Cisco Vulnerabilities

Cisco Industrial Ethernet 2000 Series Switches CIP Denial of Service Vulnerability

A vulnerability in the implementation of Common Industrial Protocol (CIP) functionality in Cisco Industrial Ethernet 2000 Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) ...

Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017

On January 26, 2017, the OpenSSL Software Foundation released a security advisory that included three new vulnerabilities.

The foundation also released one vulnerability that was already disclosed in the OpenSSL advisory for Novemb...

Cisco WebEx Browser Extension Remote Code Execution Vulnerability

A vulnerability in Cisco WebEx browser extensions could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system.

This vulnerability affects the browser e...

Cisco ASR 5000 Software ipsecmgr Process IKE Packet Parsing Denial of...

For information about fixed software releases, consult the Cisco bug ID(s) at the top of this advisory. When considering software upgrades, customers are advised to consult the advisories for Cisco products, which are available from the Cisco Security ...

Cisco IOS for Catalyst 2960X and 3750X Switches Denial of Service...

A vulnerability in the Cisco IOS Software forwarding queue of Cisco 2960X and 3750X switches could allow an unauthenticated, adjacent attacker to cause a memory leak in the software forwarding queue that would eventually lead to a ...

Cisco Mobility Express 2800 and 3800 802.11 Denial of Service Vulnerability

A vulnerability in 802.11 ingress packet processing of the Cisco Mobility Express 2800 and 3800 Access Points (APs) could allow an unauthenticated, adjacent attacker to cause the connection table to be full of invalid connections a...

Cisco Unified Communications Manager Cross-Site Scripting Vulnerability

A cross-site scripting (XSS) filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to mount XSS attacks against a user of an affect...

Cisco Mobility Express 2800 and 3800 Denial of Service Vulnerability

A vulnerability in 802.11 ingress connection authentication handling for the Cisco Mobility Express 2800 and 3800 Access Points (APs) could allow an unauthenticated, adjacent attacker to cause authentication to fail. The vulnerabi...

Cisco Intercloud Fabric Director Static Credentials Vulnerability

A vulnerability in the Cisco Intercloud Fabric (ICF) Director could allow an unauthenticated, remote attacker to connect to internal services with an internal account. The vulnerability is due to static credentials for an internal...

Cisco Email Security Appliance SMTP Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) Switches and Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to conduct a persistent cro...

Cisco Emergency Responder Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected d...

Cisco Emergency Responder Directory Traversal Vulnerability

A vulnerability in the File Management Utility, the Download File form, and the Serviceability application of Cisco Emergency Responder could allow an authenticated, remote attacker to access files in arbitrary locations on the fil...