8 matches found
CVE-2018-0368
Cisco DNA Center (CVE-2018-0368) contains an information-disclosure vulnerability allowing an authenticated, local attacker to read unprotected log files that may include system credentials due to insufficient security restrictions. Affected product: Cisco DNA Center. Root cause: lack of proper a...
CVE-2016-1386
CVE-2016-1386 affects Cisco APIC-EM (APIC-Enterprise Module) API in version 1.0(1). The API vulnerability allows remote attackers to spoof administrator notifications by sending crafted attribute-value pairs (Bug CSCux15521). Root cause: insufficient protection of API functions. Impact per source...
CVE-2016-1305
CVE-2016-1305 is a Cross-Site Scripting (XSS) vulnerability in Cisco APIC-EM 1.1. The issue stems from insufficient sanitization of HTML entities in the web framework, enabling remote attackers to inject arbitrary script/HTML via vectors involving HTML entities (Bug ID CSCux15511). The NVD listin...
CVE-2015-6337
CVE-2015-6337 describes a cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0.10. A crafted hostname in an SNMP response can let a remote attacker inject arbitrary web script/HTML, potentially hijacking browser sessions or...
CVE-2017-12262
Cisco APIC-EM (Application Policy Infrastructure Controller Enterprise Module) 1.x before 1.5 is affected by a firewall configuration flaw. The misconfigured firewall rule allows traffic arriving at the device’s public interface to be forwarded to the internal virtual network, enabling an unauthe...
CVE-2018-0427
CVE-2018-0427 affects Cisco DNA Center CronJob scheduler API. An authenticated remote attacker could exploit improper input validation to execute arbitrary commands with root privileges. This aligns with multiple linked sources describing a command-injection vulnerability. The advisory notes ther...
CVE-2016-1365
CVE-2016-1365 affects Cisco APIC-EM (Grapevine update process) and allows an authenticated remote attacker to execute arbitrary commands as root via a crafted upgrade parameter. The root cause is insufficient input sanitization during the Grapevine update process. Impact is remote code execution ...
CVE-2016-1318
Cisco APIC-EM (Enterprise Module) 1.1 is affected by CVE-2016-1318, a cross-site scripting vulnerability in the web framework that permits remote injection of arbitrary script/HTML via crafted markup data. Root cause described as insufficient input validation in the web framework. Cisco advisory ...