Cisco Unified Communications Manager Command Injection Vulnerability

A vulnerability in Cisco Unified Communications Manager Unified CM could allow an authenticated, remote attacker to execute commands on the underlying operating system with the privileges of the database user. The vulnerability is due to improper validation of user-supplied input. An attacker cou...

Cisco Unified Communications Manager Blind SQL Injection Vulnerability

A vulnerability in Cisco Unified Communication Manager Unified CM could allow an authenticated, remote attacker to execute a blind Structured Query Language SQL injection. The vulnerability is due to improper validation of user-supplied requests by the Cisco Unified CM. An attacker could exploit...

Cisco Unified Communications Manager Privilege Escalation Vulnerability

A vulnerability in Cisco Unified Communications Manager Unified CM could allow an authenticated, local attacker to elevate privileges on the system. The vulnerability is due to improper file permissions, environment variables, and relative paths in a privileged system script. An attacker could...

Cisco Unified Communications Manager Privilege Escalation Vulnerability

A vulnerability in Cisco Unified Communications Manager Unified CM could allow an authenticated, local attacker to escalate privileges on the system. The vulnerability is due to improper file permissions on a privileged system binary. An attacker could exploit this vulnerability by modifying a...

Cisco Unified Communications Manager Privilege Escalation Vulnerability

A vulnerability in Cisco Unified Communications Manager Unified CM could allow an authenticated, local attacker to escalate privileges on the system. The vulnerability is due to improper file permissions on a privileged system binary. An attacker could exploit this vulnerability by modifying a...

Cisco Unified Communications Manager Remote Blind SQL Injection Vulnerability

Cisco Unified Communication Manager Unified CM contains a vulnerability that could allow an unauthenticated, remote attacker to execute a blind Structured Query Language SQL injection. The vulnerability is due to improper validation of user-supplied requests by the Cisco Unified CM. An attacker...

Multiple Vulnerabilities in Cisco Intrusion Prevention System Software

Cisco Intrusion Prevention System IPS Software is affected by the following vulnerabilities: Cisco IPS Software Malformed IP Packets Denial of Service Vulnerability Cisco IPS Software Fragmented Traffic Denial of Service Vulnerability Cisco IPS NME Malformed IP Packets Denial of Service...

Multiple Vulnerabilities in Cisco Unified Communications Manager

Cisco Unified Communications Manager Unified CM contains multiple vulnerabilities that could be used together to allow an unauthenticated, remote attacker to gather user credentials, escalate privileges, and execute commands to gain full control of the vulnerable system. A successful attack could...

Cisco 9900 Series Phone Arbitrary File Download Vulnerability

A vulnerability in the Serviceability servlet of fourth-generation Cisco IP phones could allow an unauthenticated, remote attacker to download arbitrary files from the phone's file system. The vulnerability is due to incomplete filtering of path values. An attacker could exploit this vulnerabilit...

Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability

A vulnerability in the web framework could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against the user of the web interface. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerability by convincing a...

Cisco Secure Access Control System Help Index Cross-Site Scripting Vulnerability

A vulnerability in the Access Control System Help index page of Cisco Access Control System ACS could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of the affected system. The vulnerability is due to insufficient input...

Cisco Secure Access Control System Administration Page Cross-Site Scripting Vulnerability

A vulnerability in the Administration pages of Cisco Access Control System ACS could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of the affected system. The vulnerability is due to insufficient input validation of a...

Cisco Unified MeetingPlace Web Conferencing Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Unified MeetingPlace could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against users of the web interface on the affected system. The vulnerability is due to insufficient input validation of a parameter. An...

Cisco Secure Access Control System Error Condition Information Disclosure Vulnerability

An issue in the web interface of Cisco Secure Access Control System ACS could allow an authenticated, remote attacker to view detailed error message information. The issue is due to insufficient filtering of error condition output. An attacker could exploit this issue by forcing the system to...

Cisco Identity Services Engine Software Administration Panel Cross-Site Scripting Vulnerability

A vulnerability in the search form of the Cisco ISE administration/monitoring panel could allow an unauthenticated, remote attacker to send a malicious script to an unsuspecting user. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by convincing...

Cisco Secure Access Control System Admin/View Page Cross-Site Request Forgery Vulnerability

A vulnerability in the Cisco Access Control System ACS Administration and View pages could allow an unauthenticated, remote attacker to perform a cross-site request forgery CSRF attack. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerability by...

Cisco Secure Access Control System Cross-Site Scripting Vulnerability

A vulnerability in the web interface of Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of the affected system. The vulnerability is due to insufficient input validation of a...

Cisco Unified Communications Domain Manager Memory Exhaustion Vulnerability

A vulnerability in the web framework of Cisco Unified Communications Domain Manager could allow an authenticated, remote attacker to exhaust available memory and crash several critical processes. The vulnerability is due to improper memory allocation when the affected system receives crafted HTTP...

Cisco Unified Communications Domain Manager Cross-Site Scripting Vulnerability

A vulnerability in the IptAccountMgmt, IptFeatureDisplayPolicyMgmt, IptFeatureConfigTemplateMgmt, and IptProviderMgmt pages of the Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting attack. The vulnerability is due to...

Cisco TC Software Empty Password Validation Vulnerability

A vulnerability in the web portal of Cisco TelePresence endpoints running TC software could allow an unauthenticated, remote attacker to log in with any password. The vulnerability is due to a failure of the Cisco TelePresence endpoints to require an exact match for the password before the user h...

Apache HTTP Server MERGE Request Denial of Service Vulnerability

A vulnerability in the moddav component of the Apache HTTP Server could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient validation of user-supplied input while handling URI requests. An attacker could exploit the...

Cisco Unified Communications Management Products Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco unified communications management products could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface on the affected system. The vulnerability is due to insufficient input validati...

Cisco Virtualization Experience Client Privilege Escalation Vulnerability

A vulnerability in the function handling the operating system permissions of Cisco Virtualization Experience Client 6000 Series could allow an authenticated, local attacker to take full control of the affected system. The vulnerability is due to improper implementation of the permissions for the...

Cisco Nexus 1000V License Installation Command Injection Vulnerability

A vulnerability in the license installation module of Cisco Nexus 1000V could allow an authenticated, local attacker to execute arbitrary shell commands. The vulnerability is due to a failure of the install license command to properly validate user-supplied input. An attacker could exploit this...

Cisco TC Software SIP Implementation Vulnerability

A vulnerability in the Session Initiation Protocol SIP implementation used in TC Software could allow an unauthenticated, remoteattacker to cause an endpoint to process unintended SIP NOTIFY messages. The vulnerability is due to errors in the SIP implementation. An attacker could exploit this...

Cisco Desktop Collaboration Experience DX600 Series Potential Code Injection Vulnerability

A vulnerability in an underlying Android Application Programming Interface API utilized by the Cisco Desktop Collaboration Experience DX600 series endpoint could allow an authenticated, local attacker to inject code into the system. The vulnerability is due to insufficient validation of specific...

Cisco Content Filtering Devices Cross-Site Request Forgery Vulnerability

A vulnerability in the web framework could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against the user of the web interface. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerability by convincing the...

Cisco Unified Communications Manager Unified Serviceability CSRF Vulnerability

A vulnerability in the Cisco Unified Serviceability component of Cisco Unified Communications Manager CUCM could allow an unauthenticated, remote attacker to perform a cross-site request forgery CSRF attack. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this...

Cisco Prime for HCS Assurance Information Disclosure Vulnerability

A vulnerability in web framework could allow an unauthenticated, remote attacker to access information about internal file system resources such as paths and names of files and directories. The vulnerability is due to insufficient security hardening of replies to crafted HTTP requests. An attacke...

Multiple Vulnerabilities in Cisco Email Security Appliance

Cisco IronPort AsyncOS Software for Cisco Email Security Appliance is affected by the following vulnerabilities: Web Framework Authenticated Command Injection Vulnerability IronPort Spam Quarantine Denial of Service Vulnerability Management GUI Denial of Service Vulnerability Successful...

Multiple Vulnerabilities in Cisco Content Security Management Appliance

Cisco IronPort AsyncOS Software for Cisco Content Security Management Appliance is affected by the following vulnerabilities: Web Framework Authenticated Command Injection Vulnerability IronPort Spam Quarantine Denial of Service Vulnerability Management GUI Denial of Service Vulnerability These...

Multiple Vulnerabilities in Cisco Web Security Appliance

Cisco IronPort AsyncOS Software for Cisco Web Security Appliance is affected by the following vulnerabilities: Two authenticated command injection vulnerabilities Management GUI Denial of Service Vulnerability These vulnerabilities are independent of each other; a release that is affected by one ...

Cisco ASA Next-Generation Firewall Fragmented Traffic Denial of Service Vulnerability

Cisco ASA Next-Generation Firewall NGFW Services��contains a Fragmented Traffic Denial of Service DoS vulnerability.�� Successful exploitation of this vulnerability on the Cisco ASA NGFW could cause the device to reload or stop processing user traffic that has been redirected by the parent Cisco...

Cisco Jabber Video Engine Denial of Service Vulnerability

A vulnerability in Cisco's Precision Video Engine CVPE code could allow an unauthenticated, remote attacker to cause the crash of various processes and the disconnection of any active calls. The vulnerability is due to improper handling of crafted Real-Time Protocol RTP packets sent at a high rat...

Cisco WebEx Social Cross-Site Request Forgery Vulnerability

A vulnerability in multiple web pages of Cisco WebEx Social could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against the user of the web interface. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this...

Multiple Vulnerabilities in Cisco TelePresence TC and TE Software

Cisco TelePresence TC and TE Software contain two vulnerabilities in the implementation of the Session Initiation Protocol SIP that could allow an unauthenticated remote attacker to cause a denial of service DoS condition. Additionally, Cisco TelePresence TC Software contain an adjacent root acce...

Cisco Prime Central for Hosted Collaboration Solution Cross-Site Scripting Vulnerability

A vulnerability in the portal page of Cisco Prime Central for Hosted Collaboration Solution could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of the affected system. The vulnerability is due to a failure to properly...

Cisco ASA-CX TCP Traffic Denial of Service Vulnerability

A vulnerability processing TCP traffic on Cisco ASA CX could allow an unauthenticated, remote attacker to cause a reload of the affected device. The vulnerability is due to invalid parsing of TCP packet data forwarded to Cisco ASA CX by the Cisco ASA. An attacker could exploit this vulnerability ...

Cisco Video Surveillance Operations Manager Help Page Redirect Vulnerability

A vulnerability in the help page of the Cisco Video Surveillance Operations Manager could allow an unauthenticated, remote attacker to load remote web pages on a victim's web browser. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this...

Cisco Hosted Collaboration Mediation Excessive CPU Utilization Vulnerability

A vulnerability in the network stack of Cisco Hosted Collaboration Mediation could allow an unauthenticated, remote attacker to cause excessive CPU utilization on the affected system. The vulnerability is due to insufficient optimization of resources when the affected system is flooded with...

Cisco Access Control Server Privilege Escalation Vulnerability

A vulnerability in the administrative web interface of Cisco Access Control Server could allow an authenticated, remote attacker to access the report view functions of the portal without being given the proper privileges. The vulnerability is due to a failure to properly secure the report view...

Cisco WebEx Meetings Server Information Disclosure Vulnerability

A vulnerability in the Cisco WebEx Event Center module of the Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to gather event passwords and host keys. The vulnerability is due to a failure to authenticate some user requests. An attacker could exploit this vulnerability...

Cisco Prime Infrastructure Rogue AP SSID Cross-Site Scripting Vulnerability

A vulnerability in the wireless configuration module of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to insert scripts into the listing of rogue access points. The vulnerability is due to a failure to properly sanitize SSIDs before inserting them into the XML windowi...

Apache HTTP Server mod_rewrite Log File Manipulation Vulnerability

A vulnerability in the dorewritelog function of Apache HTTP Server could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper handling of certain escape sequences by the affected software. An unauthenticated, remote attacker could...

Cisco TelePresence System t-shell Denial of Service Vulnerability

A vulnerability in the t-shell implementation of Cisco TelePresence System Software could allow an authenticated, remote attacker to exhaust the available memory and create a denial of service DoS condition. The vulnerability is due to improper handling of orphaned t-shell sessions. An attacker...

Cisco Nexus 1000V VSM/VEM Communication Encryption Bypass Vulnerability

Cryptographic issues in the Cisco Nexus 1000v could allow an unauthenticated, remote attacker to to inject traffic or eavesdrop on the communications between a Virtual Supervisor Module VSM and a Virtual Ethernet Module VEM. The issues are due to errors in the implementation of the cryptography...

Cisco Nexus 1000V VSM/VEM Communication Encryption Bypass Vulnerability

A vulnerability in the implementation of the encryption for the Virtual Supervisor Module VSM to Virtual Ethernet Module VEM communications on the Cisco Nexus 1000V could allow an unauthenticated, remote attacker to to disable encryption and integrity protections on a per-packet basis. The...

Cisco Nexus 1000V VSM to vCenter Communication Man-in-the-Middle Vulnerability

A vulnerability in the SSL implementation of the Cisco Nexus 1000V could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack against Virtual Supervisor Module VSM to VMware vCenter communications. The vulnerability is due to improper verification of SSL security...

Cisco Nexus 1000V ESXi Hypervisor Denial of Service Vulnerability

A vulnerability in the Cisco Nexus 1000V Virtual Ethernet Module VEM kernel driver for VMware ESXi could allow an unauthenticated, remote attacker to cause the ESXi hypervisor to crash, resulting in a purple screen of death PSOD. The vulnerability is due to insufficient validation of STUN protoco...

Cisco Nexus 1000V VSM/VEM Heartbeat Denial of Service Vulnerability

A vulnerability in the Cisco Nexus 1000V could allow an unauthenticated, remote attacker to cause a Virtual Supervisor Module VSM to report a Virtual Ethernet Module VEM as unavailable. The vulnerability is due to insufficient prioritization for VSM/VEM heartbeat messages. An attacker could explo...