Cisco Vulnerabilities

Cisco Integrated Management Controller Cross-Site Scripting Vulnerability

A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to perform a persistent cross-site scripting (XSS) attack. The vulnerability is due to insufficient...

Cisco Unified Communications Manager Denial of Service Vulnerability

A vulnerability in the Session Initiation Protocol (SIP) UDP throttling process of Cisco Unified Communications Manager (Cisco Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) cond...

Cisco Integrated Management Controller Privilege Escalation Vulnerability

A vulnerability in the web-based GUI of Cisco Integrated Management Controller (CIMC) could allow an authenticated, remote attacker to elevate the privileges of user accounts on the affected device. The vulnerability is due to ins...

Cisco Integrated Management Controller User Session Hijacking Vulnerability

A vulnerability in the session identification management functionality of the web-based GUI of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to hijack a valid user session on an affect...

Cisco IOS and IOS XE Software Simple Network Management Protocol Subsystem...

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is...

Cisco UCS Director Virtual Machine Information Disclosure Vulnerability

A vulnerability in the role-based resource checking functionality of Cisco Unified Computing System (UCS) Director could allow an authenticated, remote attacker to view unauthorized information for any virtual machine in ...

Cisco IOS and IOS XE Software Cluster Management Protocol Remote Code...

A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code ...

Cisco Prime Optical for Service Providers RADIUS Secret Disclosure Vulnerability

A vulnerability in the web network management interface of Cisco Prime Optical for Service Providers could allow an authenticated, remote attacker to disclose sensitive information in the configuration generated for a device.

The a...

Apache Struts2 Jakarta Multipart Parser File Upload Code Execution Vulnerability Affecting...

On March 6, 2017, Apache disclosed a vulnerability in the Jakarta Multipart parser used in Apache Struts2 that could allow an attacker to execute commands remotely on a targeted system by using a crafted Content-Type, Content-Dispo...

Cisco Secure Access Control System Cross-Site Scripting Vulnerability

A vulnerability in Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to conduct a DOM-based cross-site scripting (XSS) attack against the user of the web interface of the affected system. The...

Cisco AsyncOS Software for Cisco ESA Filtering Bypass Vulnerability

A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on th...

Cisco Secure Access Control System Open Redirect Vulnerability

A vulnerability in the web interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.   The vulnerability is due to improper input vali...