Cisco Security Vulnerabilities

CVE-2019-1828

A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to access administrative credentials. The vulnerability exists because affected devices use weak encryption algorithms for user ...

CVE-2019-1829

A vulnerability in the CLI of Cisco Aironet Series Access Points (APs) could allow an authenticated, local attacker to gain access to the underlying Linux operating system (OS) without the proper authentication. The attacker would need valid administrator device credentials. The vulnerability is du...

CVE-2019-1830

A vulnerability in Locally Significant Certificate (LSC) management for the Cisco Wireless LAN Controller (WLC) could allow an authenticated, remote attacker to cause the device to unexpectedly restart, which causes a denial of service (DoS) condition. The attacker would need to have valid administ...

CVE-2019-1831

A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured content filters on the device. The vulnerability is due to improper input validation of the email body. An attacker c...

CVE-2019-1832

A vulnerability in the detection engine of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured access control policies. The vulnerability is due to improper validation of ICMP packets. An attacker could exploit this vulnerability by sen...

CVE-2019-1833

A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) protocol parser of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured policies. The vulnerability is due to improper parsing of specific attributes in a T...

CVE-2019-1834

A vulnerability in the internal packet processing of Cisco Aironet Series Access Points (APs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected AP if the switch interface where the AP is connected has port security configured. The vulnerab...

CVE-2019-1835

A vulnerability in the CLI of Cisco Aironet Access Points (APs) could allow an authenticated, local attacker to access sensitive information stored in an AP. The vulnerability is due to improper sanitization of user-supplied input in specific CLI commands. An attacker could exploit this vulnerabili...

CVE-2019-1836

A vulnerability in the system shell for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to use symbolic links to overwrite system files. These system files may be sensitive and should not be overwritable by non-ro...

CVE-2019-1837

A vulnerability in the User Data Services (UDS) API of Cisco Unified Communications Manager (Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the management GUI. The vulnerability is due to improper validation of input parameters in the UDS...

CVE-2019-1838

A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerabili...

CVE-2019-1839

A vulnerability in Cisco Remote PHY Device Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attacker...

CVE-2019-1840

A vulnerability in the DHCPv6 input packet processor of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to restart the server and cause a denial of service (DoS) condition on the affected system. The vulnerability is due to incomplete user-supplied input validation whe...

CVE-2019-1841

A vulnerability in the Software Image Management feature of Cisco DNA Center could allow an authenticated, remote attacker to access to internal services without additional authentication. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vul...

CVE-2019-1842

A vulnerability in the Secure Shell (SSH) authentication function of Cisco IOS XR Software could allow an authenticated, remote attacker to successfully log in to an affected device using two distinct usernames. The vulnerability is due to a logic error that may occur when certain sequences of acti...

CVE-2019-1843

A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denial ...

CVE-2019-1844

A vulnerability in certain attachment detection mechanisms of the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the filtering functionality of an affected device. The vulnerability is due to improper detection of certain content sent to an affected d...

CVE-2019-1845

A vulnerability in the authentication service of the Cisco Unified Communications Manager IM and Presence (Unified CM IM&P) Service, Cisco TelePresence Video Communication Server (VCS), and Cisco Expressway Series could allow an unauthenticated, remote attacker to cause a service outage for users a...

CVE-2019-1846

A vulnerability in the Multiprotocol Label Switching (MPLS) Operations, Administration, and Maintenance (OAM) implementation of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) conditi...

CVE-2019-1848

A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, adjacent attacker to bypass authentication and access critical internal services. The vulnerability is due to insufficient access restriction to ports necessary for system operation. An attacker could...

CVE-2019-1849

A vulnerability in the Border Gateway Patrol (BGP) Multiprotocol Label Switching (MPLS)-based Ethernet VPN (EVPN) implementation of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due ...

CVE-2019-1850

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on an affected device. An attacker would need to have valid administrator ...

CVE-2019-1851

A vulnerability in the External RESTful Services (ERS) API of the Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to generate arbitrary certificates signed by the Internal Certificate Authority (CA) Services on ISE. This vulnerability is due to an incorrect implem...

CVE-2019-1852

A vulnerability in the web-based management interface of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplied input...

CVE-2019-1853

A vulnerability in the HostScan component of Cisco AnyConnect Secure Mobility Client for Linux could allow an unauthenticated, remote attacker to read sensitive information on an affected system. The vulnerability exists because the affected software performs improper bounds checks. An attacker cou...

CVE-2019-1854

A vulnerability in the management web interface of Cisco Expressway Series could allow an authenticated, remote attacker to perform a directory traversal attack against an affected device. The vulnerability is due to insufficient input validation on the web interface. An attacker could exploit this...

CVE-2019-1855

A vulnerability in the loading mechanism of specific dynamic link libraries in Cisco Jabber for Windows could allow an authenticated, local attacker to perform a DLL preloading attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulner...

CVE-2019-1856

A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance (PCA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to t...

CVE-2019-1857

A vulnerability in the web-based management interface of Cisco HyperFlex HX-Series could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for...

CVE-2019-1858

A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the SNMP application to leak system memory, which could cause an affected device to restart unexpectedly. ...

CVE-2019-1859

A vulnerability in the Secure Shell (SSH) authentication process of Cisco Small Business Switches software could allow an attacker to bypass client-side certificate authentication and revert to password authentication. The vulnerability exists because OpenSSH mishandles the authentication process. ...

CVE-2019-1860

A vulnerability in the dashboard gadget rendering of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to obtain or manipulate sensitive information between a user’s browser and Cisco Unified Intelligence Center. The vulnerability is due to the lack of gadget validat...

CVE-2019-1861

A vulnerability in the software update feature of Cisco Industrial Network Director could allow an authenticated, remote attacker to execute arbitrary code. The vulnerability is due to improper validation of files uploaded to the affected application. An attacker could exploit this vulnerability by...

CVE-2019-1862

A vulnerability in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability occurs because the affected software improperly sanitizes u...

CVE-2019-1863

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to make unauthorized changes to the system configuration. The vulnerability is due to insufficient authorization enforcement. An attacker coul...

CVE-2019-1864

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on an affected device. The vulnerability is due to insufficient validation...

CVE-2019-1865

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on an affected device. The vulnerability is due to insufficient validation...

CVE-2019-1866

Cisco Webex Business Suite before 39.1.0 contains a vulnerability that could allow an unauthenticated, remote attacker to affect the integrity of the application. The vulnerability is due to improper validation of host header values. An attacker with a privileged network position, either a man-in-t...

CVE-2019-1867

A vulnerability in the REST API of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to bypass authentication on the REST API. The vulnerability is due to improper validation of API requests. An attacker could exploit this vulnerability by sending a crafted req...

CVE-2019-1868

A vulnerability in the web-based management interface of Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to access sensitive system information. The vulnerability is due to improper access control to files within the web-based management interface. An attacker could expl...

CVE-2019-1869

A vulnerability in the internal packet-processing functionality of the Cisco StarOS operating system running on virtual platforms could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service (DoS) condition. The vulnerabili...

CVE-2019-1870

A vulnerability in the web-based management interface of Cisco Enterprise Chat and Email (ECE) Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due t...

CVE-2019-1871

A vulnerability in the Import Cisco IMC configuration utility of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition and implement arbitrary commands with root privileges on an affected device. The vulnerability is ...

CVE-2019-1872

A vulnerability in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway Series software could allow an unauthenticated, remote attacker to cause an affected system to send arbitrary network requests. The vulnerability is due to improper restrictions on network services in the af...

CVE-2019-1873

A vulnerability in the cryptographic driver for Cisco Adaptive Security Appliance Software (ASA) and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reboot unexpectedly. The vulnerability is due to incomplete input validation of a Secur...

CVE-2019-1874

A vulnerability in the web-based management interface of Cisco Prime Service Catalog Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protection mechanisms on the web-b...

CVE-2019-1875

A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplied input by ...

CVE-2019-1876

A vulnerability in the HTTPS proxy feature of Cisco Wide Area Application Services (WAAS) Software could allow an unauthenticated, remote attacker to use the Central Manager as an HTTPS proxy. The vulnerability is due to insufficient authentication of proxy connection requests. An attacker could ex...

CVE-2019-1877

A vulnerability in the HTTP API of Cisco Enterprise Chat and Email could allow an unauthenticated, remote attacker to download files attached through chat sessions. The vulnerability is due to insufficient authentication mechanisms on the file download function of the API. An attacker could exploit...

CVE-2019-1878

A vulnerability in the Cisco Discovery Protocol (CDP) implementation for the Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software could allow an unauthenticated, adjacent attacker to inject arbitrary shell commands that are executed by the device. The vulnerability is due to insuf...