Cisco Wide Area Application Services Server Message Block Protocol Module Denial of Service Vulnerability

A vulnerability in the Server Message Block Protocol SMB module of Cisco Wide Area Application Services WAAS could allow an unauthenticated, remote attacker to cause a reload of the SMB module. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by...

Cisco Access Control Server File Inclusion Vulnerability

A vulnerability in Cisco Access Control Server ACS could allow an unauthenticated, remote attacker to perform a file inclusion attack. The vulnerability is due to improper input validation of certain parameters passed to an affected device. An attacker could exploit this vulnerability by convinci...

Cisco IOS Voice Gateway Malformed ISDN Q931 Message Denial of Service Vulnerability

A vulnerability in the Integrated Services Digital Network ISDN processing code of Cisco IOS could allow an unauthenticated, adjacent attacker to cause a reload of the affected device. The vulnerability is due to improper processing of malformed ISDN Q931 SETUP messages. An attacker could exploit...

Cisco WebEx Meetings Server Cross-Site Scripting Vulnerability

A vulnerability within the administrative interface of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to insufficient validation of user-supplied input submitted to an affected device. An unauthenticate...

Cisco Access Control Server Cross-Site Scripting Vulnerability

A vulnerability in Cisco Access Control Server ACS could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. The vulnerability is due to improper input validation of certain parameters passed to an affected device. An attacker could exploit this vulnerability b...

Cisco Wireless LAN Controller Web Administration Interface Authenticated Remote Denial of Service Vulnerability

A vulnerability in the web administration interface of Cisco Wireless LAN Controllers WLC could allow an authenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper validation of certain parameters submitted as part of form...

Cisco Security Manager Cross-Site Scripting Vulnerability

A vulnerability in the HTTP module of the Cisco Security Manager CSM could allow an unauthenticated, remote attacker to conduct reflective cross-site scripting attacks. The vulnerability is due to insufficient validation of user-supplied input submitted to the vulnerable CSM web interface. An...

Multiple Vulnerabilities in Cisco TelePresence TC and TE Software

Cisco TelePresence TC and TE Software contains the following vulnerabilities: Cisco TelePresence TC and TE Software Authentication Bypass Vulnerability Cisco TelePresence TC and TE Software Crafted Packets Denial of Service Vulnerability Successful exploitation of the Cisco TelePresence TC and TE...

Command Injection Vulnerability in Multiple Cisco TelePresence Products

A vulnerability in the web framework of multiple Cisco TelePresence products could allow an authenticated, remote attacker to inject arbitrary commands that are executed with the privileges of the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this...

Cisco Headend Digital Broadband Delivery System Cross-Site Scripting Vulnerability

A vulnerability in the web-based administration interface of the Cisco Headend Digital Broadband Delivery System could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack on the affected device. The vulnerability is due to improper input validation of certain...

Cisco Unified Communications Manager root Shell Access Local Privilege Escalation Vulnerability

A vulnerability in the local read file of the Cisco Unified Communications Manager could allow an authenticated, local attacker to execute commands and obtain an interactive Linux shell as the root user if the attacker has already obtained sensitive information from the system. The vulnerability ...

Cisco Wireless LAN Controller Wireless Web Authentication Denial of Service Vulnerability

A vulnerability in the wireless web authentication subsystem of Cisco Wireless LAN Controller WLC could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition. The vulnerability exists due to improper input sanitization of a certain value that is supplied by a user...

Cisco UCS Central Software Arbitrary Command Execution Vulnerability

A vulnerability in the web framework of Cisco UCS Central Software could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by sending a crafted HTTP...

Cisco Unified Communications Manager SQL Injection Vulnerability

A vulnerability in Cisco Unified Communications Manager could allow an authenticated, remote attacker to perform SQL injection attacks. The vulnerability is due to a failure to properly sanitize user-supplied input passed to the affected application. An attacker could exploit this vulnerability b...

Cisco Unity Connection CUCReports Page Cross-Site Request Forgery Vulnerability

A vulnerability in the CUCReports page of Cisco Unity Connection could allow an unauthenticated, remote attacker to perform a cross-site request forgery CSRF attack against the CUCReports web interface. The vulnerability is due to insufficient CSRF protections on the Cisco Unity Connection web...

Cisco Finesse Server Cross-Site Scripting Vulnerability

A vulnerability in Cisco Finesse Server could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks. The vulnerability is due to improper input validation of certain parameters passed via HTTP GET or POST methods to an affected device. An unauthenticated, remote...

Cisco StarOS for Cisco ASR 5000 Series HTTP Packet Processing Denial of Service Vulnerability

A vulnerability in HTTP packet processing of Cisco StarOS for Cisco ASR 5000 Series devices could allow an unauthenticated, remote attacker to cause a reload of the session manager service on the affected device. The vulnerability is due to improper processing of malformed HTTP packets. An...

Cisco StarOS for Cisco ASR 5000 Series HAMGR Service Proxy Mobile IPv6 Processing Denial of Service Vulnerability

A vulnerability in proxy mobile PM IPv6 processing of Cisco StarOS for Cisco ASR 5000 Series devices could allow an unauthenticated, remote attacker to cause a reload of the hamgr service on the affected device. The vulnerability is due to improper processing of malformed IPv6 PM packets. An...

Cisco IOS XE Software OTV Processing Code Denial of Service Vulnerability

A vulnerability in the Overlay Transport Virtualization OTV processing code of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a reload of the affected device. The vulnerability is due to improper processing of oversized OTV frames passing through an affected...

Cisco IOS Software and Cisco IOS XE Software Crafted RADIUS Packet Denial of Service Vulnerability

A vulnerability in Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to improper processing of crafted RADIUS packets by a device running the affected software. An authenticated, remote...

Cisco IOS Software and Cisco IOS XE Software Crafted DHCPv6 Sequence Denial of Service Vulnerability

A vulnerability in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition. The vulnerability is due to improper handling of DHCPv6 packets for a SOLICIT message for an Identity Association for Non-Temporary Address...

Cisco FireSIGHT Management Center Web Framework Stored Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco FireSIGHT Management Center MC could allow an authenticated, remote attacker to execute a stored cross-site scripting XSS attack against the user of the web interface. The vulnerability is due to improper sanitization of parameter values. An attacker...

Cisco FireSIGHT Management Center Web Framework HTTP Header Redirection Vulnerability

A vulnerability in the web framework of Cisco FireSIGHT Management Center could allow an unauthenticated, remote attacker to inject a crafted HTTP header that causes users to be redirected to a malicious website. The vulnerability is due to insufficient validation of user input before it is used ...

Cisco Unified MeetingPlace Server Multiple State Changing URL API Functionalities Cross-Site Request Forgery Vulnerability

A vulnerability in multiple-state-changing URL application programming interface API functionalities within the Cisco Unified MeetingPlace Server could allow an unauthenticated, remote attacker to perform cross-site request forgery CSRF attacks. The vulnerability is due to insufficient CSRF...

Cisco Unified MeetingPlace Web Services Directory SOAP API Endpoints Cross-Site Request Forgery Vulnerability

A vulnerability in the SOAP application programming interface API endpoints of the web services directory of Cisco Unified MeetingPlace could allow an unauthenticated, remote attacker to perform a cross-site request forgery CSRF attack. The vulnerability is due to insufficient CSRF protections in...

Cisco Unified MeetingPlace Custom Prompts languageShortName Parameter Arbitrary Code Execution Vulnerability

A vulnerability in the languageShortName parameter of the Custom Prompts upload feature of Cisco Unified MeetingPlace could allow an authenticated, remote attacker to execute arbitrary code. The vulnerability is due to insufficient validation of input parameters by an affected system. An attacker...

Cisco Unified MeetingPlace Administrative Web Interface Reflected Cross-Site Scripting Vulnerability

A vulnerability in the administrative web interface of Cisco Unified MeetingPlace could allow an unauthenticated, remote attacker to perform a reflected cross-site scripting XSS attack on an affected system. The vulnerability is due to improper validation of user-supplied input by the affected...

Cisco Secure Access Control Server Dashboard Page Cross-Site Request Forgery Vulnerability

A vulnerability in the Dashboard page in the monitoring and report section of Cisco Secure Access Control Server could allow an unauthenticated, remote attacker to perform a cross-site request forgery CSRF attack. The vulnerability is due to the improper generation and validation of the CSRF toke...

Cisco Secure Desktop Cache Cleaner Command Execution Vulnerability

A vulnerability in a Cisco-signed Java Archive JAR executable Cache Cleaner component of Cisco Secure Desktop could allow an unauthenticated, remote attacker to execute arbitrary commands on the client host where the affected .jar file is executed. Command execution would occur with the privilege...

Cisco IOS XR Software BVI Routed Packet Denial of Service Vulnerability

A vulnerability in the packet-processing code of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers ASR could allow an unauthenticated, remote attacker to cause a lockup and eventual reload of a network processor chip and the line card that is processing traffic. Only...

Cisco Unified Communications Manager Interactive Voice Response Interface SQL Injection Vulnerability

A vulnerability in the Interactive Voice Response IVR interface of Cisco Unified Communications Manager UCM could allow an unauthenticated, remote attacker to conduct SQL injection attacks. The vulnerability is due to a lack of input validation on user-supplied input within SQL queries. An attack...

Cisco Web Security Appliance Cross-Site Scripting Vulnerability

A vulnerability in filter search forms of certain admin webpages of the Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to perform cross-site scripting XSS attacks. The vulnerability is due to insufficient input validation by an affected device. An unauthenticated...

Cisco TelePresence Collaboration Desk and Room Endpoints HTML Redirect Vulnerability

A vulnerability within the login page of the web user interface of Cisco TelePresence Collaboration Desk and Room Endpoints devices running TC Software could allow an unauthenticated, remote attacker to conduct HTML redirection attacks. The vulnerability is due to improper input validation of...

Multiple Cisco TelePresence Products Cross-Site Scripting Vulnerability

A vulnerability within the login page of the web user interface of Cisco TelePresence Collaboration Desk and Room Endpoints devices running TC Software could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to improper input validation of...

Cisco Web Security Appliance Python File Processing Privilege Escalation Vulnerability

A vulnerability in the status-checking process of remote access tunnels for supporting Cisco Web Security Appliances WSA could allow an authenticated, local attacker to execute arbitrary Python code on the affected system. The vulnerability is due to improper usage and handling of the pickle Pyth...

Cisco Web Security Appliance Pickle Python Module Arbitrary Code Execution Vulnerability

A vulnerability in the status checking process of support remote access tunnels in the Cisco Web Security Appliance WSA could allow an authenticated, local attacker to execute arbitrary Python code on a targeted system. The vulnerability is due to improper use and handling of the pickle Python...

Cisco Aggregate Services Router 9000 ASR9K Security Bypass Vulnerability

A vulnerability in the Object-ACL matching process of Cisco Aggregation Services Router 9000 ASR9K could allow an unauthenticated, remote attacker to bypass the protection offered by a configured access control list ACL on an affected device. The vulnerability is due to ASR9K incorrectly handling...

Network Time Protocol Daemon MAC Checking Failure Authentication Bypass Vulnerability

A vulnerability in the Network Time Protocol NTP daemon could allow an unauthenticated, adjacent attacker to bypass authentication mechanisms and access an affected system. The vulnerability is due to incorrect validation of the message authentication code MAC field. An attacker could exploit thi...

Network Time Protocol Daemon Symmetric Mode Packet Processing Denial of Service Vulnerability

A vulnerability in ntpd could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected system. The vulnerability is due to improper processing of Network Time Protocol NTP packets when handling symmetric key authentication failures. An attacker could...

Multiple Vulnerabilities in Cisco ASA Software

Cisco Adaptive Security Appliance ASA Software is affected by the following vulnerabilities: Cisco ASA Failover Command Injection Vulnerability Cisco ASA DNS Memory Exhaustion Vulnerability Cisco ASA VPN XML Parser Denial of Service Vulnerability Successful exploitation of the Cisco ASA Failover...

Cisco ASA FirePOWER Services and Cisco ASA CX Services Crafted Packets Denial of Service Vulnerability

A vulnerability in the virtualization layer of the Cisco ASA FirePOWER Services and Cisco ASA Context Aware CX Services could allow an unauthenticated, remote attacker to cause the a reload of the affected system. Cisco has released software updates that address this vulnerability. The resolution...

Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products

Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to bypass authentication controls or to create a denial of service DoS condition. On April 7, 2015, NTP.org...

Cisco Wireless LAN Controller HTML Help Cross-Site Scripting Vulnerability

A vulnerability in the HTML help system of Cisco Wireless LAN Controller WLC devices could allow an unauthenticated, remote attacker conduct cross-site scripting attacks. An unauthenticated, remote attacker who can convince a user of an affected system to follow a malicious link or visit an...

Cisco ASR1000 Series Routers ESP Module Denial of Service Vulnerability

A vulnerability in the Embedded Services Processor ESP module of Cisco ASR 1000 Series Routers running Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to improper handling of malformed H.323 packets by an...

Cisco Nexus 9000 Series Denial of Service Vulnerability

A vulnerability in the SNMP subsystem of Cisco Nexus 9000 software could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability occurs when the High Availability HA policy is set to Reset in the affected software. An authenticated, remote attacker...

Cisco Catalyst 4500 SNMP Polling Denial of Service Vulnerability

A vulnerability in the Simple Network Management Protocol SNMP code of Cisco Catalyst 4500 devices running Cisco IOS Software could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to an unspecified condition that exists during SNMP...

Cisco Identity Services Engine Portal Privilege Elevation Vulnerability

A vulnerability in the Sponsor Portal of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to access guest accounts created from another sponsor account. The vulnerability is due to a failure to restrict guest accounts across sponsors. An attacker could exploit this...

Cisco Prime Data Center Network Manager File Information Disclosure Vulnerability

Cisco Prime Data Center Network Manager DCNM contains a file information disclosure vulnerability that could allow an unauthenticated, remote attacker to retrieve arbitrary files from the underlying operating system. Cisco has released software updates that address this vulnerability. Workarounds...

Multiple Vulnerabilities in Cisco Unity Connection

Cisco Unity Connection contains multiple vulnerabilities, when it is configured with Session Initiation Protocol SIP trunk integration. The vulnerabilities described in this advisory are denial of service vulnerabilities impacting the availability of Cisco Unity Connection for processing SIP...

Cisco ASR1000 Series Routers Incomplete or Glean Adjacencies Denial of Service Vulnerability

A vulnerability in Cisco ASR 1000 Series software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to improper processing of route adjacencies. An attacker could exploit this vulnerability by sending malicious IP packets to an...