Cisco Prime Data Center Network Manager Cross-Site Scripting Vulnerability

A vulnerability in the web server hosting the Cisco Prime Data Center Network Manager could allow an unauthenticated, remote attacker to perform a cross-site scripting XSS attack against the user of the web interface. The issue is due to insufficient input validation of parameters by the web...

Cisco Unified Presence Server Sync Agent Vulnerability

A vulnerability in the Intercluster Sync Agent Service on Cisco Unified Presence Server could allow an unauthenticated, remote attacker to trigger a denial of service DoS condition. The vulnerability is due to a SYN flood. An attacker could exploit this vulnerability by exceeding the tcp max...

Cisco WebEx Meetings Server OutlookAction Class Vulnerability

A vulnerability in the OutlookAction Class of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to enumerate valid user accounts. The vulnerability is due to improper sanitization of a returned message. An attacker could exploit this vulnerability by sending crafted URL...

Cisco WebEx Meetings Server Web Framework Vulnerability

A vulnerability in the web framework of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to view sensitive information. The vulnerability occurs because sensitive information is passed in a query string. An attacker could exploit this vulnerability by viewing applicatio...

Cisco WebEx Meetings Server User Enumeration Vulnerability

A vulnerability in the web framework of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to enumerate valid user accounts. The vulnerability is due to improper sanitization of a returned message. An attacker could exploit this vulnerability by sending crafted URL reques...

Cisco WebEx Meetings Server Cross-Site Request Forgery Vulnerability

A vulnerability in the web framework code of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to perform a cross-site request forgery CSRF attack. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerability by convincing the...

Cisco WebEx Meetings Server Authenticated Encryption Vulnerability

A vulnerability in the user.php script of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to view sensitive information. The vulnerability is due to an invalid token timer. An attacker could exploit this vulnerability by submitting crafted URL requests to a vulnerable...

Cisco WebEx Meetings Server Stack Trace Vulnerability

A vulnerability in the ProfileAction controller of Cisco WebEx Meetings Server CWMS could allow an unauthenticated, remote attacker to view sensitive information. The vulnerability is due to improper sanitization of returned messages. An attacker could exploit this vulnerability by submitting...

Cisco TelePresence Management Interface Vulnerability

The Cisco TelePresence administrative web interface login page contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input...

Cisco Security Manager SQL Injection Vulnerability

A vulnerability in the web framework code of Cisco Security Manager could allow an authenticated, remote attacker to execute arbitrary queries on the database. The vulnerability is due to insufficient controls on Structured Query Language SQL statements. An attacker could exploit this vulnerabili...

Cisco IOS XR Software NetFlow Processing Denial of Service Vulnerability

A vulnerability in NetFlow processing in Cisco IOS XR Software for ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to cause a lockup and eventual reload of a Network Processor NP chip and a line card processing traffic. The vulnerability is due to...

Cisco Unified Communications Domain Manager Admin HTTP Redirect Vulnerability

A vulnerability in the web framework of Cisco Unified Communications Domain Manager Cisco Unified CDM Application Software could allow an unauthenticated, remote attacker to redirect a user to a possible malicious website. The vulnerability is due to insufficient validation of user input when...

Cisco Wireless Residential Gateway Remote Code Execution Vulnerability

A vulnerability in the web server used in multiple Cisco Wireless Residential Gateway products could allow an unauthenticated, remote attacker to exploit a buffer overflow and cause arbitrary code execution. The vulnerability is due to incorrect input validation for HTTP requests. An attacker cou...

Cisco IOS XR Software MPLS Packet Denial of Service Vulnerability

A vulnerability in parsing crafted Multiprotocol Label Switching MPLS packets in Cisco IOS XR Software for ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to cause a lockup and eventual reload of a network processor chip and a line card processing...

Cisco ASA CIFS Share Enumeration Denial of Service Vulnerability

A vulnerability in the WebVPN Common Internet File System CIFS access function of Cisco Adaptive Security Appliance ASA could allow an authenticated, remote attacker to trigger a reload of the affected device. The vulnerability is due to missing bounds checks on the response received from the CIF...

Cisco Adaptive Security Appliance Software Filter and Inspect Overlap Denial of Service Vulnerability

A vulnerability in the inspection and filter features of the Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to cause the affected system to reload. The vulnerability is due to an internal traffic loop condition that can be triggered when a received packet is...

Cisco Unified Communications Manager Java Interface SQL Injection Vulnerability

A vulnerability in the Java database interface of Cisco Unified Communications Manager Cisco Unified CM could allow an unauthenticated, remote attacker to impact the integrity of the system by executing arbitrary SQL queries. The vulnerability is due to a failure to validate user-supplied input...

Cisco Unified Communications Manager Real-Time Monitoring Tool Path Traversal Vulnerability

A vulnerability in the Real-Time Monitoring Tool RTMT of Cisco Unified Communications Manager Cisco Unified CM could allow an authenticated, remote attacker to download files from arbitrary locations on the filesystem. The vulnerability is due to insufficient input validation. An attacker could...

Cisco Unified Communications Manager DNA Arbitrary File Upload Vulnerability

A vulnerability in the Multiple Analyzer of the Cisco Unified Communications Manager Dialed Number Analyzer DNA could allow an authenticated, remote attacker to upload arbitrary files to a restricted location on the filesystem. The vulnerability is due to insufficient parameter validation. An...

Cisco Unified Communications Manager DNA Cross-Site Scripting Vulnerability

A vulnerability in the Dialed Number Analyzer DNA of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to perform a cross-site scripting XSS attack against the user of a web interface. The vulnerability is due to insufficient input validation of a parameter in t...

Cisco WebEx Meetings Client Arbitrary File Download Vulnerability

A vulnerability in the File Transfer functionality of the Cisco WebEx Meetings client could allow an unauthenticated, remote attacker to access arbitrary files on another user's computer also running the Cisco WebEx Meetings client. The vulnerability exists because the affected software does not...

Cisco WebEx Meetings Client Heap-Based Buffer Overflow Vulnerability

A vulnerability in the file sharing functionality of the Cisco WebEx Meetings client could allow an unauthenticated, remote attacker to trigger a heap-based buffer overflow in the Cisco WebEx Meetings client running on another user's computer. The vulnerability exists because the affected softwar...

Cisco Unified Communications Manager DNA Path Traversal Vulnerability

A vulnerability in the /dna/viewfilecontents.do URL of the Cisco Unified Communications Manager Dialed Number Analyzer DNA could allow an authenticated, remote attacker to view files from specific locations on the filesystem. The vulnerability is due to insufficient input validation. An attacker...

Cisco Unified Communications Manager DNA Path Traversal Vulnerability

A vulnerability in the Multiple Analyzer of the Cisco Unified Communications Manager Dialed Number Analyzer DNA could allow an authenticated, remote attacker to delete files from arbitrary locations on the filesystem. The vulnerability is due to insufficient input validation. An attacker could...

Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products

Multiple Cisco products include an implementation of the Apache Struts 2 component that is affected by a remote command execution vulnerability identified by Apache with Common Vulnerabilities and Exposures ID CVE-2010-1870. The vulnerability is due to insufficient sanitization on user-supplied...

Cisco Small Business SPA300 and SPA500 Series IP Phones Cross-Site Scripting Vulnerability

A vulnerability in the web user interface of the Cisco Small Business SPA300 and SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute a cross-site scripting XSS attack. The vulnerability is due to insufficient validation of user-supplied input. An attacker could...

Cisco Small Business SPA300 and SPA500 Series IP Phones Local Code Execution Vulnerability

A vulnerability in the Cisco Small Business SPA300 and SPA500 Series IP Phones could allow an unauthenticated, local attacker to access the debug shell and file system of the affected device. The vulnerability is due to insufficient authentication implementation in the debug console interface. An...

Cisco IOS Software and IOS XE Software NTP Access Group Vulnerability

A vulnerability in the implementation of the ntp access-group command in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass the configured Network Time Protocol NTP access group and query the affected NTP-configured server for the time. The...

Cisco IOS XR Software Punt Policer Denial of Service Vulnerability

A vulnerability in the implementation of the punt policer on Trident line cards in Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to overload the CPU on the Trident line card or route processor RP and eventually cause a denial of service DoS...

Cisco Intelligent Automation for Cloud Form Data Viewer Utility Vulnerability

A vulnerability in the Form Data Viewer utility of Cisco Intelligent Automation for Cloud could allow an authenticated, remote attacker to view passwords of provisioned systems. The vulnerability is due to the inclusion of passwords in the form data. An attacker could exploit this vulnerability b...

Cisco Intelligent Automation for Cloud MyServices Vulnerabilities

A vulnerability in the MyServices action of Cisco Intelligent Automation for Cloud could allow an authenticated, remote attacker to acquire sensitive information. The vulnerability is due to the inclusion of sensitive information in URLs. An attacker could exploit this vulnerability by viewing...

Cisco Small Cell Command Execution Vulnerability

A vulnerability in the DHCP client implementation of Cisco Small Cell products could allow an unauthenticated, adjacent attacker to execute commands and possibly take full control of the affected device. The vulnerability is due to improper parsing of crafted DHCP messages. An attacker could...

Multiple Vulnerabilities in Cisco Unified Communications Domain Manager

Cisco Unified Communications Domain Manager Cisco Unified CDM is affected by the following vulnerabilities: Cisco Unified Communications Domain Manager Privilege Escalation Vulnerability Cisco Unified Communications Domain Manager Default SSH Key Vulnerability Cisco Unified Communications Domain...

Cisco IOS Software IPsec Denial of Service Vulnerability

A vulnerability in IPsec processing of Cisco IOS Software could allow an authenticated, remote attacker to cause a reload of the affected device. The vulnerability is due to improper processing of malformed IPsec packets. An attacker could exploit this vulnerability by sending malformed IPsec...

Cisco WebEx Meeting Server Sensitive Information Disclosure Vulnerability

A vulnerability in the XML programmatic interface XML PI of Cisco WebEx Meeting Server could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to disclosure of the meeting information. An attacker could exploit this vulnerability by sending a crafte...

Cisco Adaptive Security Appliance Software WebVPN Information Disclosure Vulnerability

A vulnerability in the WebVPN portal of Cisco Adaptive Security Appliance ASA could allow an authenticated, remote attacker to view sensitive information from the affected system. The vulnerability is due to improper input validation in the WebVPN portal. An attacker could exploit this...

Cisco IOS XE Software Autonomic Networking Infrastructure Overwrite Vulnerability

A vulnerability in the multicast Domain Name System mDNS used for autonomic networking in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to read or overwrite autonomic networking services discovered via mDNS. The vulnerability is due to unconstrained autonomic networking...

Cisco WebEx Meeting Server Sensitive Information Disclosure Vulnerability

A vulnerability in Cisco WebEx Meeting Server could allow an authenticated, remote attacker to acquire sensitive information. The vulnerability is due to inclusion of sensitive information in URLs. An attacker could exploit this vulnerability by viewing application URL requests that contain the...

Cisco Unified Communications Manager Java Interface SQL Injection Vulnerability

A vulnerability in BulkViewFileContentsAction.java of Cisco Unified Communications Manager Cisco Unified CM could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to improper filename parameters. An attacker could exploit this vulnerability by...

Cisco NX-OS Software HSRP Authentication Denial of Service Vulnerability

A vulnerability in Hot Standby Router Protocol HSRP authentication in the Cisco Nexus series could allow an unauthenticated, adjacent attacker to affect the state of HSRP group members and cause black holing of traffic. The vulnerability is due to incorrect parsing of malformed HSRP packets. An...

Cisco IOS XR Software IPv6 Malformed Packet Denial of Service Vulnerability

A vulnerability in the parsing of malformed Internet Protocol version 6 IPv6 packets in Cisco IOS XR Software for ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a lockup and eventual reload of a Network Processor NP chip and a line card...

Cisco Unified Communications Manager Real-Time Monitoring Tool Multiple Vulnerabilities

A vulnerability in the Real-Time Monitoring Tool RTMT of Cisco Unified Communications Manager could allow an authenticated, remote attacker to download or delete files from arbitrary locations on the filesystem. The vulnerability is due to insufficient input validation. An attacker could exploit...

Cisco Wireless LAN Controller Cisco Discovery Protocol Denial of Service Vulnerability

A vulnerability in the Cisco Discovery Protocol subsystem of Cisco Wireless LAN Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition. The vulnerability is due to a failure to properly check for certain NULL values present in a Cisco Discovery...

Cisco AsyncOS Cross-Site Scripting Vulnerability

A vulnerability in the web management interface of Cisco AsyncOS could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface on the affected system. The vulnerability is due to insufficient input validation of a parameter. An...

Multiple Vulnerabilities in OpenSSL Affecting Cisco Products

Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code, create a denial of service DoS condition, or perform a man-in-the-middle attack. On June 5, 2014, the OpenSS...

Cisco Wide Area Application Services Partial Denial of Service Vulnerability

A vulnerability in Cisco Wide Area Application Services WAAS software, when configured with the SharePoint acceleration feature, could allow an unauthenticated, remote attacker to cause a reload of the application optimization handler. The vulnerability is due to incorrect parsing of SharePoint...

Cisco IOS XE Software PPPoE Denial of Service Vulnerability

A vulnerability in the PPP over Ethernet PPPoE processing code of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a reload of the affected device, which could lead to a denial of service DoS condition. The vulnerability is due to improper processing of certain...

Cisco Tidal Enterprise Scheduler Agent Privilege Escalation Vulnerability

A vulnerability in Cisco Tidal Enterprise Scheduler Agent could allow an authenticated, local attacker to execute arbitrary commands on the affected system with the privileges of the root user. The vulnerability is due to insufficient validation of the Tidal Job Buffers TJB parameters when the...

Cisco Identity Services Engine Blind SQL Injection Vulnerability

A vulnerability in the web framework of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to impact the integrity and availability of the affected system by executing arbitrary SQL queries. The vulnerability is due to a failure to validate user-supplied input in SQL...

Cisco Identity Services Engine RADIUS Service Denial of Service Vulnerability

A vulnerability in Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to cause the affected system to stop processing Remote Authentication Dial-In User Service RADIUS packets. The vulnerability is due to improper implementation of deadlock code when the system...