Cisco WebEx Sales Center Open Redirect Vulnerability

A vulnerability in Cisco WebEx Sales Center could allow an unauthenticated, remote attacker to cause WebEx Sales Center to issue a redirect to an arbitrary attacker-supplied URL. The vulnerability is due to an open redirect issue in Cisco WebEx Sales Center. An attacker could exploit this...

Cisco WebEx Training Center Cross-Site Request Forgery Vulnerabilities

A vulnerability in the web framework of Cisco WebEx Training Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerability by persuading a user to...

Cisco Webex Training Center Session Password and Access Code Disclosure Vulnerability

A vulnerability in the registration pages of Cisco WebEx Training Center could allow an unauthenticated, remote attacker to obtain the password and access code for a paid training without paying or registering for the training. The vulnerability is due to disclosure of the training session...

Cisco WebEx Multiple Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in Cisco WebEx Business Suite could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. The vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by convincing a user ...

Cisco WebEx Training Center Open Redirect Vulnerability

A vulnerability in Cisco WebEx Training Center could allow an unauthenticated, remote attacker to cause the Cisco WebEx Training Center to issue a redirect to an arbitrary attacker-supplied URL. The vulnerability is due to an open redirect issue in Cisco WebEx Training Center. An attacker could...

Cisco WebEx Training Center Registered Attendee Email Enumeration Vulnerability

A vulnerability in the training registration page in Cisco WebEx Training Center could allow an unauthenticated, remote attacker to enumerate email addresses of registered attendees. The vulnerability is due to registration error messages that allow a user to determine that an email address...

Cisco WebEx Training Center Open Redirect Vulnerability

A vulnerability in Cisco WebEx Training Center could allow an unauthenticated, remote attacker to cause the Cisco WebEx Training Center to issue a redirect to an arbitrary attacker-supplied URL. The vulnerability is due to an open redirect issue in Cisco WebEx Training Center. An attacker could...

Cisco WebEx Training Center Training Session Number Disclosure Vulnerability

A vulnerability in Cisco WebEx Training Center could allow an unauthenticated, remote attacker to view the session number for trainings that require host approval before the host approves the attacker as an attendee. The vulnerability is due to inappropriate disclosure of sensitive information in...

Cisco WebEx Training Center Registration ID Exposure Vulnerability

A vulnerability in Cisco WebEx Training Center could allow an unauthenticated, remote attacker to gather the registration ID of other users. The vulnerability is due to inappropriate disclosure of sensitive information to unauthenticated users. An attacker could exploit this vulnerability by...

Cisco Cloud Portal Unauthenticated File Download Vulnerability

A vulnerability in the web interface of Cisco Cloud Portal could allow an unauthenticated, remote attacker to download certain file types from a vulnerable server. The vulnerability is due to insufficient enforcement of access controls for certain file types. An attacker could exploit this...

Cisco Adaptive Security Appliance Management Connections Denial of Service Vulnerability

A vulnerability in the Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to cause an affected system to become unresponsive to management session requests via SSH, Telnet, HTTP, and HTTPS. The vulnerability is due to a memory leak in the connection...

Cisco IOS XE Software TFTP Denial of Service Vulnerability

A vulnerability in the flow manager code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause flow manager to hold UDP sessions in its table. The vulnerability is due to not releasing memory for flows generated by TFTP UDP traffic. An attacker could exploit this...

Cisco ONS 15454 Controller Card Denial of Service Vulnerability

A vulnerability in the TLS/SSLv3 module of the Cisco ONS 15454 Controller Cards could allow an unauthenticated, remote attacker to cause the control card to reset. The vulnerability is due to improper validation of the TLS/SSLv3 packets. An attacker could exploit this vulnerability by sending a...

Cisco IOS XR Software SNMP Denial of Service Vulnerability

A vulnerability in the Simple Network Management Protocol SNMP module of Cisco IOS XR Software could allow an authenticated, remote attacker to cause a reload of the SNMP process on an affected device. The vulnerability is due to improper processing of SNMP requests for certain MIBs. An attacker...

Cisco Prime Collaboration Assurance Cross-Site Scripting Vulnerability

A vulnerability in the Assurance component of Cisco Prime Collaboration could allow an unauthenticated, remote attacker to conduct several cross-site scripting XSS attacks against the user of the web interface of the affected system. The vulnerability is due to insufficient validation of user...

Cisco Adaptive Security Appliance Malformed DNS Reply Denial of Service Vulnerability

A vulnerability in the DNS code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause the reload of an affected system. The vulnerability is due to improper handling of DNS error cases when the Cisco ASA Software receives a DNS reply packet under a particular system...

Cisco Secure Access Control System Unprivileged Support Bundle Download Vulnerability

A vulnerability in the role-based access control code of the Cisco Secure Access Control System ACS could allow an authenticated, remote attacker to access support bundle information. The vulnerability is due to a failure to check the user privileges correctly when downloading the support bundle...

Cisco IOS XE Software IP Header Sanity Check Denial of Service Vulnerability

A vulnerability in the Cisco Express Forwarding processing module that checks the sanity of IP headers on Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, leading to a denial of service DoS condition. The vulnerability is due to improper...

Cisco IOS Software ICMP Processing Denial of Service Vulnerability

A vulnerability in IPSec tunnel implementation of Cisco IOS Software could allow an unauthenticated, remote attacker to change the tunnel MTU or path MTU and potentially cause IPSec tunnels to drop. The vulnerability is due to incorrect processing of certain ICMP packets. An attacker could exploi...

Cisco Wireless LAN Controller Buffer Overread Vulnerability

A vulnerability in the Control and Provisioning of Wireless Access Points CAPWAP protocol of the Cisco Wireless LAN Controller WLC could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient data packet validation. An attack...

Cisco Wireless LAN Controller Cross-Frame Scripting Vulnerability

A vulnerability in the web interface of the Cisco Wireless LAN Controller WLC could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack. The vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerability by directing a...

Cisco IOS Software MLDP Denial of Service Vulnerability

A vulnerability in MLDP processing of Cisco IOS Software on Cisco 7600 Series routers could allow an unauthenticated, remote attacker to cause a reload of the affected device, which could lead to a denial of service DoS condition. The vulnerability is due to chunk corruption when MLDP and a large...

Cisco IOS XE Software AAA DHCP Denial of Service Vulnerability

A vulnerability in a DHCP function that assigns IP addresses to AAA clients on Cisco IOS XE Software could allow an authenticated, remote attacker to cause a reload of the affected device. The vulnerability is due to improper processing of AAA packets that require IP address assignment from a DHC...

Cisco Server Provisioner Web Interface Information Disclosure Vulnerability

A vulnerability in the web interface of Cisco Server Provisioner could allow an unauthenticated, remote attacker to access some pages directly that should require authentication. The vulnerability is due to a failure to enforce access controls for the vulnerable pages. An attacker could exploit...

Cisco Nexus 1000V Series Switches Arbitrary Command Execution Vulnerability

A vulnerability in the license installation module of the Cisco Nexus 1000V could allow an authenticated, local attacker to execute arbitrary shell commands. The vulnerability is due to a failure of the install all iso command to properly validate user-supplied input. An attacker could exploit th...

Cisco Services Portal File Download Vulnerability

A vulnerability in the ''Files Available for Download'' window of Cisco Intelligent Automation for Cloud could allow an authenticated, remote attacker to download arbitrary files from the system. The vulnerability is due to a failure to perform sufficient server-side validation of user-supplied...

Cisco Unified Communications Manager Arbitrary File Read/Write Vulnerability

A vulnerability in a command-line utility of Cisco Unified Communications Manager Cisco Unified CM could allow an authenticated, local attacker to read or write data to arbitrary locations on the filesystem. The vulnerability is due to insufficient input validation. An attacker could exploit this...

Cisco Enterprise License Manager Path Traversal Vulnerability

A vulnerability in the license upload interface of the Cisco Enterprise License Manager ELM could allow an authenticated, remote attacker to upload files to arbitrary locations on the filesystem. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerabili...

Cisco IOS Software SSL VPN Interface Queue Wedge Denial of Service Vulnerability

A vulnerability in the Datagram Transport Layer Security DTLS function of the Cisco IOS Software SSL VPN feature could allow an authenticated, remote attacker to cause the SSL VPN gateway interface to stop processing traffic when the queue is full, resulting in a denial of service DoS condition...

Cisco Wireless LAN Controller HTTP Request Denial of Service Vulnerability

A vulnerability in the web framework of the Cisco Wireless LAN Controller WLC could allow an authenticated, remote attacker to create a denial of service DoS condition. The vulnerability is due to improper input validation of configuration parameters. An attacker could exploit this vulnerability ...

Cisco Unified IP Phone 8900/9900 Series Insecure File Permissions Vulnerability

A vulnerability in Cisco Unified IP Phone 9951, Cisco Unified IP Phone 9971, and Cisco Unified IP Phone 8961 could allow an authenticated, local attacker to fully compromise the affected device. The vulnerability is due to insecure file permissions on memory block devices. An attacker could explo...

Cisco Nexus 4000 Series Switches IPv6 Denial of Service Vulnerability

A vulnerability in the IP version 6 IPv6 packet handling routine of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a device to stop responding to neighbor solicitation NS requests, causing a limited denial of service DoS condition. The vulnerability is due to...

Cisco Content Services Gateway Traffic Bypass Vulnerability

A vulnerability in the parse error drop function of the Cisco Content Services Gateway CSG could allow an unauthenticated, remote attacker to bypass configured policies. The vulnerability is due to invalid processing in the parse error drop function. An attacker could exploit this vulnerability b...

Cisco Adaptive Security Appliance IPv6 NAT Denial of Service Vulnerability

A vulnerability in the function that performs IP version 6 IPv6 Network Address Translation NAT for Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of an affected system. The vulnerability is due to improper implementation of the logic that performs NAT when t...

Cisco Adaptive Security Appliance Auto-Update Denial of Service Vulnerability

A vulnerability in the auto-update feature of the Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to cause a reload of the ASA. The vulnerability is due to insufficient input validation of auto-update data. An attacker could exploit this vulnerability by...

Cisco Adaptive Security Appliance Phone Proxy Database Entry Manipulation Vulnerability

A vulnerability in the phone proxy feature of the Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to temporarily insert an invalid entry in the phone proxy connection database. The vulnerability is due to the acceptance of an untrusted certificate. An attacke...

Cisco IOS XR Software OSPFv3 Denial of Service Vulnerability

A vulnerability in the Open Shortest Path First version 3 OSPFv3 implementation in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a crash of the OSPFv3 process on an affected device. The vulnerability is due to improper parsing of malformed type 1 link-state...

Cisco MDS 9000 NX-OS Software Denial of Service Vulnerability

A vulnerability in the supervisor of the Cisco MDS Family could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to improper handling of Virtual Router Redundancy Protocol VRRP frames. An attacker could exploit this vulnerability by...

Cisco WAAS Mobile Remote Code Execution Vulnerability

Cisco Wide Area Application Services WAAS Mobile contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the Cisco WAAS Mobile server with the privileges of the Microsoft Internet Information Services IIS web server. Cisco has released software...

Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability

A vulnerability exists in the Session Initiation Protocol SIP implementation in Cisco IOS Software that could allow an unauthenticated, remote attacker to cause a reload of an affected device or cause memory leaks that may result in system instabilities. To exploit this vulnerability, affected...

Cisco TelePresence VX Clinical Assistant Administrative Password Reset Vulnerability

A vulnerability in the WIL-A module of Cisco TelePresence VX Clinical Assistant could allow an unauthenticated, remote attacker to log in as the admin user of the device using a blank password. The vulnerability is due to a coding error that resets the password for the admin user to a blank...

Cisco Prime Central for Hosted Collaboration Solution Denial of Service Vulnerability

A vulnerability in the ITM web server interface of the Cisco Prime Central for Hosted Collaboration Solution HCS could allow an unauthenticated, remote attacker to cause a denial of service on the targeted device. The vulnerability is due to the ITM port being unable to deal with a TCP flood. An...

Cisco Prime Central for Hosted Collaboration Solution Denial of Service Vulnerability

A vulnerability in the Impact server Java process of Cisco Prime Central for Hosted Collaboration Solution HCS could allow an unauthenticated, remote attacker to crash the Impact server Java process. The vulnerability is due to the Impact server Java process consuming available resources. An...

Cisco ASA CX Safe Search Policy Bypass Vulnerability

A vulnerability in the Safe Search enforcement component of Cisco ASA CX Context-Aware Security could allow an unauthenticated, remote attacker to bypass security policy enforced by the affected component. The vulnerability is due to improper implementation of the logic that should perform the...

Cisco AnyConnect Secure Mobility Client VPNAPI COM Buffer Overflow Vulnerability

A vulnerability in the Active Template Library ATL framework used by a component of the Cisco AnyConnect Secure Mobility Client could allow an unauthenticated, remote attacker to execute arbitrary commands with the privilege of the user executing the web browser. The vulnerability is due to...

Cisco IOS Software Internet Key Exchange Version 2 Anti-replay Protection Disabled Vulnerability

A vulnerability in the implementation of the Cisco IOS Software Internet Key Exchange version 2 IKEv2 protocol may cause the anti-replay capabilities of IPsec to be disabled. This issue occurs only when using the Advanced Encryption Standard Galois/Counter Mode AES-GCM or the AES Galois Message...

Cisco Adaptive Security Appliance Software Clientless SSL VPN Rewriter Denial of Service Vulnerability

A vulnerability in the clientless SSL VPN feature of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker to cause an affected system to reload. The vulnerability is due to a stack overflow while browsing internal resources via the clientless SSL VPN portal...

Cisco Unified Communications Manager Denial of Service Vulnerability

A vulnerability in Cisco Unified Communications Manager Unified CM could allow an unauthenticated, remote attacker to create a denial of service DoS condition. The vulnerability is due to improper parsing of a SIP message. An attacker could exploit this vulnerability by sending a specific SIP...

Multiple Vulnerabilities in Cisco IOS XE Software for 1000 Series Aggregation Services Routers

Cisco IOS XE Software for 1000 Series Aggregation Services Routers ASR contains the following denial of service DoS vulnerabilities: Cisco IOS XE Software Malformed ICMP Packet Denial of Service Vulnerability Cisco IOS XE Software PPTP Traffic Denial of Service Vulnerability Cisco IOS XE Software...

Cisco Identity Services Engine Guest User Account Exhaustion Vulnerability

A vulnerability in Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to exhaust guest user account resources. The vulnerability is due to a guest account creation page that allows unlimited guest accounts to be created upon refreshing the page. An attacker could...