Cisco NX-OS System Software Image Signature Bypass Vulnerability

A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software image. The vulnerability is due to insufficient NX-OS signature verification for software images. ...

Cisco NX-OS System Software CLI Command Injection Vulnerability

A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. An attacker would need valid administrator credentials to perform this exploit. The vulnerability is due...

Cisco NX-OS System Software Patch Installation Arbitrary File Write Vulnerability

A vulnerability in Cisco NX-OS System Software patch installation could allow an authenticated, local attacker to write a file to arbitrary locations. The vulnerability is due to insufficient restrictions in the patch installation process.

An att...

Cisco IP Phone 8800 Series Command Injection Vulnerability in Debug Shell

A vulnerability in the debug interface of Cisco IP Phone 8800 series could allow an authenticated, local attacker to execute arbitrary commands. The vulnerability is due to insufficient input validation.

An attacker could exploit this vulnerabilit...

Cisco Umbrella Insights Virtual Appliance Static Credentials Vulnerability

A vulnerability in Cisconbsp;Umbrella Insights Virtual Appliances could allow an authenticated, local attacker to log in to an affected virtual appliance with root privileges. The vulnerability is due to the presence of default, static user crede...

Cisco Network Academy Packet Tracer DLL Preload Vulnerability

An untrusted search path vulnerability in the Cisco Network Academy Packet Tracer software could allow an authenticated, local attacker to execute arbitrary code via DLL hijacking if a local user with administrative privileges executes the installe...

Cisco Voice Operating System-Based Products Unauthorized Access Vulnerability

A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affected device. The v...

Cisco Email Security Appliance HTTP Response Splitting Vulnerability

A vulnerability in the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a HTTP response splitting attack. The vulnerability is due to the failure of the application or its environment to properly san...

Cisco Web Security Appliance Advanced Malware Protection File Bypass Vulnerability

A vulnerability in the Advanced Malware Protection (AMP) file filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured AMP file filtering rule.

The fil...

Cisco Immunet Antimalware Installer DLL Preloading Vulnerability

An untrusted search path vulnerability in the Cisco Immunet antimalware installer could allow an authenticated, local attacker to execute arbitrary code via DLL hijacking if a local user with administrative privileges executes the installer in the ...

Cisco IOS XE Software Ethernet Virtual Private Network Border Gateway Protocol...

A vulnerability in the Border Gateway Protocol (BGP) over an Ethernet Virtual Private Network (EVPN) for Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload, resulting in anbsp;denial of service (DoS...

Cisco IOS and IOS XE Software EnergyWise Denial of Service Vulnerabilities

Multiple vulnerabilities in the EnergyWise module of Cisconbsp;IOS and Cisconbsp;IOS XE Software could allow an unauthenticated, remote attacker to cause a buffer overflow condition or a reload of an affected device, leading to a denial of servic...