5218 matches found
Cisco Virtualization Experience Client 6215 Devices Command Injection Vulnerability
A vulnerability in the diagnostics portion of the administrative web interface of Cisco Virtualization Experience VXC Client 6215 devices could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with elevated privileges. The vulnerability is du...
Cisco IOS Software TCL Script Interpreter Privilege Escalation Vulnerability
A vulnerability in the Tool Command Language TCL script interpreter of Cisco IOS Software could allow an authenticated, local attacker to escalate privileges from those of a non-privileged user to a privileged level 15 user. This would allow a non-privileged user to execute privileged commands...
Cisco Email Security Appliance Anti-Spam Scanner Bypass Vulnerability
A vulnerability in the anti-spam scanner of the Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass the anti-spam functionality of the ESA. The vulnerability is due to improper handling of a malformed packet in the anti-spam scanner. An attacker could...
Cisco Email Security Appliance Anti-Spam Scanner Bypass Vulnerability
A vulnerability in the anti-spam scanner of Cisco AsyncOS for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass the anti-spam functionality of the ESA. The vulnerability is due to improper error handling of a malformed packet in the anti-spam scanner. An...
Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products
On June 11, 2015, the OpenSSL Project released a security advisory detailing six distinct vulnerabilities, and another fix that provides hardening protections against exploits as described in the Logjam research. Multiple Cisco products incorporate a version of the OpenSSL package affected by one...
Cisco IOS XR Software Crafted IPv6 Packet Denial of Service Vulnerability
A vulnerability in the IP version 6 IPv6 processing code of Cisco IOS XR Software for Cisco CRS-3 Carrier Routing System could allow an unauthenticated, remote attacker to trigger an ASIC scan of the Network Processor Unit NPU and a reload of the line card processing an IPv6 packet. The...
Cisco IOS XR Software Crafted IPv6 Packet Denial of Service Vulnerability
A vulnerability in the IP version 6 IPv6 processing code of Cisco IOS XR Software for Cisco CRS-3 Carrier Routing System could allow an unauthenticated, remote attacker to trigger an ASIC scan of the Network Processor Unit NPU and a reload of the line card processing an IPv6 packet. The...
Cisco Identity Services Engine Improper Web Page Controls Privilege Escalation Vulnerability
A vulnerability in the administrative web interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to access sensitive information or modify certain device settings. The vulnerability is due to improper controls on certain pages in the web interface. An attack...
Cisco Nexus and Cisco Multilayer Director Switches MOTD Telnet Login Reset Vulnerability
A vulnerability in the Message of the Day MOTD or banner functionality of the NX-OS Software could allow an unauthenticated, remote attacker to cause the login process to reset. The vulnerability is due to the MOTD display handling when a certain type of terminal session is requested via Telnet...
Cisco IOS XR telnetd Packet Processing Denial of Service Vulnerability
A vulnerability in the telnetd process of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a reload of the affected service. The vulnerability is due to improper processing of malformed Telnet packets directed to a device configured to process such packets. An attack...
Cisco TelePresence Video Communication Server SDP Over SIP Denial of Service Vulnerability
A vulnerability in the Session Description Protocol SDP parser of the Cisco TelePresence Video Communication Server VCS could allow an unauthenticated, remote attacker to cause the Cisco VCS device to become unreachable due to a denial of service DoS attack caused by high CPU utilization. The...
Cisco Application and Content Networking System URL Page Return Cross-Site Scripting Vulnerability
A vulnerability in Cisco Application and Content Networking System ACNS could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks. The vulnerability is due to insufficient validation of the URL of pages that are not accessible to the end user that could be return...
Cisco FireSIGHT Management Center Dashboard Deletion Vulnerability
A vulnerability in management interface used to delete VPNs in the Cisco FireSIGHT Management Center could allow an authenticated, remote attacker with limited user permissions to delete another user's VPN dashboard. The vulnerability occurs because the product does not properly validate the...
Cisco Prime Network Control System Unauthorized Configuration Vulnerability
A vulnerability in the authentication, authorization, and accounting AAA user roles of the Cisco Prime Network Control System NCS network management application could allow an authenticated, remote attacker who is logged in as a system monitor user to perform configuration tasks. The vulnerabilit...
Cisco FireSIGHT Management Center Cross-Site Scripting Vulnerability
A vulnerability in the Cisco FireSIGHT Management Center could allow an authenticated, remote attacker to perform cross-site scripting XSS attacks. The vulnerability is due to insufficient input validation of some parameters passed via HTTP GET or POST methods. An attacker could exploit this...
Cisco Catalyst 6500 Series Switches IPsec Tunnel Handling Denial of Service Vulnerability
A vulnerability in the Internet Key Exchange IKE subsystem of the Cisco WS-IPSEC-3 service module could allow an authenticated, remote attacker to cause a reload of the Catalyst switch. The vulnerability is due to insufficient bounds checks on a specific message during the establishment of an IPs...
Cisco TelePresence HTTP Response Splitting Vulnerability
A vulnerability in Cisco TelePresence Collaboration Desk and Room Endpoints running TC Software could allow an unauthenticated, remote attacker to conduct HTTP response splitting attacks. The vulnerability is due to insufficient user input sanitization performed by the affected software while...
Cisco Edge 340 Privilege Escalation Vulnerability
A vulnerability in the system configuration of Cisco Edge 340 could allow an authenticated, local attacker to run arbitrary programs with elevated privileges. The vulnerability is due to insufficient access control protections. An attacker could exploit this vulnerability by logging in to the...
Cisco ONS 15454 System Software Denial of Service Vulnerability
A vulnerability in Cisco ONS 15454 System Software could allow an unauthenticated, remote attacker to cause the controller card on an affected device to reset, resulting in a denial of service DoS condition. The vulnerability occurs because tNetTask CPU time is consumed when the software processe...
Cisco FireSIGHT Management Center XSS and HTML Injection Vulnerabilities
Multiple vulnerabilities in the administrative web interface of the Cisco FireSIGHT Management Center could allow an attacker to conduct both cross-site scripting XSS and also arbitrary HTML command injection attacks. These vulnerabilities are due to improper user input validation. An attacker...
Cisco Unified MeetingPlace Arbitrary File Download Vulnerability
A vulnerability in the Cisco Unified MeetingPlace application could allow an unauthenticated, remote attacker to retrieve arbitrary files. The vulnerability is due to improper handling of requests for resources by an affected device. An unauthenticated, remote attacker could exploit this...
Cisco Unified MeetingPlace Session ID Information Disclosure Vulnerability
A vulnerability in the Cisco Unified MeetingPlace application could allow an unauthenticated, remote attacker to obtain sensitive information. The Cisco Unified MeetingPlace application does not always properly validate the session ID in the HTTP URL. This could allow an attacker to obtain...
Cisco AnyConnect Secure Mobility Client Privilege Escalation Vulnerability
A vulnerability in the code of Cisco AnyConnect Secure Mobility Client for Linux could allow an authenticated, local attacker to elevate privileges to those of the root user. The vulnerability is due to improper implementation of some internal functions. An attacker could exploit this vulnerabili...
Cisco Adaptive Security Appliance XAUTH Bypass Vulnerability
A vulnerability in Internet Key Exchange IKE version 1 v1 code of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker to bypass Extended Authentication XAUTH and successfully log in via IPsec remote VPN. The vulnerability is due to improper implementation ...
Cisco Unified MeetingPlace Microsoft Outlook Reflected Cross-Site Scripting Vulnerability
A vulnerability in the HTTP web-based management interface of the Cisco Unified MeetingPlace for Microsoft Outlook could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web interface of the affected system. The XSS attack can ...
Cisco Headend Digital Broadband Delivery System Cross-Site Request Forgery Vulnerability
A vulnerability in Cisco Headend Digital Broadband Delivery could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attacks on the affected device. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker...
Cisco Unified MeetingPlace XML Processing Information Disclosure Vulnerability
A vulnerability in the web-based user interface of Cisco Unified MeetingPlace could allow an authenticated, remote attacker to gain read access to select information stored on the affected system. The vulnerability is due to improper handling of XML External Entities XXEs when parsing an XML file...
Multiple Cisco Products TCP Flood Denial of Service Vulnerability
A vulnerability in the TCP module of multiple Cisco products could allow an unauthenticated, remote attacker to disable TCP ports and cause an increase in CPU and memory usage, resulting in a denial of service DoS condition. The vulnerability is due to a lack of rate limiting in the TCP listener...
Cisco Headend System Release UDP TFTP and DHCP Denial of Service Vulnerability
A vulnerability in the UDP applications TFTP and DHCP of Cisco Headend System Release could allow an unauthenticated, remote attacker to take the TFTP and DHCP listening ports offline for a period of time. The vulnerability is due to a particular UDP traffic pattern in addition to the amount of U...
Cisco Headend Digital Broadband Delivery System HTTP Response-Splitting Vulnerability
A vulnerability in the Cisco Headend Digital Broadband Delivery System could allow an unauthenticated, remote attacker to conduct HTTP response-splitting attacks. The vulnerability is due to improper sanitization on user input performed by the HTTP Header Handler within the affected software...
Cisco Conductor for Videoscape and Cisco Headend System Release HTTP Injection Vulnerability
A vulnerability in the Cisco Conductor for Videoscape and Cisco Headend System Releases could allow an unauthenticated, remote attacker to inject arbitrary HTTP cookies via an HTTP request. The vulnerability is due to improper input validation of an HTTP request header. An attacker could exploit...
Cisco Headend System Release Archive File Download Vulnerability
A vulnerability in Cisco Headend System Release could allow an unauthenticated, remote attacker to download temporary script files. The vulnerability is due to improper input validation of the HTTP request header. An attacker could exploit this vulnerability by manipulating the URL of an HTTP...
Cisco Identity Services Engine Privilege Escalation Vulnerability
A vulnerability in the Posture module of the Cisco Identity Services Engine ISE could allow an authenticated, local attacker to run arbitrary programs with elevated privileges. The vulnerability is due to insufficient access control protections. An attacker could exploit this vulnerability by...
Cisco Identity Services Engine Information Disclosure Vulnerability
A vulnerability in the web framework of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to access information on a targeted device that is normally available only to authenticated users. The vulnerability is due to improper implementation of session handlers set...
Cisco Wireless LAN Controller TCP Denial of Service Vulnerability
A vulnerability in the Cisco Wireless LAN Controller WLC could allow an unauthenticated, adjacent attacker to cause a Denial of Service DoS condition on the affected device. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by sending crafted TCP...
Cisco Finesse XML Processing Denial of Service Vulnerability
A vulnerability in Cisco Finesse could allow an authenticated, remote attacker to gain access to sensitive information or cause a denial of service DoS condition. The vulnerability is due to improper processing of XML files by an affected device. An authenticated, remote attacker could exploit th...
Cisco Unified Email Interaction Manager and Cisco Unified Web Interaction Manager SQL Injection Vulnerability
A vulnerability in the Cisco Unified Email Interaction Manager EIM and Cisco Unified Web Interaction Manager WIM interface could allow an unauthenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries. The vulnerability is due to a lack of input...
Cisco Telepresence Video Communication Server Cross-Site Scripting Vulnerability
A vulnerability in TelePresence Video Communication Server VCS could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. The vulnerability is due to insufficient validation of user-supplied input submitted to and processed by an affected device. An attacker cou...
Cisco IP Phone 7861 Denial of Service Vulnerability
A vulnerability in the Cisco IP Phone 7861 could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper boundary restrictions when user-supplied input to the affected application is processed. An...
Cisco HCS Administrative Web Interface Arbitrary Command Execution Vulnerability
A vulnerability in the administrative web interface of Cisco Hosted Collaboration Solution HCS could allow an authenticated, remote attacker to execute arbitrary commands on the affected system and on the devices managed by the affected system. The vulnerability is due to improper user input...
Cisco Unified Communications Manager Multiple Vulnerabilities
Multiple vulnerabilities in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS, cross-site request forgery XSRF, and phishing attacks on the affected software. The vulnerabilities are due to improper input validation of certain...
Cisco Access Control Server Representational State Transfer Application Programming Interface Denial of Service Vulnerability
A vulnerability in the Representational State Transfer REST application programming interface API of the Cisco Access Control Server ACS could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to how the ACS REST API handles increased...
Cisco Prime Central for HCS Multiple Cross-Site Request Forgery Vulnerabilities
Multiple cross-site request forgery CSRF vulnerabilities in the Cisco Prime Central for HCS PC4HCS application could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerabilities are due to a lack of CSRF protections by an affected device. An attacker could exploit...
Cisco Adaptive Security Appliance Protocol Independent Multicast Registration Vulnerability
A vulnerability in the Protocol Independent Multicast PIM application of the Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to disrupt the multicast traffic forwarding on the affected device via a denial-of-service DoS attack. The vulnerability is due to an...
Cisco Unified Intelligence Center Cross-Site Request Forgery Vulnerability
A vulnerability in Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on the affected device. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability...
Cisco Sourcefire 3D System Lights-Out Management Arbitrary File Upload Vulnerability
A vulnerability in Lights-Out Management LOM functionality of the Sourcefire 3D System could allow an authenticated, remote attacker to upload arbitrary files to the baseboard management controller BMC on an affected device. The vulnerability is due to insufficient validation and sanitization of...
Cisco Web Security Appliance Web Tracking Report Page Cross-Site Scripting Vulnerability
A vulnerability in the Web Tracking Report page of the Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to perform a cross-site scripting XSS attack against the user of the web interface. The vulnerability is due to improper validation of user-supplied input in a...
Cisco Unified Customer Voice Portal Cross-Site Request Forgery Vulnerability
A vulnerability in Cisco Unified Customer Voice Portal CVP could allow an unauthenticated, remote attacker to conduct cross-site request forgery CSRF attacks. The vulnerability is due to insufficient CSRF protections on an affected system. An attacker could exploit this vulnerability by persuadin...
Cisco MediaSense Cross-Site Request Forgery Vulnerability
A vulnerability in Cisco MediaSense could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against the user of the web interface. The vulnerability is due to insufficient CSRF protections on the Cisco MediaSense web interface. An attacker could exploit...
Cisco Email Security Appliance Cross-Site Scripting Vulnerability
A vulnerability in the Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to perform a cross-site scripting XSS attack. The vulnerability is due to insufficient input validation of some parameters passed via HTTP GET or POST methods. An attacker could exploit this...