Cisco IOS Software Protocol Translation Vulnerability

The Cisco IOS Software Protocol Translation PT feature contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are...

Cisco IOS Software IP Service Level Agreement Vulnerability

The Cisco IOS Software implementation of the IP Service Level Agreement IP SLA feature contains a vulnerability in the validation of IP SLA packets that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. Cisco has released software updates that address thi...

Cisco IOS Software Zone-Based Policy Firewall Session Initiation Protocol Inspection Denial of Service Vulnerability

Cisco IOS Software contains a memory leak vulnerability that could be triggered through the processing of malformed Session Initiation Protocol SIP messages. Exploitation of this vulnerability could cause an interruption of services. Only devices that are configured for SIP inspection are affecte...

Cisco IOS Software Internet Key Exchange Vulnerability

The Cisco IOS Software Internet Key Exchange IKE feature contains a denial of service DoS vulnerability. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link:...

Cisco IOS Software Resource Reservation Protocol Denial of Service Vulnerability

The Resource Reservation Protocol RSVP feature in Cisco IOS Software and Cisco IOS XE Software contains a vulnerability when used on a device that has Multiprotocol Label Switching with Traffic Engineering MPLS-TE enabled. Successful exploitation of the vulnerability could allow an unauthenticate...

Cisco IOS Software Network Address Translation Vulnerability

The Cisco IOS Software implementation of the virtual routing and forwarding VRF aware network address translation NAT feature contains a vulnerability when translating IP packets that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. Cisco has released...

Cisco IOS Software Smart Install Denial of Service Vulnerability

The Smart Install client feature in Cisco IOS Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. Affected devices that are configured as Smart Install clients are vulnerable. Cisco has released...

Cisco Jabber IM for Android Denial of Service Vulnerability

A vulnerability in the XML parser of Cisco Jabber IM for Android could allow an authenticated, remote attacker to prevent the client to connect, causing a denial of service condition. The vulnerability is due to insufficient validation of crafted Extensible Messaging and Presence Protocol XMPP...

Cisco IOS and Cisco IOS XE Type 4 Passwords Issue

This is the Cisco response to research performed by Mr. Philipp Schmidt and Mr. Jens Steube from the Hashcat Project "http://hashcat.net/oclhashcat-plus/" on the weakness of Type 4 passwords on Cisco IOS and Cisco IOS XE devices. Mr. Schmidt and Mr. Steube reported this issue to the Cisco PSIRT o...

Cisco Prime Infrastructure Cross-Site Request Forgery Vulnerability

A vulnerability in the web interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against the user of the web interface. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this...

Cisco Small Business Switches SSH Packet Processing Denial of Service Vulnerability

Cisco Small Business Switches contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition to features that rely on SSH or SSL protocols. The vulnerability is due to the processing flaw in malformed packets in the code used by SSH and SSL...

Cisco MARS Information Disclosure Vulnerability

A vulnerability in the configuration of the XML parser of the Cisco Security Monitoring, Analysis and Response System MARS could allow an unauthenticated, remote attacker to have "read" access to part of information stored in the affected system. The vulnerability is due to improper handling of X...

Cisco Unified Communications Manager Multiple Denial of Service Vulnerabilities

Cisco Unified Communications Manager contains two vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. Exploitation of these vulnerabilities could cause an interruption of voice services. Cisco has released software updates that address...

Cisco Prime Central for Hosted Collaboration Solution Assurance Excessive CPU Utilization Vulnerability

Cisco Prime Central for Hosted Collaboration Solution HCS Assurance contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. Exploitation of this vulnerability could interrupt the monitoring of voice services. Cisco has released...

Cisco Unified Presence Server Denial of Service Vulnerability

Cisco Unified Presence Server CUPS contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. Cisco has released software updates that address this vulnerability. A workaround is available to mitigate this...

Cisco Adaptive Security Appliance Xlates Table Exhaustion Vulnerability

Cisco Adaptive Security Appliance ASA Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to the improper implementation of the Network Address Translation NAT process by the affected software...

Multiple Cisco Products Root Shell Access Vulnerability

Multiple Cisco products contain a vulnerability that could allow a local attacker to gain shell access with root privileges. The vulnerability is due to incorrect validation of user-supplied input processed by the command-line interface CLI on Cisco products running the affected software. A local...

Cisco Unity Connection Memory Leak Denial of Service Vulnerability

Cisco Unity Connection contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to the improper handling of user-supplied requests by the affected software. An unauthenticated, remote attacker could exploit...

Cisco Small Business Wireless Access Points SSID Validation Vulnerability

Cisco Small Business Wireless Access Points contain a vulnerability that could allow an unauthenticated, adjacent attacker cause a denial of service DoS condition. The vulnerability is due to improper validation of the Service Set Identifier SSID when the affected product is performing a "site...

Cisco Unified MeetingPlace Server Cross-Site Scripting Vulnerability

Cisco Unified MeetingPlace Server contains a vulnerability that could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to insufficient sanitization of user-supplied input processed by the Cisco Unified MeetingPlace software. An...

Cisco Unified MeetingPlace Server Cross-Site Request Forgery Vulnerability

Cisco Unified MeetingPlace Server contains a vulnerability that could allow an unauthenticated, remote attacker to conduct cross-site request forgery attacks. The vulnerability is due to insufficient sanitization of user-supplied input processed by the Cisco Unified MeetingPlace software. An...

Cisco NAC Appliance Cross-Site Scripting Vulnerability

Cisco NAC Appliance contains a vulnerability that could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to insufficient validation of user-supplied input processed by the affected software. An unauthenticated, remote attacker could explo...

Cisco Nexus 7000 M1-Series Modules Crafted Packet Vulnerability

Cisco Nexus 7000 M1-Series Modules contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to incorrect handling of crafted packets processed by the affected software. An unauthenticated, remote attacker cou...

Cisco ATA 187 Analog Telephone Adaptor Remote Access Vulnerability

Cisco ATA 187 Analog Telephone Adaptor firmware versions 9.2.1.0 and 9.2.3.1 contain a vulnerability that could allow an unauthenticated, remote attacker to access the operating system of the affected device. Cisco has released software updates that address this vulnerability. Workarounds that...

Cisco Unity Express Cross-Site Scripting Vulnerabilities

Cisco Unity Express contains multiple vulnerabilities that could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerabilities are due to insufficient sanitization of user-supplied input processed by the Cisco Unity Express software. An unauthenticated,...

Cisco Unity Express Multiple Cross-Site Request Forgery Vulnerabilities

Cisco Unity Express contains multiple vulnerabilities that could allow an unauthenticated, remote attacker to conduct cross-site request forgery attacks. The vulnerabilities are due to insufficient sanitization of user-supplied input processed by the Cisco Unity Express software. An...

Portable SDK for UPnP Devices Contains Buffer Overflow Vulnerabilities

The Portable Software Developer Kit SDK for Universal Plug-n-Play UPnP Devices contains a libupnp library, originally known as the Intel SDK for UPnP Devices, which is vulnerable to multiple stack-based buffer overflows when handling malicious Simple Service Discovery Protocol SSDP requests. This...

Cisco Carrier Routing System Small Packets Denial of Service Vulnerability

Cisco Carrier Routing System CRS contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on a targeted system. The vulnerability is due to the improper handling of malformed packets processed by the affected software. An...

Cisco Wireless LAN Controllers Wireless Intrusion Prevention System Denial of Service Vulnerability

Cisco Wireless LAN Controllers WLC Wireless Intrusion Prevention System wIPS contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to improper handling of crafted IP packets by the wIPS software component...

Multiple Vulnerabilities in Cisco Wireless LAN Controllers

The Cisco Wireless LAN Controller Cisco WLC product family is affected by the following four vulnerabilities: Cisco Wireless LAN Controllers Wireless Intrusion Prevention System wIPS Denial of Service Vulnerability Cisco Wireless LAN Controllers Session Initiation Protocol Denial of Service...

Cisco TelePresence Video Communication Server Policy Services Security Bypass Vulnerability

Cisco TelePresence Video Communication Server VCS contains a vulnerability that could allow an unauthenticated, remote attacker to bypass security restrictions on a targeted system. The vulnerability is due to improper processing of certain search rules processed by the affected software. An...

Cisco VPN Client Denial of Service Vulnerability

Cisco VPN Client contains a vulnerability that could allow an authenticated, local attacker to cause a denial of service DoS condition on a targeted system. The vulnerability is due to improper interaction between the VPN driver and the operating system kernel on a device running the vulnerable...

Cisco ASA 1000V Cloud Firewall H.323 Inspection Denial of Service Vulnerability

A vulnerability in Cisco Adaptive Security Appliance ASA Software for the Cisco ASA 1000V Cloud Firewall may cause the Cisco ASA 1000V to reload after processing a malformed H.323 message. Cisco ASA 1000V Cloud Firewall is affected when H.323 inspection is enabled. Cisco has released software...

Cisco Unified IP Phones Local Kernel System Call Input Validation Vulnerability

Cisco Unified IP Phones 7900 Series versions 9.31SR1 and prior contain an arbitrary code execution vulnerability that could allow a local attacker to execute code or modify arbitrary memory with elevated privileges. This vulnerability is due to a failure to properly validate input passed to kerne...

Cisco Unified IP Phone Local Kernel System Call Input Validation Vulnerability

Cisco Unified IP Phones 7900 Series versions 9.31SR1 and prior contain an arbitrary code execution vulnerability that could allow a local attacker to execute code or modify arbitrary memory with elevated privileges. This vulnerability is due to a failure to properly validate input passed to kerne...

Cisco Prime LAN Management Solution Command Execution Vulnerability

Cisco Prime LAN Management Solution LMS Virtual Appliance contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary commands with the privileges of the root user. The vulnerability is due to improper validation of authentication and authorization commands...

Cisco Wireless LAN Controller Software Form Post Denial of Service Vulnerability

Cisco Wireless LAN Controller Software contains a vulnerability that could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient validation of user-supplied input to the affected software. An authenticated, remote attacker cou...

Cisco Wireless LAN Controller Cross-Site Request Forgery Vulnerability

Cisco Wireless LAN Controller WLC Software contains a vulnerability that could allow an unauthenticated, remote attacker to conduct cross-site request forgery attacks on a targeted system. The vulnerability is due to insufficient sanitization of user-supplied input processed by the WLC management...

Cisco IronPort Appliances Sophos Anti-Virus Vulnerabilities

Cisco IronPort Email Security Appliances ESA and Cisco IronPort Web Security Appliances WSA include versions of Sophos Anti-Virus that contain multiple vulnerabilities that could allow an unauthenticated, remote attacker to gain control of the system, escalate privileges, or cause a...

Cisco Secure Access Control System TACACS+ Authentication Bypass Vulnerability

Cisco Secure Access Control System ACS contains a vulnerability that could allow an unauthenticated, remote attacker to bypass TACACS+ based authentication services offered by the affected application. The vulnerability is due to improper validation of user-supplied input processed by the affecte...

Cisco Nexus 1000V Series Switch Software Release 4.2(1)SV1(5.2) Virtual Security Gateway Bypass Issue

The Cisco Product Security Incident Response Team PSIRT would like to notify customers of an issue that may impact their network security posture when upgrading the Cisco Nexus 1000V Series Switches to Software Release 4.21SV15.2 with deployments that have Cisco Virtual Security Gateway VSG...

Cisco Secure Access Control System TACACS+ Authentication Bypass Vulnerability

Cisco Secure Access Control System ACS contains a vulnerability that could allow an unauthenticated, remote attacker to bypass TACACS+ based authentication service offered by the affected product. The vulnerability is due to improper validation of the user-supplied password when TACACS+ is the...

Cisco Unified MeetingPlace Web Conferencing SQL Injection Vulnerability

Cisco Unified MeetingPlace Web Conferencing contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a SQL injection attack. The vulnerability is due to insufficient validation of user-supplied input to an HTTP POST method. An unauthenticated, remote attacker could...

Multiple Vulnerabilities in Cisco Unified MeetingPlace Web Conferencing

Cisco Unified MeetingPlace Web Conferencing is affected by two vulnerabilities: Cisco Unified MeetingPlace Web Conferencing SQL Injection Vulnerability Cisco Unified MeetingPlace Web Conferencing Buffer Overrun Vulnerability Exploitation of the Cisco Unified MeetingPlace Web Conferencing SQL...

Cisco Prime Data Center Network Manager Remote Command Execution Vulnerability

Cisco Prime Data Center Network Manager DCNM contains a remote command execution vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary commands on the computer that is running the Cisco Prime DCNM application. Cisco has released software updates that address this...

Multiple Vulnerabilities in the Cisco WebEx Recording Format Player

The Cisco WebEx Recording Format WRF player contains six buffer overflow vulnerabilities. In some cases, exploitation of the vulnerabilities could allow a remote attacker to execute arbitrary code on the system with the privileges of a targeted user. The Cisco WebEx WRF Player is an application...

Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module

Cisco ASA 5500 Series Adaptive Security Appliances ASA and Cisco Catalyst 6500 Series ASA Services Module ASASM may be affected by the following vulnerabilities: DHCP Memory Allocation Denial of Service Vulnerability SSL VPN Authentication Denial of Service Vulnerability SIP Inspection Media Upda...

Multiple Vulnerabilities in Cisco Firewall Services Module

The Cisco Firewall Services Module FWSM for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers is affected by the following vulnerabilities: DCERPC Inspection Buffer Overflow Vulnerability DCERPC Inspection Denial Of Service Vulnerabilities These vulnerabilities are not...

Cisco IOS SSL VPN Denial of Service Vulnerability

Cisco IOS Software contains a vulnerability that could allow an authenticated, remote attacker to cause a denial of service DoS condition on a targeted system. The vulnerability is due to an error in the SSL VPN component of the affected software. An authenticated, remote attacker could exploit...

Cisco IOS Software Network Address Translation Vulnerabilities

The Cisco IOS Software Network Address Translation NAT feature contains two denial of service DoS vulnerabilities in the translation of IP packets. The vulnerabilities are caused when packets in transit on the vulnerable device require translation. Cisco has released software updates that address...