10.1 C
London
Monday, October 23, 2017

Cisco IOS Software for Cisco Industrial Ethernet Switches PROFINET Denial of...

A vulnerability in the implementation of the PROFINET Discovery and Configuration Protocolnbsp;(PN-DCP) for Cisconbsp;IOS Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of ser...

Cisco Unified Intelligence Center User Interface Cross-Site Request Forgery Vulnerability

A vulnerability in the Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to a lack of cross-site request forgery (CSRF) protection.

An attacker could exploit thi...

Cisco Email Security Appliance Denial of Service Vulnerability

A vulnerability in the email message filtering feature of Cisco AsyncOS Software for the Cisco Email Security Appliance could allow an unauthenticated, remote attacker to cause an affected device to run out of memory and stop scanning and forwardin...

Cisco Unified Intelligence Center Cross-Site Scripting Vulnerability

A vulnerability in the web framework code of Cisconbsp;Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. ...

Cisco Unified Customer Voice Portal Operations Console Privilege Escalation Vulnerability

A vulnerability in the Operations, Administration, Maintenance, and Provisioning (OAMP) credential reset functionality for Cisco Unified Customer Voice Portal (CVP) could allow an authenticated, remote attacker to gain elevated privileges. The vu...

Cisco Wide Area Application Services HTTP Application Optimization Denial of Service...

A vulnerability in the HTTP web interface for Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause an HTTP Application Optimization (AO) related process to restart, causing a partial denial of service...

Cisco FindIT DLL Preloading Vulnerability

A vulnerability in the Cisco FindIT Network Discovery Utility could allow an authenticated, local attacker to perform a DLL preloading attack, potentially causing a partial impact to device availability, confidentiality, and integrity. The vulnera...

Apache Struts 2 Remote Code Execution Vulnerability Affecting Multiple Cisco Products:...

On September 7, 2017, the Apache Software Foundation released a security bulletin that disclosed a vulnerability in the Freemarker tag functionality of the Apache Struts 2 package.

The vulnerability could allow an unauthenticated, remote attacker t...

Multiple Vulnerabilities in Apache Struts 2 Affecting Cisco Products: September 2017

On September 5, 2017, the Apache Software Foundation released security bulletins that disclosed three vulnerabilities in the Apache Struts 2 package. Of these vulnerabilities, the Apache Software Foundation classifies one as Critical Severity, one ...

Cisco Prime Collaboration Provisioning Tool Inventory Management Feature Information Disclosure Vulnerability

A vulnerability in the Inventory Management feature of Cisco Prime Collaboration Provisioning Tool could allow an authenticated, remote attacker to view sensitive information on the system. The vulnerability is due to insufficient...

Cisco Email Security Appliance Malformed EML Attachment Bypass Vulnerability

A vulnerability in the malware detection functionality within Advanced Malware Protection (AMP) of Cisco AsyncOS Software for Cisco Email Security Appliances (ESAs) could allow an unauthenticated, remote attacker to cause an email attachment contai...

Cisco IOS and Cisco IOS XE Software UDP Packet Processing Denial...

A vulnerability in the UDP processing code of Cisconbsp;IOS and Cisconbsp;IOS XE Software could allow an unauthenticated, remote attacker to cause the input queue of an affected system to hold UDP packets, causing an interface qu...