Cisco Unified Communications Domain Manager Application Software Information Disclosure Vulnerability

A vulnerability in Cisco Unified Communications Domain Manager Application Software could allow an authenticated, remote attacker to gain access to sensitive information. The vulnerability is due to unspecified condition within the affected software that could allow local file inclusion. An...

Cisco Unified Communications Domain Manager Application Software SQL Injection Vulnerability

A vulnerability in the Image Management functionality of Cisco Unified Communications Domain Manager Application Software could allow an authenticated, remote attacker to conduct SQL injection attacks. The vulnerability is due to insufficient validation of user-supplied input by the affected...

Cisco Unified Communications Domain Manager Application Software Remote Code Execution Vulnerability

A vulnerability in a deprecated page in Cisco Unified Communications Domain Manager Application Software could allow an authenticated, remote attacker to execute arbitrary code. The vulnerability is due to insufficient security restrictions imposed by the affected software that could allow...

Cisco Unified Call Manager Arbitrary File Retrieval Vulnerability

A vulnerability in Cisco Unified Call Manager Cisco Unified CM could allow an authenticated, remote attacker to retrieve arbitrary files. The vulnerability is due to improper security restrictions by the affected application while handling requests for resources. An authenticated, remote attacker...

Cisco NX-OS Software DHCP Options Command Injection Vulnerability

A vulnerability in DHCP code used with PowerOn Auto Provisioning POAP of Cisco NX-OS could allow an unauthenticated, adjacent attacker to inject arbitrary commands into the Cisco NX-OS device. The vulnerability is due to insufficient input validation of the DHCP options returned as a result of...

Cisco Wireless LAN Controller Task Name aaaQueueReader Denial of Service Vulnerability

A vulnerability in the web authentication feature of Cisco Wireless LAN Controller WLC could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition. The vulnerability is due to the improper handling of ill-formed passwords by the web authentication feature used by...

Cisco IOS Software and IOS XE Software mDNS Gateway Denial of Service Vulnerability

A vulnerability in the multicast DNS mDNS gateway function of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to reload the vulnerable device. The vulnerability is due to improper validation of mDNS packets. An attacker could exploit this vulnerability...

Cisco IOS Software and IOS XE Software TCP Packet Memory Leak Vulnerability

A vulnerability in the TCP input module of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak and eventual reload of the affected device. The vulnerability is due to improper handling of certain crafted packet sequences used in establishing ...

Multiple Vulnerabilities in Cisco IOS Software and IOS XE Software Autonomic Networking Infrastructure

The Autonomic Networking Infrastructure ANI feature of Cisco IOS Software and IOS XE Software has multiple vulnerabilities which could allow an unauthenticated, remote attacker to cause a denial of service DoS condition or gain limited command and control of the device. Autonomic Networking...

Cisco IOS Software and IOS XE Software Internet Key Exchange Version 2 Denial of Service Vulnerabilities

Devices running Cisco IOS Software or IOS XE Software contain vulnerabilities within the Internet Key Exchange IKE version 2 subsystem that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerabilities are due to how an affected device processes...

Multiple Vulnerabilities in Cisco IOS Software Common Industrial Protocol

The Cisco IOS Software implementation of the Common Industrial Protocol CIP feature contains the following vulnerabilities when processing crafted CIP packets that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition: Cisco IOS Software UDP CIP Denial of...

Cisco IOS Software Virtual Routing and Forwarding ICMP Queue Wedge Vulnerability

A vulnerability within the virtual routing and forwarding VRF subsystem of Cisco IOS software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to a failure to properly process malicious ICMP version 4 ICMPv4 messages received on ...

Multiple Vulnerabilities in Cisco IOS XE Software for Cisco ASR 1000 Series, Cisco ISR 4400 Series, and Cisco Cloud Services 1000v Series Routers

Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers ASR, Cisco 4400 Series Integrated Services Routers ISR, and Cisco Cloud Services Routers CSR 1000v Series contains the following vulnerabilities: Cisco IOS XE Software Fragmented Packet Denial of Service Vulnerability...

Cisco Mobility Service Engine Password Information Disclosure Vulnerability

A vulnerability in the Cisco Mobility Services Engine MSE could allow an authenticated, remote attacker to gain access to sensitive information. The vulnerability is due to insufficient security restrictions imposed by the affected software. An authenticated, remote attacker could exploit this...

Cisco IOS XR Software DHCPv4 Server Denial of Service Vulnerability

A vulnerability in the DHCP process of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to improper processing of crafted DHCP messages on a targeted...

Multiple Vulnerabilities in OpenSSL (March 2015) Affecting Cisco Products

Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition or corrupt portions of OpenSSL process memory. On March 19, 2015, the OpenSSL Project releas...

Cisco Small Business SPA300 and SPA500 Series IP Phones Unauthenticated Remote Dial Vulnerability

A vulnerability in the firmware of the Cisco Small Business SPA 300 and 500 series IP phones could allow an unauthenticated, remote attacker to listen to the audio stream of an IP phone. The vulnerability is due to improper authentication settings in the default configuration. An attacker could...

Cisco Videoscape Distribution Suite for Internet Streaming Denial of Service Vulnerability

A vulnerability in the DNS subsystem of the Cisco Videoscape Distribution Suite for Internet Streaming VDS-IS used by Cisco services routers could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient validation of specific...

Cisco WebEx Meetings Server Administrative Portal Cross-Site Scripting Vulnerability

A vulnerability in the administration portal page of the Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks. The vulnerability is due to insufficient validation of user-supplied input submitted to the administration portal page ...

Cisco IOS Software Autonomic Networking Infrastructure Overwrite Vulnerability

A vulnerability in the Autonomic Networking Infrastructure ANI feature of Cisco IOS software could allow an unauthenticated, remote attacker to overwrite some configuration values received via ANI. The vulnerability is due to insufficient validation of received Autonomic Networking AN messages. A...

Cisco Content Services Switch (11500) Unauthenticated Port Forwarding Vulnerability

A vulnerability in the Management Interface of the Cisco Content Services Switch 11500 could allow an unauthenticated, remote attacker to gain unauthorized access to other devices on the network. The vulnerability is due to improper handling of SSH packets. An attacker could exploit this...

Cisco Virtual TelePresence Server Serial Console Privileged Access Vulnerability

A vulnerability in Cisco Virtual TelePresence Server Software could allow an authenticated, local attacker to access the shell of the underlying operating system with the privilege level of the root user. The vulnerability is due to undocumented privileged access through the serial connection,...

Cisco AnyConnect Secure Mobility Client Arbitrary Code Execution Vulnerability

A vulnerability in the inter-process communication IPC channel of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to execute arbitrary code with elevated privileges. The vulnerability is due to unauthenticated IPC commands which allow software installation as...

Cisco AnyConnect Secure Mobility Client Arbitrary Code Execution Vulnerability

A vulnerability in the inter-process communication IPC channel of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to execute arbitrary code. The vulnerability is due to a lack of input sanitization of certain IPC commands. An attacker could exploit this...

Cisco AnyConnect Secure Mobility Client Hostscan Path Traversal Vulnerability

A vulnerability in the inter-process communication IPC channel of the Cisco AnyConnect Secure Mobility Client Hostscan module could allow an authenticated, local attacker to write and overwrite arbitrary files with elevated privileges. The vulnerability is due to insufficient path traversal...

Cisco AnyConnect Secure Mobility Client Arbitrary File Write Vulnerability

A vulnerability in the inter-process communication IPC channel of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to write arbitrary files with elevated privileges. The vulnerability is due to lack of authentication or authorization of certain IPC commands. An...

Cisco Intrusion Prevention System MainApp Secure Socket Layer Denial of Service Vulnerability

The Cisco Intrusion Prevention System IPS Software has a vulnerability within the SSL/TLS subsystem utilized by the web management interface which could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. Cisco has released software updates that address this...

Multiple Vulnerabilities in Cisco TelePresence Video Communication Server, Cisco Expressway, and Cisco TelePresence Conductor

Cisco TelePresence Video Communication Server VCS, Cisco Expressway and Cisco TelePresence Conductor contain the following vulnerabilities: SDP Media Description Denial of Service Vulnerability Authentication Bypass Vulnerability Successful exploitation of the SDP Media Description Denial of...

Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products

Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service condition or perform a man-in-the-middle attack. On January 8, 2015, the OpenSSL Project released a securi...

Row Hammer Privilege Escalation Vulnerability

On March 9, 2015, new research was published that takes advantage of a flaw in double data rate type 3 DDR3 synchronous dynamic random-access memory SDRAM to perform privilege escalation attacks on systems that contain the affected hardware. The flaw is known as Row Hammer. To attempt an attack,...

Cisco Secure Access Control Server Default Tomcat Administration Interface Vulnerability

A vulnerability in Cisco Secure Access Control Server ACS may allow an authenticated, remote attacker to render the ACS web interface unreachable and to execute arbitrary code on the server with the privileges of the web server. The vulnerability is due to a default Tomcat administration web...

Cisco IOS Software Authentication Proxy Bypass Vulnerability

A vulnerability in the Authentication Proxy feature of Cisco IOS Software could allow a remote attacker to bypass the authentication. The vulnerability is due to the incorrect processing of unsupported Authentication, Authorization, and Accounting AAA return codes from the AAA feature by the...

Cisco Network Analysis Module Cross-Site Scripting Vulnerability

A vulnerability in the login page of the Cisco Network Analysis Module NAM could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by convincing the NAM us...

Cisco Unified Web Interaction Manager Cross-Site Scripting Vulnerability

A vulnerability in Cisco Unified Web Interaction Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability is due to a lack of input sanitization of the Cisco Unified Web...

Cisco ACE 4710 Application Control Engine and Application Networking Manager Cross-Site Request Forgery Vulnerability

A vulnerability in the web GUI of the Cisco Application Networking Manager ANM and the Device Manager DM in the Cisco ACE 4710 Application Control Engine ACE Appliance could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against the user of the web...

Cisco Common Services Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Common Services help pages could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface on the affected system. The vulnerability is due to insufficient input validation of some...

Cisco UCS C-Series Integrated Management Controller Denial of Service Vulnerability

A vulnerability in the Cisco Integrated Management Controller IMC of Cisco Unified Computing System UCS C-Series Servers could allow an unauthenticated, adjacent attacker to access specific controls on the Cisco IMC on an affected device. The vulnerability is due to insufficient input validation...

Cisco AsyncOS Software HTTP Redirect Vulnerability

A vulnerability in the web framework of Cisco AsyncOS could allow an unauthenticated, remote attacker to inject a crafted HTTP header that could cause a web page redirection to a malicious website. The vulnerability is due to insufficient validation of user input before it is used as an HTTP head...

Cisco Collaboration Desk Experience Endpoints Command Injection Vulnerability

A vulnerability in the image upgrade facility of Cisco Collaboration Desk Experience DX Series endpoints could allow an authenticated, local attacker to execute commands in the context of the underlying operating system. The vulnerability is due to insufficient sanitization of input during the...

Cisco Intrusion Prevention System Key Regeneration HTTPS Denial of Service Vulnerability

A vulnerability in the SSL/TLS subsystem used by the web management interface of Cisco Intrusion Prevention System IPS software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to a potential race condition while regenerating the...

Cisco IOS XR Software IPv6 Malformed Packet Denial of Service Vulnerability

A vulnerability in the parsing of malformed IP version 6 IPv6 packets in Cisco IOS XR Software for Cisco Network Convergence System 6000 NCS 6000 and Cisco Carrier Routing System CRS-X could allow an unauthenticated, remote attacker to cause a reload of a line card that is processing traffic. The...

Cisco Web Security Appliance HTTP Proxy Bypass Vulnerability

A vulnerability in the proxy engine of the Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to bypass the security restriction. The vulnerability is due to improper handling of malformed HTTP methods. An attacker could exploit this vulnerability by crafting an...

Cisco Web Security Appliance Cross-Site Scripting Vulnerability

A vulnerability in the Administrator report page of the Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by...

Cisco Hosted Collaboration Solution Unauthorized System Access Vulnerability

A vulnerability in the Simple Object Access Protocol SOAP Interface of the Cisco Hosted Collaboration Solution HCS could allow an unauthenticated, remote attacker to gain unauthorized access to a targeted system. An attacker could exploit the vulnerability by transmitting crafted Challenge SOAP...

Cisco Unified Communications Manager Real-Time Monitoring Tool File Disclosure Vulnerability

A vulnerability in the application programming interface API that supports the Real-Time Monitoring Tool RTMT in Cisco Unified Communications Manager could allow an authenticated, remote attacker to access the contents of arbitrary files on an affected device. The vulnerability is due to a failur...

Cisco Wireless LAN Controller Denial of Service Vulnerability

A vulnerability in the wireless intrusion detection WIDS feature of the Cisco Wireless LAN Controller WLC could allow an unauthenticated, remote attacker to force the WLC to become unresponsive. For a Cisco WLC with a default configuration, the attacker could exploit this vulnerability by sending...

Cisco TelePresence Multipoint Control Unit Denial of Service Vulnerability

A vulnerability in the Cisco TelePresence multipoint control unit MCU could allow an unauthenticated, remote attacker to trigger a reload of an affected system. The vulnerability is due to insufficient sanitization of TCP packets. An attacker could exploit this vulnerability by sending a sequence...

Cisco ASR 5000 System Architecture Evolution Gateway High CPU Utilization Vulnerability

A vulnerability in the Simple Network Management Protocol SNMP code of Cisco ASR 5500 System Architecture Evolution SAE Gateway could allow an unauthenticated, remote attacker to cause high CPU utilization and the SNMP process may stop responding. The vulnerability is due to insufficient validati...

Cisco TelePresence Management Suite XML Vulnerability

A vulnerability in the configuration of the XML parser of the Cisco TelePresence Management Suite TMS could allow an authenticated, remote attacker to cause a denial of service condition. The vulnerability is due to improper handling of XML external entities. An attacker could exploit this...

Cisco ASA Challenge-Response Tunnel Group Selection Bypass Vulnerability

A vulnerability in the authentication code of Cisco ASA Software could allow an authenticated, remote attacker to access resources of a VPN tunnel group. The vulnerability is due to improper implementation of the tunnel group selection when a user authenticates to the remote access VPN via the...