Cisco WebEx Meetings Server Information Disclosure Vulnerability

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access sensitive data about the application.

An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance att...

Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products

On January 28, 2016, the OpenSSL Project released a security advisory detailing two vulnerabilities. Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, ...

Cisco IOS XE Software Internet Group Management Protocol Memory Leak Vulnerability

A vulnerability in the Internet Group Management Protocolnbsp;(IGMP) packet-processing functionality of Cisconbsp;IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust buffers on an affected device, resulting in a denial of...

Cisco IOS and IOS XE Software DHCP Version 4 Relay Heap...

A vulnerability in the DHCP option 82 encapsulation functionality of Cisconbsp;IOS Software and Cisconbsp;IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of servicenbsp...

Cisco IOS XE Software REST API Authorization Bypass Vulnerability

A vulnerability in the Cisconbsp;IOS XE Software RESTnbsp;API could allow an authenticated, remote attacker to bypass API authorization checks and use the API to perform privileged actions on an affected device. The vulnerability is due to insuf...

Cisco Secure Access Control System Information Disclosure Vulnerability

A vulnerability in the web-based interface of Cisconbsp;Secure Access Control Systemnbsp;(ACS) could allow an unauthenticated, remote attacker to view sensitive information on an affected system. The vulnerability exists because the affected sof...

Cisco IOS and IOS XE Software Smart Install Remote Code Execution...

A vulnerability in the Smart Install feature of Cisconbsp;IOS Software and Cisconbsp;IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition, or t...

Bleichenbacher Attack on TLS Affecting Cisco Products: December 2017

On December 12, 2017, a research paper with the title Return of Bleichenbacher's Oracle Threat was made publicly available.

This paper describes how some Transport Layer Security (TLS) stacks are vulnerable to variations of the classic Bleichenbac...

Cisco Enterprise NFV Infrastructure Software Linux Shell Access Vulnerability

A vulnerability innbsp;the Secure Copy Protocol (SCP) server of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to access the shell of the underlying Linux operating system on the affected device....

Cisco NX-OS System Software Guest Shell Unauthorized Internal Interface Access Vulnerability

A vulnerability in the guest shell feature of Cisco NX-OS System Software could allow an authenticated, local attacker to read and send packets outside the scope of the guest shell container.

An attacker would need valid administrator credentials t...

Cisco Elastic Services Controller Service Portal Unauthorized Access Vulnerability

A vulnerability in the use of JSON web tokens by the web-based service portal of Cisconbsp;Elastic Services Controller Software could allow an unauthenticated, remote attacker to gain administrative access to an affected system. The vulnerability...

Cisco WAP150 Wireless Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco WAP150 Wireless-AC/N Dual Radio Access Point with Power over Ethernet (PoE) and WAP361 Wireless-AC/N Dual Radio Wall Plate Access Point with PoE could allow an unauthenticated, remote a...