Cisco Catalyst SD-WAN Controller & Manager contain an authentication bypass vulnerability that allows an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges…
A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files.…
A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files.…
A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files.…
A "Cisco WebEx Network Recording Player Out-of-Bounds Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remot…
A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files.…
A "Cisco WebEx Network Recording Player Denial of Service Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A r…
A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthoriz…
A vulnerability in the web console of the Cisco Cloud Services Platform (CSP) 2100 could allow an authenticated, remote attacker to interact maliciously with the services or virtual machines (VMs) op…
A vulnerability in the Traversal Using Relay NAT (TURN) server included with Cisco Meeting Server (CMS) could allow an authenticated, remote attacker to gain unauthenticated or unauthorized access to…
A vulnerability in the authentication module of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to bypass local authentication. The vulnerability is due to improp…
A vulnerability in the AutoIT service of Cisco Ultra Services Framework Staging Server could allow an unauthenticated, remote attacker to execute arbitrary shell commands as the Linux root user. The …
A vulnerability in the Play Framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to gain full access to the affected system. The vulnerability is due t…
A vulnerability in the Ultra Automation Service (UAS) of the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to gain unauthorized access to a targeted device. The vulne…
A vulnerability in the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to access administrative credentials for Cisco Elastic Services Controller (…
A vulnerability in the symbolic link (symlink) creation functionality of the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to read sensitive file…
A vulnerability in the update process for the dynamic JAR file of the Cisco Context Service software development kit (SDK) could allow an unauthenticated, remote attacker to execute arbitrary code on…
A vulnerability in Cisco Prime Data Center Network Manager (DCNM) Software could allow an unauthenticated, remote attacker to log in to the administrative console of a DCNM server by using an account…
A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to access sensitive information…
A vulnerability in the web interface for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to bypass authentication and perform command injection with root privil…
A vulnerability in the Universal Plug-and-Play (UPnP) implementation in the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, Layer 2-adjacent attacker to execute arbitrary code or …
A vulnerability in the Data-in-Motion (DMo) process installed with the Cisco IOx application environment could allow an unauthenticated, remote attacker to cause a stack overflow that could allow rem…
A vulnerability in a proprietary device driver in the kernel of Cisco TelePresence Multipoint Control Unit (MCU) Software could allow an unauthenticated, remote attacker to execute arbitrary code or …
A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication and execute actions with administrator privileges. The vulnerability …
A vulnerability in the Docker Engine configuration of Cisco CloudCenter Orchestrator (CCO; formerly CliQr) could allow an unauthenticated, remote attacker to install Docker containers with high privi…
A vulnerability in the web-based graphical user interface (GUI) of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full admini…
A vulnerability in the Session Description Protocol (SDP) parser of Cisco Meeting Server could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. This vulnerab…
A vulnerability in Cisco Meeting Server and Meeting App could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. This vulnerability affects the following produ…
A vulnerability in the interdevice communications interface of the Cisco IP Interoperability and Collaboration System (IPICS) Universal Media Services (UMS) could allow an unauthenticated, remote att…
A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of the Cisco Meeting Server (CMS) before 2.0.6 and Acano Server before 1.8.18 and 1.9.x before 1.9.6 could allow an un…
Cisco Cloud Services Platform (CSP) 2100 2.0 allows remote attackers to execute arbitrary code via a crafted dnslookup command in an HTTP request, aka Bug ID CSCuz89093.
Session fixation vulnerability in Cisco Firepower Management Center and Cisco FireSIGHT System Software through 6.1.0 allows remote attackers to hijack web sessions via a session identifier, aka Bug …
Cisco Small Business 220 devices with firmware before 1.0.1.1 have a hardcoded SNMP community, which allows remote attackers to read or modify SNMP objects by leveraging knowledge of this community, …
The API in Cisco Prime Infrastructure 1.2 through 3.0 and Evolved Programmable Network Manager (EPNM) 1.2 allows remote attackers to execute arbitrary code or obtain sensitive management information …
Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2…
The XML API in TelePresence Codec (TC) 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, and 7.3.5 and Collaboration Endpoint (CE) 8.0.0, 8.0.1, and 8.1.0 in Cisco TelePresence Software mishandles aut…
The XML parser in Cisco Information Server (CIS) 6.2 allows remote attackers to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in co…
Cisco Unified Computing System (UCS) Central Software 1.3(1b) and earlier allows remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuv33856.
Cisco UCS Invicta C3124SA Appliance 4.3.1 through 5.0.1, UCS Invicta Scaling System and Appliance, and Whiptail Racerunner improperly store a default SSH private key, which allows remote attackers to…
Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allow remote attackers to execute arbitrary code via crafted deserialized data in an HTTP POS…
Cisco FireSIGHT System Software 6.1.0 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to enumerate valid usernames by measuring timing dif…
An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS) Manager before 2.2(4b), 2.2(5) before 2.2(5a), and 3.0 before 3.0(2e) allows r…
The Admin portal in Cisco Identity Services Engine (ISE) 1.1.x, 1.2.0 before patch 17, 1.2.1 before patch 8, 1.3 before patch 5, and 1.4 before patch 4 allows remote attackers to obtain administrativ…
Cisco Wireless LAN Controller (WLC) devices with software 7.6.x, 8.0 before 8.0.121.0, and 8.1 before 8.1.131.0 allow remote attackers to change configuration settings via unspecified vectors, aka Bu…
Cisco TelePresence Video Communication Server (VCS) X8.6 uses the same encryption key across different customers' installations, which makes it easier for local users to defeat cryptographic protecti…
Cisco Prime Collaboration Assurance before 11.0 has a hardcoded cmuser account, which allows remote attackers to obtain access by establishing an SSH session and leveraging knowledge of this account'…
Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco FireSIGHT Management Center (MC) 5.4.1.4 and 6.0.1 allow remote authenticated users to inject arbitrary web script or…
The admin web interface in Cisco AsyncOS 8.x before 8.0.8-113, 8.1.x and 8.5.x before 8.5.3-051, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance (WSA) device…
Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSight Management Center (MC) 5.4.1.3 and 6.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified p…
Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSight Management Center (MC) 5.3.1.5 and 5.4.x through 5.4.1.3 allow remote authenticated users to inject arbitrary web script or HTML…
The policy implementation in Cisco FireSIGHT Management Center 5.3.1.7, 5.4.0.4, and 6.0.0 for VMware allows remote authenticated administrators to bypass intended policy restrictions and execute Lin…
The web framework in Cisco Prime Collaboration Provisioning before 11.0 allows remote authenticated users to bypass intended access restrictions and create administrative accounts via a crafted URL, …
The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended access restrictions, and create administrative accounts or read dat…
The JavaServer Pages (JSP) component in Cisco Integrated Management Controller (IMC) Supervisor before 1.0.0.1 and UCS Director (formerly Cloupia Unified Infrastructure Controller) before 5.2.0.1 all…
Cisco Prime Infrastructure (PI) 1.4(0.45) and earlier, when AAA authentication is used, allows remote authenticated users to bypass intended access restrictions via a username with a modified composi…
The password-change feature in Cisco Unified MeetingPlace Web Conferencing before 8.5(5) MR3 and 8.6 before 8.6(2) does not check the session ID or require entry of the current password, which allows…
The web framework in Cisco TelePresence Advanced Media Gateway Series Software before 1.1(1.40), Cisco TelePresence IP Gateway Series Software, Cisco TelePresence IP VCR Series Software before 3.0(1.…
Cross-site scripting (XSS) vulnerability in Cisco FireSIGHT System Software 5.3.1.1 and 6.0.0 in FireSIGHT Management Center allows remote authenticated users to inject arbitrary web script or HTML v…
Unrestricted file upload vulnerability in the Custom Prompts upload implementation in Cisco Unified MeetingPlace 8.6(1.9) allows remote authenticated users to execute arbitrary code by using the lang…
A certain Cisco JAR file, as distributed in Cache Cleaner in Cisco Secure Desktop (CSD), allows remote attackers to execute arbitrary commands via a crafted web site, aka Bug ID CSCup83001.
The management interface in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway before X7.2.4, X8 before X8.1.2, and X8.2 before X8.2.2 and Cisco TelePresence Conductor before X2…
The administrative web interface in Cisco WebEx Meetings Server 1.0 through 1.5 allows remote authenticated users to execute arbitrary OS commands with root privileges via unspecified fields, aka Bug…
Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote attackers to obtain sensitive credential information by leveraging unspecified HTTP handler access on the local networ…
The VPN implementation in Cisco ASA Software 7.2 before 7.2(5.15), 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.15), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), …
Cross-site scripting (XSS) vulnerability in the web framework in Cisco Unified Communications Manager (UCM) 9.1(2.10000.28) allows remote authenticated users to inject arbitrary web script or HTML vi…
The server in Cisco Unity Connection 9.1(1) and 9.1(2) allows remote authenticated users to obtain privileged access by conducting an "HTTP Intercept" attack and leveraging the ability to read files …
Cisco Unified Communications Domain Manager (CDM) in Unified CDM Platform Software before 4.4.2 has a hardcoded SSH private key, which makes it easier for remote attackers to obtain access to the sup…
The Administration GUI in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 8.1.4 does not properly implement access control, which all…
Cisco Wide Area Application Services (WAAS) 5.1.1 before 5.1.1e, when SharePoint prefetch optimization is enabled, allows remote SharePoint servers to execute arbitrary code via a malformed response,…
Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of…
Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of…
Heap-based buffer overflow in Cisco WebEx Recording Format (WRF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a d…
Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of…
Heap-based buffer overflow in Cisco TelePresence TC Software 4.x through 6.x before 6.0.1 and TE Software 4.x and 6.0.x before 6.0.2 allows remote attackers to execute arbitrary code via crafted SIP …
Cisco TelePresence TC Software 4.x and 5.x before 5.1.7 and 6.x before 6.0.1 and TE Software 4.x and 6.0 allow remote authenticated users to execute arbitrary commands by using the commands as argume…
Cisco TelePresence TC Software 4.x through 6.x before 6.2.0 and TE Software 4.x and 6.0 allow remote authenticated users to execute arbitrary commands by using the commands as arguments to internal s…
Cisco Prime Infrastructure 1.2 and 1.3 before 1.3.0.20-2, 1.4 before 1.4.0.45-2, and 2.0 before 2.0.0.0.294-2 allows remote authenticated users to execute arbitrary commands with root privileges via …
Cisco UCS Director (formerly Cloupia) before 4.0.0.3 has a hardcoded password for the root account, which makes it easier for remote attackers to obtain administrative access via an SSH session to th…
The web interface in Cisco Secure Access Control System (ACS) 5.x before 5.4 Patch 3 allows remote attackers to execute arbitrary operating-system commands via a request to this interface, aka Bug ID…
The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authorization requirements, which allows remote authenticated users to obtain superadmin access …
The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authentication and authorization requirements, which allows remote attackers to obtain administr…
Buffer overflow in srtp.c in libsrtp in srtp 1.4.5 and earlier allows remote attackers to cause a denial of service (crash) via vectors related to a length inconsistency in the crypto_policy_set_from…
Cisco WebEx Meeting Center allows remote authenticated users to bypass access control and inject content from a different WebEx site via unspecified vectors, aka Bug ID CSCul36197.
The WIL-A module in Cisco TelePresence VX Clinical Assistant 1.2 before 1.21 changes the admin password to an empty password upon a reboot, which makes it easier for remote attackers to obtain access…
The web framework in Cisco Identity Services Engine (ISE) 1.0 and 1.1.0 before 1.1.0.665-5, 1.1.1 before 1.1.1.268-7, 1.1.2 before 1.1.2.145-10, 1.1.3 before 1.1.3.124-7, 1.1.4 before 1.1.4.218-7, an…
Cross-site scripting (XSS) vulnerability in the file-upload interface in Cisco Identity Services Engine (ISE) allows remote authenticated users to inject arbitrary web script or HTML via a crafted fi…
Directory traversal vulnerability in processImageSave.jsp in DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to write arbitrary files via the c…
Buffer overflow in Cisco WebEx Recording Format (WRF) player T27 LD before SP32 EP16, T27 L10N before SP32_ORION111, and T28 before T28.8 allows remote attackers to execute arbitrary code or cause a …
Stack-based buffer overflow in Cisco WebEx Recording Format (WRF) player T27 LD before SP32 EP16, T27 L10N before SP32_ORION111, and T28 before T28.8 allows remote attackers to execute arbitrary code…
Buffer overflow in the exception handler in Cisco WebEx Recording Format (WRF) player T27 LD before SP32 EP16, T27 L10N before SP32_ORION111, and T28 before T28.8 allows remote attackers to execute a…
Buffer overflow in Cisco WebEx Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T27 L10N before SP32_ORION111, and T28 before T28.8 allows remote attackers to execute arbitrary code or…
Buffer overflow in Cisco WebEx Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T27 L10N before SP32_ORION111, and T28 before T28.8 allows remote attackers to execute arbitrary code or…
The EAP-FAST authentication module in Cisco Secure Access Control Server (ACS) 4.x before 4.2.1.15.11, when a RADIUS server configuration is enabled, does not properly parse user identities, which al…
Cisco TelePresence System Software 1.10.1 and earlier on 500, 13X0, 1X00, 30X0, and 3X00 devices, and 6.0.3 and earlier on TX 9X00 devices, has a default password for the pwrecovery account, which ma…
The web framework in Cisco WAAS Software before 4.x and 5.x before 5.0.3e, 5.1.x before 5.1.1c, and 5.2.x before 5.2.1; Cisco ACNS Software 4.x and 5.x before 5.5.29.2; Cisco ECDS Software 2.x before…
The web service framework in Cisco WAAS Software 4.x and 5.x before 5.0.3e, 5.1.x before 5.1.1c, and 5.2.x before 5.2.1 in a Central Manager (CM) configuration allows remote attackers to execute arbi…
Cisco Video Surveillance Manager (VSM) before 7.0.0 allows remote attackers to obtain sensitive configuration, archive, and log information via unspecified vectors, related to the Cisco_VSBWT (aka Br…
Cross-site scripting (XSS) vulnerability in the portal module in Cisco WebEx Social allows remote authenticated users to inject arbitrary web script or HTML via a javascript: URL in the link field in…
