Cisco Unified Computing System Fabric Interconnect create certreq Command Injection Vulnerability

A vulnerability in the create certreq command of the Cisco Unified Computing System fabric interconnect could allow an authenticated, local attacker to execute commands and obtain an interactive Linux shell as the root user. The vulnerability is due to a failure to properly sanitize user input. A...

Cisco Unified Computing System Fabric Interconnect clear sshkey Command Injection Vulnerability

A vulnerability in the clear sshkey command of the Cisco Unified Computing System fabric interconnect could allow an authenticated, local attacker to execute commands and obtain an interactive Linux shell as the root user. The vulnerability is due to a failure to properly sanitize user input. An...

Cisco Unified Computing System Fabric Interconnect run-script Command Injection Vulnerability

A vulnerability in the run-script command of the Cisco Unified Computing System fabric interconnect could allow an authenticated, local attacker to execute commands and obtain an interactive Linux shell as the root user. The vulnerability is due to a failure to properly sanitize user input. An...

Cisco Unified Computing System Fabric Interconnect activate firmware Command Injection Vulnerability

A vulnerability in the activate firmware command of the Cisco Unified Computing System fabric interconnect could allow an authenticated, local attacker to execute commands and obtain an interactive Linux shell as the root user. The vulnerability is due to a failure to properly sanitize user input...

Cisco IOS XR Software Memory Exhaustion Vulnerability

Cisco IOS XR Software version 4.3.1 contains a vulnerability that could result in complete packet memory exhaustion. Successful exploitation could render critical services on the affected device unable to allocate packets resulting in a denial of service DoS condition. Cisco has released software...

Cisco Identity Services Engine Administration Interface Cross-Site Scripting Vulnerability

A vulnerability in an administration page of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input validation of a...

Cisco Unified Computing System Fabric Interconnect Directory Traversal Vulnerability

A vulnerability in the image download process of the Cisco Unified Computing System fabric interconnect could allow an authenticated, local attacker to overwrite arbitrary files on the filesystem. The vulnerability occurs because the storage location is defined in the image header. An attacker...

Cisco Unified Computing System Baseboard Management Controller Arbitrary File Access Vulnerability

A vulnerability in the Baseboard Management Controller BMC local file editor of the Cisco Unified Computing System could allow an authenticated, local attacker to modify the contents of arbitrary files on the fabric interconnect. The vulnerability is due to a failure to properly sanitize user...

Cisco Unified Computing System Fabric Interconnect Arbitrary File Access Vulnerability

A vulnerability in the local file editor of the Cisco Unified Computing System fabric interconnect could allow an authenticated, local attacker to access arbitrary files on the userland filesystem with root privileges. The vulnerability is due to improper input filtering . An attacker could explo...

Cisco Unified Communications Domain Manager Blind SQL Injection Vulnerability

A vulnerability in the web framework of Cisco Unified Communications Domain Manager could allow an authenticated, remote attacker to impact the integrity and availability of the affected system by executing arbitrary SQL queries. The vulnerability is due to a failure to validate user-supplied inp...

Cisco TelePresence Multipoint Switch Media Snapshot Denial of Service Vulnerability

A vulnerability in the Media Snapshot code of Cisco TelePresence Multipoint Switch CTMS could allow an authenticated, remote attacker to cause the reload of the affected system, creating a denial of service DoS condition. The vulnerability is due to a failure in handling requests for Media Snapsh...

Cisco Video Surveillance Operations Manager Unauthenticated Access to Camera Video Feeds Vulnerability

A vulnerability in the administrative web interface of the Cisco Video Surveillance Operations Manager could allow an unauthenticated, remote attacker to view camera video feeds. The vulnerability is due to incomplete enforcement of authentication requirements. An attacker could exploit this...

Cisco Identity Services Engine Mobile Device Management Portal Cross-Site Scripting Vulnerability

A vulnerability in the Mobile Device Management MDM portal of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability is due to insufficient inpu...

Cisco Unified Computing System Fabric System Manager Man-in-the-Middle Vulnerability

A vulnerability in the management interface of the Cisco Unified Computing System could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack. The vulnerability is due to improper identity validation of vCenter management consoles. An attacker could exploit this...

Cisco Unified Computing System Fabric Interconnect Denial of Service Vulnerability

A vulnerability in the public XML API service of Cisco Unified Computing System Fabric Interconnect could allow an unauthenticated, remote attacker to create a denial of service DoS condition. The vulnerability is due to improper input validation in the XML API service. An attacker could exploit...

Cisco Unified Computing System Fabric Interconnect Remote Access Vulnerability

A vulnerability in the high availability service of Cisco Unified Computing System Fabric Interconnect could allow an unauthenticated, remote attacker to gain access to sensitive information and prevent the cluster service from syncing with its peers. The vulnerability is due to improper binding ...

Cisco Unified Computing System FTP User Vulnerability

A vulnerability in the FTP server of the Cisco Unified Computing System could allow an unauthenticated, adjacent attacker to view and modify files. The vulnerability is due to an undocumented user account with a hard-coded password. An attacker could exploit this vulnerability by accessing the FT...

Cisco Unified Computing System Arbitrary Command Execution Vulnerability

A vulnerability in the remote debug shell in Cisco Unified Computing System PALO adapter cards could allow an authenticated, local attacker to execute commands on the underlying operating system with elevated privileges. The vulnerability is due to insufficient handling of special characters. An...

Cisco IOS XR Software CGSE and ISM Vulnerability

A vulnerability in Point-to-Point Tunneling Protocol-Application Level Gateway PPTP-ALG of the Cisco CRS Carrier Grade Services Engine CGSE and Cisco ASR 9000 Series Integrated Service Module ISM could allow an unauthenticated, remote attacker to cause the service interface module to reset. The...

Cisco IOS Software Internet Key Exchange Memory Leak Vulnerability

A vulnerability in the Internet Key Exchange IKE protocol of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak that could lead to a device reload. The vulnerability is due to incorrect handling of malformed IKE packets by the...

Cisco IOS Software Network Address Translation Vulnerabilities

The Cisco IOS Software implementation of the network address translation NAT feature contains three vulnerabilities when translating IP packets that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. Cisco has released software updates that address these...

Cisco IOS Software Queue Wedge Denial of Service Vulnerability

A vulnerability in the T1/E1 driver queue implementation of Cisco IOS Software could allow an unauthenticated, remote attacker to cause an interface wedge condition, which could lead to loss of connectivity, loss of routing protocol adjacency, and could result in a denial of service DoS scenario...

Cisco IOS Software DHCP Denial of Service Vulnerability

A vulnerability in the DHCP implementation of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability occurs during the parsing of crafted DHCP packets. An attacker could exploit this vulnerability ...

Cisco IOS Software IPv6 Virtual Fragmentation Reassembly Denial of Service Vulnerability

A vulnerability in the implementation of the virtual fragmentation reassembly VFR feature for IP version 6 IPv6 in Cisco IOS Software could allow an unauthenticated, remote attacker to cause an affected device to hang or reload, resulting in a denial of service DoS condition. The vulnerability is...

Cisco IOS Software Multicast Network Time Protocol Denial of Service Vulnerability

A vulnerability in the implementation of the Network Time Protocol NTP feature in Cisco IOS Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. The vulnerability is due to the improper handling of multicas...

Cisco IOS Software Resource Reservation Protocol Interface Queue Wedge Vulnerability

A vulnerability in the Resource Reservation Protocol RSVP feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger an interface queue wedge on the affected device. The vulnerability is due to improper parsing of UDP RSVP packets. An attack...

Cisco IOS Software Zone-Based Firewall and Content Filtering Vulnerability

A vulnerability in the Zone-Based Firewall ZBFW component of Cisco IOS Software could allow an unauthenticated, remote attacker to cause an affected device to hang or reload. The vulnerability is due to improper processing of specific HTTP packets when the device is configured for either Cisco IO...

Cisco Unified Computing System Fabric Interconnect Devices Arbitrary Command Execution Vulnerability

A vulnerability in the initial setup script of Cisco Unified Computing System fabric interconnect FI devices could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. The vulnerability is due to unfiltered input in the cluster initial...

Cisco Unified Computing System Fabric Interconnect Denial of Service Vulnerability

A vulnerability in Smart Call Home functionality in the fabric interconnect FI of Cisco Unified Computing System could allow an unauthenticated, remote attacker to create a denial of service DoS condition. The vulnerability is due to a buffer overflow in the Smart Call Home function. An attacker...

Cisco Unified Computing System Baseboard Management Controller Privilege Escalation Vulnerability

A vulnerability in the Baseboard Management Controller BMC of Cisco Unified Computing System could allow an authenticated, remote attacker to access services with elevated privileges. The vulnerability is due to improper filtering of SSH escape sequences. An attacker could exploit this...

Cisco Unified Computing System Fabric Interconnect Devices Arbitrary Command Execution Vulnerability

A vulnerability in the initial setup script of Cisco Unified Computing System fabric interconnect devices could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. The vulnerability is due to unfiltered input in the initial configuration...

Cisco Unified Computing System Baseboard Management Controller Arbitrary Command Execution Vulnerability

A vulnerability in the fabric interconnect FI of Cisco Unified Computing System could allow an authenticated, local attacker to execute arbitrary commands on the Baseboard Management Controller BMC with elevated privileges. The vulnerability is due to improper input validation in the MCTOOLS...

Cisco Unified Computing System Blade Management Controller Information Disclosure Vulnerability

A vulnerability in the Intelligent Platform Management Interface IPMI of the Cisco Unified Computing System Blade Management Controller could allow an unauthenticated, remote attacker to discover valid usernames. The vulnerability is due to a requirement defined in the IPMI specification. An...

Cisco MediaSense Sensitive Data in Query String/Cookie Vulnerability

A vulnerability in the web interface of Cisco MediaSense could allow an unauthenticated, remote attacker to collect sensitive information. The vulnerability is due to sensitive information being transmitted via an insecure channel. An attacker could exploit this vulnerability by capturing the...

Multiple Cisco MediaSense oraadmin Cross-Site Scripting Vulnerabilities

A vulnerability in the oraadmin service page of Cisco MediaSense could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against user of the web interface of the affected system. The vulnerability is due to insufficient input validation of a parameter. An...

Cisco MediaSense oraservice Cross-Site Scripting Vulnerability

A vulnerability in the oraservice page of Cisco MediaSense could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of the affected system. The vulnerability is due to insufficient input validation of a parameter. An attacker...

Cisco IPS Authentication Manager Denial of Service Vulnerability

A vulnerability in the web framework of Cisco IPS Software could allow an unauthenticated, remote attacker to cause MainApp to hang intermittently due to the authentication manager process creating a denial of service DoS condition. The vulnerability is due to improper handling of user tokens. An...

Cisco Unified Computing System Fabric Interconnect String Overflow Vulnerability

A vulnerability in the administrative web interface of the Cisco Unified Computing System could allow an authenticated, remote attacker to create a denial of service DoS condition. The vulnerability is due to improper parameter input validation. An attacker could exploit this vulnerability by...

Cisco Unified Computing System Cisco Management Controller Command Injection Vulnerability

A vulnerability in the Cisco Management Controller of the Cisco Unified Computing System could allow an authenticated, local attacker to execute commands on the underlying operation system with elevated privileges. The vulnerability is due to improper parameter input validation. An attacker could...

Cisco Unified Computing System Cisco Management Controller Denial of Service Vulnerability

A vulnerability in the Cisco Management Controller of the Cisco Unified Computing System could allow an authenticated, local attacker to trigger a denial of service DoS condition. The vulnerability is due to improper parameter input validation. An attacker could exploit this vulnerability by...

Cisco Unified Computing System Software KVM Encryption Vulnerability

A vulnerability in Cisco Unified Computing System software KVM could allow an unauthenticated, remote attacker to intercept a KVM connection to spoof a host or decrypt keyboard and mouse events on an encrypted channel. The vulnerability is due to a hard coded SSL certificate. An attacker could...

Cisco Unified Computing System Software KVM Client Certificate Validation Vulnerability

A vulnerability in Cisco Unified Computing System software KVM client could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack. The vulnerability is due to improper certificate validation by the KVM client. An attacker could exploit this vulnerability by intercepting ...

Cisco Prime Central for Hosted Collaboration Solution Assurance Unauthenticated Username and Password Enumeration Vulnerability

A vulnerability in the web framework of Cisco Prime Central for Hosted Collaboration Solution HCS Assurance could allow an unauthenticated, remote attacker to access sensitive information on the system. The vulnerability is due to improper user authentication and inadequate session management. An...

Multiple Vulnerabilities in Cisco Prime Data Center Network Manager

Cisco Prime Data Center Network Manager DCNM contains multiple vulnerabilities that could allow an unauthenticated, remote attacker to disclose file components, and access text files on an affected device. Various components of Cisco Prime DCNM are affected. These vulnerabilities can be exploited...

Cisco Unified Computing System Serial over LAN Static Private Key Vulnerability

A vulnerability in the Cisco Unified Computing System Serial over LAN SoL implementation could allow an unauthenticated, remote attacker to perform a man-in-the-middle MITM attack. The vulnerability occurs because the Board Management Controller BMC uses a hard-coded private key. An attacker coul...

Cisco Unified Computing System Smart Call Home Input Validation Vulnerability

A vulnerability in Cisco Unified Computing System UCS Manager could allow an authenticated, local attacker to trigger a denial of service DoS condition. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by configuring an invalid contact address fo...

Cisco NX-OS Software BGP Regex Vulnerability

A vulnerability in the Border Gateway Protocol BGP code of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the affected device to reload. The vulnerability is due to an issue with the regex engine used when processing complex regular expressions. An attacker could...

Cisco Open Network Environment Platform Unvalidated Pointer Vulnerability

A vulnerability in the Open Network Environment Platform ONEP could allow an authenticated, remote attacker to cause the network element to reload. The vulnerability is due to insufficient pointer validation. An attacker could exploit this vulnerability by sending a crafted packet to an ONEP...

Cisco Unified MeetingPlace Application Server Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Unified MeetingPlace Application Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface on the affected system. The vulnerability is due to insufficient input validation ...

Cisco Unified MeetingPlace Solution Cross-Site Request Forgery Vulnerability

A vulnerability in the web framework code of Cisco Unified MeetingPlace Solution could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against the user of the web interface. The vulnerability is due to insufficient CSRF protections. An attacker could...