5218 matches found
OpenSSL RSA Temporary Key Cryptographic Downgrade Vulnerability
A vulnerability in OpenSSL could allow an unauthenticated, remote attacker to bypass security restrictions. The vulnerability is due to improper handling of an RSA temporary key. An attacker with a privileged network position could exploit the vulnerability by returning a weak temporary RSA key t...
Cisco Secure Access Control Server Open Redirect Vulnerability
A vulnerability in the web interface of Cisco Secure Access Control Server ACS could allow an unauthenticated, remote attacker to conduct a web page open redirection attack against a user's browser. The vulnerability is due to insufficient input validation of a specific parameter. An attacker cou...
Cisco Jabber Guest Server Cross-Site Scripting Vulnerability
Cisco Jabber Guest Server contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input validation of some parameters...
Cisco Jabber Guest Server HTML5 Response Disclosure
A vulnerability in Cisco Jabber Guest Server could allow an unauthenticated, remote attacker to disclose sensitive information on the targeted system. The vulnerability is due to missing encryption on sensitive data passed via HTTP GET or POST methods by the affected software. An attacker could...
Cisco Jabber Guest Server HTML5 Information Disclosure Vulnerability
A vulnerability in the underlying application programming interface API of the Cisco Jabber Guest Server could allow an unauthenticated, remote attacker to access sensitive system information from the affected system. The vulnerability is due to insufficient validation of specific values passed v...
Cisco Unified Communications Domain Manager XSS Vulnerability
A vulnerability in the web framework of the Cisco Unified Communications Domain Manager application could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web interface on an affected system. The vulnerability is due to imprope...
Cisco Identity Services Engine Periodic Backup Password Disclosure Vulnerability
A vulnerability in the periodic backup functionality of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to discover the password used to encrypt the backup on the system. The vulnerability is due to improper processing of certain client requests by the affected...
Cisco IronPort ESA Subject Header Length Denial of Service Vulnerability
A vulnerability in Subject header length processing on Cisco IronPort Email Security Appliance ESA could allow an unauthenticated, remote attacker to cause a limited denial of service DoS condition on an affected platform. The vulnerability occurs because the appliance does not limit the length o...
Cisco Adaptive Security Appliance Software Information Leak in Syslog Messages Vulnerability
A vulnerability in the syslog management subsystem of devices running Cisco Adaptive Security Appliance ASA Software may allow an unauthenticated, remote attacker to access sensitive information. The vulnerability is due to improper sanitization of syslog messages. An attacker could exploit this...
Cisco Meraki Local Management Interface Firmware Installation Vulnerability
A vulnerability in the local management interface of devices running Cisco Meraki firmware could allow an authenticated, remote attacker on an adjacent network to access a deprecated HTTP handler to install firmware. An authenticated, remote attacker could exploit this vulnerability by...
Cisco Meraki HTTP Handler Local Information Disclosure Vulnerability
A vulnerability in an HTTP handler in Cisco Meraki firmware occurs because the handler does not require requests to come only from the Meraki cloud. This vulnerability could allow a LAN-based attacker to obtain sensitive credential information. An unauthenticated, remote attacker on an adjacent...
Cisco Prime Infrastructure Device Discovery Password Disclosure Vulnerability
A vulnerability in the web interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to view the passwords stored for device discovery. The vulnerability occurs because the Quick Discovery options page contains the stored password in the HMTL page source. An attacker...
Cisco Enterprise Content Delivery System Web Directory Traversal and Arbitrary File Access Vulnerability
A vulnerability in Cisco Enterprise Content Delivery System ECDS could allow an unauthenticated, remote attacker to conduct directory traversal attacks on a targeted system. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could...
Multiple Vulnerabilities in ntpd Affecting Cisco Products
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code or create a denial of service DoS condition. On December 19, 2014, NTP.org and...
Cisco Adaptive Security Appliance DOM Cross-Site Scripting Vulnerability in WebVPN Portal
Cisco Adaptive Security Appliance ASA devices configured for WebVPN contain a DOM-based cross-site scripting vulnerability XSS within the Portal Login page. An unauthenticated, remote attacker who can convince a user to take a malicious action, could perform a XSS attack on the user. The...
Cisco IOS XR Software Malformed RSVP Packet Denial of Service Vulnerability
A vulnerability in RSVP processing of Cisco IOS XR could allow an unauthenticated, remote attacker to cause a reload of the RSVP process on the affected device. The vulnerability is due to improper parsing of a malformed RSVP packet. An attacker could exploit this vulnerability by sending a...
Cisco ISB8320-E High-Definition IP-Only DVR Remote Unauthenticated Access Vulnerability
An issue in Disaster Recovery DRA mode of the Cisco ISB8320-E High-Definition IP-Only DVR could allow an unauthenticated, remote attacker to access the device via telnet without authentication for the duration of the recovery boot. The issue is due to the disaster recovery process. An attacker...
Cisco Prime Security Manager Cross-Site Scripting Vulnerability
A vulnerability in the web framework of Cisco Prime Security Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface on the affected system. The vulnerability is due to insufficient input validation of several...
Cisco Unified Communications Domain Manager Blind Command Injection Vulnerability
A vulnerability in the web framework of Cisco Unified Communications Domain Manager Application Software version 8 could allow an authenticated, remote attacker to inject commands that can be executed by the underlying operating system with the privileges of the web server process. The...
SSL-TLS Implementations Cipher Block Chaining Padding Information Disclosure Vulnerability
A vulnerability in certain implementations of the TLSv1 protocol could allow an unauthenticated, remote attacker to access sensitive information. The vulnerability is due to improper block cipher padding implemented in TLSv1 when using Cipher Block Chaining CBC mode. An attacker could exploit the...
Cisco Unified Computing System B-Series Servers Privilege Escalation Vulnerability
Cisco Unified Computing System B-Series Blade Servers could allow an authenticated, local attacker to gain shell-level access to the affected device. The vulnerability is due to improper input validation in the ping6 and the traceroute6 commands. An attacker could exploit this vulnerability by...
Cisco Unified Computing System Manager Information Disclosure Vulnerability
A vulnerability in the system logs of the Cisco Unified Computing System Manager could allow an unauthenticated, remote attacker to view sensitive system information. The vulnerability is due to the inclusion of sensitive information in certain log files. An attacker could exploit this...
Cisco Integrated Management Controller Privilege Escalation Vulnerability
Cisco Integrated Management Controller contains a vulnerability that could allow an authenticated, local attacker to gain shell-level access to the affected device. The vulnerability is due to improper input validation in the map-nfs command. An attacker could exploit this vulnerability by sendin...
Cisco ASA Software SSL VPN Memory Blocks Exhaustion Vulnerability
A vulnerability in the SSL VPN feature of Cisco ASA Software could allow an unauthenticated, remote attacker to cause the exhaustion of available memory, which could lead to system instability and availability issues on the SSL VPN services. The vulnerability is due to improper implementation of...
Cisco IOS XR Software lighttpd TCP Session Vulnerability
A vulnerability in the lighttpd module of Cisco IOS XR could allow an unauthenticated, remote attacker to cause a reload of the affected lighttpd process. The vulnerability is due to a race condition while handling TCP sessions to the lighttpd module on the affected Cisco IOS XR device. An attack...
Cisco Unified Communications Manager IM and Presence Service Enumeration Vulnerability
A vulnerability in the web framework of the Cisco Unified Communications Manager IM and Presence Service could allow an unauthenticated, remote attacker to enumerate valid user accounts. The vulnerability is due to improper sanitization of a returned message. An attacker could exploit this...
Cisco Integrated Management Controller Cross-Site Request Forgery Vulnerability
A vulnerability in the web framework code of Cisco Integrated Management Controller could allow an unauthenticated, remote attacker to perform a cross-site request forgery CSRF attack. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerability by...
Cisco IOS Software DLSw Information Disclosure Vulnerability
A vulnerability in the DLSw feature of Cisco IOS could allow an unauthenticated, remote attacker to extract information from previously processed packets. The vulnerability is due to the lack of initialization of packet buffers. An attacker could exploit this vulnerability by connecting to the DL...
Cisco Aironet DHCP Denial of Service Vulnerability
A vulnerability in the DHCP subsystem of Cisco Aironet access points could allow an unauthenticated, adjacent attacker to create a denial of service condition. The vulnerability is due to an error condition that may occur when very short DHCP leases are in use. If an attacker can prevent the acce...
Cisco Aironet EAP Debugging Denial of Service Vulnerability
A vulnerability in the debugging features of Cisco IOS running on Cisco Aironet access points could allow an unauthenticated, adjacent attacker to create a denial of service condition. The vulnerability is due to a failure to properly process a certain debugging message that may occur when the...
Cisco Unified Communications Manager Remote Mobile Access Subsystem Vulnerability
A vulnerability in the Remote Mobile Access Subsystem in Cisco Unified Communications Manager Cisco Unified CM could allow an unauthenticated, remote attacker to supply a crafted Transport Layer Security TLS certificate that may be accepted by the affected device. The vulnerability is due to...
Cisco IOS XE Software Challenge/Response Bypass Vulnerability
A vulnerability in the request system shell command supported by specific Cisco IOS XE platforms WS-C3850, WS-C3650, AIR-CT5760, and WS-C4500X could allow an authenticated, local attacker with administrative privilege 15 to access the underlying Linux root shell. The vulnerability is due to...
Cisco Unity Connection Information Disclosure Vulnerability
A vulnerability in the Unified Messaging Service UMS of Cisco Unity Connection, could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to the inclusion of sensitive information in the logs. An attacker could exploit this vulnerability by viewing th...
Cisco Small Business RV Series Routers HTTP Referer Header Vulnerability
A vulnerability in the administrative web interface of the Cisco RV120W Wireless-N VPN Firewall, Cisco RV180 VPN Router, Cisco RV180W Wireless-N Multifunction VPN Router, and Cisco RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to perform a cross-site...
Multiple Vulnerabilities in Cisco Small Business RV Series Routers
The Cisco RV120W Wireless-N VPN Firewall, Cisco RV180 VPN Router, Cisco RV180W Wireless-N Multifunction VPN Router, and Cisco RV220W Wireless Network Security Firewall are affected by the following vulnerabilities: Cisco RV Series Routers Command Injection Vulnerability Cisco RV Series Routers HT...
Cisco Unified Communications Manager Service Interface Reflected Cross-Site Scripting Vulnerability
A vulnerability in the CCM Service interface of the Cisco Unified Communications Manager Server contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerabilit...
Cisco Unified Communications Manager Admin Interface Reflected Cross-Site Scripting Vulnerability
A vulnerability in the CCM admin interface of the Cisco Unified Communications Manager Server contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability ...
Cisco Unified Communications Manager DNA Interface Reflected Cross-Site Scripting Vulnerability
A vulnerability in the CCM Dialed Number Analyzer interface of the Cisco Unified Communications Manager Server contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. T...
Cisco Unified Communications Manager SQL Injection Vulnerability
A vulnerability in Cisco Unified Communications Manager could allow an authenticated, remote attacker to perform SQL injection. This could allow the attacker to obtain information the affected application can access. The vulnerability is due to a failure to properly sanitize user-supplied input...
Cisco Unified Communications Manager Reports Interface Reflected Cross-Site Scripting Vulnerability
A vulnerability in the CCM reports interface of the Cisco Unified Communications Manager Server contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerabilit...
Cisco ASR901 Crafted IPv4 Packet Denial of Service Vulnerability
A vulnerability in Internet Protocol version 4 IPv4 packet processing of the Cisco ASR901 could allow an unauthenticated, remote attacker to flood packets to the ASR901 CPU. The vulnerability is due to punting crafted IPv4 packets to the CPU for processing. An attacker could exploit this...
Cisco Prime Optical Cross-Site Scripting Vulnerability
A vulnerability in the web framework code of Cisco Prime Optical could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack. The vulnerability is due to insufficient validation of a parameter. An attacker could exploit this vulnerability by persuading a...
SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
On October 14, 2014, a vulnerability was publicly announced in the Secure Sockets Layer version 3 SSLv3 protocol when using a block cipher in Cipher Block Chaining CBC mode. SSLv3 is a cryptographic protocol designed to provide communication security, which has been superseded by Transport Layer...
Multiple Vulnerabilities in Cisco TelePresence Video Communication Server and Cisco Expressway Software
Cisco TelePresence Video Communication Server VCS and Cisco Expressway Software includes the following vulnerabilities: Cisco TelePresence VCS and Cisco Expressway Crafted Packets Denial of Service Vulnerability Cisco TelePresence VCS and Cisco Expressway SIP IX Filter Denial of Service...
Cisco TelePresence MCU Software Memory Exhaustion Vulnerability
A vulnerability in the network stack of Cisco TelePresence MCU Software could allow an unauthenticated, remote attacker to cause the exhaustion of available memory which could lead to system instability and a reload of the affected system. Cisco has released software updates that address this...
Cisco Intrusion Prevention System IP Logging Denial of Service Vulnerability
A vulnerability in the IP logging feature of Cisco Intrusion Prevention System IPS Software could allow an unauthenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to a race condition when writing the IP logging file. An attacker could exploit this...
Cisco AsyncOS Software ZIP Filtering Bypass Vulnerability
A vulnerability in the ZIP inspection engine of Cisco AsyncOS for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass the engine protection and deliver malicious ZIP files. The vulnerability is due to improper implementation of the logic for analyzing the...
Cisco IOS XE Software Autonomic Networking Infrastructure Routing Protocol for Low-Power and Lossy Networks Vulnerability
A vulnerability in the IPv6 Routing Protocol for Low-Power and Lossy Networks RPL of Cisco IOS XE could allow an unauthenticated, adjacent attacker to inject routes into the autonomic control plane ACP. The vulnerability is due to RPL being active on ACP as well as the external Autonomic Networki...
Cisco IOS XE Software Autonomic Networking Infrastructure Certificate Validation Vulnerability
A vulnerability in certificate validation for Autonomic Networking Infrastructure ANI of Cisco IOS XE Software could allow an unauthenticated, remote attacker to masquerade as another device. The vulnerability is due to incomplete certificate validation. An attacker could exploit this vulnerabili...
Cisco IOS XE Software Autonomic Networking Infrastructure Certificate Chain Validation Vulnerability
A vulnerability in certificate validation for Autonomic Network Infrastructure ANI of Cisco IOS XE Software could allow an unauthenticated, remote attacker to provide an invalid message and have the ANI device accept it. The vulnerability is due to incomplete certificate validation. An attacker...