Cisco Security Manager HTTP Header Redirection Vulnerability

A vulnerability in the web framework of Cisco Security Manager could allow an unauthenticated, remote attacker to inject a crafted HTTP header, which will cause a web page redirection to a possible malicious website. The vulnerability is due to insufficient validation of user input before using i...

Cisco Unity Connection Cross-Site Scripting Vulnerability

A vulnerability in Cisco Unity Connection Web Inbox could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. The vulnerability is due to insufficient input validation of a parameter. An attacker could exploit this vulnerability by persuading a user to access a...

Cisco IOS Software High Priority Queue Denial of Service Vulnerability

A vulnerability in the packet driver code of Cisco IOS Software could allow an unauthenticated, remote attacker to cause a reload of the affected device, resulting in a denial of service DoS condition. The vulnerability is due to how the packet driver code handles packets that belong to protocols...

Cisco Prime Security Manager Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Prime Security Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface on the affected system. The vulnerability is due to insufficient input validation of several...

Cisco 7600 Series Route Switch Processor 720 with 10 Gigabit Ethernet Uplinks Denial of Service Vulnerability

A vulnerability in the Cisco 7600 Series Route Switch Processor 720 with 10 Gigabit Ethernet Uplinks models RSP720-3C-10GE and RSP720-3CXL-10GE could allow an unauthenticated, remote attacker to cause the route processor to reboot or stop forwarding traffic. The vulnerability is due to an issue i...

Cisco IOS Software Crafted IPv6 Packet Denial of Service Vulnerability

A vulnerability in the implementation of the IP version 6 IPv6 protocol stack in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause I/O memory depletion on an affected device that has IPv6 enabled. The vulnerability is triggered when an affected...

Cisco IOS Software Internet Key Exchange Version 2 Denial of Service Vulnerability

A vulnerability in the Internet Key Exchange Version 2 IKEv2 module of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of the affected device that would lead to a denial of service DoS condition. The vulnerability is due to how an...

Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability

A vulnerability in the Session Initiation Protocol SIP implementation in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device. To exploit this vulnerability, affected devices must be configured to process SIP messages...

Cisco IOS Software SSL VPN Denial of Service Vulnerability

A vulnerability in the Secure Sockets Layer SSL VPN subsystem of Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to a failure to process certain types of HTTP requests. To exploit the vulnerability, an attacke...

Cisco IOS Software Network Address Translation Vulnerabilities

The Cisco IOS Software implementation of the Network Address Translation NAT feature contains two vulnerabilities when translating IP packets that could allow an unauthenticated, remote attacker to cause a denial of service condition. Cisco has released software updates that address these...

Cisco IOS Software Sup2T Denial of Service Vulnerability

A vulnerability in Cisco Catalyst 6500 Supervisor Engine 2T Sup2T could allow an unauthenticated, remote attacker to crash the device. The vulnerability is due to incorrect processing multicast traffic by the Sup2T. An attacker could exploit this vulnerability by sending crafted packets to the...

Cisco Hosted Collaboration Solution Denial of Service Vulnerability

A vulnerability in Java code on the Cisco Hosted Collaboration Solution HCS could allow an unauthenticated, remote attacker to close TCP ports used by the system. The vulnerability is due to improper packet processing in the Java code. An exploit could allow the attacker to create a denial of...

Cisco AsyncOS Software Code Execution Vulnerability

Cisco AsyncOS Software for Email Security Appliance ESA and Cisco Content Security Management Appliance SMA contain a vulnerability that could allow an authenticated remote attacker to execute arbitrary code with the privileges of the root user. Cisco has released software updates that address th...

Cisco Hosted Collaboration Solution Memory Leak Vulnerability

A vulnerability in the graphical user interface of the Impact server in the Cisco Hosted Collaboration Solution HCS could allow an unauthenticated, remote attacker to cause a memory leak. The vulnerability is due to improper packet processing in the application. An exploit could allow the attacke...

Cisco Adaptive Security Appliance WebVPN Login Page Cross-Site Scripting Vulnerability

A vulnerability in the WebVPN login page of Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of WebVPN on the Cisco ASA. The vulnerability is due to insufficient input validation of a...

Cisco Intelligent Automation for Cloud Cryptographic Implementation Issues

Issues in the cryptographic implementation of Cisco Intelligent Automation for Cloud Cisco IAC may allow an unauthenticated, remote attacker to recover cryptographic material used in all Cisco IAC installations. The issues are due to the inclusion of fixed cryptographic material in the product...

Cisco Small Business Router Password Disclosure Vulnerability

A vulnerability in the web management interface of the Cisco RV110W Wireless-N VPN Firewall, the Cisco RV215W Wireless-N VPN Router, and the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain administrative-level access to the web management interface of t...

Multiple Vulnerabilities in Cisco Wireless LAN Controllers

The Cisco Wireless LAN Controller WLC product family is affected by the following vulnerabilities: Cisco Wireless LAN Controller Denial of Service Vulnerability Cisco Wireless LAN Controller Unauthorized Access to Associated Access Points Vulnerability Cisco Wireless LAN Controller IGMP Version 3...

Cisco IPS MainApp SNMP Denial of Service Vulnerability

A vulnerability in the SNMP code of Cisco Intrusion Prevention System IPS Software could allow an unauthenticated, remote attacker to cause the MainApp process to become unresponsive. This creates a denial of service DoS condition because the Cisco IPS sensor is not able to execute several critic...

Cisco Unified Communications Domain Manager Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface on the affected system. The vulnerability is due to insufficient input validation of...

Cisco Unified Contact Center Express Serviceability Page CSRF Vulnerability

A vulnerability in the Cisco Unified Serviceability component of Cisco Unified Contact Center Express Cisco Unified CCX could allow an unauthenticated, remote attacker to perform a cross-site request forgery CSRF attack. The vulnerability is due to insufficient CSRF protections. An attacker could...

Cisco Unified Contact Center Express DRS Sensitive Information Disclosure Vulnerability

A vulnerability in the disaster recovery system DRS of Cisco Unified Contact Center Express Cisco Unified CCX could allow an authenticated, remote attacker to acquire sensitive information about DRS-related devices. The vulnerability is due to extraneous information included in the web page. An...

Cisco Unified Contact Center Express CCMConfig Sensitive Information Disclosure Vulnerability

A vulnerability in the CCMConfig page of Cisco Unified Contact Center Express Cisco Unified CCX could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to the presence of sensitive information in the CCMConfig page. An attacker could exploit this...

Cisco Unified Communications Manager CAPF Certificate Import Arbitrary File Read/Write Vulnerability

A vulnerability in the Certificate Authority Proxy Function CAPF command-line function for certificate import of Cisco Unified Communications Manager Cisco Unified CM could allow an authenticated, local attacker to read or write arbitrary files to the underlying operating system. The vulnerabilit...

Cisco Unified Communications Manager CAPF CLI Command Injection Vulnerability

A vulnerability in the Certificate Authority Proxy Function CAPF command-line interface CLI of Cisco Unified Communications Manager Cisco Unified CM could allow an authenticated, local attacker to inject commands into the underlying operating system. The vulnerability is due to insufficient input...

Cisco Unified Communications Manager OS Administration CSRF Vulnerability

A vulnerability in the OS Administration page of Cisco Unified Communications Manager Cisco Unified CM could allow an unauthenticated, remote attacker to perform a cross-site request forgery CSRF attack against the OS Administration web interface. The vulnerability is due to insufficient CSRF...

Cisco Prime Infrastructure Command Execution Vulnerability

A vulnerability in Cisco Prime Infrastructure could allow an authenticated, remote attacker to execute arbitrary commands with root-level privileges. The vulnerability is due to improper validation of URL requests. An attacker could exploit this vulnerability by requesting an unauthorized command...

Cisco Unified Communications Manager CAPF Unauthenticated Device Information Update Vulnerability

A vulnerability in the Certificate Authority Proxy Function CAPF of Cisco Unified Communications Manager Cisco Unified CM could allow an unauthenticated, remote attacker to change information related to registered devices. The vulnerability is due to insufficient authentication enforcement. An...

Cisco Unified Communications Manager CAPF CSR Arbitrary File Read/Write Vulnerability

A vulnerability in the Certificate Authority Proxy Function CAPF command-line function for Certificate Signing Request CSR management of Cisco Unified Communications Manager Cisco Unified CM could allow an authenticated, local attacker to read or write arbitrary files to the underlying operating...

Cisco Adaptive Security Appliance Phone Proxy sec_db Race Condition Vulnerability

A vulnerability in the TFTP request function of the Phone Proxy feature of the Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to pass traffic from an untrusted phone through the ASA. The vulnerability is due to a limitation in processing the TFTP request for...

Cisco Adaptive Security Appliance Phone Proxy CTL Authentication Vulnerability

A vulnerability in the Phone Proxy function of the Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to modify the trust of the Certificate Trust List CTL of a remote IP phone. The vulnerability is due to insufficient authentication of the CTL file. An attacker...

Cisco Third-Generation IP Phone CTL Trust Chain Enforcement Vulnerability

A vulnerability in Certificate Trust List CTL authentication of Cisco third-generation IP phones could allow an unauthenticated, remote attacker to inject a crafted CTL file to the IP phone. The vulnerability is due to insufficient authentication of the CTL file. An attacker could exploit this...

Cisco Unified Computing System Central Software Privilege Escalation Vulnerability

A vulnerability in the local-mgmt context in Cisco Unified Computing System Central Software could allow an authenticated, local attacker to gain shell-level access to the affected device. The vulnerability is due to improper input validation in the copy command. An attacker could exploit this...

Cisco Unified Communications Manager Enterprise License Manager Information Disclosure Vulnerability

A vulnerability in the Enterprise License Manager ELM of Cisco Unified Communications Manager Cisco Unified CM could allow an unauthenticated, remote attacker to access underlying ELM files. The vulnerability is due to insufficient authentication enforcement. An attacker could exploit this...

Cisco Unified Communications Manager Java Class File Availability Vulnerability

A vulnerability in the administration interface of Cisco Unified Communications Manager Cisco Unified CM could allow an unauthenticated, remote attacker to access Java class files. The vulnerability is due to insufficient authentication enforcement. An attacker could exploit this vulnerability by...

Cisco Unified Communications Manager Real Time Monitoring Tool Information Disclosure Vulnerability

A vulnerability in Real Time Monitoring Tool RTMT web application of Cisco Unified Communications Manager Cisco Unified CM could allow an unauthenticated, remote attacker to access several files related to the RTMT application. The vulnerability is due to insufficient authentication enforcement. ...

Cisco Unified Communications Manager CAPF Unauthenticated Blind SQL Injection Vulnerability

A vulnerability in the Certificate Authority Proxy Function CAPF of Cisco Unified Communications Manager Cisco Unified CM could allow an unauthenticated, remote attacker to impact the integrity of the system by executing arbitrary SQL queries. The vulnerability is due to a failure to validate...

Cisco Unified Communications Manager IPMA Reflected Cross-Site Scripting Vulnerability

A vulnerability in the Cisco IP Manager Assistant IPMA interface of Cisco Unified Communications Manager Cisco Unified CM could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface on the affected system. The vulnerability is d...

Cisco Firewall Services Module Cut-Through Proxy Denial of Service Vulnerability

Cisco Firewall Services Module FWSM Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a reload of an affected system. The vulnerability is due to a race condition when releasing the memory allocated by the cut-through proxy function. An attacker could...

Unauthorized Access Vulnerability in Cisco Unified SIP Phone 3905

A vulnerability in the Cisco Unified SIP Phone 3905 could allow an unauthenticated, remote attacker to gain root-level access to an affected device. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory i...

Cisco UCS Director Default Credentials Vulnerability

A vulnerability in Cisco Unified Computing System UCS Director could allow an unauthenticated, remote attacker to take complete control of the affected device. The vulnerability is due to a default root user account created during installation. An attacker could exploit this vulnerability by...

Multiple Vulnerabilities in Cisco IPS Software

Cisco Intrusion Prevention System IPS Software is affected by the following vulnerabilities: Cisco IPS Analysis Engine Denial of Service Vulnerability Cisco IPS Control-Plane MainApp Denial of Service Vulnerability Cisco IPS Jumbo Frame Denial of Service Vulnerability The Cisco IPS Analysis Engin...

Cisco Unified Communications Manager WAR File Availability Vulnerability

A vulnerability in the availability of Cisco Unified Communications Manager UCM web archive WAR files could allow an unauthenticated, remote attacker to access the files. The vulnerability is due to missing authentication requirements on locations that store WAR files. An attacker could exploit...

Cisco Unified Communications Manager Enterprise Mobility Application Blind SQL Injection Vulnerability

A vulnerability in the Enterprise Mobility Application EMApp interface of Cisco Unified Communications Manager Cisco Unified CM could allow an unauthenticated, remote attacker to impact the integrity of the system by executing arbitrary SQL queries. The vulnerability is due to a failure to valida...

Cisco Unified Communications Manager CMIVR Blind SQL Injection Vulnerability

A vulnerability in the Cisco Unified Communications Manager UCM Unified CallManager Interactive Voice Response CMIVR interface could allow an unauthenticated, remote attacker to impact the integrity of the system by executing arbitrary SQL queries. The vulnerability is due to a lack of input...

Cisco Unified Communications Manager IPMA Blind SQL Injection Vulnerability

A vulnerability in the Cisco Unified Communications Manager UCM IP Manager Assistant IPMA interface could allow an unauthenticated, remote attacker to impact the integrity of the system by executing arbitrary SQL queries. The vulnerability is due to a lack of input validation on user-supplied...

Cisco Unified Communications Manager Arbitrary File Read Vulnerability

A vulnerability in the bulk administration interface of Cisco Unified Communications Manager UCM could allow an authenticated, remote attacker to read arbitrary files from the underlying file system. The vulnerability is due to insufficient input validation. An attacker could exploit this...

Cisco Unified Communications Manager IPMA Cross-Site Scripting Vulnerability

A vulnerability in the Cisco IP Manager Assistant IPMA interface of Cisco Unified Communications Manager UCM could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface on the affected system. The vulnerability is due to...

Cisco Unified Communications Manager Unauthenticated log4jinit Access Vulnerability

A vulnerability in the log4jinit web application of Cisco Unified Communications Manager UCM could allow an unauthenticated, remote attacker to access the log4jinit web application. The vulnerability is due to insufficient authentication checking when accessing the log4jinit web application. An...

Cisco Unified Communications Manager Operating System-Level Privilege Escalation Vulnerability

A vulnerability in underlying file permissions of specific operating system-level commands of Cisco Unified Communications Manager Cisco Unified CM could allow an authenticated, local attacker to gain elevated privileges. The vulnerability is due to insufficient file permissions. An attacker coul...