30 matches found
CVE-2019-1903
CVE-2019-1903 affects Cisco Security Manager and is caused by improper restriction of XML entities, enabling XML External Entity (XXE) injection. An unauthenticated remote attacker can submit malicious XML to read local files (information disclosure) or exhaust resources (DoS). Exploitation is de...
CVE-2022-20647
Cisco Security Manager’s web-based management interface contains cross-site scripting vulnerabilities caused by insufficient input validation. An unauthenticated, remote attacker could lure a user to click a crafted link to execute arbitrary script code within the interface or access browser-base...
CVE-2020-27130
Cisco Security Manager (CSM) contains a path-traversal vulnerability (CVE-2020-27130) that allows an unauthenticated, remote attacker to download arbitrary files from an affected device. The root cause is improper validation of directory traversal sequences in requests to CSM, enabling crafted re...
CVE-2020-27125
CVE-2020-27125 concerns Cisco Security Manager, where insufficient protection of static credentials allowed unauthenticated, remote access to sensitive information by viewing source code. Connected documents confirm affected versions are prior to 4.22 and indicate Cisco released fixes in Release ...
CVE-2022-20635
CVE-2022-20635 refers to multiple cross-site scripting vulnerabilities in the web-based management interface of Cisco Security Manager. The flaws arise from insufficient validation of user-supplied input, allowing an unauthenticated, remote attacker to persuade a user to click a crafted link and ...
CVE-2022-20641
CVE-2022-20641 affects Cisco Security Manager’s web-based management interface. The vulnerabilities stem from insufficient input validation, enabling an unauthenticated attacker to perform cross-site scripting by tricking a user into clicking a crafted link. Impact described: execution of arbitra...
CVE-2020-27131
Cisco Security Manager is affected by CVE-2020-27131 due to insecure Java deserialization of user-supplied content. An unauthenticated, remote attacker can send a malicious serialized Java object to a specific listener and execute arbitrary commands on the target device with SYSTEM privileges on ...
CVE-2022-20642
CVE-2022-20642 refers to multiple cross-site scripting vulnerabilities in Cisco Security Manager’s Web-based management interface. The root cause is insufficient validation/handling of user-supplied input, allowing an unauthenticated, remote attacker to lure a user into clicking a crafted link an...
CVE-2022-20637
CVE-2022-20637 affects Cisco Security Manager web-based management interface. Multiple cross-site scripting vulnerabilities arise from insufficient validation of user-supplied input. An unauthenticated, remote attacker could entice a user to click a crafted link, potentially allowing execution of...
CVE-2022-20645
CVE-2022-20645 concerns Cisco Security Manager. The issue is cross-site scripting via the web-based management interface caused by inadequate input validation. An unauthenticated, remote attacker can lure a user to click a crafted link to execute arbitrary script code in the interface context or ...
CVE-2022-20643
CVE-2022-20643 involves multiple cross-site scripting vulnerabilities in Cisco Security Manager’s web-based management interface, caused by insufficient validation of user input. An unauthenticated, remote attacker could lure a user into clicking a crafted link to execute arbitrary script code in...
CVE-2022-20638
CVE-2022-20638 affects the web-based management interface of Cisco Security Manager. The issue is cross-site scripting due to insufficient validation of user-supplied input, allowing an unauthenticated, remote attacker to induce a user to click a crafted link and potentially execute arbitrary scr...
CVE-2022-20644
CVE-2022-20644 refers to multiple cross-site scripting vulnerabilities in Cisco Security Manager’s web-based management interface. Root cause: insufficient validation of user-supplied input. Exploitation requires convincing a user to click a crafted link, enabling an unauthenticated, remote attac...
CVE-2022-20639
Cisco Security Manager’s web-based management interface contains cross-site scripting vulnerabilities due to insufficient input validation. An unauthenticated remote attacker could lure a user to click a crafted link to execute arbitrary script code in the interface’s context or access browser-ba...
CVE-2019-12630
Cisco Security Manager (CSM) is affected by CVE-2019-12630 due to insecure Java deserialization, enabling unauthenticated remote command execution via a malicious serialized object sent to a listener. The vulnerability permits execution of arbitrary commands on the device with casuser privileges....
CVE-2022-20646
Cisco Security Manager’s web-based management interface contains cross-site scripting vulnerabilities due to insufficient input validation. An unauthenticated, remote attacker could persuade a user to click a crafted link and potentially execute arbitrary script code within the interface or acces...
CVE-2022-20636
Multiple cross-site scripting vulnerabilities affect the web-based management interface of Cisco Security Manager (CSM). The issues arise from insufficient input validation, allowing an unauthenticated, remote attacker to lure a user into clicking a crafted link and execute arbitrary script code ...
CVE-2009-1161
CVE-2009-1161 describes a directory traversal vulnerability in CiscoWorks Common Services (CWCS) 3.0.x–3.2.x on Windows when the TFTP service is enabled. An unauthenticated remote attacker could access arbitrary files via CWCS TFTP, affecting multiple Cisco products that rely on CWCS (e.g., Unifi...
CVE-2022-20640
CVE-2022-20640 affects Cisco Security Manager’s web-based management interface. The issue is cross-site scripting due to insufficient validation of user input, allowing unauthenticated attackers to entice users to click a crafted link and potentially execute arbitrary script code or access browse...
CVE-2008-3820
Cisco Security Manager 3.1 and 3.2 (prior to 3.2.2) is affected. When Cisco IPS Event Viewer (IEV) is launched, the server and client open remotely accessible TCP ports for the MySQL/IEV services, allowing unauthenticated remote access to the IEV database and server and potentially root-level ope...
CVE-2015-0727
CVE-2015-0727 is an XSS vulnerability in the HTTP module of Cisco Security Manager (CSM) 4.7(0)SP1(1). The root cause is insufficient validation of user-supplied input in the vulnerable web interface, enabling remote attackers to inject arbitrary script or HTML via a crafted URL (Bug CSCut27789)....
CVE-2018-0223
Cisco Security Manager is affected by CVE-2018-0223 due to a reflected cross-site scripting (XSS) flaw in the DesktopServlet of the web-based management interface. The issue arises from insufficient validation of input, enabling an unauthenticated, remote attacker to entice a user to click a craf...
CVE-2014-2138
CVE-2014-2138 affects Cisco Security Manager (web framework) prior to 4.2. The issue is a CRLF injection via a crafted URL that allows remote attackers to inject arbitrary HTTP headers and perform web-page redirection to a malicious site. Root cause is insufficient validation of user input before...
CVE-2014-3267
CVE-2014-3267 is a CSRF vulnerability in Cisco Security Manager’s web framework (4.6 and earlier) that lets an unauthenticated, remote attacker perform actions in the context of an authenticated user by crafting requests that make unspecified changes. The issue arises from insufficient CSRF prote...
CVE-2015-0594
Cisco Common Services (used by Cisco Prime LAN Management Solution and Cisco Security Manager) contains cross-site scripting (XSS) vulnerabilities in the help pages. The root cause is insufficient input validation of some parameters used by the help page system, allowing remote attackers to trigg...
CVE-2010-3036
CiscoWorks Common Services web server module contains multiple buffer overflows in the Cisco-developed authentication code, enabling remote, unauthenticated code execution with system administrator privileges via sessions on TCP ports 443 or 1741. Affected: CiscoWorks Common Services prior to ver...
CVE-2013-5488
Cisco Common Services (used in Cisco Prime LMS, Cisco Security Manager, Cisco Unified Service Monitor, and Cisco Unified Operations Manager) fails to properly interact with ActiveMQ, allowing an unauthenticated remote attacker to cause memory-based DoS by opening multiple concurrent TCP sessions....
CVE-2014-3265
CVE-2014-3265 describes a cross-site scripting (XSS) vulnerability in the Auto Update Server (AUS) web framework used by Cisco Security Manager (CSM) 4.2 and earlier. The root cause is insufficient input validation of a parameter within the AUS web framework, enabling remote attackers to inject a...
CVE-2014-3326
CVE-2014-3326 affects Cisco Security Manager 4.5 and 4.6. The issue is an SQL injection in the web framework caused by insufficient controls on SQL statements, allowing an authenticated remote attacker to execute arbitrary SQL commands via unspecified vectors. The vulnerability can lead to exposu...
CVE-2014-3266
Cisco Security Manager 4.6 and earlier versions are affected by a cross-site scripting (XSS) vulnerability in the web framework due to insufficient input validation of a parameter, allowing remote attackers to inject arbitrary web script or HTML. Exploitation details are not publicly documented i...