Cisco Advisories

Cisco Advisories Vulnerability Disclosure Cisco Apr 22

Cisco Integrated Management Controller Command Injection and Remote Code Execution Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker ...

T1190 T1059

Cisco Advisories →

Cisco Advisories Advisory Cisco Apr 22

Cisco Catalyst SD-WAN Vulnerabilities

Multiple vulnerabilities in Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an attacker to access an affected system, elevate privileges ...

Cisco Advisories →

Cisco Advisories Vulnerability Disclosure Cisco Apr 16

Cisco Webex Services Certificate Validation Vulnerability

A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote attacker to...

T1598

Cisco Advisories →

Cisco Advisories Vulnerability Disclosure Cisco Apr 16

Cisco Secure Web Appliance Authentication Bypass Vulnerability

A vulnerability in the authentication service feature of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacke...

T1556

Cisco Advisories →

Cisco Advisories Vulnerability Disclosure Cisco Apr 15

Cisco Identity Services Engine Remote Code Execution Vulnerabilities

Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlyin...

T1190

Cisco Advisories →

Cisco Advisories Vulnerability Disclosure Cisco Apr 15

Cisco Identity Services Engine Authenticated Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, local att...

T1059 T1548

Cisco Advisories →

Cisco Advisories Vulnerability Disclosure Cisco Apr 15

Cisco Identity Services Engine Multiple Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with adm...

Cisco Advisories →

Cisco Advisories Vulnerability Disclosure Cisco Apr 15

Cisco ThousandEyes Enterprise Agent Arbitrary File Overwrite Vulnerability

A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent could allow an authenticated, local attacker with low privileges to overwrite arbitrary fil...

Cisco Advisories →

Cisco Advisories Vulnerability Disclosure Cisco Apr 15

Cisco Unity Connection Arbitrary File Download Vulnerabilities

Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To expl...

Cisco Advisories →

Cisco Advisories Vulnerability Disclosure Cisco Apr 15

Cisco Unity Connection Cross-Site Scripting, Open Redirect, and SQL Injection Vulnerabilities

Multiple vulnerabilities in Cisco Unity Connection could allow a remote attacker to conduct a cross-site scripting (XSS) attack, an open redirect attack, and...

2 IOCs

Cisco Advisories →

Cisco Advisories Vulnerability Disclosure Cisco Apr 15

Cisco Webex Contact Center Cross-Site Scripting Vulnerability

A vulnerability in the Desktop Agent functionality of Cisco Webex Contact Center could have allowed an unauthenticated, remote attacker to conduct cross-site...

T1598

Cisco Advisories →

Cisco Advisories Vulnerability Disclosure Apple Cisco Apr 2

Cisco IOS XE Software Denial of Service Vulnerability

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected ...

T1498 T1598

Cisco Advisories →

Cisco Advisories Vulnerability Disclosure Cisco Apr 1

Cisco Smart Software Manager On-Prem Arbitrary Command Execution Vulnerability

A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to execute arbitrary commands on the un...

Cisco Advisories →

Cisco Advisories Vulnerability Disclosure Cisco Apr 1

Cisco Nexus Dashboard Configuration Backup REST API Unauthorized Access Vulnerability

A vulnerability in the configuration backup feature of Cisco Nexus Dashboard could allow an attacker who has the encryption password and access to Full or Co...

T1598

Cisco Advisories →

Cisco Advisories Vulnerability Disclosure Cisco Apr 1

Cisco Nexus Dashboard and Nexus Dashboard Insights Server-Side Request Forgery Vulnerability

A vulnerability in Cisco Nexus Dashboard and Cisco Nexus Dashboard Insights could allow an unauthenticated, remote attacker to conduct a server-side request ...

Cisco Advisories →

Cisco Advisories Vulnerability Disclosure Cisco Apr 1

Cisco Nexus Dashboard Insights Arbitrary File Write Vulnerability

A vulnerability in the Metadata update feature of Cisco Nexus Dashboard Insights could allow an authenticated, remote attacker to write arbitrary files to an...

Cisco Advisories →

Cisco Advisories Vulnerability Disclosure Cisco Apr 1

Cisco Integrated Management Controller Authentication Bypass Vulnerability

A vulnerability in the change password functionality of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to bypas...

T1556

Cisco Advisories →

Cisco Advisories Vulnerability Disclosure Cisco Apr 1

Cisco Smart Software Manager On-Prem Privilege Escalation Vulnerability

A vulnerability in the web interface of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to elevate privilege...

T1548

Cisco Advisories →

Cisco Advisories Vulnerability Disclosure Cisco Apr 1

Cisco Evolved Programmable Network Manager Improper Authorization Vulnerability

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker with...

Cisco Advisories →

Cisco Advisories Vulnerability Disclosure Cisco Mar 31

Cisco Nexus Dashboard Fabric Controller Arbitrary Command Execution Vulnerability

A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to...

T1059

Cisco Advisories →