Cisco Nexus 1000V Insufficient VSM/VEM Authentication Vulnerability

A vulnerability in the Cisco Nexus 1000V could allow an unauthenticated, remote attacker to obtain control over a Virtual Ethernet Module VEM and associated port groups. The vulnerability is due to insufficient authentication between a VEM and a Virtual Supervisor Module VSM. An attacker could...

Cisco IOS XR Software SNMP Denial of Service Vulnerability

A vulnerability in the SNMP process on Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a reload of the affected process and a limited memory leak that affects the process. The vulnerability is due to not freeing allocated memory. An attacker could exploit this...

Cisco Secure Access Control System Session Fixation Web Vulnerability

A vulnerability in the web interface of Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to acquire the session identifier of another user's session. The vulnerability is due to the lack of session identifier regeneration. An attacker could exploit this...

Cisco ACE Log Retention Denial of Service Vulnerability

A vulnerability in the SSL logging daemon of Cisco Application Control Engine ACE could allow an unauthenticated, remote attacker to cause a denial of service condition on the affected device. The vulnerability occurs because the Cisco ACE fails to rotate logs from SSL sessions, exhausting the ha...

Cisco Unified Communications Manager Authentication Denial of Service Vulnerability

A vulnerability in device authentication of Cisco Unified Communications Manager CUCM could allow an unauthenticated, remote attacker to impact application response. The vulnerability is due to incomplete throttling of authentication requests. An attacker could exploit this vulnerability by sendi...

Cisco WebEx Social Client-Side Restriction Bypass Attribute Change Vulnerability

A vulnerability in the user management page of WebEx Social could allow an authenticated, remote attacker to inject arbitrary values into the Screen Name, Email Address, First Name, Middle Name, Last Name, and Job Title fields. The vulnerability is due to insufficient server-side validation of...

Cisco TelePresence Supervisor MSE 8050 Denial of Service Vulnerability

Cisco TelePresence Supervisor MSE 8050 contains a vulnerability that may allow an unauthenticated, remote attacker to cause high CPU utilization and a reload of the affected system. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability a...

Cisco Unified Presence Memory Exhaustion Vulnerability

A vulnerability in the web framework of Cisco Unified Presence could allow an unauthenticated, remote attacker to cause an increase in memory utilization. The vulnerability is due to improper handling of memory allocation when the affected system is flooded with malformed TCP packets. An attacker...

Multiple Vulnerabilities in Cisco Unified Customer Voice Portal Software

Cisco Unified Customer Voice Portal Software Unified CVP contains multiple vulnerabilities. Various components of Cisco Unified CVP are affected; see the "Details" section for more information on the vulnerabilities. These vulnerabilities can be exploited independently; however, more than one...

Cisco ISM Malformed Authentication Header Packet Denial of Service Vulnerability

A vulnerability in authentication header packets processing on the Cisco ISM module for ISR G2 could allow an authenticated, remote attacker to cause a reload of the affected module. The vulnerability is due to improper processing of malformed authentication header packets. An attacker could...

Cisco Wireless LAN Controller Telnet Denial of Service Vulnerability

A vulnerability in Cisco Wireless LAN Controller Software could allow an unauthenticated, remote attacker to create a denial of service DoS condition for remote login Telnet sessions. The vulnerability is due to improper cleanup of incorrectly terminated remote login sessions. An exploit could...

Multiple Cisco WebEx Products Cache Directory Read Vulnerability

A vulnerability in multiple Cisco WebEx products could allow an unauthenticated, remote attacker to read files from the cache directory. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by passing a crafted HTTP request to a WebEx node and re...

Cisco IOS XR Software Crafted SNMP Packets Denial of Service Vulnerability

A vulnerability in the SNMP module of Cisco IOS XR Software could allow an authenticated, remote attacker to cause the SNMP process to restart. The vulnerability is due to improper processing of crafted SNMP packets. An attacker could exploit this vulnerability by sending crafted SNMP packets to...

Cisco Prime Central for Hosted Collaboration Solution Directory Traversal Vulnerability

A vulnerability in Cisco Prime Central for Hosted Collaboration Solution could allow an unauthenticated, remote attacker to view system files. The vulnerability is due to insufficient path traversal prevention. An attacker could exploit this vulnerability by submitting a crafted URL. An exploit...

Cisco TelePresence Management Suite SNMP Denial of Service Vulnerability

A vulnerability in the 64-bit SNMP server of Cisco TelePresence Management Suite TMS could allow an unauthenticated, remote attacker to terminate the TMSSNMPService.exe process. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by sending SNMP tra...

Cisco Nexus 7000 Frame Forwarding Loop Denial of Service Vulnerability

Cisco NX-OS Software running on Nexus 7000 Series Switches contains a vulnerability that could allow an unauthenticated, remote attacker with access to an adjacent network to cause a denial of service DoS condition. The vulnerability is due to mishandling of a specific type of nonstandard Etherne...

Cisco IPS SensorApp Regex Processing Denial of Service Vulnerability

Cisco Intrusion Prevention System IPS SensorApp contains a vulnerability that could allow a local attacker to cause a denial of service DoS condition. The vulnerability is due to a job failure in the Regex hardware when processing the control transaction getENGVirtualSensorStatistics. A local...

Cisco Unified Computing System Central Software DOM-Based Cross-Site Scripting Vulnerability

Cisco Unified Computing System Central Software contains a vulnerability that could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability exists because the affected software fails to perform sufficient validation and sanitation of user-supplied inpu...

Cisco IOS XR Software SNMP Memory Leak Vulnerability

A vulnerability in the SNMP module of Cisco IOS XR could allow an authenticated, remote attacker to trigger a memory leak in the SNMP process. The vulnerability is due to insufficient checking of data input. An attacker could exploit this vulnerability by sending crafted SNMP packets to the devic...

Cisco ASA Software Easy VPN Privilege Escalation Vulnerability

A vulnerability in the Easy VPN feature of Cisco ASA Software running on Cisco ASA 5505 hardware could allow an authenticated, local attacker to elevate their privileges on the device running Cisco ASA Software. The vulnerability is due to a mishandling of privilege levels, which are temporarily...

Cisco Device Manager Command Execution Vulnerability

Cisco Device Manager contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary commands on a client host with the privileges of the user. This vulnerability affects Cisco Device Manager for the Cisco MDS 9000 Family and Cisco Nexus 5000 Series Switches whe...

Multiple Vulnerabilities in Cisco NX-OS-Based Products

Cisco Nexus, Cisco Unified Computing System UCS, Cisco MDS 9000 Series Multilayer Switches, and Cisco 1000 Series Connected Grid Routers CGR are all based on the Cisco NX-OS operating system. These products are affected by one or more of the following vulnerabilities: Multiple Cisco Discovery...

Multiple Vulnerabilities in Cisco Unified Computing System

Managed and standalone Cisco Unified Computing System UCS deployments contain one or more of the vulnerabilities: Cisco Unified Computing System LDAP User Authentication Bypass Vulnerability Cisco Unified Computing System IPMI Buffer Overflow Vulnerability Cisco Unified Computing Management API...

Cisco Adaptive Security Appliance Software and Firewall Services Module Software Time-Range Object Access List Bypass Vulnerability

A vulnerability in the implementation of the time-range object could allow an unauthenticated, remote attacker to bypass access lists that are using the time-range option. The vulnerability is due to improper implementation of the code for the time-range object, when the periodic command is used...

Cisco Unified Contact Center Express Editor Information Disclosure Vulnerability

A vulnerability in the scripts editor software of the Cisco Unified Contact Center Express Cisco Unified CCX could allow an unauthenticated, remote attacker to have read access to scripts that are stored in the Cisco Unified CCX scripts repository. The vulnerability is due to improper privilege...

Cisco ASA Software VPN Group Enumeration Vulnerability

A vulnerability in the Internet Security Association and Key Management Protocol ISAKMP implementation in Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to enumerate remote access VPN groups configured in a Cisco ASA device. The vulnerability is due...

Cisco ASA Clientless SSL VPN CIFS Denial of Service Vulnerability

A vulnerability in the implementation of the rewriter module of the Cisco Adaptive Security Appliance ASA Clientless SSL VPN could allow an authenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to a race condition while accessing resources via the Commo...

Cisco TelePresence Infrastructure Denial of Service Vulnerability

Cisco TelePresence multipoint control unit MCU and Cisco TelePresence Server contain a vulnerability that could allow an unauthenticated, remote attacker to trigger the reload of an affected system. Cisco has released software updates that address this vulnerability. Workarounds that mitigate thi...

Cisco Network Admission Control Manager SQL Injection Vulnerability

Cisco Network Admission Control NAC Manager contains a vulnerability that could allow an unauthenticated remote attacker to execute arbitrary code and take full control of the vulnerable system. A successful attack could allow an unauthenticated attacker to access, create or modify any informatio...

Cisco Unified Presence XMPP Denial of Service Vulnerability

The XML parser of Cisco Unified Presence contains a vulnerability that could allow an authenticated, remote attacker to trigger a crash of the jabberd process, causing a denial of service condition. The vulnerability is due to insufficient validation of crafted XML in Extensible Messaging and...

Multiple Vulnerabilities in Cisco IOS XE Software for 1000 Series Aggregation Services Routers

Cisco IOS XE Software for 1000 Series Aggregation Services Routers ASR contains the following denial of service DoS vulnerabilities: Cisco IOS XE Software IPv6 Multicast Traffic Denial of Service Vulnerability Cisco IOS XE Software MVPNv6 Traffic Denial of Service Vulnerability Cisco IOS XE...

Cisco Jabber Extensible Communications Platform Connection Manager Vulnerability

A vulnerability in the Connection Manager component of Cisco Jabber Extensible Communications Platform Jabber XCP could allow an unauthenticated, remote attacker to crash the login connection manager service. The vulnerability is due to insufficient checking of received login data. An attacker...

Cisco Adaptive Security Appliance Software and Firewall Services Module Software Secure Shell Denial of Service Vulnerability

A vulnerability in the implementation of the Secure Shell SSH function could allow an unauthenticated, remote attacker to deny SSH management access to legitimate users. The vulnerability is due to improper implementation of the logic to terminate SSH sessions. An attacker could exploit this...

Cisco uBR10000 Series IPv4/IPv6 Dual Stack Vulnerability

Cisco uBR10000 Series Universal Broadband Routers contain a vulnerability that could allow an unauthenticated, adjacent attacker to trigger the reload of the routing engine on the affected device. An attacker could exploit this vulnerability by manipulating IPv4 and IPv6 address assignments on a...

Cisco Host Scan Component of AnyConnect Secure Mobility and Secure Desktop Privilege Elevation Vulnerability

The Cisco Host Scan component of Cisco AnyConnect Secure Mobility and Cisco Secure Desktop contains multiple vulnerabilities that could allow a local, unprivileged user to elevate privileges to those of SYSTEM. Cisco has confirmed the vulnerability in a security notice and software updates are...

Cisco Host Scan Component of AnyConnect Secure Mobility and Secure Desktop Heap Overflow Vulnerability

The Cisco Host Scan component of Cisco AnyConnect Secure Mobility and Cisco Secure Desktop contains a heap overflow vulnerability that could allow a local, unprivileged user to elevate its privileges to those of SYSTEM. Cisco has confirmed the vulnerability in a security notice and software updat...

Multiple Vulnerabilities in Cisco Unified MeetingPlace Solution

Cisco Unified MeetingPlace Application Server contains an authentication bypass vulnerability and Cisco Unified MeetingPlace Web Conferencing Server contains an arbitrary login vulnerability. For both vulnerabilities, successful exploitation could allow an unauthenticated, remote attacker to...

Multiple Vulnerabilities in Cisco ASA Software

Cisco ASA Software is affected by the following vulnerabilities: IKE Version 1 Denial of Service Vulnerability Crafted URL Denial of Service Vulnerability Denial of Service During Validation of Crafted Certificates DNS Inspection Denial of Service Vulnerability These vulnerabilities are independe...

Multiple Vulnerabilities in Cisco Firewall Services Module Software

Cisco Firewall Services Module FWSM Software for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers is affected by the following vulnerabilities: FWSM HTTP Proxy Traceback Vulnerability IKE Version 1 Denial of Service Vulnerability These vulnerabilities are independent of each othe...

Cisco Prime Network Control Systems Database Default Credentials Vulnerability

Cisco Prime Network Control System NCS appliances that are running software versions prior to 1.1.2 contain a database user account that is created with default credentials. An attacker could use this account to modify the configuration of the application or disrupt services. Cisco has released...

Cisco Tivoli Business Service Manager Denial of Service Vulnerability

Cisco Tivoli Business Service Manager TBSM, which is part of Cisco Hosted Collaboration Mediation HCM, contains a vulnerability that could allow an unauthenticated, remote attacker to cause a partial denial of service DoS. An attacker could exploit this vulnerability by sending a flood of TCP...

Cisco Connected Grid Network Management System SQL Injection Vulnerabilities

A vulnerability in device management of the Cisco Connected Grid Network Management System CG-NMS could allow an unauthenticated, remote attacker to modify data in the CG-NMS database by using SQL injection. The vulnerability is due to insufficient input validation. An attacker could exploit this...

Cisco Connected Grid Network Management System Cross-Site Scripting Vulnerabilities

Cisco Connected Grid Network Management System CG-NMS contains multiple vulnerabilities that could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. Cisco Connected Grid Network Management System is susceptible to cross-site scripting XSS vulnerabilities in the...

Cisco IOS Software Network Address Translation Denial of Service Vulnerability

Cisco IOS Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a reload of a vulnerable device. The vulnerability is due to improper translation of valid Session Initiation Protocol SIP packets across a Network Address Translation NAT boundary. An attack...

Cisco IOS Software Zone-Based Policy Firewall Session Initiation Protocol Inspection Denial of Service Vulnerability

Cisco IOS Software contains a memory leak vulnerability that could be triggered through the processing of malformed Session Initiation Protocol SIP messages. Exploitation of this vulnerability could cause an interruption of services. Only devices that are configured for SIP inspection are affecte...

Cisco IOS Software Resource Reservation Protocol Denial of Service Vulnerability

The Resource Reservation Protocol RSVP feature in Cisco IOS Software and Cisco IOS XE Software contains a vulnerability when used on a device that has Multiprotocol Label Switching with Traffic Engineering MPLS-TE enabled. Successful exploitation of the vulnerability could allow an unauthenticate...

Cisco IOS Software Smart Install Denial of Service Vulnerability

The Smart Install client feature in Cisco IOS Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. Affected devices that are configured as Smart Install clients are vulnerable. Cisco has released...

Cisco IOS Software Network Address Translation Vulnerability

The Cisco IOS Software implementation of the virtual routing and forwarding VRF aware network address translation NAT feature contains a vulnerability when translating IP packets that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. Cisco has released...

Cisco IOS Software IP Service Level Agreement Vulnerability

The Cisco IOS Software implementation of the IP Service Level Agreement IP SLA feature contains a vulnerability in the validation of IP SLA packets that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. Cisco has released software updates that address thi...

Cisco IOS Software Protocol Translation Vulnerability

The Cisco IOS Software Protocol Translation PT feature contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are...