Cisco Intrusion Prevention System MainApp Denial of Service Vulnerability

A vulnerability in the web framework of Cisco Intrusion Prevention System IPS Software could allow an authenticated, remote attacker to cause MainApp to hang intermittently because the authentication manager process creates a denial of service DoS condition. The vulnerability is due to improper...

Cisco ASA Authenticated Linux Shell Access Vulnerability

A vulnerability in the Virtual Network Management Center VNMC policy code of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, local attacker to access the underlying Linux operating system with the privileges of the root user. The vulnerability is due to insufficient...

Cisco ASA Clientless SSL VPN Portal Customization Integrity Vulnerability

A vulnerability in the Clientless SSL VPN portal customization framework could allow an unauthenticated, remote attacker to modify the content of the Clientless SSL VPN portal, which could lead to several attacks including the stealing of credentials, cross-site scripting XSS, and other types of...

Cisco ASA Smart Call Home Digital Certificate Validation Vulnerability

A vulnerability in the Smart Call Home SCH feature of Cisco ASA Software could allow an unauthenticated, remote attacker to bypass digital certificate validation if any feature that uses digital certificates is configured on the affected system. The vulnerability exists because when SCH is...

Cisco ASA Local Path Inclusion Vulnerability

A vulnerability in the function that exports environment variables of Cisco ASA Software could allow an authenticated, local attacker to inject a malicious library and take complete control of the system. The vulnerability is due to improper setting of the LDLIBRARYPATH environment. An attacker...

Multiple Vulnerabilities in Cisco ASA Software

2015-July-08 UPDATE: Cisco PSIRT is aware of disruption to some Cisco customers with Cisco ASA devices affected by CVE-2014-3383, the Cisco ASA VPN Denial of Service Vulnerability that was disclosed in this Security Advisory. Traffic causing the disruption was isolated to a specific source IPv4...

Cisco ASA Software SharePoint RAMFS Integrity and Lua Injection Vulnerability

A vulnerability in the SSL VPN code of Cisco ASA Software could allow an authenticated, remote attacker to overwrite arbitrary files present on the RAMFS file system or inject Lua scripts. The vulnerability is due to insufficient validation of the code that handles session information for the SSL...

Cisco IOS XR Software Compression ACL Bypass Vulnerability

A vulnerability in the port or address range compression feature for access control lists ACLs on Typhoon line cards in Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass protection offered by a configured ACL on an affected device. The...

Cisco ASA Software Version Information Disclosure Vulnerability

A vulnerability in the SSL VPN code of Cisco ASA Software could allow an unauthenticated, remote attacker to obtain information about the Cisco ASA Software version. This information could be used for reconnaissance attacks. The vulnerability is due to verbose output returned when a specific URL ...

Cisco WebEx Meetings Server Arbitrary Download Vulnerability

A vulnerability in Cisco WebEx Meetings Server Cisco WMS could allow an unauthenticated, remote attacker to download arbitrary files to an affected device. The vulnerability is due to insufficient user-input validation. An attacker could exploit this vulnerability by submitting crafted URL reques...

GNU Bash Environment Variable Command Injection Vulnerability

On September 24, 2014, a vulnerability in the Bash shell was publicly announced. The vulnerability is related to the way in which shell functions are passed though environment variables. The vulnerability may allow an attacker to inject commands into a Bash shell, depending on how the shell is...

Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability

A vulnerability in the Session Initiation Protocol SIP implementation in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device. To exploit this vulnerability, affected devices must be configured to process SIP messages...

Cisco IOS Software Metadata Vulnerabilities

Two vulnerabilities in the metadata flow feature of Cisco IOS Software could allow an unauthenticated, remote attacker to reload a vulnerable device. The vulnerabilities are due to improper handling of transit RSVP packets that need to be processed by the metadata infrastructure. An attacker coul...

Cisco IOS Software RSVP Vulnerability

A vulnerability in the implementation of the Resource Reservation Protocol RSVP in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker cause the device to reload. This vulnerability could be exploited repeatedly to cause an extended denial of service DoS...

Cisco IOS Software DHCP Version 6 Denial of Service Vulnerability

A vulnerability in the DHCP version 6 DHCPv6 server implementation of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to improper parsing of malformed DHCPv6 packets. An attacker coul...

Multiple Vulnerabilities in Cisco IOS Software Multicast Domain Name System

The Cisco IOS Software implementation of the multicast Domain Name System mDNS feature contains the following vulnerabilities when processing mDNS packets that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition: Cisco IOS Software mDNS Gateway Memory Leak...

Cisco IOS Software Network Address Translation Denial of Service Vulnerability

A vulnerability in the Network Address Translation NAT feature of Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper translation of IP version 4 IPv4 packets. Cisco has released...

Cisco Unified Communications Domain Manager High CPU Utilization Vulnerability

A vulnerability in Cisco Unified Communications Domain Manager Platform Software could allow an unauthenticated, remote attacker to cause high CPU utilization. The vulnerability is due to improper handling of crafted TCP packets. An attacker could exploit this vulnerability by sending crafted TCP...

Cisco Nexus 1000V Cross-Site Scripting Vulnerability

A vulnerability in the VMware vCloud Director of the Cisco Nexus 1000V could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack. The vulnerability is due to insufficient input validation of a user-supplied value. An attacker could exploit this...

Cisco IOS XR Software Malformed TACACS+ Packet Denial of Service Vulnerability

A vulnerability in TACACS+ processing of Cisco IOS XR could allow an unauthenticated, remote attacker to cause a reload of the TACACS+ daemon tacacsd on the affected device. The vulnerability is due to improper parsing of a malformed TACACS+ packet. An attacker could exploit this vulnerability by...

Cisco IOS XR Software Malformed RSVP Packet Denial of Service Vulnerability

A vulnerability in RSVP processing of Cisco IOS XR could allow an unauthenticated, remote attacker to cause a reload of the RSVP process on the affected device. The vulnerability is due to improper parsing of a malformed RSVP packet. An attacker could exploit this vulnerability by sending a...

Cisco IOS XR Software Malformed SNMPv2 Packet Denial of Service Vulnerability

A vulnerability in Simple Network Management Protocol SNMP version 2 SNMPv2 processing of Cisco IOS XR could allow an authenticated, remote attacker to cause a reload of the SNMP daemon snmpd process on an affected device. The vulnerability is due to improper parsing of a malformed SNMPv2 packet...

Cisco IOS XR Software Malformed MPLS Packet Denial of Service Vulnerability

A vulnerability in parsing of malformed Multiprotocol Label Switching MPLS packets in Cisco IOS XR Software for Cisco Network Convergence System 6000 Series Routers could allow an unauthenticated, adjacent attacker to cause a lockup and eventual reload of a network processor unit NPU and a line...

Cisco IOS XR Software Information Disclosure Vulnerability

A vulnerability in the command-line interface CLI of Cisco IOS XR Software could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to insufficient data protection of sensitive information. An attacker could exploit this vulnerability by issuing...

Cisco Unified Communications Manager Cross-Site Redirection Vulnerability

A vulnerability in the web framework code of Cisco Unified Communications Manager Cisco Unified CM could allow an authenticated, remote attacker to conduct a reflected cross-site scripting XSS attack. The vulnerability is due to insufficient validation of a parameter. Cisco has confirmed the...

Cisco TelePresence System MXP Series Software Denial of Service Vulnerability

A vulnerability in Cisco TelePresence System MXP Series Software could allow an unauthenticated, remote attacker to cause an affected system to become unresponsive to management session requests via Telnet. The vulnerability is due to a memory leak when management flows are created. An attacker...

Cisco IOS XR Software DHCPv6 Denial of Service Vulnerability

A vulnerability in the DHCP version 6 DHCPv6 code of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the DHCPv6 server process on an affected device to crash. The vulnerability is due to incorrect handling of malformed DHCPv6 packets. An attacker could exploit this...

Cisco Unified Computing System E-Series Blade Servers Cisco Integrated Management Controller SSH Denial of Service Vulnerability

A vulnerability in the Cisco Integrated Management Controller Cisco IMC SSH module of the Cisco Unified Computing System E-Series Blade servers could allow an unauthenticated, remote attacker to cause a denial of service condition. The vulnerability is due to a failure to properly handle a crafte...

Cisco Integrated Management Controller SSH Denial of Service Vulnerability

A vulnerability in the Cisco Integrated Management Controller Cisco IMC SSH module of the Cisco Unified Computing System E-Series Blade servers could allow an unauthenticated, remote attacker to cause a denial of service condition. The vulnerability is due to a failure to properly handle a crafte...

Cisco Intelligent Automation for Cloud iFrame Vulnerability

A vulnerability in Cisco Intelligent Automation for Cloud could allow an unauthenticated, remote attacker to view sensitive information. The vulnerability is due to a failure to properly check for certain NULL sessions. An attacker could exploit this vulnerability by submitting crafted packets to...

Cisco Intelligent Automation for Cloud URL Redirection Vulnerability

A vulnerability in the URL redirection of Cisco Intelligent Automation for Cloud could allow an authenticated, remote attacker to obtain sensitive information. The vulnerability is due to improper sanitization of redirect URLs. An attacker could exploit this vulnerability by submitting crafted...

Cisco Intelligent Automation for Cloud Arbitrary File Upload Vulnerability

A vulnerability in Cisco Intelligent Automation for Cloud could allow an authenticated, remote attacker to upload arbitrary files. The vulnerability is due to insufficient input validation of a file type. An attacker could exploit this vulnerability by submitting a crafted file to an affected...

Cisco Intelligent Automation for Cloud Enumeration Vulnerability

A vulnerability in Cisco Intelligent Automation for Cloud could allow an unauthenticated, remote attacker to view sensitive information. The vulnerability is due to a failure to properly check for certain NULL sessions. An attacker could exploit this vulnerability by submitting crafted packets to...

Cisco 1800 Series ISR ISDN Basic Rate Interface Denial of Service Vulnerability

Cisco 1800 Series Integrated Services Routers ISR contain a vulnerability in the hardware entropy collection module when the Integrated Services Digital Network ISDN Basic Rate Interface BRI is configured and connected to a public switched network. This could allow an attacker with knowledge of t...

Cisco Transport Gateway for Smart Call Home Unauthorized Configuration Change Vulnerability

A vulnerability in the web framework code of Cisco Transport Gateway for Smart Call Home TG-SCH could allow an unauthenticated, remote attacker to make certain changes to the system. The vulnerability is due to improper implementation of authorization controls when accessing certain administrativ...

Multiple Cross-Site Scripting Vulnerabilities in Transport Gateway for Smart Call Home

A vulnerability in the web framework of Cisco Transport Gateway for Smart Call Home TG-SCH could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input...

Cisco IOS XR Software Packet Parsing Denial of Service Vulnerability

A vulnerability in the packet parsing code of Cisco IOS XR Software for ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to cause a lockup and eventual reload of a Network Processor NP chip and a line card processing traffic. The vulnerability is due ...

Cisco WebEx MeetMeNow Server Directory Traversal Vulnerability

A vulnerability in a PHP file in the Cisco WebEx MeetMeNow Server could allow an authenticated, remote attacker to obtain the contents of arbitrary files on an affected device. The vulnerability is due to improper sanitization of user input. An exploit could allow the attacker to view the content...

Cisco Packet Data Network Gateway Denial of Service Vulnerability

A vulnerability in the Session Manager software of Cisco Packet Data Network Gateway PGW could allow an unauthenticated, remote attacker to cause the Session Manager to crash. The issue is due to insufficient validation of received TCP packets. An attacker could exploit this issue by sending a...

Cisco NX-OS Software SNMP Information Disclosure Vulnerability

A vulnerability in the Simple Network Management Protocol SNMP module of Cisco NX-OS Software could allow an unauthenticated, remote attacker to access sensitive information. The vulnerability is due to a failure to respond to invalid requests in the same manner when specifying a VLAN ID. An...

Cisco Unified Communications Manager and Cisco Unified Presence Server SQL Injection Vulnerability

A vulnerability in certain pages of the administrative web interface of Cisco Unified Communications Manager Cisco Unified CM and Cisco Unified IM and Presence Server formerly Cisco Unified Presence Server could allow an authenticated, remote attacker to perform a number of different SQL injectio...

Cisco Unified Communications Manager CTIManager Vulnerability

A vulnerability in the CTIManager module of Cisco Unified Communications Manager Cisco Unified CM could allow an authenticated, remote attacker to execute arbitrary commands with elevated privileges. The vulnerability is due to a failure to properly validate input contained within Kerberos single...

Cisco Unified Communications Manager SIP Subsystem Vulnerability

A vulnerability in the Session Initiation Protocol SIP subsystem of Cisco Unified Communications Manager Cisco Unified CM could allow an authenticated, remote attacker to trigger a denial of service condition. The vulnerability is due to a failure by the SIP subsystem to properly sanitize...

Cisco Unity Connection SQL Injection Vulnerability

A vulnerability in the web framework code of Cisco Unity Connection could allow an authenticated, remote attacker to execute arbitrary queries on the database. The vulnerability is due to insufficient controls on Structured Query Language SQL statements. An attacker could exploit this vulnerabili...

Cisco Enterprise Content Delivery System Manager HTTP TRACK Vulnerability

A vulnerability in the HTTP TRACK/TRACE method of the Cisco Enterprise Content Delivery System ECDS could allow an unauthenticated, remote attacker read access to some information stored in the affected system. The vulnerability is due to an affected web server. An attacker could exploit this...

Cisco Unified Communications Manager Concurrent Login Vulnerability

A vulnerability in the CLI restrictions setting of Cisco Unified Communications Manager could allow an authenticated, remote attacker to remain undetected as an authenticated user. The vulnerability is due to improper sanitization of authenticated users. Cisco has confirmed the vulnerability in a...

Cisco Unity Connection HTTP Intercept Vulnerability

A vulnerability in Cisco Unity Connection Server could allow an authenticated, remote attacker to elevate privileges and obtain full access to the affected system. The vulnerability is due to improper privilege escalation. An attacker may be able to exploit this vulnerability by reading files...

Cisco Nexus 9000 Series Switches Access List Bypass Vulnerability

A vulnerability in the implementation of the access list logging feature of Cisco Nexus 9000 Series Switches could allow an unauthenticated, remote attacker to bypass the access list restriction for the logged traffic. The vulnerability is due to insufficient policy checks for the logged packets...

Cisco IOS Software and Cisco IOS XE Software EnergyWise Crafted Packet Denial of Service Vulnerability

A vulnerability in the EnergyWise module of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of the affected device. The vulnerability is due to improper parsing of crafted EnergyWise packets destined to an affected device. An attacker could...

Cisco Unified Customer Voice Portal Cross-Site Scripting Vulnerability

A vulnerability in the web based administration interface of the Cisco Unified Customer Voice Portal CVP could allow an unauthenticated, remote attacker to perform a cross-site scripting XSS attack against the user of a web interface. The vulnerability is due to insufficient input validation of a...