Cisco Vulnerabilities

Cisco Secure Access Control System Open Redirect Vulnerability

A vulnerability in the web interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.   The vulnerability is due to improper input vali...

Cisco Secure Access Control System XML External Entity Vulnerability

A vulnerability in the web-based user interface of the Cisco Secure Access Control System (ACS) could allow an authenticated, remote attacker to have read access to part of the information stored in the affected system. The vulner...

Cisco Secure Access Control System Information Disclosure Vulnerability

A vulnerability in the web interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to disclose sensitive information. The vulnerability is due to the inclusion of sensitive informa...

Cisco Secure Access Control System Cross-Site Scripting Vulnerability

A vulnerability in Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to conduct a DOM-based cross-site scripting (XSS) attack against the user of the web interface of the affected system. The...

Cisco ASA Clientless SSL VPN CIFS Heap Overflow Vulnerability

A vulnerability in Common Internet Filesystem (CIFS) code in the Clientless SSL VPN functionality of Cisco ASA Software could allow an authenticated, remote attacker to cause a heap overflow. The vulnerability is due to insufficie...

Cisco Industrial Ethernet 2000 Series Switches CIP Denial of Service Vulnerability

A vulnerability in the implementation of Common Industrial Protocol (CIP) functionality in Cisco Industrial Ethernet 2000 Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) ...

Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017

On January 26, 2017, the OpenSSL Software Foundation released a security advisory that included three new vulnerabilities.

The foundation also released one vulnerability that was already disclosed in the OpenSSL advisory for Novemb...

Cisco WebEx Browser Extension Remote Code Execution Vulnerability

A vulnerability in Cisco WebEx browser extensions could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system.

This vulnerability affects the browser e...

Cisco ASR 5000 Software ipsecmgr Process IKE Packet Parsing Denial of...

For information about fixed software releases, consult the Cisco bug ID(s) at the top of this advisory. When considering software upgrades, customers are advised to consult the advisories for Cisco products, which are available from the Cisco Security ...

Cisco IOS for Catalyst 2960X and 3750X Switches Denial of Service...

A vulnerability in the Cisco IOS Software forwarding queue of Cisco 2960X and 3750X switches could allow an unauthenticated, adjacent attacker to cause a memory leak in the software forwarding queue that would eventually lead to a ...

Cisco Mobility Express 2800 and 3800 802.11 Denial of Service Vulnerability

A vulnerability in 802.11 ingress packet processing of the Cisco Mobility Express 2800 and 3800 Access Points (APs) could allow an unauthenticated, adjacent attacker to cause the connection table to be full of invalid connections a...

Cisco Unified Communications Manager Cross-Site Scripting Vulnerability

A cross-site scripting (XSS) filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to mount XSS attacks against a user of an affect...