Cisco Identity Services Engine HTTP Control Interface for NAC Web Agent Cross-Site Scripting Vulnerability

A vulnerability in the HTTP control interface for NAC Web Agent of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to execute a cross-site scripting XSS attack. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerabili...

Cisco WebEx Meetings Server Unauthorized Meeting Actions Vulnerability

A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attackers to join meetings they have not been authorized to attend or to end meetings for which they are not the host. The vulnerability is due to insufficient validation of user-supplied input. An attacker could...

Cisco Identity Services Engine Reports Output Cross-Site Scripting Vulnerability

A vulnerability in certain report output pages of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the report pages of Cisco ISE. The vulnerability is due to insufficient input validation. An attacker could...

Cisco Video Surveillance 5000 Series HD IP Dome Camera Multiple Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web user interface of the Cisco Video Surveillance 5000 Series HD IP Dome Cameras could allow an unauthenticated, remote attacker to execute a cross-site scripting XSS attack. The vulnerabilities are due to insufficient validation of user-supplied input. An attacke...

Cisco Secure ACS Portal Session Management Vulnerability

A vulnerability in the portal interface of Cisco Secure Access Control System ACS could allow an authenticated, remote attacker to access the portal with the access capabilities of another user. The vulnerability is due to insufficient session management in the portal. An attacker could exploit...

Cisco Video Surveillance Operations Manager MySQL Database Insufficient Authentication Controls Vulnerability

A vulnerability in the configuration of the MySQL database as installed by Cisco Video Surveillance Operations Manager VSOM could allow an unauthenticated, remote attacker to access the MySQL database. The vulnerability is due to insufficient authentication controls. An attacker could exploit thi...

Cisco NX-OS Software Label Distribution Protocol Message Vulnerability

A vulnerability in the Label Distribution Protocol LDP message processing of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an affected device to stop accepting valid LDP sessions during a 60-second period. The vulnerability is due to how certain malformed LDP Hello...

Cisco TelePresence Video Communication Server Expressway Default SSL Certificate Vulnerability

A vulnerability in the Cisco TelePresence Video Communication Server VCS Expressway could allow an unauthenticated, remote attacker to execute a man-in-the-middle MITM attack between one or more affected devices. The vulnerability occurs because the same default SSL certificate is used across all...

Cisco NX-OS Software TACACS+ Command Authorization Vulnerability

A vulnerability in the TACACS+ command authorization code of Cisco NX-OS Software could allow an authenticated, local attacker to execute certain commands without TACACS+ server authorization. The vulnerability is due to the processing of certain commands when executed in a sequence. An attacker...

Cisco ASR 5000 Series Gateway GPRS Support Node Traffic Bypass Vulnerability

A vulnerability in the Wireless Session Protocol WSP function of Cisco ASR 5000 Series Gateway GPRS Support Node GGSN could allow an unauthenticated, remote attacker to browse free of charge instead of being redirected to a Top-Up portal. The vulnerability is due to incorrect processing of certai...

Cisco MediaSense Search and Play Cross-Site Scripting Vulnerability

A vulnerability in the Search and Play interface of Cisco MediaSense could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the portal on the affected system. The vulnerability is due to insufficient input validation of a parameter. An...

Cisco MediaSense Open Redirection Vulnerability

A vulnerability in a specific URL parameter of Cisco MediaSense could allow an unauthenticated, remote attacker to perform site redirection. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including a desired remote site URL in the affect...

Cisco MediaSense Search and Play Authorization Vulnerability

A vulnerability in the Search and Play interface of Cisco MediaSense could allow an authenticated, remote attacker to access recordings in the Search and Play interface. The vulnerability is due to insufficient authorization controls. An attacker could exploit this vulnerability by accessing the...

Cisco TelePresence System Software Command Execution Vulnerability

Cisco TelePresence System Software contains a vulnerability in the System Status Collection Daemon SSCD code that could allow an unauthenticated, adjacent attacker to execute arbitrary commands with the privileges of the root user. Cisco has released software updates that address this...

Cisco TelePresence Video Communication Server SIP Denial of Service Vulnerability

Cisco TelePresence Video Communication Server VCS contains a vulnerability that could allow an unauthenticated, remote attacker to trigger the failure of several critical processes which may cause active call to be dropped and prevent users from making new calls until the affected system is...

Cisco TelePresence ISDN Gateway D-Channel Denial of Service Vulnerability

Cisco TelePresence ISDN Gateway contains a vulnerability that could allow an unauthenticated, remote attacker to trigger the drop of the data channel D-channel, causing all calls to be terminated and preventing users from making new calls. Cisco has released software updates that address this...

Cisco Secure ACS Portal Cross-Site Scripting Vulnerability

A vulnerability in the portal of the Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the portal on the affected system. The vulnerability is due to insufficient input validation of a parameter. A...

Cisco WebEx Meetings Server Enterprise License Manager Administrative Password Disclosure Vulnerability

A vulnerability in the Cisco WebEx Meetings Server Enterprise License Manager web portal could allow an authenticated, remote attacker to view the administrative password for Cisco WebEx Meetings Server in clear text. The vulnerability is due to the inclusion of the Cisco WebEx Meetings Server...

Cisco Secure ACS RMI Arbitrary File Read Vulnerability

A vulnerability in the Remote Method Invocation RMI interface of the Cisco Secure Access Control System ACS could allow an authenticated, remote attacker to read arbitrary files on the Cisco Secure ACS server. The vulnerability is due to insufficient authorization enforcement. An attacker could...

Cisco Jabber for Windows Remote Code Execution Vulnerability

A vulnerability in the Send Screen Capture function of Cisco Jabber for Windows could allow an unauthenticated, remote attacker to install arbitrary files on a targeted system. The vulnerability is due to insufficient validation of data in the packets sent via the send screen capture functionalit...

Cisco ISE Unprivileged Support Bundle Download Vulnerability

A vulnerability in the role-based access control code of the Cisco Identity Services Engine ISE could allow an authenticated, but unprivileged, remote attacker to access support bundle information. The vulnerability is due to a failure to check the user privileges correctly when downloading the...

Multiple Vulnerabilities in Cisco Secure Access Control System

Cisco Secure Access Control System ACS is affected by the following vulnerabilities: Cisco Secure ACS RMI Privilege Escalation Vulernability Cisco Secure ACS RMI Unauthenticated User Access Vulnerability Cisco Secure ACS Operating System Command Injection Vulnerability Cisco Secure ACS uses the...

Cisco Unity Connection Internet Message Access Protocol Denial of Service Vulnerability

A vulnerability in the Internet Message Access Protocol IMAP function of Cisco Unity Connection could allow an authenticated, remote attacker to cause 100 percent CPU utilization on the Cisco Unity Connection server, which may cause a denial of service DoS condition. The vulnerability is due to t...

Cisco 9900 Series IP Phone Crafted Header Unregister Vulnerability

A vulnerability in Session Initiation Protocol SIP header processing of Cisco fourth-generation IP phones could allow an unauthenticated, remote attacker to cause the IP phone to unregister. The vulnerability is due to improper SIP header processing. An attacker could exploit this vulnerability b...

Cisco Secure Access Control System Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface on the affected system. The vulnerability is due to insufficient input validation of a...

Undocumented Test Interface in Cisco Small Business Devices

A vulnerability in the Cisco WAP4410N Wireless-N Access Point, Cisco WRVS4400N Wireless-N Gigabit Security Router, and the Cisco RVS4000 4-port Gigabit Security Router could allow an unauthenticated, remote attacker to gain root-level access to an affected device. Note: Additional research...

Cisco Secure Access Control System Cross-Site Scripting Vulnerability

A vulnerability in Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input validation of a parameter. An attacke...

Cisco Context Directory Agent Replayed RADIUS Accounting Message Vulnerability

A vulnerability in RADIUS message processing of Cisco Context Directory Agent CDA could allow an unauthenticated, remote attacker to affect the contents of the CDA cache. The vulnerability is due to insufficient validation of RADIUS accounting messages. An attacker could exploit this vulnerabilit...

Network Time Foundation ntpd Service Network Traffic Amplification Issue

A vulnerability in the Network Time Protocol NTP package of several Cisco products could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to processing MODEPRIVATE Mode 7 NTP control messages, which have a large...

Cisco Context Directory Agent Mappings Page Cross-Site Scripting Vulnerability

A vulnerability in the Mappings page of Cisco Context Directory Agent CDA could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by...

Cisco Context Directory Agent Privilege Escalation Vulnerability

A vulnerability in the administrative interface of Cisco Context Directory Agent CDA could allow an authenticated, remote attacker to perform administrative actions. The vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by accessing an...

Cisco Adaptive Security Appliance Identity Firewall NetBIOS Logout Probe Auth State Change Vulnerability

A vulnerability in the NetBIOS logout probe feature of the Identity Firewall IDFW feature of the Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to impact the authorization status of users authorized via this feature. The vulnerability is due to insufficient...

Cisco Context Directory Agent Hidden Input Vulnerability

A vulnerability in certain input fields of Cisco Context Directory Agent CDA could allow an authenticated, remote attacker to hide values that are entered in the affected input fields. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by...

Cisco Adaptive Security Appliance RADIUS Change of Authorization Message Replay Vulnerability

A vulnerability in RADIUS Change of Authorization CoA messages of the Identity Firewall IDFW feature of the Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to modify the contents of the IDFW user cache. The vulnerability is due to insufficient validation of...

Cisco Unified Communications Manager Role Bypass Vulnerability

A vulnerability in the administration portal of Cisco Unified Communications Manager Unified CM could allow an authenticated, remote attacker to bypass role restrictions. The vulnerability is due to insufficient role restriction processing. An attacker could exploit this vulnerability by revisiti...

Cisco NX-OS Software Crafted Border Gateway Protocol Update Message Denial of Service Vulnerability

A vulnerability in the Border Gateway Protocol BGP functionality of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause all BGP sessions on the device to reset. The vulnerability is due to the improper processing of specifically crafted BGP update messages. An attacker...

Cisco Unified Presence Server SQL Injection Vulnerability

A vulnerability in the web interface of Cisco Unified Presence Server could allow an authenticated, remote attacker to impact the confidentiality, integrity, and availability of the affected system by executing arbitrary SQL queries. The vulnerability is due to a failure to validate user-supplied...

Cisco IOS XE Software Telnet Authentication Bypass Vulnerability

A vulnerability in the vty authentication of Cisco IOS XE Software 03.02.xxSE and 03.03.xxSE only could allow an unauthenticated, remote attacker to access an affected device without authentication and perform actions on the device with the privileges configured for the vty line interface. The...

Cisco IOS XE Crafted MPLS IP Fragmentation Denial of Service Vulnerability

A vulnerability in the Multiprotocol Label Switching MPLS IP fragmentation function of Cisco IOS XE could allow an unauthenticated, remote attacker to cause the Cisco Packet Processor to crash. The vulnerability is due to input validation processing of the crafted MPLS IP packets. An attacker cou...

Cisco NX-OS Arbitrary File Access Vulnerability

A vulnerability in the Command Line Interface CLI of the Cisco NX-OS Software could allow an authenticated, local attacker to access arbitrary files on the device. The vulnerability is due to improper filtering of user input. An attacker could exploit this vulnerability by leveraging the tar...

Cisco NX-OS Directory Traversal Vulnerability

A vulnerability in the Command Line Interface CLI of the Cisco NX-OS Software could allow an authenticated, local attacker to delete arbitrary files on the device. The vulnerability is due to improper filtering of user input. An attacker could exploit this vulnerability by leveraging the filesys...

Cisco Unified Communications Manager Sensitive Information Disclosure Vulnerability

A vulnerability in the disaster recovery system DRS of Cisco Unified Communications Manager UCM could allow an authenticated, remote attacker to acquire sensitive information about DRS-related devices. The vulnerability is due to extraneous information included in the web page. An attacker could...

Cisco ONS 15454 Transport Node Controller Denial of Service Vulnerability

An issue in the tNetTaskLimit process of the Cisco ONS 15454 Transport Node Controller TNC could allow an unauthenticated, remote attacker to cause the TNC to reload due to a watchdog timeout. The issue is due to a packet processing services process missing health pings due to excessive traffic...

Cisco WebEx Collaboration Partner Access Console Cross-Site Scripting Vulnerability

A vulnerability in the Collaboration Partner Access Console CPAC of Cisco WebEx Business Suite could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this...

Cisco WebEx Meeting Center Mobile Browser Redirection Cross-Site Scripting Vulnerability

A vulnerability in how mobile browsers redirect to the mobile version of Cisco WebEx Meeting Center sites could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. The vulnerability is due to insufficient validation of user-supplied input. An attacker could...

Cisco WebEx Training Center Training Registration Cross-Site Scripting Vulnerability

A vulnerability in the training center registration page of Cisco WebEx Training Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this...

Cisco WebEx Sales Center Mobile Browser Open Redirect Vulnerability

A vulnerability in Cisco WebEx Sales Center could allow an unauthenticated, remote attacker to cause WebEx Sales Center to redirect mobile browsers to an attacker-supplied URL. The vulnerability is due to an open redirect issue in Cisco WebEx Sales Center. An attacker could exploit this...

Cisco WebEx Business Suite Site Access Control Bypass Vulnerability

A vulnerability in the site access control implementation of Cisco WebEx Business Suite could allow an authenticated, remote attacker to inject content from the attacker-controlled WebEx site into another WebEx site. The vulnerability is due to insufficient validation of user-supplied input. An...

Cisco WebEx Training Center Bypass Email Verification to Join Audio Conference Vulnerability

A vulnerability in the training center registration page of Cisco WebEx Training Center could allow an unauthenticated, remote attacker to attend the audio conference for a training session without having to confirm the email address. The vulnerability is due to the disclosure of the training...

Cisco WebEx Sales Center Reflected Cross-Site Scripting Vulnerability

A vulnerability in the administrative page for creating a new product in Cisco WebEx Sales Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit thi...