Saturday, December 16, 2017

Cisco IP Phone 8800 Series Denial of Service Vulnerability

A vulnerability in Session Initiation Protocol (SIP) call handling in Cisco IP Phone 8800 Series devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the SIP process unexpectedly restarts.

All...

Cisco WebEx Meeting Center URL Redirection Vulnerability

A vulnerability in Cisco WebEx Meeting Center could allow an authenticated, remote attacker to initiate connections to arbitrary hosts. The vulnerability is due to insufficient access control for HTTP traffic directed to the Cisco WebEx Meeting Ce...

Cisco Jabber Clients Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Jabber for Windows, Mac, Android, and iOS could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management inter...

Cisco NX-OS System Software CLI Arbitrary File Read Vulnerability

A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to read the contents of arbitrary files. The vulnerability is due to insufficient input validation for a specific CLI command.

An attacker could...

Cisco Jabber Information Disclosure Vulnerability

A vulnerability in Cisco Jabber for Windows could allow an unauthenticated, local attacker to access sensitive communications made by the Jabber client.

An attacker could exploit this vulnerability to gain information to conduct additional attacks....

Cisco WebEx Network Recording Player Buffer Overflow Vulnerability

A vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (.arf) files could allow an attacker to execute arbitrary code on a system.

An attacker could exploit this vulnerability by providing a user with a malicious .arf...

Cisco FXOS and NX-OS System Software CLI Command Injection Vulnerability

A vulnerability in the CLI of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validatio...

Cisco WebEx Meeting Center Cross-Site Scripting Vulnerability

A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. The vulnerability is due to insufficient input validation of some pa...

Cisco Email Security Appliance Header Bypass Vulnerability

A vulnerability in the Simple Mail Transfer Protocol (SMTP) header filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on the ...

Cisco NX-OS System Software Interactive TCL Shell Escape Vulnerability

A vulnerability in the TCL scripting subsystem of Cisco NX-OS System Software could allow an authenticated, local attacker to escape the interactive TCL shell and gain unauthorized access to the underlying operating system of the device. The vulne...

Cisco NX-OS System Software Guest Shell Unauthorized Internal Interface Access Vulnerability

A vulnerability in the guest shell feature of Cisco NX-OS System Software could allow an authenticated, local attacker to read and send packets outside the scope of the guest shell container.

An attacker would need valid administrator credentials t...

Multiple Vulnerabilities in Cisco UCS Central Software

Multiple vulnerabilities in the web-based management interface of Cisconbsp;UCS Central Software could allow a remote attacker to conduct a cross-site scriptingnbsp;(XSS) attack against a user of the affected interface or hijack a valid session I...