Cisco AnyConnect Profile Editor XML External Entity Injection Vulnerability

A vulnerability in the Profile Editor of the Cisco AnyConnect Secure Mobility Client could allow an unauthenticated, local attacker to have read and write access to information stored in the affected system. The vulnerability is due to improper ha...

Cisco NX-OS Software Pong Packet Denial of Service Vulnerability

A vulnerability in the Pong tool of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected sof...

Cisco NX-OS System Software Management Interface Denial of Service Vulnerability

A vulnerability in management interface access control list (ACL) configuration of Cisco NX-OS System Software could allow an unauthenticated, remote attacker to bypass configured ACLs on the management interface.

This could allow traffic to be for...

Cisco StarOS CLI Command Injection Vulnerability

A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected host operating system. The vulnerabili...

Cisco Prime Infrastructure Privilege Escalation Vulnerability

A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Infrastructure could allow an authenticated, remote attacker to perform a privilege escalation in which one virtual domain user can view and modify another virtual...

Cisco UCS Central Software IPv6 Denial of Service Vulnerability

A vulnerability in IPv6 ingress packet processing for Cisco UCS Central Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high CPU utilization on the targeted device. The vulnerability is ...

Cisco Web Security Appliance Reflected Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interfac...

Cisco D9800 Network Transport Receiver OS Command Injection Vulnerability

A vulnerability in the web management GUI of the Cisco D9800 Network Transport Receiver could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of GUI command a...

Cisco Elastic Services Controller Information Disclosure Vulnerability

A vulnerability in the ConfD server of the Cisco Elastic Services Controller (ESC) could allow an unauthenticated, local attacker to access sensitive information on a targeted system. The vulnerability is due to insufficient security restrictions....

Cisco IOS Software for Industrial Ethernet 4010 Series Switches Test Command...

A vulnerability in one of the diagnostic test CLI commands on Cisco Industrial Ethernet 4010 Series Switches running Cisco IOS Software could allow an authenticated, local attacker to impact the stability of the device.

This could result in arbitra...

Cisco WebEx Meetings Server Information Disclosure Vulnerability

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access sensitive data about the application.

An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance att...

Cisco Unified Communications Manager Information Disclosure Vulnerability

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables.

An attacker could exploit ...