Cisco Vulnerabilities

Cisco Integrated Management Controller Cross-Site Scripting Vulnerability

A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to perform a persistent cross-site scripting (XSS) attack. The vulnerability is due to insufficient...

Cisco UCS Director Virtual Machine Information Disclosure Vulnerability

A vulnerability in the role-based resource checking functionality of Cisco Unified Computing System (UCS) Director could allow an authenticated, remote attacker to view unauthorized information for any virtual machine in ...

Cisco Aironet 1830 Series and 1850 Series Access Points Mobility Express...

A vulnerability in Cisconbsp;Aironet 1830 Series and Cisconbsp;Aironet 1850 Series Access Points running Cisconbsp;Mobility Express Software could allow an unauthenticated, remote attacker to take complete control of an affected...

Cisco IOS and IOS XE Software Cluster Management Protocol Remote Code...

A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code ...

Cisco Prime Optical for Service Providers RADIUS Secret Disclosure Vulnerability

A vulnerability in the web network management interface of Cisco Prime Optical for Service Providers could allow an authenticated, remote attacker to disclose sensitive information in the configuration generated for a device.

The a...

Apache Struts2 Jakarta Multipart Parser File Upload Code Execution Vulnerability Affecting...

On March 6, 2017, Apache disclosed a vulnerability in the Jakarta Multipart parser used in Apache Struts2 that could allow an attacker to execute commands remotely on a targeted system by using a crafted Content-Type, Content-Dispo...

Cisco Secure Access Control System XML External Entity Vulnerability

A vulnerability in the web-based user interface of the Cisco Secure Access Control System (ACS) could allow an authenticated, remote attacker to have read access to part of the information stored in the affected system. The vulner...

Cisco Secure Access Control System Information Disclosure Vulnerability

A vulnerability in the web interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to disclose sensitive information. The vulnerability is due to the inclusion of sensitive informa...

Cisco Secure Access Control System Cross-Site Scripting Vulnerability

A vulnerability in Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to conduct a DOM-based cross-site scripting (XSS) attack against the user of the web interface of the affected system. The...

Cisco AsyncOS Software for Cisco ESA Filtering Bypass Vulnerability

A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on th...

Cisco Secure Access Control System Open Redirect Vulnerability

A vulnerability in the web interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.   The vulnerability is due to improper input vali...

Cisco ASA Clientless SSL VPN CIFS Heap Overflow Vulnerability

A vulnerability in Common Internet Filesystem (CIFS) code in the Clientless SSL VPN functionality of Cisco ASA Software could allow an authenticated, remote attacker to cause a heap overflow. The vulnerability is due to insufficie...