5224 matches found
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code, create a denial of service DoS condition, or perform a man-in-the-middle attack. On June 5, 2014, the OpenSS...
Cisco Wide Area Application Services Partial Denial of Service Vulnerability
A vulnerability in Cisco Wide Area Application Services WAAS software, when configured with the SharePoint acceleration feature, could allow an unauthenticated, remote attacker to cause a reload of the application optimization handler. The vulnerability is due to incorrect parsing of SharePoint...
Cisco IOS XE Software PPPoE Denial of Service Vulnerability
A vulnerability in the PPP over Ethernet PPPoE processing code of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a reload of the affected device, which could lead to a denial of service DoS condition. The vulnerability is due to improper processing of certain...
Cisco Tidal Enterprise Scheduler Agent Privilege Escalation Vulnerability
A vulnerability in Cisco Tidal Enterprise Scheduler Agent could allow an authenticated, local attacker to execute arbitrary commands on the affected system with the privileges of the root user. The vulnerability is due to insufficient validation of the Tidal Job Buffers TJB parameters when the...
Cisco Identity Services Engine Blind SQL Injection Vulnerability
A vulnerability in the web framework of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to impact the integrity and availability of the affected system by executing arbitrary SQL queries. The vulnerability is due to a failure to validate user-supplied input in SQL...
Cisco Identity Services Engine RADIUS Service Denial of Service Vulnerability
A vulnerability in Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to cause the affected system to stop processing Remote Authentication Dial-In User Service RADIUS packets. The vulnerability is due to improper implementation of deadlock code when the system...
Cisco Security Manager Cross-Site Scripting Vulnerability
A vulnerability in the web framework of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface. The vulnerability is due to insufficient input validation of a parameter. An attacker could exploit this...
Cisco TelePresence System Directory Information Disclosure Vulnerability
A vulnerability in the code retrieving directory information of Cisco TelePresence System CTS could allow an unauthenticated, remote attacker to intercept and read the content of a directory transferred between the CTS and the Cisco Unified Communications Manager Cisco UCM. The vulnerability is d...
Cisco Security Manager Cross-Site Request Forgery Vulnerability
A vulnerability in the web framework of Cisco Security Manager could allow an unauthenticated, remote attacker to perform a cross-site request forgery CSRF attack against the web interface. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerability by...
Cisco Wide Area Application Services Remote Code Execution Vulnerability
A vulnerability in Cisco Wide Area Application Services WAAS software versions 5.1.1 through 5.1.1d, when configured with the SharePoint acceleration feature, could allow an unauthenticated, remote attacker to exploit a buffer overflow and cause arbitrary code execution. The vulnerability is due ...
Multiple Vulnerabilities in Cisco NX-OS-Based Products
Cisco Nexus, Cisco Unified Computing System UCS, and Cisco 1000 Series Connected Grid Routers CGR are all based on the Cisco NX-OS operating system. These products are affected by one or more of the following vulnerabilities: Cisco NX-OS Virtual Device Context SSH Privilege Escalation Vulnerabili...
Cisco IOS XR Software DHCP Version 6 Process Hang Vulnerability
A vulnerability in the DHCP version 6 DHCPv6 code of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a hang condition of the DHCPv6 server process that could cause the software to stop processing DHCPv6 requests. The vulnerability is due to incorrect handling of...
Cisco IOS XR Software DHCP Version 6 Denial of Service Vulnerability
A vulnerability in the DHCP version 6 DHCPv6 code of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the DHCPv6 process on an affected device to crash. The vulnerability is due to incorrect handling of malformed DHCPv6 packets. An attacker could exploit this...
Cisco Unified Web and E-Mail Interaction Manager Broken Authentication Vulnerability
A vulnerability in Cisco Unified Web and E-Mail Interaction Manager could allow an unauthenticated, remote attacker to capture, forge, or brute force a session identifier transmitted as a parameter in GET requests. The vulnerability is due to improper use of session identifiers in GET requests. A...
Cisco IOS Software Link Layer Discovery Protocol Denial of Service Vulnerability
A vulnerability in Link Layer Discovery Protocol LLDP in Cisco switches could allow an unauthenticated, adjacent attacker to cause a reload of the affected device. The vulnerability is due to incorrect handling of malformed LLDP packets. An attacker could exploit this vulnerability by sending a...
Cisco Security Manager AUS Cross-Site Scripting Vulnerability
A vulnerability in the web framework of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface. The vulnerability is due to insufficient input validation of a parameter, which affects the Auto Update...
Cisco IOS XE Software SNMP Denial of Service Vulnerability
A vulnerability in the SNMP module of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a reload of the affected device. The vulnerability is due to frequent polling of certain MIBs on an affected device. An attacker could exploit this vulnerability by sending continuou...
Cisco Unified Web and E-mail Interaction Manager Cross-Site Scripting Vulnerability
A vulnerability in Cisco Unified Web and E-mail Interaction Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against users of the Cisco Unified Web and E-mail Interaction Manager web interface. The vulnerability is due to insufficient input...
Cisco Unified Web and E-mail Interaction Manager XML External Entities Vulnerability
A vulnerability in the /system/egain/chat/entrypoint script of Cisco Unified Web and E-mail Interaction Manager could allow an unauthenticated, remote attacker to inject malicious XML entities. The vulnerability is due to inadequate input validation. An attacker could exploit this vulnerability b...
Cisco Adaptive Security Appliance Software Crafter RADIUS Packets Denial of Service Vulnerability
A vulnerability in the implementation of the Remote Authentication Dial-in User Services RADIUS code of Cisco ASA Software could allow an authenticated, remote attacker to cause an affected system to reload. The vulnerability is due to insufficient validation of RADIUS packets including crafted...
Cisco IOS Software RTCP Input Queue Vulnerability
A vulnerability in handling Real-Time Control Protocol RTCP traffic in Cisco Unified Border Element CUBE could allow an unauthenticated, remote attacker to cause traffic that is destined to an affected device and traffic that needs to be processed switched to fail. The vulnerability is due to...
Cisco IOS Software ScanSafe Vulnerability
A vulnerability in the content scanning module of Cisco IOS Software could allow an unauthenticated, remote attacker to cause a reload of the affected device. The vulnerability occurs when processing HTTPS packets that need to be redirected to a ScanSafe tower. An attacker could exploit this...
Cisco IOS Software and IOS XE Software LISP Denial of Service Vulnerability
A vulnerability in Locator/ID Separation Protocol LISP control message processing in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a vulnerable device to disable Cisco Express Forwarding and eventually drop traffic passing through. The...
Cisco Broadcast Access Center for Telco and Wireless Cross-Site Scripting Vulnerability
A vulnerability in the web framework of the Cisco Broadcast Access Center for Telco and Wireless BAC-TW could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the Cisco BAC-TW web interface. The vulnerability is due to insufficient input...
Cisco Broadcast Access Center for Telco and Wireless Cross-Site Request Forgery Vulnerability
A vulnerability in the web framework of the Cisco Broadcast Access Center for Telco and Wireless BAC-TW could allow an unauthenticated, remote attacker to perform a cross-site request forgery CSRF attack against the Cisco BAC-TW web interface. The vulnerability is due to insufficient CSRF...
Multiple Vulnerabilities in the Cisco WebEx Recording Format and Advanced Recording Format Players
Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Recording Format WRF and Advanced Recording Format ARF Players. Exploitation of these vulnerabilities could allow a remote attacker to cause an affected player to crash and, in some cases, could allow a remote attacker to execute...
Cisco Adaptive Security Appliance Information Disclosure Vulnerability
A vulnerability in the authorization code of Cisco ASA Software could allow an authenticated, remote attacker to access information stored on the file system of an affected system. The vulnerability is due to improper implementation of authorization controls when an unprivileged user tries to...
Cisco Nexus 1000V Access Control List Bypass Vulnerability
A vulnerability in Cisco Nexus 1000V switches could allow an unauthenticated, remote attacker to bypass deny statements in access control lists ACLs with certain types of Internet Group Management Protocol version 2 IGMPv2 or IGMP version 3 IGMPv3 traffic. IGMP version 1 IGMPv1 is not affected. T...
Cisco Nexus 7000 Denial of Service Vulnerability
A vulnerability in Cisco Nexus 7000 Series Switches could allow an authenticated, local attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to an error in input validation for the sed command. An attacker could exploit this vulnerability by passing...
Cisco TelePresence TC and TE Software u-boot Buffer Overflow Vulnerability
A vulnerability in the implementation of executable utilities that use the universal bootloader u-boot compiler of Cisco TelePresence TC and TE Software could allow an authenticated, local attacker to create a buffer overflow and possibly execute arbitrary code on the affected system. The...
Cisco WebEx Meetings Server Cross-Site Request Forgery Vulnerability
A vulnerability in the web framework code of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to perform a cross-site request forgery CSRF attack. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerability by convincing the...
Multiple Vulnerabilities in Cisco TelePresence TC and TE Software
Cisco TelePresence TC and TE Software are affected by the following vulnerabilities: Six Session Initiation Protocol SIP denial of service vulnerabilities Cisco TelePresence TC and TE Software DNS Buffer Overflow Vulnerability Cisco TelePresence TC and TE Software Input Validation Vulnerability...
Multiple Vulnerabilities in Cisco TelePresence System MXP Series
Cisco TelePresence System MXP Series Software contains the following vulnerabilities: Three SIP denial of service vulnerabilities Three H.225 denial of service vulnerabilities Successful exploitation of these vulnerabilities may allow an attacker to cause system instability and the affected syste...
Cisco Unified Contact Center Express Arbitrary File Upload Vulnerability
A vulnerability in Document Management of Cisco Unified Contact Center Express could allow an authenticated, remote attacker to upload files to arbitrary locations on the filesystem. The vulnerability is due to insufficient parameter validation. An attacker could exploit this vulnerability by...
Cisco Adaptive Security Appliance DHCPv6 Denial of Service Vulnerability
A vulnerability in the DHCP code of Cisco ASA Software could allow an unauthenticated, adjacent attacker to cause the reload of an affected system. The vulnerability is due to insufficient validation of crafted or malformed DHCP version 6 DHCPv6 packets when DHCPv6 replay feature is enabled. An...
Cisco Unified Communications Manager Arbitrary File Read Vulnerability
A vulnerability in the command-line interface CLI of Cisco Unified Communications Manager Cisco UCM could allow an authenticated, local attacker to read the contents of arbitrary files. The vulnerability is due to incomplete input validation. An attacker could exploit this vulnerability by issuin...
Cisco Unified Communications Manager CDR Management Vulnerability
A vulnerability in Call Detail Records CDR Management of Cisco Unified Communications Manager Cisco Unified CM could allow an authenticated, remote attacker to acquire sensitive information. The vulnerability is due to extraneous information included in the web page. An attacker could exploit thi...
Cisco Unified Communications Manager Sensitive Information Disclosure Vulnerability
A vulnerability in Cisco IP Manager Assistant IPMA of Cisco Unified Communications Manager Cisco Unified CM could allow an unauthenticated, remote attacker to access sensitive information on the affected device. The vulnerability is due to improper validation of user input. An attacker could...
Cisco IOS XE Software Malformed L2TP Packet Vulnerability
A vulnerability in the Layer 2 Tunneling Protocol L2TP module of Cisco IOS XE on Cisco ASR 1000 Series Routers could allow an authenticated, remote attacker to cause a reload of the processing ESP card. The vulnerability occurs during the processing of a malformed L2TP packet. An attacker could...
Cisco Adaptive Security Appliance Software SIP Inspection Memory Leak Vulnerability
A vulnerability in the Session Initiation Protocol SIP inspection engine code could allow an unauthenticated, remote attacker to cause a slow memory leak, which may cause instability on the affected system. The vulnerability is due to improper handling of SIP packets inspected by the Cisco Adapti...
Cisco Network Registrar DHCPv6 Denial of Service Vulnerability
A vulnerability in the DHCPv6 server module of Cisco Network Registrar could allow an unauthenticated, remote attacker to cause a reload of the DHCPv6 server on an affected device. The vulnerability is due to the way certain malformed requests are processed. An attacker could exploit this...
Cisco Adaptive Security Appliance SSL VPN Authentication Bypass Vulnerability
A vulnerability in the SSL VPN code could allow an unauthenticated, remote attacker to access the SSL VPN portal web page. The vulnerability is due to improper handling of authentication cookies when the Cisco ASA SSL VPN feature is enabled. An attacker could exploit this vulnerability by manuall...
Multiple Vulnerabilities in Cisco ASA Software
Cisco Adaptive Security Appliance ASA Software is affected by the following vulnerabilities: Cisco ASA ASDM Privilege Escalation Vulnerability Cisco ASA SSL VPN Privilege Escalation Vulnerability Cisco ASA SSL VPN Authentication Bypass Vulnerability Cisco ASA SIP Denial of Service Vulnerability...
OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products
Multiple Cisco products incorporate a version of the OpenSSL package affected by a vulnerability that could allow an unauthenticated, remote attacker to retrieve memory in chunks of 64 kilobytes from a connected client or server. The vulnerability is due to a missing bounds check in the handling ...
Cisco ONS 15454 Controller Card Denial of Service Vulnerability
A vulnerability in the session termination function of the Cisco ONS 15454 Controller Cards could allow an authenticated, remote attacker to cause the control card to reset. The vulnerability is due to an uninitialized pointer. An attacker could exploit this vulnerability by closing sessions in a...
Cisco ONS 15454 Controller Card Denial of Service Vulnerability
A vulnerability in the code of the Cisco ONS 15454 Controller Cards could allow an unauthenticated, remote attacker to cause the control card to reset. The vulnerability is due to improper instructions to reload the controller card. A CAL pipe fails to open when the file descriptors are exhausted...
Cisco ONS 15454 Controller Card Denial of Service Vulnerability
A vulnerability in the code of the Cisco ONS 15454 Controller Cards could allow an unauthenticated, remote attacker to prevent system access to the flash memory on the control card. The vulnerability is caused when the file descriptors are exhausted during a FIN attack. An attacker could exploit...
OpenSSL TLS/DTLS Heartbeat Information Disclosure Vulnerability
A vulnerability in the Transport Layer Security TLS/Datagram Transport Layer Security DTLS heartbeat functionality in OpenSSL used in multiple Cisco products could allow an unauthenticated, remote attacker to retrieve memory in chunks of 64 kilobytes from a connected client or server. The...
Cisco ONS 15454 Controller Card Denial of Service Vulnerability
A vulnerability in the web interface of Cisco ONS15454 controller cards could allow an unauthenticated, remote attacker to cause the control card to reset. The vulnerability is due to incorrect parsing of the HTTP URI. An attacker could exploit this vulnerability by sending specific HTTP requests...
Cisco Unity Connection Directory Traversal Vulnerability
A vulnerability in the messaging API of Cisco Unity Connection could allow an authenticated, remote attacker to execute a directory traversal and download arbitrary files that match the allowed MIME types. The vulnerability occurs because there is insufficient input filtering and file types other...