Cisco AnyConnect Secure Mobility Client VPNAPI COM Buffer Overflow Vulnerability

A vulnerability in the Active Template Library ATL framework used by a component of the Cisco AnyConnect Secure Mobility Client could allow an unauthenticated, remote attacker to execute arbitrary commands with the privilege of the user executing the web browser. The vulnerability is due to...

Cisco IOS Software Internet Key Exchange Version 2 Anti-replay Protection Disabled Vulnerability

A vulnerability in the implementation of the Cisco IOS Software Internet Key Exchange version 2 IKEv2 protocol may cause the anti-replay capabilities of IPsec to be disabled. This issue occurs only when using the Advanced Encryption Standard Galois/Counter Mode AES-GCM or the AES Galois Message...

Cisco Adaptive Security Appliance Software Clientless SSL VPN Rewriter Denial of Service Vulnerability

A vulnerability in the clientless SSL VPN feature of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker to cause an affected system to reload. The vulnerability is due to a stack overflow while browsing internal resources via the clientless SSL VPN portal...

Cisco Unified Communications Manager Denial of Service Vulnerability

A vulnerability in Cisco Unified Communications Manager Unified CM could allow an unauthenticated, remote attacker to create a denial of service DoS condition. The vulnerability is due to improper parsing of a SIP message. An attacker could exploit this vulnerability by sending a specific SIP...

Multiple Vulnerabilities in Cisco IOS XE Software for 1000 Series Aggregation Services Routers

Cisco IOS XE Software for 1000 Series Aggregation Services Routers ASR contains the following denial of service DoS vulnerabilities: Cisco IOS XE Software Malformed ICMP Packet Denial of Service Vulnerability Cisco IOS XE Software PPTP Traffic Denial of Service Vulnerability Cisco IOS XE Software...

Cisco Identity Services Engine Guest User Account Exhaustion Vulnerability

A vulnerability in Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to exhaust guest user account resources. The vulnerability is due to a guest account creation page that allows unlimited guest accounts to be created upon refreshing the page. An attacker could...

Cisco Catalyst 3750-X Series Switch Default Credentials Vulnerability

A vulnerability in the Service Module for Cisco Catalyst 3750-X Series Switches could allow an authenticated, local attacker to gain root access to the kernel running on the Cisco Service Module. The vulnerability is due to default credentials on the Cisco Service Module. An attacker could exploi...

Cisco WSA, ESA, and SMA Management GUI Denial of Service Vulnerability

A vulnerability in the GUI function in the web framework code could allow an unauthenticated, remote attacker to cause the GlassFish process to become unresponsive, resulting in a partial denial of service DoS condition. The vulnerability is due to improper handling, processing, and termination o...

Cisco ISE Support Information Download Authentication Bypass Vulnerability

A vulnerability in the implementation of the authentication code that is used to validate requests to download a product support bundle could allow an unauthenticated, remote attacker to download a full product support bundle. The vulnerability is due to an error in the logic that is used to...

Cisco Secure Access Control System Distributed Deployment Denial of Service Vulnerability

A vulnerability in the firewall modules of Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to cause certain internal processes to crash. The vulnerability is due to improper implementation of the firewall rule to limit incoming packets. An attacker could...

Cisco IOS XR Software Route Processor Denial of Service Vulnerability

Cisco IOS XR Software Releases 3.3.0 to 4.2.0 contain a vulnerability when handling fragmented packets that could result in a denial of service DoS condition of the Cisco CRS Route Processor cards listed in the "Affected Products" section of this advisory. The vulnerability is due to improper...

Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products

Multiple Cisco products include an implementation of the Apache Struts 2 component that is affected by a remote command execution vulnerability. The vulnerability is due to insufficient sanitization of user-supplied input. An attacker could exploit this vulnerability by sending crafted requests...

Multiple Vulnerabilities in Cisco Identity Services Engine

Cisco Identity Services Engine ISE contains the following vulnerabilities: Cisco ISE Authenticated Arbitrary Command Execution Vulnerability Cisco ISE Support Information Download Authentication Bypass Vulnerability These vulnerabilities are independent of each other; a release that is affected b...

Cisco ASA VPN Denial of Service Vulnerability

A vulnerability in the VPN authentication code that handles parsing of the username from the certificate on the Cisco ASA firewall could allow an unauthenticated, remote attacker to cause a reload of the affected device. The vulnerability is due to parallel processing of a large number of Interne...

Cisco Unified Computing System Fabric Interconnect Man-In-The-Middle Vulnerability

A vulnerability in the Fabric Interconnect KVM module of Cisco Unified Computing System could allow an unauthenticated, remote attacker to execute a man-in-the-middle attack. The vulnerability is due to the virtual KVM sending video data unencrypted. An attacker could exploit this vulnerability b...

Cisco Unified Computing System Fabric Interconnect Denial of Service Vulnerability

A vulnerability in the fabric interconnect of Cisco Unified Computing System could allow an authenticated, local attacker to cause a denial of service DoS condition. The vulnerability is due to improper filtering of user-supplied parameters. An attacker could exploit this vulnerability by executi...

Cisco Unified Computing System Fabric Interconnect Man-In-The-Middle Vulnerability

A vulnerability in the Fabric Interconnect of Cisco Unified Computing System could allow an unauthenticated, remote attacker to execute a man-in-the-middle attack. The vulnerability is due to improper verification of the server SSL certificate. An attacker could exploit this vulnerability by...

Cisco Unified Computing System Fabric Interconnect Information Disclosure Vulnerability

A vulnerability in the Fabric Interconnect of Cisco Unified Computing System could allow an unauthenticated, remote attacker to capture KVM media connection credentials. The vulnerability is due to improperly securing the KVM media traffic between the server and the client. An attacker could...

Cisco Unified Computing System Fabric Interconnect Information Disclosure Vulnerability

A vulnerability in the Fabric Interconnect of Cisco Unified Computing System could allow an unauthenticated, remote attacker to capture or modify KVM virtual media traffic. The vulnerability is due to improperly securing the KVM virtual media traffic between the server and the client. An attacker...

Cisco Unity Connection Directory Traversal Vulnerability

A vulnerability in the attachment service of Cisco Unity Connection, known as Cisco Unity Web Service or as Voice Message Web Service VMWS, could allow an authenticated, remote attacker to place files in arbitrary locations on an affected device. The vulnerability is due to a failure to properly...

Cisco Unified Computing System Fabric Interconnect Arbitrary File Read Vulnerability

A vulnerability in the fabric interconnect of the Cisco Unified Computing System could allow an authenticated, local attacker to view arbitrary files on the underlying filesystem. The vulnerability is due to improper filtering of user-supplied parameters. An attacker could exploit this...

Cisco Unified Computing System Baseboard Management Controller Command Injection Vulnerability

A vulnerability in the Baseboard Management Controller BMC of the Cisco Unified Computing System could allow an authenticated, local attacker to inject arbitrary commands on the underlying operating system with elevated privileges. The vulnerability is due to improper filtering of user-supplied...

Cisco Identity Services Engine Untrusted File Upload Vulnerability

A vulnerability in the file upload dialog of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to upload potentially malicious files. The vulnerability is due to insufficient filtering and validation of uploaded files. An attacker could exploit this vulnerability by...

Cisco Identity Services Engine Sponsor Portal File Access Vulnerability

A vulnerability in the Sponsor Portal of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to access files uploaded to the Sponsor Portal. The vulnerability is due to insufficient file permissions. An attacker could exploit this vulnerability by accessing the URL...

Cisco Identity Services Engine File Space Denial of Service Vulnerability

A vulnerability in the file upload management of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to upload multiple files to a specific location of the filesystem and exhaust disk space. The vulnerability is due to insufficient management of filesystem free space...

Cisco Identity Services Engine Upload Filename Validation Vulnerability

A vulnerability in the file upload filename parsing routine of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to upload a file with a malicious filename. The vulnerability is due to insufficient validation of uploaded filenames. An attacker could exploit this...

Cisco WebEx Meetings Server Deployment Passphrase Bypass Vulnerability

A vulnerability in the deployment module of Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to bypass the passphrase check during the deployment of a virtual machine. The vulnerability is due to a flaw in the validation of the passphrase. An attacker could exploit this...

Cisco Video Surveillance 4000 Series IP Camera Default Credential Vulnerability

A vulnerability in the analytics page of the Cisco Video Surveillance 4000 Series IP Camera could allow an unauthenticated, remote attacker to gain access to the analytics pages of a Cisco Video Surveillance 4000 Series IP Camera. The vulnerability is due to an undocumented user account with a...

Cisco Unified Computing System Fabric Interconnect Arbitrary File Creation Vulnerability

A vulnerability in the fabric interconnect of the Cisco Unified Computing System could allow an authenticated, local attacker to execute commands with elevated privileges. The vulnerability is due to improper filtering of user-supplied parameters. An attacker could exploit this vulnerability by...

Cisco Unified Computing System Fabric Interconnect Denial of Service Vulnerability

A vulnerability in the fabric interconnect FI of the Cisco Unified Computing System could allow an authenticated, local attacker to create a denial of service DoS condition. The vulnerability is due to improper filtering of user-supplied parameters. An attacker could exploit this vulnerability by...

Cisco Unified Computing System Fabric Interconnect Privilege Escalation Vulnerability

A vulnerability in the fabric interconnect of the Cisco Unified Computing System could allow an authenticated, local attacker to execute scripts with elevated privileges. The vulnerability occurs because all scripts are executed at the same privilege level. An attacker could exploit this...

Cisco Unified Computing System Fabric Interconnect Command Injection Vulnerability

A vulnerability in the fabric interconnect of the Cisco Unified Computing System could allow an authenticated, local attacker to execute commands on the underlying operating system. The vulnerability is due to improper filtering of user-supplied parameters. An attacker could exploit this...

Cisco Unified IP Phones 9900 Series Image Upgrade Command Injection Vulnerability

A vulnerability in the image upgrade facility of Cisco Unified IP Phones 9900 Series could allow an authenticated, local attacker to execute commands within the context of the underlying operating system. The vulnerability is due to insufficient sanitization of input during the image upgrade...

Cisco 9900 Series Phone webapp Buffer Overflow Vulnerability

A vulnerability in the web application interface of Cisco 9900 series IP phones could allow an unauthenticated, remote attacker to cause the webapp interface to become unavailable. The vulnerability is due to insufficient input validation of certain fields. An attacker could exploit this...

Cisco Unified Communications Manager Administrative Web Interface Directory Traversal Vulnerability

A vulnerability in the administrative web interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to obtain the contents of arbitrary files on an affected device. The vulnerability is due to a failure to properly sanitize user-supplied input passed to a...

Cisco IOS Software OSPF Opaque LSA Denial of Service Vulnerability

A vulnerability in the OSPF implementation of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a reload of the affected device. The vulnerability is due to improper parsing of certain options in OSPF link-state advertisement LSA type 11...

Cisco Prime Central for HCS Portal Credentials Access Vulnerability

A vulnerability in Cisco Prime Central for HCS portal could allow an authenticated, local attacker to retrieve the credentials for accounts. The vulnerability is due to plaintext logging of credentials to temporary files with inadequate permissions. An attacker could exploit this vulnerability by...

Cisco Unified IP Phone 8900/9900 Series Crafted SDP Packet Vulnerability

A vulnerability in the SDP negotiation logic of the Cisco Cisco Unified IP Phone 9951, Cisco Unified IP Phone 9971 and the Cisco Unified IP Phone 8961 could allow an unauthenticated, remote attacker to cause the phone to reboot. The vulnerability is due to improper processing of crafted SDP...

Cisco IOS Software DHCP Server remember Functionality Vulnerability

An issue in the DHCP server code of Cisco IOS Software could allow an unauthenticated, adjacent attacker to cause the device to reload. The issue is due to the remember functionality of the DHCP server. An attacker could exploit this issue by obtaining a lease and then releasing it. An exploit...

Cisco Identity Services Engine Troubleshooting Interface Cross-Site Scripting Vulnerability

A vulnerability in the troubleshooting page of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input validation of...

Cisco Adaptive Security Appliance Software Remote Access VPN Authentication Bypass Vulnerability

A vulnerability in the authentication code of the remote access VPN feature of Cisco ASA Software could allow an unauthenticated, remote attacker to bypass the remote VPN authentication, which could allow remote access to the inside network. The vulnerability is due to improper parsing of the LDA...

Cisco Firewall Services Module Command Authorization Vulnerability

A vulnerability in the authorization code of the Cisco Firewall Services Module FWSM could allow an authenticated but unprivileged, local attacker to delete, modify, or view the configuration of any other context of the affected system. The vulnerability is due to insufficient authorization...

Cisco Unified Computing System Fabric Interconnect Cross-Site Request Forgery Vulnerability

A vulnerability in the fabric interconnect FI web management interface of the Cisco Unified Computing System could allow an unauthenticated, remote attacker to conduct cross-site request forgery CSRF attacks. The vulnerability occurs because the web interface relies on cookies to authenticate...

Multiple Vulnerabilities in Cisco Firewall Services Module Software

Cisco Firewall Services Module FWSM Software for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers is affected by the following vulnerabilities: Cisco FWSM Command Authorization Vulnerability SQLNet Inspection Engine Denial of Service Vulnerability These vulnerabilities are...

Multiple Vulnerabilities in Cisco ASA Software

Cisco Adaptive Security Appliance ASA Software is affected by the following vulnerabilities: IPsec VPN Crafted ICMP Packet Denial of Service Vulnerability SQLNet Inspection Engine Denial of Service Vulnerability Digital Certificate Authentication Bypass Vulnerability Remote Access VPN...

Cisco Identity Services Engine Sponsor Portal Cross-Frame Scripting Vulnerability

A vulnerability in the Sponsor Portal of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack. The vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerability by directing a...

Cisco NX-OS Software Input Validation Vulnerability

A vulnerability in the input parsing of Cisco NX-OS Software could allow an unauthenticated, local attacker to execute commands on the underlying operating system. The vulnerability is due to poor processing of parameters that include special characters. An attacker could exploit this vulnerabili...

Cisco Identity Services Engine Blind SQL Injection Vulnerability

A vulnerability in the web framework of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to impact the integrity and availability of the affected system by executing arbitrary SQL queries. The vulnerability is due to a failure to validate user-supplied input used i...

Cisco NX-OS Software Input Validation Vulnerability

A vulnerability in input parsing in Cisco NX-OS Software could allow an authenticated, local attacker to execute commands on the underlying operating system. The vulnerability is due to improper filtering of parameters passed to the Stream Editor sed filter. An attacker could exploit this...

Cisco NX-OS Software Input Validation Vulnerability

A vulnerability in the Stream Editor sed command-line filter in Cisco NX-OS Software could allow an authenticated, local attacker to read and write arbitrary files. The vulnerability is due to an input validation issue. An attacker could exploit this vulnerability by using the sed r and sed w...