attacker to cause a denial of service DoS condition or read arbitrary files on an affected system. The vulnerability is due to insufficien...

Cisco TelePresence Video Communication Server Expressway Access Vulnerability

A vulnerability in of the Cisco TelePresence Video Communication Server VCS Expressway could allow an authenticated, remote attacker to falsely register their Mobile and Remote Access MRA endpoint. The vulnerability is due to insufficient validation of the registering phone line. An attacker coul...

Cisco TelePresence Video Communication Server Expressway Information Disclosure Vulnerability

A vulnerability in Configuration Log File of the Cisco TelePresence Video Communication Server VCS Expressway could allow an authenticated, remote attacker to obtain sensitive information stored on an affected system. The vulnerability is due to the inclusion of sensitive information in certain l...

Cisco TelePresence Video Communication Server Expressway Denial of Service Vulnerability

A vulnerability in the Cisco TelePresence Video Communication Server VCS Expressway could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient handling of malformed authentication messages. An attacker could exploit this...

Cisco TelePresence Video Communication Server Expressway Denial of Service Vulnerability

A vulnerability in the Cisco TelePresence Video Communication Server VCS Expressway could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient handling of malformed GET request messages. An attacker could exploit this...

Cisco Edge 340 Series Digital Media Player File Disclosure Vulnerability

A vulnerability in the Cisco Edge 340 webGUI configuration export functionality could allow an authenticated, remote attacker to gain access to sensitive information. The vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability to view sensitive...

Cisco FireSIGHT Management Center System Policy Deletion Vulnerability

A vulnerability in the web interface function to delete a system policy configured in the Cisco FireSIGHT Management Center application could allow unauthenticated, remote attackers to delete a system policy other than their own. The vulnerability is due to improper input validation of certain...

Cisco Nexus 9000 Series Resource Exhaustion Denial of Service Vulnerability

A vulnerability in Cisco Nexus 9000 Series software could allow an authenticated, remote attacker to cause a denial of service DoS condition. An attacker could exploit the vulnerability by copying large files to the device file system. Processing the large files could cause the device to stop...

Cisco TelePresence Video Communication Server Command Injection Vulnerability

A vulnerability in the web framework in the Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker to inject arbitrary commands that are executed at the nobody privilege level. The vulnerability is due to insufficient input validation. An attacker could...

Cisco WebEx Meeting Center Open Redirect Vulnerability

A vulnerability in the Cisco WebEx Meeting Center web interface could allow an unauthenticated, remote attacker to redirect a user to a undesired web page. The vulnerability is due to improper input validation of the parameters in the HTTP request. An attacker could exploit this vulnerability by...

Cisco TelePresence Video Communication Server Expressway Information Disclosure Vulnerability

A vulnerability in the System Snapshot of Cisco TelePresence Video Communication Server VCS Expressway could allow an authenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of data at rest. An attacker could exploit this vulnerability by...

Cisco ASA Unicast Reverse Path Forwarding (uRPF) Bypass Vulnerability

A vulnerability in the Unicast Reverse Path Forwarding uRPF feature in the Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to bypass the uRPF validation checks. The vulnerability is due to incorrect uRPF validation where IP packets from an outside interface,...

Cisco Nexus 3000 Nexus Data Broker Denial of Service Vulnerability

A vulnerability in the Nexus Data Broker NDB in Cisco Nexus 3000 Series Switches could allow an unauthenticated, remote attacker to cause a partial denial of service DoS condition. The vulnerability is in handling incoming connections to the Java application. An attacker could exploit this...