ReportizFlow
Filtered by vendor Cisco
Subscriptions
Total
6712 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-12323 | 1 Cisco | 1 Registered Envelope Service | 2025-04-20 | N/A |
| Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit these vulnerabilities by persuading a user to click a malicious link or by sending an HTTP request that could cause the affected service to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web interface of the affected system or allow the attacker to access sensitive browser-based information on the affected system. These types of exploits could also be used in phishing attacks that send users to malicious websites without their knowledge. Cisco Bug IDs: CSCve77195, CSCve90978, CSCvf42310, CSCvf42703, CSCvf42723, CSCvf46169, CSCvf49999. | ||||
| CVE-2017-12328 | 1 Cisco | 1 Ip Phone 8800 Series Firmware | 2025-04-20 | N/A |
| A vulnerability in Session Initiation Protocol (SIP) call handling in Cisco IP Phone 8800 Series devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the SIP process unexpectedly restarts. All active phone calls are dropped as the SIP process restarts. The vulnerability is due to incomplete input validation of the SIP packet header. An attacker could exploit this vulnerability by sending a malformed SIP packet to a targeted phone. An exploit could allow the attacker to cause a DoS condition because all phone calls are dropped when the SIP process unexpectedly restarts. Cisco Bug IDs: CSCvc62590. | ||||
| CVE-2017-12330 | 1 Cisco | 1 Nx-os | 2025-04-20 | N/A |
| A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments to the CLI parser. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command and gaining unauthorized access to the underlying operating system of the device. An exploit could allow the attacker to execute arbitrary commands at the user's privilege level. On products that support multiple virtual device contexts (VDCs), this vulnerability could allow an attacker to execute commands at the user's privilege level outside the user's environment. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCve99902, CSCvf14879. | ||||
| CVE-2017-12331 | 1 Cisco | 2 Nx-os, Unified Computing System | 2025-04-20 | N/A |
| A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software patch. The vulnerability is due to insufficient NX-OS signature verification for software patches. An authenticated, local attacker could exploit this vulnerability to bypass signature verification and load a crafted, unsigned software patch on a targeted device. The attacker would need valid administrator credentials to perform this exploit. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Unified Computing System Manager. Cisco Bug IDs: CSCvf16494, CSCvf23655. | ||||
| CVE-2017-12333 | 1 Cisco | 2 Nx-os, Unified Computing System | 2025-04-20 | N/A |
| A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software image. The vulnerability is due to insufficient NX-OS signature verification for software images. An authenticated, local attacker could exploit this vulnerability to bypass signature verification and load a crafted, unsigned software image on a targeted device. The attacker would need valid administrator credentials to perform this exploit. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Unified Computing System Manager. Cisco Bug IDs: CSCvf25045, CSCvf31495. | ||||
| CVE-2017-12332 | 1 Cisco | 2 Nx-os, Unified Computing System | 2025-04-20 | N/A |
| A vulnerability in Cisco NX-OS System Software patch installation could allow an authenticated, local attacker to write a file to arbitrary locations. The vulnerability is due to insufficient restrictions in the patch installation process. An attacker could exploit this vulnerability by installing a crafted patch image on an affected device. The vulnerable operation occurs prior to patch activation. An exploit could allow the attacker to write arbitrary files on an affected system as root. The attacker would need valid administrator credentials to perform this exploit. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Unified Computing System Manager. Cisco Bug IDs: CSCvf16513, CSCvf23794, CSCvf23832. | ||||
| CVE-2017-12305 | 1 Cisco | 1 Ip Phone 8800 Series Firmware | 2025-04-20 | N/A |
| A vulnerability in the debug interface of Cisco IP Phone 8800 series could allow an authenticated, local attacker to execute arbitrary commands, aka Debug Shell Command Injection. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting additional command input to the affected parameter in the debug shell. Cisco Bug IDs: CSCvf80034. | ||||
| CVE-2017-12304 | 1 Cisco | 1 Ios | 2025-04-20 | N/A |
| A vulnerability in the IOS daemon (IOSd) web-based management interface of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface on an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the web-based management interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf60862. | ||||
| CVE-2017-12303 | 1 Cisco | 1 Asyncos | 2025-04-20 | N/A |
| A vulnerability in the Advanced Malware Protection (AMP) file filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured AMP file filtering rule. The file types affected are zipped or archived file types. The vulnerability is due to incorrect and different file hash values when AMP scans the file. An attacker could exploit this vulnerability by sending a crafted email file attachment through the targeted device. An exploit could allow the attacker to bypass a configured AMP file filter. Cisco Bug IDs: CSCvf52943. | ||||
| CVE-2017-12287 | 1 Cisco | 3 Expressway, Telepresence Conductor, Telepresence Video Communication Server | 2025-04-20 | N/A |
| A vulnerability in the cluster database (CDB) management component of Cisco Expressway Series Software and Cisco TelePresence Video Communication Server (VCS) Software could allow an authenticated, remote attacker to cause the CDB process on an affected system to restart unexpectedly, resulting in a temporary denial of service (DoS) condition. The vulnerability is due to incomplete input validation of URL requests by the REST API of the affected software. An attacker could exploit this vulnerability by sending a crafted URL to the REST API of the affected software on an affected system. A successful exploit could allow the attacker to cause the CDB process on the affected system to restart unexpectedly, resulting in a temporary DoS condition. Cisco Bug IDs: CSCve77571. | ||||
| CVE-2017-12302 | 1 Cisco | 1 Unified Communications Domain Manager | 2025-04-20 | N/A |
| A vulnerability in the Cisco Unified Communications Manager SQL database interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. The vulnerability is due to a lack of input validation on user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious SQL statements to the affected system. An exploit could allow the attacker to determine the presence of certain values in the database. Cisco Bug IDs: CSCvf36682. | ||||
| CVE-2017-12286 | 1 Cisco | 2 Jabber, Webex Meeting Center | 2025-04-20 | N/A |
| A vulnerability in the web interface of Cisco Jabber could allow an authenticated, local attacker to retrieve user profile information from the affected software, which could lead to the disclosure of confidential information. The vulnerability is due to a lack of input and validation checks in the affected software. An attacker could exploit this vulnerability by authenticating locally to an affected system and then issuing specific commands to the affected software. A successful exploit could allow the attacker to view all profile information for a user instead of only certain Jabber parameters that should be visible. This vulnerability affects all releases of Cisco Jabber prior to Release 1.9.31. Cisco Bug IDs: CSCve52418. | ||||
| CVE-2017-12282 | 1 Cisco | 2 Wireless Lan Controller, Wireless Lan Controller Software | 2025-04-20 | N/A |
| A vulnerability in the Access Network Query Protocol (ANQP) ingress frame processing functionality of Cisco Wireless LAN Controllers could allow an unauthenticated, Layer 2 RF-adjacent attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of ANQP query frames by the affected device. An attacker could exploit this vulnerability by sending a malformed ANQP query frame to an affected device that is on an RF-adjacent network. A successful exploit could allow the attacker to cause the affected device to restart unexpectedly, resulting in a DoS condition. This vulnerability affects Cisco Wireless LAN Controllers that are running a vulnerable release of Cisco WLC Software and are configured to support Hotspot 2.0. Cisco Bug IDs: CSCve05779. | ||||
| CVE-2017-12280 | 1 Cisco | 2 Wireless Lan Controller, Wireless Lan Controller Software | 2025-04-20 | N/A |
| A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) Discovery Request parsing functionality of Cisco Wireless LAN Controllers could allow an unauthenticated, remote attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of fields in CAPWAP Discovery Request packets by the affected device. An attacker could exploit this vulnerability by sending crafted CAPWAP Discovery Request packets to an affected device. A successful exploit could allow the attacker to cause the affected device to restart unexpectedly, resulting in a DoS condition. Cisco Bug IDs: CSCvb95842. | ||||
| CVE-2017-12278 | 1 Cisco | 2 Wireless Lan Controller, Wireless Lan Controller Software | 2025-04-20 | N/A |
| A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco Wireless LAN Controllers could allow an authenticated, remote attacker to cause an affected device to restart, resulting in a denial of service (DoS) condition. The vulnerability is due to a memory leak that occurs on an affected device after the device fails to deallocate a buffer that is used when certain MIBs are polled. An attacker who knows the SNMP Version 2 SNMP Read string or has valid SNMP Version 3 credentials for an affected device could repeatedly poll the affected MIB object IDs (OIDs) and consume available memory on the device. When memory is sufficiently depleted on the device, the device will restart, resulting in a DoS condition. Cisco Bug IDs: CSCvc71674. | ||||
| CVE-2017-12277 | 1 Cisco | 6 Firepower 4110 Next-generation Firewall, Firepower 4120 Next-generation Firewall, Firepower 4140 Next-generation Firewall and 3 more | 2025-04-20 | N/A |
| A vulnerability in the Smart Licensing Manager service of the Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) and Firepower 9300 Security Appliance could allow an authenticated, remote attacker to inject arbitrary commands that could be executed with root privileges. The vulnerability is due to insufficient input validation of certain Smart Licensing configuration parameters. An authenticated attacker could exploit the vulnerability by configuring a malicious URL within the affected feature. A successful exploit could allow the attacker to execute arbitrary commands with root privileges. This vulnerability affects the following Cisco Firepower Security products running FX-OS code trains 1.1.3, 1.1.4, and 2.0.1 (versions 2.1.1, 2.2.1, and 2.2.2 are not affected): Firepower 4100 Series Next-Generation Firewall and Firepower 9300 Security Appliance. Cisco Bug IDs: CSCvb86863. | ||||
| CVE-2017-12275 | 1 Cisco | 2 Wireless Lan Controller, Wireless Lan Controller Software | 2025-04-20 | N/A |
| A vulnerability in the implementation of 802.11v Basic Service Set (BSS) Transition Management functionality in Cisco Wireless LAN Controllers could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation of 802.11v BSS Transition Management Response packets that an affected device receives from wireless clients. An attacker could exploit this vulnerability by sending a malformed 802.11v BSS Transition Management Response packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload unexpectedly, resulting in a DoS condition. Cisco Bug IDs: CSCvb57803. | ||||
| CVE-2017-12272 | 1 Cisco | 1 Ios Xe | 2025-04-20 | N/A |
| A vulnerability in the web framework code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected software. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected software. An attacker could exploit this vulnerability by convincing a user of the web interface to access a malicious link or by intercepting a user request for the affected web interface and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvb09516. | ||||
| CVE-2017-12271 | 1 Cisco | 4 Spa300 Firmware, Spa300 Series Ip Phone, Spa500 Firmware and 1 more | 2025-04-20 | 8.8 High |
| A vulnerability in Cisco SPA300 and SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device. The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An attacker could exploit this vulnerability by tricking the user of a web application into executing an adverse action. Cisco Bug IDs: CSCuz88421, CSCuz91356, CSCve56308. | ||||
| CVE-2017-12270 | 1 Cisco | 1 Ios Xr | 2025-04-20 | N/A |
| A vulnerability in the gRPC code of Cisco IOS XR Software for Cisco Network Convergence System (NCS) 5500 Series Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition when the emsd service stops. The vulnerability is due to the software's inability to process HTTP/2 packets. An attacker could exploit this vulnerability by sending a malformed HTTP/2 frame to the affected device. A successful exploit could allow the attacker to create a DoS condition when the emsd service stops. Cisco Bug IDs: CSCvb99388. | ||||