PSIRT@Cisco

Cisco Security Advisories (the 40 most recent advisories)

CDS Internet Streamer: Web Server Directory Traversal Vulnerability
The Cisco Internet Streamer application, part of the Cisco Content Delivery System, contains a directory traversal vulnerability on its web server component that allows for arbitrary file access. By exploiting this vulnerability, an attacker may be able to read arbitrary files on the device, outside of the web server document directory, by using a specially crafted URL.
Transport Layer Security Renegotiation Vulnerability
An industry-wide vulnerability exists in the Transport Layer Security (TLS) protocol that could impact any Cisco product that uses any version of TLS and SSL. The vulnerability exists in how the protocol handles session renegotiation and exposes users to a potential man-in-the-middle attack.
Cisco Secure Desktop ActiveX Control Code Execution Vulnerability
Updated workarounds.
Hard-Coded SNMP Community Names in Cisco Industrial Ethernet 3000 Series Switches Vulnerability
Cisco Application Extension Platform Privilege Escalation Vulnerability
Vulnerabilities in Cisco Unified Contact Center Express
Multiple Vulnerabilities in Cisco Network Building Mediator
Multiple vulnerabilities exist in the Cisco Network Building Mediator (NBM) products. These vulnerabilities also affect the legacy Richards-Zeta Mediator products.
Cisco Small Business Video Surveillance Cameras and Cisco 4-Port Gigabit Security Routers Authentication Bypass Vulnerability
Cisco Small Business Video Surveillance Cameras and Cisco RVS4000 4-port Gigabit Security Routers contain a vulnerability that could allow an authenticated user to view passwords for other users, regardless of the authenticated user's level of authorization.
Multiple Vulnerabilities in Cisco PGW Softswitch
IOS HTTP Server Command Injection Vulnerability
A vulnerability exists in the IOS HTTP server in which HTML code inserted into dynamically generated output, such as the output from a show buffers command, will be passed to the browser requesting the page. This HTML code could be interpreted by the client browser and potentially execute malicious commands against the device or other possible cross-site scripting attacks. Successful exploitation of this vulnerability requires that a user browse a page containing dynamic content in which HTML commands have been injected.
Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities
Cisco IOS Software H.323 Denial of Service Vulnerabilities
Added caution about debug commands.
Cisco IOS Software Multiprotocol Label Switching Packet Vulnerability
Update made to iACL example.
Cisco IOS Software IPsec Vulnerability
Cisco IOS Software NAT Skinny Call Control Protocol Vulnerability

Popular

Latest