Cisco IOS Software Common Industrial Protocol Request Denial-of-Service Vulnerability

Cisco · IOS software

There is a vulnerability in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service.

Cisco IOS Software for Cisco Integrated Services Routers Denial-of-Service Vulnerability

Cisco · IOS software

A vulnerability in the implementation of a protocol in Cisco Integrated Services Routers Generation 2 (ISR G2) Routers running Cisco IOS could allow an unauthenticated, adjacent attacker to cause an affected device to reload, resulting in a denial of service.

Cisco IOS Software Network Address Translation Denial-of-Service Vulnerability

Cisco · IOS software

A vulnerability in the implementation of Network Address Translation (NAT) functionality in Cisco IOS could allow an unauthenticated, remote attacker to cause a denial of service.

Cisco ASA and FTD Read-Only Path Traversal Vulnerability

Cisco · Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)

Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an improper input validation vulnerability when HTTP requests process URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device.

Cisco ASA and FTD Cross-Site Scripting (XSS) Vulnerability

Cisco · Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)

Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an insufficient input validation vulnerability for user-supplied input by the web services interface. Successful exploitation could allow an attacker to perform cross-site scripting (XSS) in the context of the interface or access sensitive browser-based information.

Cisco HyperFlex HX Installer Virtual Machine Command Injection Vulnerability

Cisco · HyperFlex HX

Cisco HyperFlex HX Installer Virtual Machine contains an insufficient input validation vulnerability which could allow an attacker to execute commands on an affected device as the root user.

Cisco HyperFlex HX Data Platform Command Injection Vulnerability

Cisco · HyperFlex HX

Cisco HyperFlex HX Installer Virtual Machine contains an insufficient input validation vulnerability which could allow an attacker to execute commands on an affected device as the tomcat8 user.

Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability

Cisco · IOS and IOS XE

Cisco IOS and IOS XE Software improperly validates packet data, allowing an unauthenticated, remote attacker to trigger a reload of an affected device, cause a denial-of-service (DoS) condition, or perform code execution on the affected device.

Cisco IOS XR Software Discovery Protocol Format String Vulnerability

Cisco · IOS XR

Cisco IOS XR improperly validates string input from certain fields in Cisco Discovery Protocol messages. Exploitation could allow an unauthenticated, adjacent attacker to execute code with administrative privileges or cause a reload on an affected device.

Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability

Cisco · IOS XR

Cisco IOS XR Distance Vector Multicast Routing Protocol (DVMRP) incorrectly handles Internet Group Management Protocol (IGMP) packets. Exploitation could allow an unauthenticated, remote attacker to immediately crash the IGMP process or make it consume available memory and eventually crash.

Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability

Cisco · IOS XR

Cisco IOS XR Distance Vector Multicast Routing Protocol (DVMRP) incorrectly handles Internet Group Management Protocol (IGMP) packets. Exploitation could allow an unauthenticated, remote attacker to immediately crash the IGMP process or make it consume available memory and eventually crash.

Cisco IP Phones Web Server Remote Code Execution and Denial-of-Service Vulnerability

Cisco · Cisco IP Phones

Cisco IP Phones contain an improper input validation vulnerability for HTTP requests. Exploitation could allow an attacker to execute code remotely with root privileges or cause a denial-of-service (DoS) condition.

Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability

Cisco · Small Business RV320 and RV325 Routers

Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers contain improper access controls for URLs. Exploitation could allow an attacker to download the router configuration or detailed diagnostic information.

Cisco Adaptive Security Appliance (ASA) Denial-of-Service Vulnerability

Cisco · Adaptive Security Appliance (ASA)

Cisco Adaptive Security Appliance (ASA) contains an improper input validation vulnerability with HTTP URLs. Exploitation could allow an attacker to cause a denial-of-service (DoS) condition or information disclosure.