Cisco ASR 9000 Series Aggregation Services Routers tmp Files Denial of Service Vulnerability

A vulnerability in Cisco ASR 9000 Series Aggregation Services Routers could allow an authenticated, local attacker to produce excessive tmp/config files, causing the system to become unresponsive. The vulnerability is due to the abrupt closure of the user's vty sessions after the commit/end in...

Cisco Unified Communications Manager Prime Collaboration Deployment Information Disclosure Vulnerability

A vulnerability in the Prime Collaboration Deployment of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protections of data at rest. An attacker could exploit this vulnerability by browsing to a...

Cisco AnyConnect Secure Mobilty Client Directory Traversal Vulnerability

A vulnerability in the connection establishment process of Cisco AnyConnect Secure Mobility Client could allow an unauthenticated, remote attacker to write or overwrite files in the active user's context. The vulnerability is due to insufficient input validation. An unauthenticated, remote attack...

Cisco Prime Central Hosted Collaboration Solution Cross-Site Scripting Vulnerability

A vulnerability in the HTTP web-based management interface of the Cisco Prime Central for Hosted Collaboration Solution PC4HCS could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of the affected system. The vulnerability...

Cisco IM and Presence Service Reflected Cross-Site Scripting Vulnerability

Cisco IM and Presence Service contains a reflected cross-site scripting XSS vulnerability that could allow an unauthenticated, remote attacker to preform an XSS attack on an authenticated user. The vulnerability is due to an incomplete user input filter that may not filter certain HTML or script...

Cisco ASR 1000 Series Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability

A vulnerability in the code handling the reassembly of fragmented IP version 4 IPv4 or IP version 6 IPv6 packets of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a crash of the Embedded Services Processor ESP...

Cisco IOS-XE Fragmented Packet Resource Consumption Vulnerability

A vulnerability in the packet reassembly subsystem of Cisco IOS-XE could allow an unauthenticated, remote attacker to consume CPU resources which may lead to a denial of service DoS condition. The vulnerability is due to an error message that is triggered to the console and the syslog when a...

Cisco AnyConnect Secure Mobility Client Local Denial of Service Vulnerability

A vulnerability in the kernel extension for Mac OS X of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient bounds checking. An attacker could exploit this vulnerability by crafti...

Cisco UCS Central Software File Access Vulnerability

A vulnerability in the web framework of the Cisco UCS Central Software could allow an unauthenticated, remote attacker to download arbitrary files from a targeted device. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by sending a crafted HTTP...

Cisco Email Security Appliance AsyncOS Cross-Site Scripting Vulnerability

A vulnerability in the web management interface of multiple Cisco products could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface on the affected system. The vulnerability is due to insufficient input validation of a...

Cisco Firepower 9000 Series Unauthenticated Web Page Vulnerability

A vulnerability in the web interface of the Cisco Firepower 9000 device could allow an unauthenticated, remote attacker to access a web page that should be restricted. The vulnerability is due to improper authentication validation. An attacker could exploit this vulnerability by accessing a certa...

Multiple Cisco Products LDAP Server SSL Certificate Validation Vulnerability

A vulnerability in SSL certificate validation of multiple Cisco products could allow an unauthenticated, remote attacker to stage a man-in-the-middle attack. The vulnerability is due to lack of SSL certificate validation for secure LDAP. An attacker could exploit this vulnerability to stage a...

Cisco IOS XR LPTS Network Stack Remote Denial of Service Vulnerability

A vulnerability in the Local Packet Transport Services LPTS network stack of Cisco IOS XR for Cisco ASR9k could allow an unauthenticated, remote attacker to cause a limited denial of service DoS condition on an affected platform. The vulnerability is due to improper handling of flow base entries ...

Cisco Unified MeetingPlace Unauthorized Password Change Vulnerability

The password change functionality in the Cisco Unified MeetingPlace Web Conferencing application could allow an unauthenticated remote, attacker to change the passwords of arbitrary users. The vulnerability is due to the following: Users are not required to enter the previous password during a...

Cisco IOS Software TFTP Server Denial of Service Vulnerability

A vulnerability in the TFTP server feature of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The TFTP server feature is not enabled by default. Cisco has released software updates that address this vulnerability...

Cisco Application Policy Infrastructure Controller Access Control Vulnerability

A vulnerability in the cluster management configuration of the Cisco Application Policy Infrastructure Controller APIC and the Cisco Nexus 9000 Series ACI Mode Switch could allow an authenticated, remote attacker to access the APIC as the root user. The vulnerability is due to improper...

Cisco IOS XR Concurrent Data Management Replication Process BGP Process Denial of Service Vulnerability

A vulnerability in the Concurrent Data Management Replication process of Cisco IOS XR for ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a reload of the Border Gateway Protocol BGP process. The vulnerability is due to improper processing of...

Cisco WebEx Meetings Server Cross-Site Request Forgery Vulnerability

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to perform a cross-site request forgery CSRF attack. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerability by convincing a user of the affected system t...

Cisco Videoscape Policy Resource Manager Denial of Service Vulnerability

A vulnerability in the TCP module of the Cisco Videoscape Policy Resource Manager PRM product could allow an unauthenticated, remote attacker to disable TCP ports and cause an increase in CPU and memory usage. The vulnerability is due to a lack of rate limiting in the TCP listening application. A...

Cisco Prime Collaboration Assurance Web Interface Denial of Service Vulnerability

A vulnerability in the web interface of Cisco Prime Collaboration Assurance could allow a remote, unauthenticated attacker to cause a denial of service DoS condition. The vulnerability is due to improper handling of a crafted HTTP request. An unauthenticated, remote attacker could exploit this...

Cisco WebEx Meetings Server Remote Code Execution Vulnerability

A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability is due to insufficient sanitization of user-supplied input. An attacker could exploit this vulnerability by sending crafted data in a...

Cisco Unified Intelligence Center Cross-Site Request Forgery Vulnerability

A vulnerability in the web framework of the Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to perform a cross-site request forgery CSRF attack against a vulnerable web interface. The vulnerability is due to insufficient CSRF protections on the web interface. An...

Cisco Email Security Appliance Malformed DMARC Policy Records File Modification Vulnerability

A vulnerability in the Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to generate malformed Domain-Based Message Authentication, Reporting, and Conformance DMARC policy records to the targeted system. The vulnerability occurs because the affected ESA is not abl...

Cisco Videoscape Delivery System Denial of Service Vulnerability

A vulnerability in the HTTP processing module of the Cisco Videoscape Distribution Suite for Internet Streaming VDS-IS and Cisco Videoscape Distribution Suite Service Broker VDS-SB could allow an unauthenticated, remote attacker to cause a reload of the affected device. The vulnerability is due t...

Cisco Packet Data Network Gateway GTPv2 Tunnel Vulnerability

A vulnerability in the GPRS Tunneling Protocol for Version 2 GTPv2 of the Cisco Packet Data Network Gateway PGW could allow an unauthenticated, remote attacker to cause partial availability of the GTPv2 service. The vulnerability is due to lack of input validation of the incoming GTPv2 packet...

Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability

A vulnerability in the web framework of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against the user of the web interface. The vulnerability is due to insufficient CSRF protections. An attacker could exploit th...

Cisco Packet Data Network Gateway IP Stack Denial of Service Vulnerability

A vulnerability in the IP stack of the Cisco Packet Data Network Gateway PGW could allow an unauthenticated, remote attacker to cause a partial denial of service DoS of the Session Manager service when a malformed IP packet is received. The vulnerability is due to improper input validation of...

Cisco Adaptive Security Appliance Message Authentication Code Checking Vulnerability

A vulnerability in the Transport Layer Security TLS code on the Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to modify the contents of an encrypted TLS packet without detection of the modifications. The vulnerability is due to an error on the firmware of t...

Cisco Identity Services Engine Cross-Frame Scripting Vulnerability

A vulnerability in the web interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack. This vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerability by directing a...

Cisco TelePresence Integrator C Series Multiple Request Parameter Vulnerability

A vulnerability in Cisco TelePresence Integrator C Series could allow an unauthenticated, remote attacker to bypass authentication. The vulnerability is due to insufficient validation of user-supplied values. An attacker could exploit this vulnerability by sending multiple request parameters to a...

Cisco Unified Communications Manager Denial of Service Vulnerability

A vulnerability in the Tomcat service throttling mechanism of the Cisco Unified Communications Manager could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to sending multiple authenticated requests to Cisco Unified Communications...

Cisco FireSIGHT Management Center Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in Cisco FireSIGHT Management Center could allow an unauthenticated, remote attacker to perform reflected cross-site scripting XSS attacks. The vulnerabilities are due to insufficient validation of user-supplied input by the affected software. An attacker could exploit...

Cisco Unified Communications Manager ccmivr Page Cross-Site Scripting Vulnerability

A vulnerability in several parameters of the ccmivr page of Cisco Unified Communications Manager, formerly known as CallManager, could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface on an affected system. The vulnerabilit...

Cisco Identity Services Engine Cross-Site Scripting Vulnerability

A vulnerability in the Cisco Identity Services Engine ISE Infra Admin UI could allow an unauthenticated, remote attacker to perform a cross-site scripting XSS attack. The vulnerability is due to insufficient input validation of some parameters passed via HTTP GET or POST methods. An attacker coul...

Cisco Mobility Services Engine Control And Provisioning Information Disclosure Vulnerability

A vulnerability in the Control And Provisioning of the Cisco Mobility Services Engine MSE could allow an authenticated, remote attacker to have read access to sensitive information stored on an affected system. The vulnerability is due to the inclusion of sensitive information in certain log file...

OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products

On July 9, 2015, the OpenSSL Project released a security advisory detailing a vulnerability affecting applications that verify certificates, including SSL/Transport Layer Security TLS/Datagram Transport Layer Security DTLS clients and SSL/TLS/DTLS servers using client authentication. Multiple Cis...

Cisco AsyncOS for Cisco Email Security Appliance and Cisco Web Security Appliance Cluster Denial of Service Vulnerability

A vulnerability in the clustering component of Cisco AsyncOS for Cisco Email Security Appliance ESA and Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to cause the device to become unresponsive on the clustering and SSH configured ports. The vulnerability is due ...

Cisco TelePresence Advanced Media Gateway Cross-Site Request Forgery Vulnerability

A vulnerability in the Cisco TelePresence Advanced Media Gateway Series could allow and unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to insufficient cross-site request forgery CSRF protection. An attacker could exploit this vulnerability by tricking the...

Cisco TelePresence IP VCR Cross-Site Request Forgery Vulnerability

A vulnerability in the Cisco TelePresence IP VCR Series could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to insufficient cross-site request forgery CSRF protection. An attacker could exploit this vulnerability by tricking the user of a web...

Cisco Hosted Collaboration Solution Cross-Site Scripting Vulnerability

A vulnerability in Cisco Hosted Collaboration Solution could allow an unauthenticated, remote attacker to perform cross-site scripting XSS attacks. The vulnerability is due to insufficient validation of a user-supplied value. An attacker could exploit this vulnerability by convincing a user to...

Cisco ASR 5000 Series Software Local Command Injection Vulnerability

A vulnerability in the boot process of the Cisco ASR5000 and ASR5500 ASK5K System Software could allow an authenticated, local attacker to cause commands to be executed during the boot process. The vulnerability is due to improper reading of a local file on Compact Flash CF during the boot proces...

Cisco TelePresence Serial Gateway Cross-Site Request Forgery Vulnerability

A vulnerability in the Cisco TelePresence Serial Gateway Series could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to insufficient cross-site request forgery CSRF protection. An attacker could exploit this vulnerability by tricking the user of a...

Cisco Unified Computing System C-Series Servers Man-in-the-Middle Vulnerability

A vulnerability in the Cisco Integrated Management Controller of the Cisco Unified Computing System UCS C-Series Servers could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack against the affected device. The vulnerability is due to improper validation of the SSL...

Cisco TelePresence ISDN Gateway Software Cross-Site Request Forgery Vulnerability

A vulnerability in the Cisco TelePresence ISDN Gateway could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to insufficient cross-site request forgery CSRF protection. An attacker could exploit this vulnerability by tricking the user of a web...

Cisco TelePresence MCU 4500 Cross-Site Request Forgery Vulnerability

A vulnerability in the Cisco TelePresence MCU 4500 Series could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to insufficient cross-site request forgery CSRF protection. An attacker could exploit this vulnerability by tricking the user of a web...

Cisco TelePresence MSE 8000 Series Cross-Site Request Forgery Vulnerability

A vulnerability in the Cisco TelePresence MSE 8000 Series could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to insufficient cross-site request forgery CSRF protection. An attacker could exploit this vulnerability by tricking the user of a web...

Cisco TelePresence IP Gateway Cross-Site Request Forgery Vulnerability

A vulnerability in the Cisco TelePresence IP Gateway Series could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to insufficient cross-site request forgery CSRF protection. An attacker could exploit this vulnerability by tricking the user of a web...

Cisco Adaptive Security Appliance Software OSPFv2 Denial of Service Vulnerability

A vulnerability in the Open Shortest Path First version 2 OSPFv2 code of Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, adjacent attacker to cause the reload of the affected system. The vulnerability is due to improper handling of OSPFv2 packets. An attacker could...

Cisco IP Communicator Web Access Denial of Service Vulnerability

A vulnerability in the web interface of Cisco IP Communicator could allow an unauthenticated, remote attacker to take the web service offline. The vulnerability is due to access of a specific HTTP URL. An attacker could exploit this vulnerability by sending an HTTP GET request to the specific...

Cisco FireSIGHT Management Center Cross-Site Request Forgery Vulnerability

A vulnerability in the Cisco FireSIGHT Management Center which could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to insufficient cross-site request forgery CSRF protections. An attacker could exploit this vulnerability by tricking the user of a...