Bleichenbacher Attack on TLS Affecting Cisco Products: December 2017

On December 12, 2017, a research paper with the title Return of Bleichenbacher's Oracle Threat was made publicly available.

This paper describes how some Transport Layer Security (TLS) stacks are vulnerable to variations of the classic Bleichenbac...

Cisco NX-OS Software TCP Netstack Denial of Service Vulnerability

4A vulnerability in the TCP stack of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper processing of certain TCP packets in the closing sequence ...

Cisco NX-OS System Software Interactive TCL Shell Escape Vulnerability

A vulnerability in the TCL scripting subsystem of Cisco NX-OS System Software could allow an authenticated, local attacker to escape the interactive TCL shell and gain unauthorized access to the underlying operating system of the device. The vulne...

Cisco NX-OS System Software Guest Shell Unauthorized Internal Interface Access Vulnerability

A vulnerability in the guest shell feature of Cisco NX-OS System Software could allow an authenticated, local attacker to read and send packets outside the scope of the guest shell container.

An attacker would need valid administrator credentials t...

Multiple Vulnerabilities in Cisco UCS Central Software

Multiple vulnerabilities in the web-based management interface of Cisconbsp;UCS Central Software could allow a remote attacker to conduct a cross-site scriptingnbsp;(XSS) attack against a user of the affected interface or hijack a valid session I...

Multiple Vulnerabilities in Cisco Data Center Network Manager Software

Multiple vulnerabilities in Cisconbsp;Data Center Network Managernbsp;(DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content in...

Cisco WebEx Event Center Information Disclosure Vulnerability

A vulnerability in Cisco WebEx Event Center could allow an authenticated, remote attacker to view unlisted meeting information. The vulnerability is due to a design flaw in the product.

An attacker could execute a query on an Event Center site to ...

Cisco Application Policy Infrastructure Controller Local Command Injection and Privilege Escalation...

A vulnerability in certain system script files that are installed at boot time on Cisconbsp;Application Policy Infrastructure Controllers could allow an authenticated, local attacker to gain elevated privileges and execute arbitrary commands with ...

Cisco Meeting Server Denial of Service Vulnerability

A vulnerability in Cisco Meeting Server versions prior to 2.2.2 could allow an authenticated, remote attacker to cause the system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to video calls being made on sy...

Cisco IOS XR Software Local Packet Transport Services Denial of Service...

A vulnerability in the Local Packet Transport Servicesnbsp;(LPTS) ingress frame-processing functionality of Cisconbsp;IOS XR Software could allow an unauthenticated, remote attacker to cause one of the LPTS processes on an affected system to rest...

Cisco Multilayer Director, Nexus 7000 Series, and Nexus 7700 Series Switches...

A vulnerability in Cisconbsp;NX-OS System Software running on Cisconbsp;MDS Multilayer Director Switches, Cisconbsp;Nexus 7000 Series Switches, and Cisconbsp;Nexus 7700 Series Switches could allow an authenticated, local attacker to access the ...

Cisco Secure Access Control System Information Disclosure Vulnerability

A vulnerability in the web-based interface of Cisconbsp;Secure Access Control Systemnbsp;(ACS) could allow an unauthenticated, remote attacker to view sensitive information on an affected system. The vulnerability exists because the affected sof...