Cisco UCS B-Series, Managed C-Series, and X-Series Servers Redfish API Command Injection Vulnerability

A vulnerability in the Redfish API of Cisco UCS B-Series, Cisco UCS Managed C-Series, and Cisco UCS X-Series Servers could allow an authenticated, remote attacker with administrative privileges to perform command injection attacks on an affected system and elevate privileges to root. This...

Cisco Nexus Dashboard Fabric Controller Remote Code Execution Vulnerability

A vulnerability in Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, remote attacker with low privileges to execute arbitrary code on an affected device. This vulnerability is due to improper path validation. An attacker could exploit this vulnerability by using the Secur...

Cisco Small Business RV042, RV042G, RV320, and RV325 Routers Denial of Service and Remote Code Execution Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow a remote attacker to execute arbitrary commands on the underlying operating system of an affected device or cause a denial of service DoS condition. For more...

Cisco Meraki MX and Z Series Teleworker Gateway AnyConnect VPN Denial of Service Vulnerabilities

Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a denial of service DoS condition to the AnyConnect VPN service on an affected device. For more information...

Cisco Nexus Dashboard Fabric Controller REST API Command Injection Vulnerability

A vulnerability in Cisco Nexus Dashboard Fabric Controller NDFC, formerly Cisco Data Center Network Manager DCNM, could allow an authenticated, remote attacker with network-admin privileges to perform a command injection attack against an affected device. This vulnerability is due to insufficient...

Cisco Nexus Dashboard and Nexus Dashboard Fabric Controller Unauthorized REST API Vulnerabilities

Multiple vulnerabilities in the REST APIs of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, low-privileged, remote attacker to perform a limited set of network-admin functions on an affected device. For more information about these...

Cisco Nexus Dashboard Fabric Controller Arbitrary Command Execution Vulnerability

A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, low-privileged, remote attacker to perform a command injection attack against an affected device. This vulnerability is due to improper user authorization and insufficient...

Cisco Nexus Dashboard Fabric Controller Configuration Backup Information Disclosure Vulnerability

A vulnerability in the Cisco Nexus Dashboard Fabric Controller NDFC software, formerly Cisco Data Center Network Manager DCNM, could allow an attacker with access to a backup file to view sensitive information. This vulnerability is due to the improper storage of sensitive information within conf...

Cisco Nexus Dashboard Hosted Services Information Disclosure Vulnerabilities

Multiple vulnerabilities in the logging functions of Cisco Nexus Dashboard Fabric Controller NDFC, Cisco Nexus Dashboard Insights, and Cisco Nexus Dashboard Orchestrator NDO could allow an attacker with access to a tech support file to view sensitive information. For more information about these...

Cisco IOS Software on Cisco Industrial Ethernet Series Switches Access Control List Bypass Vulnerability

A vulnerability in the access control list ACL programming of Cisco IOS Software running on Cisco Industrial Ethernet 4000, 4010, and 5000 Series Switches could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to the incorrect handling of IPv4 ACLs o...

Cisco Unified Threat Defense Snort Intrusion Prevention System Engine for Cisco IOS XE Software Security Policy Bypass and Denial of Service Vulnerability

A vulnerability in Cisco Unified Threat Defense UTD Snort Intrusion Prevention System IPS Engine for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured security policies or cause a denial of service DoS condition on an affected device. This vulnerability is...

Cisco IOS XE Software IPv4 Fragmentation Reassembly Denial of Service Vulnerability

A vulnerability in the implementation of the IPv4 fragmentation reassembly code in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper management of resources during fragment...

Cisco SD-WAN vEdge Software UDP Packet Validation Denial of Service Vulnerability

A vulnerability in the UDP packet validation code of Cisco SD-WAN vEdge Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected system. This vulnerability is due to incorrect handling of a specific type of malformed UDP packet. An...

Cisco IOS and IOS XE Software Web UI Cross-Site Request Forgery Vulnerability

A vulnerability in the web UI feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system through the web UI. This vulnerability is due to incorrectly accepting configuration...

Cisco Catalyst Center Static SSH Host Key Vulnerability

A vulnerability in the SSH server of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to impersonate a Cisco Catalyst Center appliance. This vulnerability is due to the presence of a static SSH host key. An attacker could exploit this vulnerability...

Cisco IOS XE Software SD-Access Fabric Edge Node Denial of Service Vulnerability

A vulnerability in the DHCP Snooping feature of Cisco IOS XE Software on Software-Defined Access SD-Access fabric edge nodes could allow an unauthenticated, remote attacker to cause high CPU utilization on an affected device, resulting in a denial of service DoS condition that requires a manual...

Cisco Catalyst SD-WAN Routers Denial of Service Vulnerability

A vulnerability in the process that classifies traffic that is going to the Unified Threat Defense UTD component of Cisco IOS XE Software in controller mode could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability exists...

Cisco IOS XE Software HTTP Server Telephony Services Denial of Service Vulnerability

A vulnerability in the HTTP Server feature of Cisco IOS XE Software when the Telephony Service feature is enabled could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to a null pointer dereference when accessin...

Cisco IOS XE Software Protocol Independent Multicast Denial of Service Vulnerability

A vulnerability in the Protocol Independent Multicast PIM feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to insufficient validation of received IPv4 PIMv2 packets. An...

Cisco IOS XE Software Web UI Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a cross-site request forgery CSRF attack and execute commands on the CLI of an affected device. This vulnerability is due to insufficient CSRF protections for...

Cisco IOS XE Software for Wireless Controllers CWA Pre-Authentication ACL Bypass Vulnerability

A vulnerability in the Central Web Authentication CWA feature of Cisco IOS XE Software for Wireless Controllers could allow an unauthenticated, adjacent attacker to bypass the pre-authentication access control list ACL, which could allow access to network resources before user authentication. Thi...

Cisco IOS and IOS XE Software Resource Reservation Protocol Denial of Service Vulnerability

A vulnerability in the Resource Reservation Protocol RSVP feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service DoS condition. This vulnerability is due to a buff...

Cisco Catalyst SD-WAN Manager Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the web-based...

Cisco Catalyst 9000 Series Switches Denial of Service Vulnerability

A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on the control plane of an affected device. This vulnerability is due to improper handling of frames with VLAN tag information. An attacker could exploit this...

Cisco Routed Passive Optical Network Controller Vulnerabilities

Multiple vulnerabilities in Cisco Routed Passive Optical Network PON Controller Software, which runs as a docker container on hardware that is supported by Cisco IOS XR Software, could allow an authenticated, remote attacker to perform command injection attacks, execute arbitrary commands on the...

Multiple Cisco Products Web-Based Management Interface Privilege Escalation Vulnerability

A vulnerability in the JSON-RPC API feature in Cisco Crosswork Network Services Orchestrator NSO and ConfD that is used by the web-based management interfaces of Cisco Optical Site Manager and Cisco RV340 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to modify the...

Cisco IOS XR Software Dedicated XML Agent TCP Denial of Service Vulnerability

A vulnerability in the Dedicated XML Agent feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service DoS on XML TCP listen port 38751. This vulnerability is due to a lack of proper error validation of ingress XML packets. An attacker could explo...

Cisco IOS XR Software UDP Packet Memory Exhaustion Vulnerability

A vulnerability in the multicast traceroute version 2 Mtrace2 feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust the UDP packet memory of an affected device. This vulnerability exists because the Mtrace2 code does not properly handle packet memory. An...

Cisco IOS XR Software Segment Routing for Intermediate System-to-Intermediate System Denial of Service Vulnerability

A vulnerability in the segment routing feature for the Intermediate System-to-Intermediate System IS-IS protocol of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to insufficient...

Cisco IOS XR Software CLI Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to obtain read/write file system access on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI...

Cisco IOS XR Software Network Convergence System Denial of Service Vulnerability

A vulnerability in the handling of specific Ethernet frames by Cisco IOS XR Software for various Cisco Network Convergence System NCS platforms could allow an unauthenticated, adjacent attacker to cause critical priority packets to be dropped, resulting in a denial of service DoS condition. This...

Cisco IOS XR Software CLI Arbitrary File Read Vulnerability

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to read any file in the file system of the underlying Linux operating system. The attacker must have valid credentials on the affected device. This vulnerability is due to incorrect validation of the...

Cisco Identity Services Engine Command Injection Vulnerability

A vulnerability in specific CLI commands in Cisco Identity Services Engine ISE could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have valid...

Cisco Expressway Edge Improper Authorization Vulnerability

A vulnerability in Cisco Expressway Edge Expressway-E could allow an authenticated, remote attacker to masquerade as another user on an affected system. This vulnerability is due to inadequate authorization checks for Mobile and Remote Access MRA users. An attacker could exploit this vulnerabilit...

Cisco Smart Licensing Utility Vulnerabilities

Multiple vulnerabilities in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to collect sensitive information or administer Cisco Smart Licensing Utility services on a system while the software is running. Cisco has released software updates that address these...

Cisco Duo Epic for Hyperdrive Information Disclosure Vulnerability

A vulnerability in Cisco Duo Epic for Hyperdrive could allow an authenticated, local attacker to view sensitive information in cleartext on an affected system. This vulnerability is due to improper storage of an unencrypted registry key. A low-privileged attacker could exploit this vulnerability ...

Cisco Meraki Systems Manager Agent for Windows Privilege Escalation Vulnerability

A vulnerability in Cisco Meraki Systems Manager SM Agent for Windows could allow an authenticated, local attacker to execute arbitrary code with elevated privileges. This vulnerability is due to incorrect handling of directory search paths at runtime. A low-privileged attacker could exploit this...

Cisco NX-OS Software Python Sandbox Escape Vulnerabilities

Multiple vulnerabilities in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. These vulnerabilities are due to insufficient...

Cisco Application Policy Infrastructure Controller Unauthorized Policy Actions Vulnerability

A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller APIC could allow an authenticated, remote attacker to modify the behavior of default system policies, such as quality of service QoS policies, on an affected system. This...

Cisco Application Policy Infrastructure Controller Privilege Escalation Vulnerability

A vulnerability in the software upgrade component of Cisco Application Policy Infrastructure Controller APIC and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an authenticated, remote attacker with Administrator-level privileges to install a modified software image, leadi...

Cisco NX-OS Software DHCPv6 Relay Agent Denial of Service Vulnerability

A vulnerability in the DHCPv6 relay agent of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper handling of specific fields in a DHCPv6 RELAY-REPLY message. An attacker could...

Cisco NX-OS Software Bash Arbitrary Code Execution and Privilege Escalation Vulnerabilities

Multiple vulnerabilities in Cisco NX-OS Software could allow an authenticated, local attacker with privileges to access the Bash shell to execute arbitrary code with root privileges or elevate privileges to network-admin on an affected device. For more information about these vulnerabilities, see...

Cisco NX-OS Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments for a specific CLI command. An...

Cisco Identity Services Engine REST API Blind SQL Injection Vulnerabilities

Multiple vulnerabilities in the REST API of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct blind SQL injection attacks. These vulnerabilities are due to insufficient validation of user-supplied input in REST API calls. An attacker could exploit these...

Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability is due to improper enforcement of administrative privilege levels for high-value...

Cisco Unified Communications Manager Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user o...

Cisco Unified Communications Manager Denial of Service Vulnerability

A vulnerability in the SIP call processing function of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected devic...

Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. This vulnerability is due to insufficient CSRF...

Cisco Small Business SPA300 Series and SPA500 Series IP Phones Web UI Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an attacker to execute arbitrary commands on the underlying operating system or cause a denial of service DoS condition. For...

Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. For more information about these vulnerabilities, see the Details "detail...