Cisco Adaptive Security Appliance WebVPN Embedded Web Server Denial of Service Vulnerability

A vulnerability in the WebVPN feature of Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to force the ASA to stop accepting new SSL connections. The vulnerability is due to a memory leak in the WebVPN embedded web server. An attacker could exploit this...

Cisco TelePresence IX5000 Series Web Management Vulnerability

A vulnerability in the administrative web management portal of Cisco TelePresence IX5000 Series devices could allow an authenticated, remote attacker to gain unauthorized access to certain pages in the web interface. The vulnerability is due to a failure to properly restrict access given to the...

Cisco IOS Software Access Control List Bypass Vulnerability

A vulnerability in Cisco IOS Software access control lists ACLs that use object groups could occasionally allow an unauthenticated, remote attacker to bypass the ACL. The vulnerability is due to a race condition between process switching and Cisco Express Forwarding switching while evaluating ACL...

Cisco Prime Security Manager Cross-Site Scripting Vulnerability

A vulnerability in multiple web interface pages of Cisco Prime Security Manager could allow an unauthenticated, remote attacker to execute cross-site scripting XSS attacks or hijack user sessions. The vulnerability is due to a failure to properly validate user-supplied input in the Dashboard and...

Cisco Prime Infrastructure Cross-Frame Scripting Vulnerability

A vulnerability in the web interface of the Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack. This vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerability by directing a user ...

Cisco IOS Measurement, Aggregation, and Correlation Engine Denial of Service Vulnerability

A vulnerability in the Measurement, Aggregation, and Correlation Engine MACE feature of Cisco IOS Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a race condition between process switching and Cisco Express Forwarding...

Cisco IOS Measurement, Aggregation, and Correlation Engine Denial of Service Vulnerability

A vulnerability in the Measurement, Aggregation, and Correlation Engine MACE feature of Cisco IOS Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a race condition between process switching and Cisco Express Forwarding...

Cisco Secure Access Control System SQL Injection Vulnerability

Cisco Secure Access Control System ACS prior to version 5.5 patch 8 is vulnerable to a SQL injection attack in the ACS View reporting interface pages. A successful attack could allow an authenticated, remote attacker to access and modify information such as RADIUS accounting records stored in one...

Cisco IOS Software Kernel Timer Vulnerability

A vulnerability in the kernel timers in Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of the affected device. The vulnerability is due to improper management of kernel timers. An attacker could exploit this vulnerability by sending crafted traffic, causing...

Cisco AnyConnect and Cisco Host Scan Web Launch Cross-Site Scripting Vulnerability

A vulnerability in Cisco AnyConnect Secure Mobility Client and Cisco Host Scan could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the client when AnyConnect is launched through the web interface. The vulnerability is due to insufficien...

Cisco IOS Shell Denial of Service Vulnerability

A vulnerability in the Cisco IOS Shell could allow an authenticated, but unprivileged, local user to crash the device. The vulnerability is due to improper processing of IOS Shell commands. An attacker could repeatedly exploit this vulnerability to cause an extended denial of service. Cisco has...

Cisco Prime Infrastructure Cross-Site Request Forgery Vulnerability

A vulnerability in the INSERT page of Cisco Prime Infrastructure PI could allow an unauthenticated, remote attacker to perform a cross-site request forgery CSRF attack against the Cisco PI web interface. The vulnerability is due to insufficient CSRF protections on the Cisco PI web interface. An...

Cisco Prime Infrastructure Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface on the affected system. The vulnerability is due to insufficient input validation of several paramete...

Cisco Adaptive Security Appliance WebVPN Content Rewriter Denial of Service Vulnerability

A vulnerability in the WebVPN functionality of Cisco Adaptive Security Appliance ASA could allow an authenticated, remote attacker to cause an affected device to crash. The vulnerability is due to a fault in the Proxy Bypass Content Rewriter implementation. An attacker could exploit this...

Cisco AsyncOS Software Uuencoded Email Filtering Bypass Vulnerability

A vulnerability in the uuencode inspection engine of Cisco AsyncOS for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass engine protection and deliver a malicious file as an email attachment. The vulnerability is due to improper implementation of the log...

Cisco Unified IP Phone 9900 Series Insecure Device Permissions Vulnerability

A vulnerability in the Cisco Unified IP Phone 9900 Series could allow an authenticated, local attacker to cause a complete denial of service DoS on an affected device. The vulnerability is due to insecure file permissions on some devices. An attacker could exploit this vulnerability by writing to...

Cisco Unified IP Phone 9900 Series Arbitrary File Upload Vulnerability

A vulnerability in the web framework of Cisco Unified IP Phone 9900 Series could allow an unauthenticated, remote attacker to upload arbitrary files to the phone. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafte...

Cisco Unified IP Phone 9900 Series Denial of Service Vulnerability

A vulnerability in the Cisco Unified IP Phone 9900 Series could allow an authenticated, local attacker to cause a denial of service DoS condition on the affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted...

Cisco Unified IP Phone 9900 Series Mobility Extension Availability Vulnerability

A vulnerability in the mobility extension support of Cisco Unified IP Phone 9900 Series could allow an unauthenticated, remote attacker to log off the mobility extension user. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability ...

Cisco Unified IP Phone 9900 Series Data Disclosure Vulnerability

A vulnerability in the mobility extension feature of Cisco Unified IP Phone 9900 Series could allow an unauthenticated, remote attacker to obtain sensitive information. The vulnerability is due to insufficient protections of information in transit. An attacker could exploit this vulnerability by...

Cisco WebEx Meetings Server Command Injection Vulnerability

A vulnerability in the administrative web interface of Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute arbitrary commands on the affected system and on the devices managed by the affected system. The vulnerability is due to improper user input validation. An...

Cisco UCS C-Series Rack Servers Integrated Management Controller Cross-Frame Scripting Vulnerability

A vulnerability in the web interface of the Cisco Integrated Management Controller of the Cisco Unified Computing System C-Series Rack Servers could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack. The vulnerability is due to insufficient HTML iframe...

Cisco NX-OS Software TACACS+ Command Authorization Vulnerability

A vulnerability in the TACACS+ command authorization feature of Cisco NX-OS Software could allow an authenticated, local attacker to cause the system to reset. The vulnerability is due to incorrect processing of very long command-line interface CLI commands by the TACACS+ command authorization...

Cisco WebEx Meetings Server User Enumeration Vulnerability

A vulnerability in the Forgot Password process of the Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to enumerate a valid administrator account. The vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by submitting...

Cisco Unified Communications Domain Manager Administrative Interface Denial of Service Vulnerability

A vulnerability in Cisco Unified Communication Domain Manager UCDM Application Software version 10 could allow an unauthenticated, remote attacker to cause the web server to become unresponsive. As a result, connections to the Cisco UCDM GUI will not be possible during the attack. The vulnerabili...

Cisco Unified Communications Domain Manager Cross-Site Request Forgery Vulnerability

A vulnerability in the web framework code of Cisco Unified Communication Domain Manager version 10 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against the user of the web interface. The vulnerability is due to insufficient CSRF protections. ...

Cisco WebEx Meetings Server XMLAPI Vulnerability

A vulnerability in the XML application programming interface API of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to view sensitive information. The vulnerability is due to improper sanitization of return messages. An attacker could exploit this vulnerability by...

Cisco WebEx Meetings Server Cross-Site Request Forgery Vulnerability

A vulnerability in the web framework of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to perform a cross-site request forgery CSRF attack. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerability by convincing a user of...

GNU glibc gethostbyname Function Buffer Overflow Vulnerability

On January 27, 2015, a buffer overflow vulnerability in the GNU C library glibc was publicly announced. This vulnerability is related to the various gethostbyname functions included in glibc and affects applications that call these functions. This vulnerability may allow an attacker to obtain...

Cisco Prime Service Catalog XML External Entity Processing Vulnerability

A vulnerability in the configuration of the XML parser of Cisco Prime Service Catalog could allow an authenticated, remote attacker to access sensitive data stored on the host operating system or cause system resource consumption that could cause a denial of service condition. Cisco has released...

Cisco Identity Services Engine Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface on the affected system. The vulnerability is due to insufficient input validation on several web...

Cisco 2900 Series Integrated Services Router Network-Based Application Recognition Denial of Service Vulnerability

A vulnerability in the Network-Based Application Recognition NBAR protocol process of the Cisco 2900 Series Integrated Services Router could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability occurs when the NBAR process locks. An attacker coul...

Cisco WebEx Meetings Server User Enumeration Vulnerability

A vulnerability in the web framework of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to enumerate valid user accounts. The vulnerability is due to improper sanitization of a returned message. An attacker could exploit this vulnerability by sending crafted URL reques...

Cisco WebEx Meetings Server Information Disclosure Vulnerability

A vulnerability in the file URI scheme of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access sensitive information. The vulnerability is due to inclusion of sensitive information in URLs. An attacker could exploit the vulnerability by viewing application URL...

Cisco WebEx Meetings Server Unauthorized Invite List Vulnerability

A vulnerability in the outlookpa page of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to modify the invite list of scheduled meetings. The vulnerability is due to improper sanitization of application programming interface API input. An attacker could exploit this...

Cisco Unified Communications Domain Manager Platform High CPU Utilization Denial of Service Vulnerability

A vulnerability in Cisco Unified Communications Domain Manager Platform Software could allow an unauthenticated, remote attacker to cause high CPU utilization, which may affect the performance of the system and make some services unavailable. The vulnerability is due to insufficient implementatio...

Cisco Hosted WebEx Meeting Center Configuration Manipulation Vulnerability

A vulnerability in the Cisco Hosted WebEx Meeting Center service could allow an unauthenticated, remote attacker to enable meeting features that were explicitly disabled by the meeting organizer or site administrator. The vulnerability is due to improper checking of certain meeting parameters whe...

Cisco WebEx Meetings Server Cross-Site Request Forgery Vulnerability

A vulnerability in the web framework of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to perform a cross-site request forgery CSRF attack. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerability by convincing the user o...

Cisco WebEx Meetings Server Authentication Bypass Vulnerability

A vulnerability in the play/modules of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to be granted authenticated administrator access. The vulnerability is due to an exposed application programming interface API. An attacker could exploit this vulnerability by sendin...

Cisco WebEx Meetings Server Cross-Site Scripting Vulnerability

A vulnerability in the sendPwMail.do page of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to improper sanitization of the email...

Cisco Secure Access Control Server Multiple Cross-Site Scripting Vulnerabilities

A vulnerability in the web framework of Cisco Secure Access Control Server ACS could allow an unauthenticated, remote attacker to perform multiple cross-site scripting XSS attacks against a user of the web interface on the affected system. The vulnerability is due to insufficient input validation...

Cisco Secure Access Control Server Privilege Escalation Vulnerability

A vulnerability in role-based access control in Cisco Secure Access Control Server ACS could allow an authenticated, remote attacker to take actions with an elevated authorization level. The vulnerability is due to improper privilege validation. An attacker could exploit the vulnerability by...

Cisco WebEx Meetings Server Password Encryption Vulnerability

A vulnerability in the OutlookAction LI of Cisco WebEx Meetings Server could allow an authenticated, remote attacker to generate sensitive encrypted values. The vulnerability is due to the return of a user's encrypted password. An attacker could exploit this vulnerability by generating these...

Cisco AnyConnect User Interface Dialog Rendered When Connecting to Arbitrary Hosts Vulnerability

A vulnerability in Cisco AnyConnect for Android and Mac OS X could allow an unauthenticated, remote attacker to force the rendering of an authentication form in the client. The vulnerability is due to insufficient validation of the type of host to which AnyConnect establishes a connection. An...

Cisco TelePresence VCS and Expressway High CPU Utilization Vulnerability

A vulnerability in the SIP code of Cisco TelePresence Video Communication Server VCS and Cisco Expressway could allow an unauthenticated, remote attacker to cause high memory consumption and CPU utilization, which could cause some services to become unavailable and degrade performance. The...

Cisco ASA Software DHCPv6 Relay Denial of Service Vulnerability

A vulnerability in the DHCPv6 relay feature of Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient validation of DHCPv6 packets. Cisco ASA Software is affected by this...

Cisco Adaptive Security Appliance DHCPv6 Relay Denial of Service Vulnerability

A vulnerability in the DHCP relay function of Cisco Adaptive Security Appliance ASA software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device. The vulnerability is due to insufficient validation of crafted DHCP packets. Cisco ASA Software is affected by th...

Cisco MDS 9000 Series Denial of Service Vulnerability

A vulnerability in the high availability HA subsystem of Cisco NX-OS running on MDS 9000 series devices could allow an unauthenticated, remote attacker to cause a denial of device DoS condition. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerabilit...

Cisco AsyncOS ISQ XSS Vulnerability

A vulnerability in the web framework of Cisco AsyncOS could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface on the affected system. The vulnerability is due to insufficient input validation of several parameters in the...

Cisco WebEx Meetings Server User Enumeration Vulnerability

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to guess valid user accounts on the targeted system. The vulnerability exists because the affected software fails to refresh the CAPTCHA on the login page. An attacker could exploit this vulnerability b...