SQL injection vulnerability in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug…
The Proxy Mobile IPv6 (PMIPv6) component in the CDMA implementation on Cisco ASR 5000 devices with software 19.0.M0.60737 allows remote attackers to cause a denial of service (hamgr process restart) …
The policy implementation in Cisco FireSIGHT Management Center 5.3.1.7, 5.4.0.4, and 6.0.0 for VMware allows remote authenticated administrators to bypass intended policy restrictions and execute Lin…
Cisco Prime Infrastructure 2.2 allows remote attackers to cause a denial of service (daemon hang) by sending many SSL renegotiation requests, aka Bug ID CSCuv56830.
The web framework in Cisco Prime Collaboration Assurance (PCA) 10.5(1) allows remote authenticated users to bypass intended access restrictions and read arbitrary files via a crafted URL, aka Bug ID …
SQL injection vulnerability in the web framework in Cisco Prime Collaboration Assurance 10.5(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID…
SQL injection vulnerability in Cisco Prime Collaboration Provisioning 10.6 and 11.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCut64074.
The IPC channel in Cisco AnyConnect Secure Mobility Client 2.0.0343 through 4.1(8) allows local users to bypass intended access restrictions and move arbitrary files by leveraging the lack of source-…
Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 and X8.5.2 allows local users to write to arbitrary files via an unspecified symlink attack, aka Bug ID CSCuv11969.
The process-management implementation in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to gain privileges by terminating a firestarter.py supervised process…
Cisco Unified Computing System (UCS) B Blade Server Software 2.2.x before 2.2.6 allows local users to cause a denial of service (host OS or BMC hang) by sending crafted packets over the Inter-IC (I2C…
Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0), 7.3(101.0), and 7.4(1.19) allow remote attackers to cause a denial of service (device outage) by sending malformed 802.11i manage…
The REST interface in Cisco Unified Communications Manager IM and Presence Service 11.5(1) allows remote attackers to cause a denial of service (SIP proxy service restart) via a crafted HTTP request,…
Cisco FirePOWER (formerly Sourcefire) 7000 and 8000 devices with software 5.4.0.1 allow remote attackers to cause a denial of service (inspection-engine outage) via crafted packets, aka Bug ID CSCuu1…
The Cisco Spark application 2015-07-04 for mobile operating systems does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain …
Cisco Secure Access Control Server (ACS) Solution Engine 5.7(0.15) allows remote authenticated users to cause a denial of service (SSH screen process crash) via crafted (1) CLI or (2) GUI commands, a…
SQL injection vulnerability in the web interface in Cisco Unity Connection 9.1(1.2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted POST request, aka Bug…
The web framework in Cisco Prime Collaboration Provisioning before 11.0 allows remote authenticated users to bypass intended access restrictions and create administrative accounts via a crafted URL, …
The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended system-database read restrictions, and discover credentials or SNMP…
The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended access restrictions, and create administrative accounts or read dat…
Cisco Web Security Appliance (WSA) 8.0.7 allows remote HTTP servers to cause a denial of service (memory consumption from stale TCP connections) via crafted responses, aka Bug ID CSCuw10426.
Cisco Content Security Management Appliance (SMA) 7.8.0-000 does not properly validate credentials, which allows remote attackers to cause a denial of service (rapid log-file rollover and application…
Cisco Web Security Appliance (WSA) 8.0.6-078 and 8.0.6-115 allows remote attackers to cause a denial of service (service outage) via a flood of TCP traffic that leads to DNS resolution delays, aka Bu…
Cisco Application Visibility and Control (AVC) 15.3(3)JA, when FlexConnect is enabled, allows remote attackers to cause a denial of service (access-point outage) via a crafted UDP packet, aka Bug ID …
The JavaServer Pages (JSP) component in Cisco Integrated Management Controller (IMC) Supervisor before 1.0.0.1 and UCS Director (formerly Cloupia Unified Infrastructure Controller) before 5.2.0.1 all…
The IPv4 implementation on Cisco ASR 1000 devices with software 15.5(3)S allows remote attackers to cause a denial of service (ESP QFP CPU consumption) by triggering packet fragmentation and reassemb…
A local file script in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to gain privileges for OS command execution via invalid parameters, aka Bug ID CSCuv105…
The guest portal in Cisco Identity Services Engine (ISE) 3300 1.2(0.899) does not restrict access to uploaded HTML documents, which allows remote attackers to obtain sensitive information from custom…
Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote authenticated users to bypass intended access restrictions and read configuration files by leveraging the Mobile an…
Cross-site request forgery (CSRF) vulnerability in Cisco Prime Infrastructure 1.2(0.103) and 2.0(0.0) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCum49054 a…
Cisco ASR 5000 devices with software 19.0.M0.60828 allow remote attackers to cause a denial of service (OSPF process restart) via crafted length fields in headers of OSPF packets, aka Bug ID CSCuv628…
Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote attackers to cause a denial of service via invalid variables in a GET request, aka Bug ID CSCuv40528.
The administrator web interface in Cisco TelePresence Video Communication Server (VCS) X8.5.2 allows remote authenticated users to execute arbitrary OS commands via crafted HTTP requests, aka Bug ID …
The password-change feature in the administrative web interface in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 improperly performs authorization, which allows remote authent…
The Mobile and Remote Access (MRA) endpoint-validation feature in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 improperly validates the phone line used for registration, whic…
Cisco TelePresence Video Communication Server (VCS) X8.5.2 allows remote authenticated users to execute arbitrary commands in the context of the nobody user account via an unspecified web-page parame…
Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 improperly checks for a user account's read-only attribute, which allows remote authenticated users to execute arbitrary OS comma…
The Configuration Log File component in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote authenticated users to obtain sensitive information by reading a log file, …
Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote attackers to cause a denial of service via invalid variables in an authentication packet, aka Bug ID CSCuv40469.
The Call Policy Configuration page in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.3 improperly validates external DTDs, which allows remote authenticated users to read arbitra…
The System Snapshot feature in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 allows remote authenticated users to obtain sensitive password-hash information by reading the sna…
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Finesse 10.5(1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in a (1) GET or (2) POST request,…
Cross-site scripting (XSS) vulnerability in Cisco Unified Web and E-Mail Interaction Manager 9.0(2) allows remote attackers to inject arbitrary web script or HTML via a crafted chat message, aka Bug …
Cisco Content Security Management Appliance (SMA) 8.3.6-039, 9.1.0-31, and 9.1.0-103 improperly restricts the privileges available after LDAP authentication, which allows remote authenticated users t…
Cisco Unified Web and E-Mail Interaction Manager 9.0(2) improperly performs authorization, which allows remote authenticated users to remove default messaging-queue system folders via unspecified vec…
Cisco Unified Web and E-Mail Interaction Manager 9.0(2) and 11.0(1) improperly performs authorization, which allows remote authenticated users to read or write to stored data via unspecified vectors,…
The web interface in Cisco FireSIGHT Management Center 5.3.1.4 allows remote attackers to delete arbitrary system policies via modified parameters in a POST request, aka Bug ID CSCuu25390.
Open redirect vulnerability in Cisco WebEx Node for Media Convergence Server (MCS) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted HTTP reque…
The Prime Collaboration Deployment component in Cisco Unified Communications Manager 10.5(3.10000.9) allows remote authenticated users to discover root credentials via a direct request to an unspecif…
Cross-site scripting (XSS) vulnerability in Cisco IM and Presence Service before 10.5 MR1 allows remote attackers to inject arbitrary web script or HTML by constructing a crafted URL that leverages i…
Cross-site scripting (XSS) vulnerability in the management interface in Cisco Prime Central for Hosted Collaboration Solution (PC4HCS) 10.6(2) allows remote attackers to inject arbitrary web script o…
Directory traversal vulnerability in Cisco AnyConnect Secure Mobility Client 4.0(2049) allows remote head-end systems to write to arbitrary files via a crafted configuration attribute, aka Bug ID CSC…
The kernel extension in Cisco AnyConnect Secure Mobility Client 4.0(2049) on OS X allows local users to cause a denial of service (panic) via vectors involving contiguous memory locations, aka Bug ID…
The web framework in Cisco UCS Central Software 1.3(0.99) allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuu41377.
Cross-site scripting (XSS) vulnerability in Cisco AsyncOS on the Web Security Appliance (WSA) 9.0.0-193; Email Security Appliance (ESA) 8.5.6-113, 9.1.0-032, 9.1.1-000, and 9.6.0-000; and Content Sec…
The password-change feature in Cisco Unified MeetingPlace Web Conferencing before 8.5(5) MR3 and 8.6 before 8.6(2) does not check the session ID or require entry of the current password, which allows…
Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 2.5 MR1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCus56150 and CSCus56146.
Cisco Prime Collaboration Assurance 10.0 allows remote attackers to cause a denial of service (HTTP service outage) via a crafted HTTP request, aka Bug ID CSCum38844.
The Packet Data Network Gateway (aka PGW) component on Cisco ASR 5000 devices with software 18.0.0.59167 and 18.0.0.59211 allows remote attackers to cause a denial of service via a malformed header i…
Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Unified Intelligence Center 10.0(1) and 10.6(1) allows remote attackers to hijack the authentication of arbitrary users, …
The web interface in Cisco Identity Services Engine (ISE) 1.1(4.1), 1.3(106.146), and 1.3(120.135) does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to con…
Cisco TelePresence TC before 7.3.4 on Integrator C devices allows remote attackers to bypass authentication via vectors involving multiple request parameters, aka Bug ID CSCuv00604.
Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(0.793), 1.3(0.876), 1.4(0.109), 2.0(0.147), and 2.0(0.169) allows remote attackers to …
The Packet Data Network Gateway (aka PGW) component on Cisco ASR 5000 devices with software 15.0(912), 15.0(935), and 15.0(938) allows remote attackers to cause a denial of service (Session Manager o…
Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSIGHT System Software 5.3.1.5 and 6.0.0 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs C…
Multiple cross-site scripting (XSS) vulnerabilities in the Infra Admin UI in Cisco Identity Services Engine (ISE) 1.2(1.198) and 1.3(0.876) allow remote attackers to inject arbitrary web script or HT…
Multiple cross-site scripting (XSS) vulnerabilities in the ccmivr page in Cisco Unified Communications Manager (formerly CallManager) 10.5(2.10000.5) allow remote attackers to inject arbitrary web sc…
The Tomcat throttling feature in Cisco Unified Communications Manager 10.5(1.99995.9) allows remote authenticated users to cause a denial of service (management outage) by sending many requests, aka …
Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence Advanced Media Gateway devices with software 1.1(1.40) allows remote attackers to hijack the authentication of arbitrary users, a…
The Integrated Management Controller on Cisco Unified Computing System (UCS) C servers with software 1.5(3) and 1.6(0.16) has a default SSL certificate, which makes it easier for man-in-the-middle at…
Cross-site scripting (XSS) vulnerability in Cisco Hosted Collaboration Solution 10.6(1) allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCuu14…
Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence MCU 4500 devices with software 4.5(1.55) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCu…
Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence IP VCR devices with software 3.0(1.27) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu9…
Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence IP Gateway devices with software 2.0(3.34) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CS…
Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence Serial Gateway devices with software 1.0(1.42) allows remote attackers to hijack the authentication of arbitrary users, aka Bug I…
Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT System Software 5.4.1.2 and 6.0.0 in FireSIGHT Management Center allows remote attackers to hijack the authentication of arbitrary u…
Cisco IP Communicator 8.6(4) allows remote attackers to cause a denial of service (service outage) via an unspecified URL in a GET request, aka Bug ID CSCuu37656.
Platform Software before 4.4.5 in Cisco Unified Communications Domain Manager (CDM) 8.x has a hardcoded password for a privileged account, which allows remote attackers to obtain root access by lever…
Cisco Adaptive Security Appliance (ASA) Software 9.3(2.243) and 100.13(0.21) allows remote attackers to cause a denial of service (device reload) by sending crafted OSPFv2 packets on the local networ…
Cisco Digital Content Manager (DCM) 15.0.0 might allow remote ad servers to cause a denial of service (reboot) via malformed ad messages, aka Bug ID CSCur13999.
The web framework in Cisco Unified Communications Domain Manager 8.1(4)ER1 allows remote attackers to obtain sensitive information by visiting a bvsmweb URL, aka Bug ID CSCuq22589.
SQL injection vulnerability in Cisco Unified Communications Manager IM and Presence Service 9.1(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug…
Cisco Unified Communications Manager IM and Presence Service 9.1(1) does not properly restrict access to encrypted passwords, which allows remote attackers to determine cleartext passwords, and conse…
Cross-site scripting (XSS) vulnerability in Cisco Unified Presence Server 9.1(1) allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCuq03773.
Cisco Secure Access Control System before 5.4(0.46.2) and 5.5 before 5.5(0.46) and Cisco Identity Services Engine 1.0(4.573) do not properly implement access control for support bundles, which allows…
The web-based user interface in Cisco Jabber through 9.6(3) and 9.7 through 9.7(5) on Windows allows remote attackers to obtain sensitive information via a crafted value in a GET request, aka Bug IDs…
Cisco Unified MeetingPlace 8.6(1.2) and 8.6(1.9) allows remote authenticated users to discover cleartext passwords by reading HTML source code, aka Bug ID CSCuu33050.
Cisco WebEx Meeting Center allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by discovering credentials, aka Bug ID CSCut17466.
Cross-site scripting (XSS) vulnerability in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCur03806.
Cisco WebEx Meeting Center does not properly determine authorization for reading a host calendar, which allows remote attackers to obtain sensitive information by obtaining a list of all meetings and…
Cisco WebEx Meeting Center places a meeting's access number in a URL, which allows remote attackers to obtain sensitive information and bypass intended attendance restrictions by visiting a meeting-r…
