Thursday, January 18, 2018

Cisco Aironet 1560, 2800, and 3800 Series Access Point Platforms Extensible...

A vulnerability in Extensible Authentication Protocol (EAP) ingress frame processing for the Cisco Aironet 1560, 2800, and 3800 Series Access Points could allow an unauthenticated, Layer 2 radio frequency (RF) adjacent attacker to cause the Access ...

Cisco Aironet 1830 Series and 1850 Series Access Points Mobility Express...

A vulnerability in Cisconbsp;Aironet 1830 Series and Cisconbsp;Aironet 1850 Series Access Points running Cisconbsp;Mobility Express Software could allow an unauthenticated, remote attacker to take complete control of an affected device. The vul...

Cisco ASR 5500 SAE Gateway BGP Denial of Service Vulnerability

A vulnerability in the Border Gateway Protocol (BGP) input packet handler in the Cisco ASR 5500 System Architecture Evolution (SAE) Gateway could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) ...

Multiple Vulnerabilities in Cisco Unified Communications Domain Manager

Cisco Unified Communications Domain Manager (Cisco Unified CDM) is affected by the following vulnerabilities: Cisco Unified Communications Domain Manager Privilege Escalation Vulnerability Cisco Unified Communications Doma...

Cisco UCS Central Software Server-Side Request Forgery Vulnerability

A vulnerability in the Cisco Unified Computing System (UCS) Central software could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) on a targeted system. The vuln...

Cisco Web Security Appliance Command Injection and Privilege Escalation Vulnerability

A vulnerability in the web interface of the Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform command injection and elevate privileges to root.

The attacker must authenticate with valid adm...

Cisco FireSIGHT Management Center Certificate Validation Vulnerability

A vulnerability in the rule update functionality of Cisco FireSIGHT Management Center (MC) could allow an unauthenticated, remote attacker to manipulate the content of the rule update packages and execute arbitrary code on the syst...

Cisco Email Security Appliance Anti-Spam Scanner Bypass Vulnerability

A vulnerability in the anti-spam scanner of Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the anti-spam functionality of the ESA. The vulnerability is due to ...

Multiple Vulnerabilities in Cisco Firewall Services Module Software

Cisco Firewall Services Module (FWSM) Software for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers is affected by the following vulnerabilities: Cisco FWSM Command Authorization Vulnerability SQL*Net Insp...

Cisco IOS Software Metadata Vulnerabilities

Two vulnerabilities in the metadata flow feature of Cisco IOS Software could allow an unauthenticated, remote attacker to reload a vulnerable device. The vulnerabilities are due to improper handling of transit RSVP packets that ne...

Cisco TelePresence Video Communication Server Expressway File Modification Vulnerability

A vulnerability in the symbolic link operation of the Cisco TelePresence Video Communication Server (VCS) Expressway could allow an authenticated, local attacker to perform a symbolic link attack on the affected system. The vulne...

Cisco RV220W Management Authentication Bypass Vulnerability

A vulnerability in the web-based management interface of Cisco RV220W Wireless Network Security Firewall devices could allow an unauthenticated, remote attacker to bypass authentication and gain administrative privileges on a ...