Cisco SocialMiner administration.jsp HTTP Information Disclosure Vulnerability

A vulnerability in the administration.jsp page of Cisco SocialMiner could allow an unauthenticated, remote attacker to access sensitive information. The vulnerability exists because the affected software implements an insecure HTTP connection between a Cisco SocialMiner client and server when...

Cisco Virtualization Experience Client Series 6000 Local Arbitrary Command Execution Vulnerability

A vulnerability in the diagnostic module of the Cisco Virtualization Experience Client 6000 Series could allow an authenticated, non-privileged, local attacker to execute arbitrary commands on the underlying operating system. The vulnerability is due to lack of input validation in the diagnostic...

Cisco Prime LAN Management Solution Cross-Frame Scripting Vulnerability

A vulnerability in Cisco Prime LAN Management Solution could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack. The vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerability by directing a user to an...

Cisco Digital Media System DMM Open Redirect Vulnerability

Cisco Digital Media Manager DMM contains a vulnerability that could allow an unauthenticated, remote attacker to cause the DMM to issue a redirect to an arbitrary third-party URL. The vulnerability is due to an open redirect issue in the DMM login page. An attacker could exploit this vulnerabilit...

Multiple Cisco Products Common Services ActiveMQ Denial of Service Vulnerability

A vulnerability in the integration of the ActiveMQ component used in products based on Common Services could allow an unauthenticated, remote attacker to consume available memory and cause a denial of service DoS condition. The vulnerability is due to improper handling of multiple TCP requests...

Cisco SocialMiner Sensitive Information GET Request Vulnerability

A vulnerability in some of the gadgets of Cisco SocialMiner could allow an unauthenticated, remote attacker to collect sensitive information. The vulnerability is due to sensitive information being transmitted within a gadget's GET request. An attacker could exploit this vulnerability by capturin...

Cisco Prime Network Control System Cross-Site Scripting Vulnerability

A vulnerability in the health monitor login page of Cisco Prime Network Control System NCS could allow an unauthenticated, remote attacker to conduct cross-site XSS scripting attacks. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by...

Cisco SocialMiner Cross-Site Scripting Vulnerability

A vulnerability in the bookmarklet.jsp page of Cisco SocialMiner could allow an unauthenticated, remote attacker to send a malicious script to an unsuspecting user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by convincing the user of th...

Cisco ASA Certificate Processing Denial of Service Vulnerability

Cisco Adaptive Security Appliance ASA Software versions for symmetric multi-processor SMP platforms contain a vulnerability that could allow an unauthenticated, remote attacker to trigger the device to crash. The vulnerability is due to the SSL/TLS certificate handling code. An attacker could...

Cisco Jabber for Windows Certificate Validation Vulnerability

A vulnerability in Cisco Jabber for Windows could allow an unauthenticated, remote attacker to gain a man-in-the-middle position. The vulnerability is due to a failure to validate server certificates when negotiating a connection over Secure Sockets Layer SSL. An attacker could exploit this...

Cisco Global Site Selector Cross-Site Request Forgery Vulnerability

A vulnerability in the web framework of Cisco GSS could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against the user of the web interface. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerability by...

Cisco Secure Access Control System Malformed Packet Denial of Service Vulnerability

A vulnerability in the TACACS+ socket read function of Cisco Secure ACS versions 5.x could allow an unauthenticated, remote attacker to cause a runtime process to crash. The vulnerability is due to improper processing of read requests on the TACACS+ socket. An attacker could exploit this...

Multiple Vulnerabilities in the Cisco WebEx Recording Format and Advanced Recording Format Players

Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Recording Format WRF and Advanced Recording Format ARF Players. Exploitation of these vulnerabilities could allow a remote attacker to crash an affected player, and in some cases, could allow a remote attacker to execute arbitrary...

Cisco IOS Software TCP ACK Storm Vulnerability

A vulnerability in the TCP stack of Cisco IOS Software could allow an unauthenticated, remote attacker to cause an ACK storm. The vulnerability is due to improper closing of an established TCP connection. An attacker could exploit this vulnerability by sending a crafted sequence of TCP ACK and FI...

Cisco Wireless LAN Controller Multiple Parameter Handling Denial of Service Vulnerability

A vulnerability in the Web Administrator Interface of Cisco Wireless LAN Controllers WLC could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to a failure to properly validate certain parameters prior to processing them on the device. ...

Cisco Mobility Services Engine Anonymous Login Vulnerability

A vulnerability in Cisco Mobility Services Engine could allow an unauthenticated, remote attacker to connect to a database replication port anonymously via Secure Sockets Layer SSL. The vulnerability is due to the misconfiguration of the Oracle SSL service. An attacker could exploit this...

Cisco ASA Protocol Inspection Connection Table Denial of Service Vulnerability

Cisco Adaptive Security Appliance ASA Software contains a vulnerability that could allow an unauthenticated, remote attacker to fill the connection table in the ASA preventing new connections to be established through the device. The vulnerability is due to the ASA not honoring the idle timeout f...

Cisco ISE Guest Portal Cross-Site Scripting Vulnerability

A vulnerability in the guest portal of the Cisco Identity Services Engine ISE Software could allow an unauthenticated, remote attacker to send a malicious script to an unsuspecting user. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by...

Cisco UCS 6100 Fabric Interconnect Memory Leak Denial of Service Vulnerability

A vulnerability in the memory management when executing either the show monitor session all or show monitor session command-line interface CLI commands on the Cisco Unified Computing System UCS 6100 Series Fabric Interconnects could allow an authenticated, local attacker to trigger a memory leak...

Cisco IOS XR RIP Version 2 Crafted Packet Processing Denial of Service Vulnerability

A vulnerability in the Routing Information Protocol RIP process of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the RIP process to crash. The vulnerability is due to insufficient input validations of the packet. An attacker could exploit this vulnerability by...

Cisco Unified IP Phone 8945 Crafted PNG Image Lockup Vulnerability

A vulnerability in PNG image processing of the Cisco Unified IP Phone 8945 running software version 9.32 could allow an unauthenticated, remote attacker to cause the phone to lock up. The vulnerability is due to incorrect processing of malformed PNG images. An attacker could exploit this...

Cisco Secure Access Control Server Remote Command Execution Vulnerability

A vulnerability in the EAP-FAST authentication module of Cisco Secure Access Control Server ACS versions 4.0 through 4.2.1.15 could allow an unauthenticated, remote attacker to execute arbitrary commands on the Cisco Secure ACS server. This vulnerability is only present when Cisco Secure ACS is...

Cisco ISE Captive Portal Application Plaintext Credentials Exposure Vulnerability

A vulnerability in the captive portal application of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker or local, authenticated attacker to potentially gain access to the username and password of an authenticated session. The vulnerability is due to improper use of...

Cisco Prime Central for Hosted Collaboration Solution Assurance Denial of Service Vulnerabilities

Cisco Prime Central for Hosted Collaboration Solution HCS Assurance contains multiple vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. Exploitation of these vulnerabilities could interrupt the monitoring of voice services and exhaust...

Multiple Vulnerabilities in Cisco Unified Communications Manager

Cisco Unified Communications Manager Unified CM contains multiple vulnerabilities that could allow an unauthenticated, remote attacker to modify data, execute arbitrary commands, or cause a denial of service DoS condition. Cisco has released software updates that address these vulnerabilities. Th...

Cisco Unified Communications Manager IM and Presence Service Denial of Service Vulnerability

Cisco Unified Communications Manager IM and Presence Service contains a denial of service DoS vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. Exploitation of this vulnerability could cause an interruption of presence services. Cisco h...

Cisco IOS XR Internet Control Message Protocol Denial of Service Vulnerability

Cisco IOS XR Software is affected by a denial of service DoS vulnerability that could allow an authenticated, local attacker to trigger a reload of the affected device by locally generating certain Internet Control Message Protocol ICMP messages. The vulnerability is due to a combination of Silic...

Cisco Finesse Directory Read Vulnerability

A vulnerability in the web interface of Cisco Finesse could allow an unauthenticated, remote attacker to read the contents of a directory on the server. The vulnerability is due to insufficient access controls on directory access. An attacker could exploit this vulnerability by visiting a URL tha...

Cisco Finesse User Data in Query Vulnerability

A vulnerability in HTTP queries of Cisco Finesse could allow an unauthenticated, remote attacker to collect potentially sensitive user data. The vulnerability is due to insecure transmission of user data in an HTTP query. An attacker could exploit this vulnerability by capturing the HTTP query...

Cisco TelePresence System Default Credentials Vulnerability

A vulnerability in Cisco TelePresence System could allow a remote attacker to access the web server via a user account that is created with default credentials. The vulnerability is due to a default user account being created at installation time. An attacker could exploit this vulnerability by...

Cisco WebEx Error Message Information Disclosure Vulnerability

A vulnerability in Cisco WebEx could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to improper error messages displayed by the affected software when handling requests to view another user's files. An attacker could exploit this vulnerability by...

Cisco Unified Communications Manager Web Page Cross-Site Request Forgery Vulnerability

A vulnerability in the web pages of Cisco Unified Communications Manager Unified CM could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerability by...

Cisco Unified Communications Manager Stack Trace Web Disclosure Vulnerability

An issue in the web portal of Cisco Unified Communications Manager Unified CM could allow an authenticated, remote attacker to view exception stack trace details. The issue is due to disclosure of exception stack trace details. An attacker could exploit this issue by generating a stack exception ...

Cisco Unified Communications Manager User Web Dialer Cross-Site Request Forgery Vulnerability

A vulnerability in the User WebDialer page of Cisco Unified Communications Manager Unified CM could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerabilit...

Cisco Integrated Management Controller Denial of Service Vulnerability

Cisco Unified Computing System UCS C-Series Rack Server version 1.4 contains a vulnerability that could allow an unauthenticated, remote attacker to cause the Cisco Integrated Management Controller CIMC, which is used for management/monitoring of the Cisco UCS Rack Server, to stop responding or a...

Cisco WebEx Meetings Server Inactive User Authentication Bypass Vulnerability

A vulnerability in the web interface of Cisco WebEx Meetings Server could allow an authenticated, remote attacker to manage meetings, including scheduling of meetings, after the authenticated user has been deactivated. The vulnerability is due to a failure to verify the active status of users...

OSPF LSA Manipulation Vulnerability in Multiple Cisco Products

Multiple Cisco products are affected by a vulnerability involving the Open Shortest Path First OSPF Routing Protocol Link State Advertisement LSA database. This vulnerability could allow an unauthenticated attacker to take full control of the OSPF Autonomous System AS domain routing table,...

Cisco VC220 Network Dome Camera and Cisco VC240 Network Bullet Camera Denial of Service Vulnerabilites

The Cisco Video Surveillance VC220 Network Dome Camera and the Cisco VC240 Network Bullet Camera contain vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on the affected devices, preventing web user interface WebUI access to the...

Cisco WAAS Central Manager Remote Code Execution Vulnerability

Cisco Wide Area Application Services WAAS when configured as Central Manager CM, contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the affected system. Cisco has released software updates that address this vulnerability. Workarounds that...

Authenticated Command Injection Vulnerability in Multiple Cisco Content Network and Video Delivery Products

Multiple Cisco content network and video delivery products contain a vulnerability when they are configured to run in central management mode. This vulnerability could allow an authenticated but unprivileged, remote attacker to execute arbitrary code on the affected system and on the devices...

Cisco Identity Services Engine High CPU Utilization Vulnerability

A vulnerability in the firewall implementation of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to cause high CPU utilization and possibly the crash of some internal processes. The vulnerability is due to insufficient implementation of the firewall rule to protect...

Cisco ASA Software Cross-Site Scripting Vulnerability

A vulnerability in the WebVPN portal login page of the Cisco ASA could allow an unauthenticated, remote attacker to execute cross-site scripting XSS attacks or hijack user sessions. The vulnerability is due to a failure to properly validate user-supplied input in the WebVPN portal login page. An...

Multiple Vulnerabilities in the Cisco Video Surveillance Manager

The Cisco Video Surveillance Manager VSM allows operations managers and system integrators to build customized video surveillance networks to meet their needs. Cisco VSM provides centralized configuration, management, display, and control of video from Cisco and third-party surveillance endpoints...

Cisco Unified MeetingPlace Web Conferencing Authorization Bypass Vulnerability

A vulnerability in the web framework of Cisco Unified MeetingPlace Web Conferencing Server could allow an unauthenticated, remote attacker to bypass certain access-control settings which may lead to the disclosure of information due to the attacker accessing restricted pages. The vulnerability is...

Cisco Unified Operations Manager Cross-Site Scripting Vulnerability

Vulnerabilities in the administrative web interface of Cisco Unified Operations Manager could allow an unauthenticated, remote attacker to execute cross-site scripting attacks or hijack user sessions. The vulnerabilities are due to a failure to properly validate user supplied input as well as...

Cisco Unified Operations Manager HTTP Header Injection Vulnerability

A vulnerability in Cisco Unified Operations Manager could allow an unauthenticated, remote attacker to cause arbitrary HTML or scripts to be executed in a user's browser. The vulnerability is due to a failure to properly validate application URLs. An attacker could exploit this vulnerability by...

Cisco Aironet 3600 Series Access Point Denial of Service Vulnerability

A vulnerability in the Cisco Aironet 3600 Series Access Point could allow an unauthenticated, remote attacker to trigger a denial of service condition. The vulnerability is due to a memory corruption condition that could occur when the device switches between FlexConnect and Standalone mode. An...

Cisco Unified Operations Manager SQL Injection Vulnerability

A vulnerability in the management application of the Cisco Unified Operations Manager could allow an authenticated, remote attacker to execute arbitrary Structured Query Language SQL queries. The vulnerability is due to a failure to validate user-supplied input used in SQL queries. An attacker...

Cisco Unified IP Conference Station 7937G Denial of Service Vulnerability

A vulnerability in processing network traffic of the Cisco Unified IP Conference Station 7937G could allow an unauthenticated, remote attacker to create a denial of service DoS condition on the affected device. The vulnerability is due to resource constraints in processing a high rate of network...

Cisco IOS GET VPN Encryption Policy Bypass Vulnerability

A vulnerability in the Cisco Group Encrypted Transport VPN GET VPN feature of Cisco IOS could allow traffic to bypass the configured encryption policy. The vulnerability is due to the default, implicit policies set in place to permit Group Domain of Interpretation GDOI traffic to flow unencrypted...