5218 matches found
Cisco IOS Software Internet Key Exchange Vulnerability
The Cisco IOS Software Internet Key Exchange IKE feature contains a denial of service DoS vulnerability. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link:...
Cisco Jabber IM for Android Denial of Service Vulnerability
A vulnerability in the XML parser of Cisco Jabber IM for Android could allow an authenticated, remote attacker to prevent the client to connect, causing a denial of service condition. The vulnerability is due to insufficient validation of crafted Extensible Messaging and Presence Protocol XMPP...
Cisco IOS and Cisco IOS XE Type 4 Passwords Issue
This is the Cisco response to research performed by Mr. Philipp Schmidt and Mr. Jens Steube from the Hashcat Project "http://hashcat.net/oclhashcat-plus/" on the weakness of Type 4 passwords on Cisco IOS and Cisco IOS XE devices. Mr. Schmidt and Mr. Steube reported this issue to the Cisco PSIRT o...
Cisco Prime Infrastructure Cross-Site Request Forgery Vulnerability
A vulnerability in the web interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against the user of the web interface. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this...
Cisco Small Business Switches SSH Packet Processing Denial of Service Vulnerability
Cisco Small Business Switches contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition to features that rely on SSH or SSL protocols. The vulnerability is due to the processing flaw in malformed packets in the code used by SSH and SSL...
Cisco MARS Information Disclosure Vulnerability
A vulnerability in the configuration of the XML parser of the Cisco Security Monitoring, Analysis and Response System MARS could allow an unauthenticated, remote attacker to have "read" access to part of information stored in the affected system. The vulnerability is due to improper handling of X...
Cisco Unified Communications Manager Multiple Denial of Service Vulnerabilities
Cisco Unified Communications Manager contains two vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. Exploitation of these vulnerabilities could cause an interruption of voice services. Cisco has released software updates that address...
Cisco Prime Central for Hosted Collaboration Solution Assurance Excessive CPU Utilization Vulnerability
Cisco Prime Central for Hosted Collaboration Solution HCS Assurance contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. Exploitation of this vulnerability could interrupt the monitoring of voice services. Cisco has released...
Cisco Unified Presence Server Denial of Service Vulnerability
Cisco Unified Presence Server CUPS contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. Cisco has released software updates that address this vulnerability. A workaround is available to mitigate this...
Cisco Adaptive Security Appliance Xlates Table Exhaustion Vulnerability
Cisco Adaptive Security Appliance ASA Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to the improper implementation of the Network Address Translation NAT process by the affected software...
Multiple Cisco Products Root Shell Access Vulnerability
Multiple Cisco products contain a vulnerability that could allow a local attacker to gain shell access with root privileges. The vulnerability is due to incorrect validation of user-supplied input processed by the command-line interface CLI on Cisco products running the affected software. A local...
Cisco Unity Connection Memory Leak Denial of Service Vulnerability
Cisco Unity Connection contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to the improper handling of user-supplied requests by the affected software. An unauthenticated, remote attacker could exploit...
Cisco Small Business Wireless Access Points SSID Validation Vulnerability
Cisco Small Business Wireless Access Points contain a vulnerability that could allow an unauthenticated, adjacent attacker cause a denial of service DoS condition. The vulnerability is due to improper validation of the Service Set Identifier SSID when the affected product is performing a "site...
Cisco Unified MeetingPlace Server Cross-Site Scripting Vulnerability
Cisco Unified MeetingPlace Server contains a vulnerability that could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to insufficient sanitization of user-supplied input processed by the Cisco Unified MeetingPlace software. An...
Cisco Unified MeetingPlace Server Cross-Site Request Forgery Vulnerability
Cisco Unified MeetingPlace Server contains a vulnerability that could allow an unauthenticated, remote attacker to conduct cross-site request forgery attacks. The vulnerability is due to insufficient sanitization of user-supplied input processed by the Cisco Unified MeetingPlace software. An...
Cisco NAC Appliance Cross-Site Scripting Vulnerability
Cisco NAC Appliance contains a vulnerability that could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to insufficient validation of user-supplied input processed by the affected software. An unauthenticated, remote attacker could explo...
Cisco Nexus 7000 M1-Series Modules Crafted Packet Vulnerability
Cisco Nexus 7000 M1-Series Modules contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to incorrect handling of crafted packets processed by the affected software. An unauthenticated, remote attacker cou...
Cisco ATA 187 Analog Telephone Adaptor Remote Access Vulnerability
Cisco ATA 187 Analog Telephone Adaptor firmware versions 9.2.1.0 and 9.2.3.1 contain a vulnerability that could allow an unauthenticated, remote attacker to access the operating system of the affected device. Cisco has released software updates that address this vulnerability. Workarounds that...
Cisco Unity Express Cross-Site Scripting Vulnerabilities
Cisco Unity Express contains multiple vulnerabilities that could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerabilities are due to insufficient sanitization of user-supplied input processed by the Cisco Unity Express software. An unauthenticated,...
Cisco Unity Express Multiple Cross-Site Request Forgery Vulnerabilities
Cisco Unity Express contains multiple vulnerabilities that could allow an unauthenticated, remote attacker to conduct cross-site request forgery attacks. The vulnerabilities are due to insufficient sanitization of user-supplied input processed by the Cisco Unity Express software. An...
Portable SDK for UPnP Devices Contains Buffer Overflow Vulnerabilities
The Portable Software Developer Kit SDK for Universal Plug-n-Play UPnP Devices contains a libupnp library, originally known as the Intel SDK for UPnP Devices, which is vulnerable to multiple stack-based buffer overflows when handling malicious Simple Service Discovery Protocol SSDP requests. This...
Cisco Carrier Routing System Small Packets Denial of Service Vulnerability
Cisco Carrier Routing System CRS contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on a targeted system. The vulnerability is due to the improper handling of malformed packets processed by the affected software. An...
Cisco Wireless LAN Controllers Wireless Intrusion Prevention System Denial of Service Vulnerability
Cisco Wireless LAN Controllers WLC Wireless Intrusion Prevention System wIPS contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to improper handling of crafted IP packets by the wIPS software component...
Multiple Vulnerabilities in Cisco Wireless LAN Controllers
The Cisco Wireless LAN Controller Cisco WLC product family is affected by the following four vulnerabilities: Cisco Wireless LAN Controllers Wireless Intrusion Prevention System wIPS Denial of Service Vulnerability Cisco Wireless LAN Controllers Session Initiation Protocol Denial of Service...
Cisco TelePresence Video Communication Server Policy Services Security Bypass Vulnerability
Cisco TelePresence Video Communication Server VCS contains a vulnerability that could allow an unauthenticated, remote attacker to bypass security restrictions on a targeted system. The vulnerability is due to improper processing of certain search rules processed by the affected software. An...
Cisco VPN Client Denial of Service Vulnerability
Cisco VPN Client contains a vulnerability that could allow an authenticated, local attacker to cause a denial of service DoS condition on a targeted system. The vulnerability is due to improper interaction between the VPN driver and the operating system kernel on a device running the vulnerable...
Cisco ASA 1000V Cloud Firewall H.323 Inspection Denial of Service Vulnerability
A vulnerability in Cisco Adaptive Security Appliance ASA Software for the Cisco ASA 1000V Cloud Firewall may cause the Cisco ASA 1000V to reload after processing a malformed H.323 message. Cisco ASA 1000V Cloud Firewall is affected when H.323 inspection is enabled. Cisco has released software...
Cisco Unified IP Phones Local Kernel System Call Input Validation Vulnerability
Cisco Unified IP Phones 7900 Series versions 9.31SR1 and prior contain an arbitrary code execution vulnerability that could allow a local attacker to execute code or modify arbitrary memory with elevated privileges. This vulnerability is due to a failure to properly validate input passed to kerne...
Cisco Unified IP Phone Local Kernel System Call Input Validation Vulnerability
Cisco Unified IP Phones 7900 Series versions 9.31SR1 and prior contain an arbitrary code execution vulnerability that could allow a local attacker to execute code or modify arbitrary memory with elevated privileges. This vulnerability is due to a failure to properly validate input passed to kerne...
Cisco Prime LAN Management Solution Command Execution Vulnerability
Cisco Prime LAN Management Solution LMS Virtual Appliance contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary commands with the privileges of the root user. The vulnerability is due to improper validation of authentication and authorization commands...
Cisco Wireless LAN Controller Software Form Post Denial of Service Vulnerability
Cisco Wireless LAN Controller Software contains a vulnerability that could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient validation of user-supplied input to the affected software. An authenticated, remote attacker cou...
Cisco Wireless LAN Controller Cross-Site Request Forgery Vulnerability
Cisco Wireless LAN Controller WLC Software contains a vulnerability that could allow an unauthenticated, remote attacker to conduct cross-site request forgery attacks on a targeted system. The vulnerability is due to insufficient sanitization of user-supplied input processed by the WLC management...
Cisco IronPort Appliances Sophos Anti-Virus Vulnerabilities
Cisco IronPort Email Security Appliances ESA and Cisco IronPort Web Security Appliances WSA include versions of Sophos Anti-Virus that contain multiple vulnerabilities that could allow an unauthenticated, remote attacker to gain control of the system, escalate privileges, or cause a...
Cisco Secure Access Control System TACACS+ Authentication Bypass Vulnerability
Cisco Secure Access Control System ACS contains a vulnerability that could allow an unauthenticated, remote attacker to bypass TACACS+ based authentication services offered by the affected application. The vulnerability is due to improper validation of user-supplied input processed by the affecte...
Cisco Nexus 1000V Series Switch Software Release 4.2(1)SV1(5.2) Virtual Security Gateway Bypass Issue
The Cisco Product Security Incident Response Team PSIRT would like to notify customers of an issue that may impact their network security posture when upgrading the Cisco Nexus 1000V Series Switches to Software Release 4.21SV15.2 with deployments that have Cisco Virtual Security Gateway VSG...
Cisco Secure Access Control System TACACS+ Authentication Bypass Vulnerability
Cisco Secure Access Control System ACS contains a vulnerability that could allow an unauthenticated, remote attacker to bypass TACACS+ based authentication service offered by the affected product. The vulnerability is due to improper validation of the user-supplied password when TACACS+ is the...
Cisco Unified MeetingPlace Web Conferencing SQL Injection Vulnerability
Cisco Unified MeetingPlace Web Conferencing contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a SQL injection attack. The vulnerability is due to insufficient validation of user-supplied input to an HTTP POST method. An unauthenticated, remote attacker could...
Multiple Vulnerabilities in Cisco Unified MeetingPlace Web Conferencing
Cisco Unified MeetingPlace Web Conferencing is affected by two vulnerabilities: Cisco Unified MeetingPlace Web Conferencing SQL Injection Vulnerability Cisco Unified MeetingPlace Web Conferencing Buffer Overrun Vulnerability Exploitation of the Cisco Unified MeetingPlace Web Conferencing SQL...
Cisco Prime Data Center Network Manager Remote Command Execution Vulnerability
Cisco Prime Data Center Network Manager DCNM contains a remote command execution vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary commands on the computer that is running the Cisco Prime DCNM application. Cisco has released software updates that address this...
Multiple Vulnerabilities in Cisco Firewall Services Module
The Cisco Firewall Services Module FWSM for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers is affected by the following vulnerabilities: DCERPC Inspection Buffer Overflow Vulnerability DCERPC Inspection Denial Of Service Vulnerabilities These vulnerabilities are not...
Multiple Vulnerabilities in the Cisco WebEx Recording Format Player
The Cisco WebEx Recording Format WRF player contains six buffer overflow vulnerabilities. In some cases, exploitation of the vulnerabilities could allow a remote attacker to execute arbitrary code on the system with the privileges of a targeted user. The Cisco WebEx WRF Player is an application...
Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module
Cisco ASA 5500 Series Adaptive Security Appliances ASA and Cisco Catalyst 6500 Series ASA Services Module ASASM may be affected by the following vulnerabilities: DHCP Memory Allocation Denial of Service Vulnerability SSL VPN Authentication Denial of Service Vulnerability SIP Inspection Media Upda...
Cisco IOS SSL VPN Denial of Service Vulnerability
Cisco IOS Software contains a vulnerability that could allow an authenticated, remote attacker to cause a denial of service DoS condition on a targeted system. The vulnerability is due to an error in the SSL VPN component of the affected software. An authenticated, remote attacker could exploit...
Cisco IOS Software Intrusion Prevention System Denial of Service Vulnerability
Cisco IOS Software contains a vulnerability in the Intrusion Prevention System IPS feature that could allow an unauthenticated, remote attacker to cause a reload of an affected device if specific Cisco IOS IPS configurations exist. Cisco has released software updates that address this...
Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability
Cisco Unified Communications Manager contains a vulnerability in its Session Initiation Protocol SIP implementation that could allow an unauthenticated, remote attacker to cause a critical service to fail, which could interrupt voice services. Affected devices must be configured to process SIP...
Cisco IOS Software Malformed Border Gateway Protocol Attribute Vulnerability
Cisco IOS Software contains a vulnerability in the Border Gateway Protocol BGP routing protocol feature. The vulnerability can be triggered when the router receives a malformed attribute from a peer on an existing BGP session. Successful exploitation of this vulnerability can cause all BGP...
Cisco IOS Software DHCP Denial of Service Vulnerability
Cisco IOS Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. An attacker could exploit this vulnerability by sending a single DHCP packet to or through an affected device, causing the device to reload. Cisco has...
Cisco IOS Software Network Address Translation Vulnerabilities
The Cisco IOS Software Network Address Translation NAT feature contains two denial of service DoS vulnerabilities in the translation of IP packets. The vulnerabilities are caused when packets in transit on the vulnerable device require translation. Cisco has released software updates that address...
Cisco IOS Software DHCP Version 6 Server Denial of Service Vulnerability
Cisco IOS Software and Cisco IOS XE Software contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. An attacker could exploit this vulnerability by sending a crafted request to an affected device that has the DHCP version 6 DHCPv6...
Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability
A vulnerability exists in the Session Initiation Protocol SIP implementation in Cisco IOS Software and Cisco IOS XE Software that could allow an unauthenticated, remote attacker to cause an affected device to reload. Affected devices must be configured to process SIP messages and for pass-through...