11.5 C
London
Sunday, October 22, 2017

Cisco Meeting Server Command Injection and Privilege Escalation Vulnerability

A vulnerability in the CLI command-parsing code of Cisco Meeting Server could allow an authenticated, local attacker to perform command injection and escalate their privileges to root.

The attacker must first authenticate to the ap...

Cisco Prime Collaboration Provisioning Tool UpgradeManager File Write Vulnerability

A vulnerability in the UpgradeManager of the Cisco Prime Collaboration Provisioning Tool could allow an authenticated, remote attacker to write arbitrary files as root on the system. The vulnerability is due to insufficient input ...

Cisco Smart Net Total Care Contracts Details Page SQL Injection Vulnerability

A vulnerability in the web-based management interface of the Cisconbsp;Smart Net Total Carenbsp;(SNTC) Contracts Details Page could allow an authenticated, remote attacker to perform a read-only, blind SQL injection attack, which...

Multiple Cisco Products OSPF LSA Manipulation Vulnerability

Multiple Cisco products are affected by a vulnerability involving the Open Shortest Path First (OSPF) Routing Protocol Link State Advertisement (LSA) database.

This vulnerability could allow an unauthenticated, remote attacker to t...

Cisco ASR 5000 Series Aggregation Services Routers Access Control List Security...

A vulnerability in certain filtering mechanisms of access control listsnbsp;(ACLs) for Cisconbsp;ASR 5000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass ACL rules that have been conf...

Cisco Web Security Appliance Administrative Interface Access Control Bypass Vulnerability

A vulnerability in the web proxy functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to forward traffic from the web proxy interface of an affected device to the administrative ma...

Cisco Web Security Appliance Command Injection and Privilege Escalation Vulnerability

A vulnerability in the web interface of the Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform command injection and elevate privileges to root.

The attacker must authenticate with valid adm...

Cisco Web Security Appliance Static Credentials Vulnerability

A vulnerability in AsyncOS for the Cisco Web Security Appliance (WSA) could allow an unauthenticated, local attacker to log in to the device with the privileges of a limited user or an unauthenticated, remote attacker to authentica...

Cisco Wide Area Application Services Central Manager Information Disclosure Vulnerability

A vulnerability in the web-based GUI of Cisconbsp;Wide Area Application Servicesnbsp;(WAAS) Central Manager could allow an unauthenticated, remote attacker to retrieve completed reports from an affected system. The vulnerability...

Cisco Prime Network Information Disclosure Vulnerability

A vulnerability in the CLI of the Cisco Prime Network Gateway could allow an authenticated, local attacker to retrieve system process information, which could lead to the disclosure of confidential information. The vulnerability i...

Cisco Wide Area Application Services Core Dump Denial of Service Vulnerability

A vulnerability in the Server Message Block (SMB) protocol of Cisconbsp;Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device due t...

Cisco StarOS CLI Command Injection Vulnerability

A vulnerability in the CLI command-parsing code of the Cisconbsp;StarOS operating system for Cisconbsp;ASR 5000 Series, 5500 Series, and 5700 Series devices and Cisconbsp;Virtualized Packet Corenbsp;(VPC) Software could allow a...