Cisco IOS XE for Cisco 1000 Series ASR Routers Denial of Service Vulnerability

A vulnerability in PPP over Ethernet PPPoE processing on Cisco IOS XE for Cisco 1000 Series ASR routers could allow an unauthenticated, adjacent attacker to cause a reload of the affected device. The vulnerability is due to improper processing of malformed PPPoE Active Discovery Request PADR...

Cisco Adaptive Security Appliance Software OSPFv2 Denial of Service Vulnerability

A vulnerability in the Open Shortest Path First version 2 OSPFv2 code of Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, adjacent attacker to cause the reload of the affected system. The vulnerability is due to improper handling of OSPFv2 packets. An attacker could...

Cisco Digital Content Manager Message Processing Denial of Service Vulnerability

A vulnerability in Cisco Digital Content Manager DCM could allow an unauthenticated, remote attacker to crash the system mainboard. The vulnerability is due to the DCM receiving malformed ad messages from the ad server, which could trigger a system reboot. An attacker could exploit this...

Cisco Nexus Operating System Devices Command Line Interface Local Privilege Escalation Vulnerability

A vulnerability in the Command Line Interface CLI parser of Cisco Nexus Operating System NX-OS devices could allow an authenticated, local attacker to perform a privilege escalation. The vulnerability is due to improper input validation of special characters within filenames. An attacker could...

Cisco Adaptive Security Appliance SNMP Denial of Service Vulnerability

A vulnerability in the Simple Network Management Protocol SNMP code of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to improper handling of SNMP packets. An attacker could exploit th...

Cisco Unified Communications Domain Manager Default Static Privileged Account Credentials

A vulnerability in the Cisco Unified Communications Domain Manager Platform Software could allow an unauthenticated, remote attacker to login with the privileges of the root user and take full control of the affected system. The vulnerability occurs because a privileged account has a default and...

Cisco Nexus Devices Python Subsystem Local Privilege Escalation Vulnerabilities

Multiple privilege escalation vulnerabilities in the Python subsystem of Cisco Nexus devices running Cisco NX-OS Software could allow an authenticated, local attacker to gain elevated privileges. The vulnerabilities are due to insufficient hardening of the operating system on which NX-OS is...

Cisco Unified MeetingPlace SQL Injection Vulnerability

A vulnerability in Cisco Unified MeetingPlace could allow an authenticated, remote attacker to impact the confidentiality, integrity, and availability of the affected system by executing arbitrary SQL queries. The vulnerability is due to failure to validate user-supplied input used in SQL queries...

Cisco Nexus 7000 Devices Virtual Device Context Privilege Escalation Vulnerability

A privilege escalation vulnerability in the Python scripting subsystem of Cisco Nexus 7000 devices that have been configured with multiple virtual device contexts VDCs could allow an authenticated, local attacker to delete files owned by a different VDC on the device. The vulnerability exists due...

Cisco Nexus Devices NX-OS Software Command-Line Interpreter Local Privilege Escalation Vulnerability

A local privilege escalation vulnerability in the command-line interpreter of Cisco Nexus devices could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with user privileges. The vulnerability exists due to insufficient input sanitization of...

Cisco Unified Communications Domain Manager Information Disclosure Vulnerability

A vulnerability in the web framework of Cisco Unified Communications Domain Manager Application Software could allow an unauthenticated, remote attacker to access content in the bvsmweb directory. The vulnerability is due to insufficient access controls. An attacker could exploit this vulnerabili...

Cisco Unified IP Phones 9900 Series Denial of Service Vulnerability

A vulnerability in the packet storing capabilities of Cisco 9900 Series IP Phones could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to how the phone decoder handles certain real-time transport protocol RTP packets. An attacker...

Cisco Headend System Releases Denial of Service Vulnerability

A vulnerability in Cisco Headend System Releases could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to the software's inability to recover memory after certain usage situations. An attacker could exploit this vulnerability by...

Cisco Headend System Releases Denial of Service Vulnerability

A vulnerability in Cisco Headend System Releases could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to the software's inability to recover memory after certain usage situations. An attacker could exploit this vulnerability by...

Cisco Application Policy Infrastructure Controller Unauthorized Access Vulnerability

A vulnerability in the role-based access control RBAC of the Cisco Application Policy Infrastructure Controller Cisco APIC could allow an authenticated, remote attacker to have read access to certain information stored in the affected system. The vulnerability is due to improper handling of RBAC...

Cisco Virtual WSA, ESA, and SMA Default SSH Host Keys Vulnerability

A vulnerability in the remote support functionality of Cisco WSAv, Cisco ESAv, and Cisco SMAv Software could allow an unauthenticated, remote attacker to decrypt and impersonate secure communication between any virtual content security appliances. The vulnerability is due to the presence of...

Multiple Default SSH Keys Vulnerabilities in Cisco Virtual WSA, ESA, and SMA

Cisco Web Security Virtual Appliance WSAv, Cisco Email Security Virtual Appliance ESAv, and Cisco Security Management Virtual Appliance SMAv are affected by the following vulnerabilities: Cisco Virtual WSA, ESA, and SMA Default Authorized SSH Key Vulnerability Cisco Virtual WSA, ESA, and SMA...

Cisco Wireless LAN Controller Command Injection Vulnerability

A vulnerability in the command-line interface CLI processor of the Cisco Wireless LAN Controller WLC could allow an authenticated, local attacker to inject arbitrary commands that are executed with elevated privileges on the underlying operating system. The vulnerability is due to insufficient...

Cisco Unified Presence Server Cross-Site Scripting Vulnerability

A vulnerability in the Cisco Unified Presence Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of the affected system. The vulnerability is due to insufficient input validation of a user-supplied value. An...

Cisco IM and Presence Service Leaked Encrypted Passwords Privilege Escalation Vulnerability

A vulnerability in the Cisco IM and Presence Service could allow an authenticated, remote attacker to gain elevated privileges. The vulnerability is due to improper web page restrictions imposed by the affected software. An authenticated, remote attacker could exploit this vulnerability to access...

Cisco IM and Presence Service SQL Injection Vulnerability

A vulnerability in the database of Cisco IM and Presence Service could allow an authenticated, remote attacker to impact the confidentiality, integrity, and availability of the affected system by executing arbitrary SQL queries. The vulnerability is due to a failure to validate user-supplied inpu...

Cisco IOS XR MPLS LDP Packet Processing Denial of Service Vulnerability

A vulnerability in the Multiprotocol Label Switching MPLS Label Distribution Protocol LDP packet processing feature of Cisco IOS XR could allow an unauthenticated, remote attacker to cause a reload of the MPLS LDP process on the affected device. The vulnerability is due to improper processing of...

Cisco WebEx Meeting Center Data and Credential Exposure Vulnerability

A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to access data and credentials. The vulnerability is due to the exposure of sensitive information. An attacker could exploit this vulnerability to access data and credentials. Cisco has confirmed the...

Cisco Identity Services Engine and Secure Access Control System Support Bundle Download Vulnerability

A vulnerability in Cisco Identity Services Engine and Secure Access Control System could allow an authenticated, remote attacker to gain unauthorized access to program data. The vulnerability is due to weak authentication and authorization used to control access to support bundles stored on a...

Cisco Jabber for Windows Web-Based User Interface Information Disclosure Vulnerability

A vulnerability in the web-based user interface of Cisco Jabber for Windows could allow an unauthenticated, remote attacker to have read access to information stored in the affected system. The vulnerability is due to insufficient validation of specific values passed via HTTP GET methods by the...

Cisco Nexus 9000 Series Software Password Exposure Vulnerability

A vulnerability in Cisco Nexus 9000 Series Software could allow an authenticated, remote attacker to expose passwords in plain text format. The vulnerability is due to older versions of the affected software retaining the ability to decrypt passwords. An attacker could exploit this vulnerability ...

Cisco Unified MeetingPlace Plain Text Password Information Disclosure Vulnerability

A vulnerability in Cisco Unified MeetingPlace could allow an authenticated, remote attacker to view passwords in plain text. The vulnerability is due to the inclusion of sensitive information in the web page source code of the affected software. An attacker could exploit this vulnerability to vie...

Cisco Wireless LAN Controller IPv6 Packet Handling Denial of Service Vulnerability

A vulnerability in Cisco Wireless LAN Controller WLC devices could allow an unauthenticated, adjacent attacker could to cause a crash of an affected device. The vulnerability exists due to an unhandled exception that may occur when IPv6 traffic is forwarded to a device that is not configured for...

Cisco AnyConnect Client for Windows Privilege Escalation Vulnerability

A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and execute an arbitrary executable file with privileges equivalent to the Microsoft Windows operating system SYSTEM account. The vulnerability is due to a lack of checks...

Cisco WebEx Meeting Center GET Parameter Vulnerability

A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to view sensitive information that is transmitted in GET parameters or perform SQL injection. The vulnerability is due to the inclusion of sensitive information in the URL as GET parameters. An attacker...

Cisco WebEx Meetings Meeting Access Number Vulnerability

A vulnerability in Cisco WebEx Meetings could allow an unauthenticated, remote attacker to discover the meeting access number. The vulnerability is due to the inclusion of sensitive information in URLs. An attacker could exploit this vulnerability by accessing the web page containing meeting...

Cisco WebEx Meetings Host Calendar Download Vulnerability

A vulnerability in Cisco WebEx Meetings could allow an unauthenticated, remote attacker to access and download calendar files without authorization. The vulnerability is due to inconsistent authorization checks. An attacker could exploit this vulnerability by enumerating scheduled meetings and...

Cisco WebEx Meetings Reflected Cross-Site Scripting Vulnerability

A vulnerability in Cisco WebEx Meetings could allow an unauthenticated, remote attacker to perform reflected cross-site scripting attacks. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by...

Cisco Data Center Analytics Framework Cross-Site Request Forgery Vulnerability

A vulnerability in the Data Center Analytics Framework DCAF application could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to insufficient cross-site request forgery CSRF protection. An attacker could exploit this vulnerability by tricking the us...

Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers Denial of Service Vulnerability

A vulnerability in flow control processing of Cisco IOS XR Software for Cisco ASR 9000 Series Routers could allow an unauthenticated, adjacent attacker to cause a Network Processing Unit NPU chip reset and potentially a reload of the affected line card. The vulnerability is due to improper...

Cisco IOS Software UBR Devices IPv6 VPN Multiprotocol Label Switching Denial of Service Vulnerability

A vulnerability in Cisco Universal Broadband Routers performing IPv6 VPN over Multiprotocol Label Switching MPLS; 6VPE and configured for NetFlow could allow an unauthenticated, remote attacker to cause a crash of the Parallel Express Forwarding PXF process on the Performance Routing Engine PRE...

Cisco IOS Software UBR Devices SNMP Subsystem Denial of Service Vulnerability

A vulnerability in the SNMP subsystem of Cisco Universal Broadband Router devices could allow an authenticated, remote attacker to cause a crash of the Parallel Express Forwarding PXF process on the Performance Routing Engine PRE module. The vulnerability is due to a memory leak that occurs when...

Cisco IOS Software UBR Devices IPv6 to IPv4 Subsystem Denial of Service Vulnerability

A vulnerability in the IPv6 to IPv4 subsystem of Cisco IOS Software could allow an unauthenticated, remote attacker to cause a standby Performance Routing Engine PRE to leak a small portion of memory on a targeted system, resulting in a denial of service DoS condition. The vulnerability is due to...

Cisco IOS Software UBR Devices IPv6 to IPv4 Subsystem Denial of Service Vulnerability

A vulnerability in the IPv6 to IPv4 subsystem of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a Performance Routing Engine PRE crash on a targeted system, resulting in a denial of service DoS condition. The vulnerability is due to a race condition that may cause a...

Cisco NX-OS Software Link Layer Discovery Protocol Denial of Service Vulnerability

A vulnerability in the Link Layer Discovery Protocol LLDP code of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to crash an affected device. The vulnerability is due to an error in parsing a malformed LLDP packet. An attacker could exploit this vulnerability by sending a...

Cisco Web Security Appliance Web Framework HTTP Header Injection Vulnerability

A vulnerability in the web framework of Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to inject a crafted HTTP header that could introduce arbitrary code into the web interface. The vulnerability is due to insufficient validation of user input before it is used...

Cisco Gateway GPRS Support Node TCP Invalid Packet Vulnerability

A vulnerability in the TCP packet input handler of the Cisco Gateway GPRS Support Node GGSN could allow an unauthenticated, remote attacker to cause a reset of the Session Manager application. The vulnerability is due to improper input validation of the length fields of the TCP/IP header. An...

Cisco uBR10000 Series Universal Broadband Routers Information Disclosure Vulnerability

A vulnerability in the processing of IP Detail Record IPDR packets on Cisco uBR10000 devices could allow an unauthenticated, remote attacker to gather a limited amount of IPDR data from the affected device. The vulnerability is due to the inability of Cisco Cable Modem Termination Systems CMTS to...

Cisco WebEx Meeting Center Web-Based Administrative Interface User Enumeration Vulnerability

A vulnerability in the web-based administrative interface of Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to enumerate valid usernames and determine if the usernames have administrative privileges. The vulnerability is due to a logic error in the handling of invalid...

Cisco IOS XR SSH Disconnect Error Denial of Service Vulnerability

A vulnerability in Cisco IOS XR Software could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to an error that could occur in the affected software when an SSH connection is disconnected from an affected device. An authenticated, remot...

Cisco IOS XR IPv6 Packet Processing Denial of Service Vulnerability

A vulnerability in IP version 6 IPv6 processing in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a reload of the ipv6io service. The vulnerability is due to improper processing of a malformed IPv6 packet by a device configured to process such packets. An attacker...

Cisco Adaptive Security Appliance Encrypted IPSec or IKEv2 Packet Modification Vulnerability

A vulnerability in the AES-GCM code of Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to modify the contents of an encrypted IPSec or IKEv2 packet, and for those modifications not to be detected. The vulnerability is due to an error on the firmware of the...

Cisco Prime Collaboration Manager SQL Injection Vulnerability

A vulnerability in the Cisco Prime Collaboration Manager interface could allow an unauthenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries. The vulnerability is due to a lack of input validation on user-supplied input in SQL queries. An...

Cisco Cloud Portal Appliance Pregenerated Default Host Keys Vulnerability

A vulnerability in Cisco Cloud Portal Appliance could aid an unauthenticated, remote attacker in performing a man-in-the-middle attack. The vulnerability is due to a design error in the affected software. An unauthenticated, remote attacker could exploit this vulnerability to perform a...

Cisco UCS Central Software Command-Line Interface Command Injection Vulnerability

A vulnerability in the command-line interface CLI of Cisco UCS Central Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with elevated privileges on the underlying operating system. The vulnerability is due to insufficient input validation. An...