5218 matches found
Cisco IOS Software Tunneled Traffic Queue Wedge Vulnerability
Cisco IOS Software contains a queue wedge vulnerability that can be triggered when processing IP tunneled packets. Only Cisco IOS Software running on the Cisco 10000 Series router has been demonstrated to be affected. Successful exploitation of this vulnerability may prevent traffic from...
Cisco Catalyst 4500E Series Switch with Cisco Catalyst Supervisor Engine 7L-E Denial of Service Vulnerability
The Catalyst 4500E series switch with Supervisor Engine 7L-E contains a denial of service DoS vulnerability when processing specially crafted packets that can cause a reload of the device. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this...
Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability
Cisco Identity Services Engine contains multiple vulnerabilities that could allow an unauthenticated, remote attacker to conduct cross-site request forgery attacks on a targeted system. The vulnerability is due to insufficient sanitization of user-supplied input processed by the ISE Administrator...
Cisco Software Encryption Library Information Disclosure Vulnerability
Cisco software contains a vulnerability that could allow an unauthenticated, remote attacker to access sensitive information on a targeted system. The vulnerability is in the encryption library used by the vulnerable software. This library allows a portion of an encrypted packet to be sent...
Cisco Unified Presence and Jabber Extensible Communications Platform Stream Header Denial of Service Vulnerability
A denial of service DoS vulnerability exists in Cisco Unified Presence and Jabber Extensible Communications Platform Jabber XCP. An unauthenticated, remote attacker could exploit this vulnerability by sending a specially crafted Extensible Messaging and Presence Protocol XMPP stream header to an...
Cisco ASA-CX and Cisco PRSM Log Retention Denial of Service Vulnerability
Cisco ASA-CX Context-Aware Security appliance and Cisco Prime Security Manager PRSM contain a denial of service DoS vulnerability in versions prior to 9.0.2-103. Successful exploitation of this vulnerability on the Cisco ASA-CX could cause the device to stop processing user traffic and prevent...
Cisco Unified Computing System Fabric Interconnect SNMP Message Processing Denial of Service Vulnerability
Cisco Unified Computing System contains a vulnerability that could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to errors in processing malicious Simple Network Management Protocol SNMP messages by the affected software. An...
Cisco IOS Authentication Request Processing Denial of Service Vulnerability
Cisco IOS contains a vulnerability that could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to improper handling of web authentication requests. An authenticated, remote attacker could exploit the vulnerability by sending malicious...
Cisco IOS Software Music on Hold Information Disclosure Vulnerability
Cisco IOS software contains a vulnerability that could allow an unauthenticated, remote attacker to access and disclose sensitive information. The vulnerability is due to insecure handling of multicast network traffic. An unauthenticated, remote attacker could exploit the vulnerability by...
Cisco IP Communicator Certificate Trust List Man-in-the-Middle Attack Vulnerability
Cisco IP Communicator contains a vulnerability that could allow an unauthenticated, remote attacker to conduct man-in-the-middle attacks on a targeted system. The vulnerability is due insufficient validation of signing certificates in the Certificate Trust List which have been accepted by end...
Cisco NX-OS FCIP Remote Denial of Service Vulnerability
Cisco NX-OS contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on a targeted device. The vulnerability is due to improper processing of certain packets by the affected devices. An unauthenticated, remote attacker could exploit...
Cisco Wide Area Application Services Appliances One-Way Hash Information Disclosure Vulnerability
Cisco Wide Area Application Services Appliances software contains a vulnerability that could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to a design error that allows user passwords to be displayed within output text as a one-way has...
Cisco Unified Computing System Remote Denial of Service Vulnerability
Cisco Unified Computing System contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on a targeted system. The vulnerability is due to the improper handling of user-supplied SSH requests by affected software. An unauthenticated,...
Cisco IOS SSL VPN Portal Page Denial of Service Vulnerability
Cisco IOS Software contains a vulnerability that could allow an authenticated, remote attacker to cause a denial of service DoS condition on a targeted system. The vulnerability is due to an unspecified issue that causes a device running the vulnerable software to reload when the web browser...
Cisco Carrier Routing System Security Bypass Vulnerability
Cisco Carrier Routing System contains a vulnerability that could allow an unauthenticated, remote attacker to bypass security protections and gain unauthorized network access. The vulnerability is due to improper handling of IP version 4 IPv4 fragments in the affected device. An unauthenticated,...
Cisco AnyConnect Secure Mobility Client Man-in-the-Middle Attack Vulnerability
Cisco AnyConnect Secure Mobility Client contains a vulnerability that could allow an unauthenticated, remote attacker to conduct man-in-the-middle attacks. The vulnerability is due insufficient validation of certificates to be accepted by end users. An unauthenticated, remote attacker can exploit...
Cisco Emergency Responder Remote Denial of Service Vulnerability
Cisco Emergency Responder contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on a targeted system. The vulnerability is due to the improper handling of malformed UDP packets by the affected software. An unauthenticated, remote...
Cisco AnyConnect Secure Mobility Client WebLaunch Session Hijack Vulnerability
Cisco AnyConnect Secure Mobility Client contains a vulnerability that could allow an unauthenticated, remote attacker to hijack WebLaunch sessions, which could allow the attacker to intercept sensitive information. The vulnerability is due to the failure to perform certificate name checking in an...
Cisco AnyConnect Secure Mobility Client IPsec Certificate Validation Vulnerability
Cisco AnyConnect Secure Mobility Client contains a vulnerability that could allow an unauthenticated, remote attacker to conduct man-in-the-middle attacks. The vulnerability exists because the affected software does not perform certificate name checking in an X.509 certificate when the software i...
Cisco ASA 5500 Series Adaptive Security Appliance Clientless WebVPN Remote Denial of Service Vulnerability
The Cisco ASA 5500 Series Adaptive Security Appliance contains a vulnerability that could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to the improper handling of user-supplied requests by an affected system when configured to use th...
Multiple Vulnerabilities in Cisco TelePresence Recording Server
Cisco TelePresence Recording Server contains the following vulnerabilities: Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability Cisco TelePresence Web Interface Command Injection Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability Exploitation of...
Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch
Cisco TelePresence Multipoint Switch contains the following vulnerabilities: Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability Exploitation of the Cisco TelePresence Malformed IP Packets Denial o...
Multiple Vulnerabilities in Cisco TelePresence Manager
Cisco TelePresence Manager contains the following vulnerabilities: Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability Exploitation of the Cisco TelePresence Malformed IP Packets Denial of Service...
Multiple Vulnerabilities in Cisco TelePresence Immersive Endpoint Devices
Cisco TelePresence Endpoint devices contain the following vulnerabilities: Cisco TelePresence API Remote Command Execution Vulnerability Cisco TelePresence Remote Command Execution Vulnerability Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability Exploitation of the AP...
Buffer Overflow Vulnerabilities in the Cisco WebEx Player
The Cisco WebEx Recording Format WRF player contains four buffer overflow vulnerabilities and the Cisco Advanced Recording Format ARF player contains one buffer overflow vulnerability. In some cases, exploitation of the vulnerabilities could allow a remote attacker to execute arbitrary code on th...
Cisco AnyConnect Secure Mobility Client and Secure Desktop WebLaunch Software Downgrade Vulnerability
Cisco AnyConnect Secure Mobility Client and Secure Desktop contain a vulnerability that could allow an unauthenticated, remote attacker to replace software components on a targeted system. The vulnerability exists because the affected software performs insufficient validation of user-supplied...
Cisco AnyConnect Secure Mobility Client Arbitrary Code Execution Vulnerability
Cisco AnyConnect Secure Mobility Client contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. The vulnerability is due to insufficient validation of user-supplied input that is received by the 64-bit Java applet that perfor...
Cisco AnyConnect Secure Mobility Client Software Downgrade Vulnerability
Cisco AnyConnect Secure Mobility Client contains a vulnerability that could allow an unauthenticated, remote attacker to replace software components. The vulnerability is due to improper sanitization of user-supplied input by the affected software's download feature. An unauthenticated, remote...
Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module Denial of Service Vulnerability
Cisco ASA 5500 Series Adaptive Security Appliances Cisco ASA and Cisco Catalyst 6500 Series ASA Services Module Cisco ASASM contain a vulnerability that may allow an unauthenticated, remote attacker to cause the reload of the affected device. Cisco has released software updates that address this...
Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client
The Cisco AnyConnect Secure Mobility Client is affected by the following vulnerabilities: Cisco AnyConnect Secure Mobility Client VPN Downloader Arbitrary Code Execution Vulnerability Cisco AnyConnect Secure Mobility Client VPN Downloader Software Downgrade Vulnerability Cisco AnyConnect Secure...
Cisco Application Control Engine Administrator IP Address Overlap Vulnerability
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Cisco Scientific Atlanta D20 and D30 Based Cable Modem Cross-Site Scripting Vulnerability
Cisco Scientific Atlanta cable modems D20 and D30 based products contain a vulnerability that could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to insufficient sanitization of user-supplied input to the web wizard setup web page. An...
Cisco Small Business Devices Cross-Site Scripting Vulnerability
Cisco Small Business Voice Gateways and Analog Telephone Adapters ATAs and Cisco Small Business SPA 500 Series IP Phones contain a vulnerability that could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to a lack of sanitization of...
Cisco IOS XR Software Route Processor Denial of Service Vulnerability
Cisco IOS XR Software contains a vulnerability when handling crafted packets that may result in a denial of service condition. The vulnerability only exists on Cisco 9000 Series Aggregation Services Routers ASR Route Switch Processor RSP-4G and RSP-8G, Route Switch Processor 440 RSP440, and Cisco...
Cisco ASA 5500 Series Adaptive Security Appliance Cut-Through Proxy Authentication Information Disclosure Vulnerability
Cisco ASA 5500 Series Adaptive Security Appliance firmware contains a vulnerability that could allow an unauthenticated, remote attacker to access sensitive information on a targeted system. The vulnerability is due to improper proxy authentication during attempts to cut through a targeted system...
Cisco Unified MeetingPlace Directory Enumeration Information Disclosure Vulnerability
Cisco Unified MeetingPlace software contains a vulnerability that could allow an unauthenticated, remote attacker to access sensitive information on a targeted system. The vulnerability is due to an unspecified error in the affected software that could allow an attacker to enumerate existing...
Cisco Unified MeetingPlace SQL Injection Vulnerability
Cisco Unified MeetingPlace contains a vulnerability that could allow an authenticated, remote attacker to execute arbitrary SQL code on a targeted system. The vulnerability is due to improper validation of user-supplied input to the web-based application interface. An authenticated, remote attack...
CiscoWorks Prime LAN Management Solution CRLF Injection and HTTP Response Splitting Vulnerability
Cisco Prime LAN Management Solution versions prior to 4.2 contain a vulnerability that could allow an unauthenticated, remote attacker to inject arbitrary code and conduct HTTP response-splitting attacks on a targeted system. The vulnerability exists because the affected software improperly...
Cisco IronPort Web Security Appliance AsyncOS SSL Certificate Caching Vulnerability
Cisco IronPort Web Security Appliance AsyncOS software contains a vulnerability that could allow an unauthenticated, remote attacker to conduct man-in-the-middle attacks against a targeted system. The vulnerability is in the insecure SSL implementation of the affected operating system due to...
Cisco IronPort Web Security Appliance basicConstraints Parameter Processing Man-in-the-Middle Vulnerability
Cisco IronPort Web Security Appliance WSA software contains a vulnerability that could allow an unauthenticated, remote attacker to conduct man-in-the-middle attacks against a targeted system. The vulnerability is in the insecure SSL implementation of the affected operating system due to improper...
Buffer Overflow Vulnerabilities in the Cisco WebEx Player
The Cisco WebEx Recording Format WRF player contains three buffer overflow vulnerabilities. In some cases, exploitation of the vulnerabilities could allow a remote attacker to execute arbitrary code on the system with the privileges of a targeted user. The Cisco WebEx Players are applications tha...
Cisco IOS Software Network Address Translation Vulnerability
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Cisco IOS Software Reverse SSH Denial of Service Vulnerability
The Secure Shell SSH server implementation in Cisco IOS Software and Cisco IOS XE Software contains a denial of service DoS vulnerability in the SSH version 2 SSHv2 feature. An unauthenticated, remote attacker could exploit this vulnerability by attempting a reverse SSH login with a crafted...
Cisco IOS Software Zone-Based Firewall Vulnerabilities
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Multiple Vulnerabilities in Cisco IOS Software Traffic Optimization Features
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Cisco IOS Software Multicast Source Discovery Protocol Vulnerability
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Cisco IOS Software RSVP Denial of Service Vulnerability
Cisco IOS Software and Cisco IOS XE Software contain a vulnerability in the RSVP feature when used on a device configured with VPN routing and forwarding VRF instances. This vulnerability could allow an unauthenticated, remote attacker to cause an interface wedge, which can lead to loss of...
Cisco IOS Internet Key Exchange Vulnerability
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Cisco IOS Software Command Authorization Bypass
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Cisco IOS Software Smart Install Denial of Service Vulnerability
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...