Prophaze WAF Blog

Cisco Security issues released - Cloud WAF

Written by Rajaneesh | Oct 17, 2019 10:02:11 AM
Overview :

Cisco Aironet Access Points Unauthorized Access Vulnerability

CWE-284 CVE-2019-15260

A vulnerability in Cisco Aironet Access Points (APs) Software could allow an unauthenticated, remote attacker to gain unauthorized access to a targeted device with elevated privileges.

Cisco Wireless LAN Controller Secure Shell Denial of Service Vulnerability

CWE-20 / CVE-2019-15262

A vulnerability in the Secure Shell (SSH) session management for Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

Cisco SPA100 Series Analog Telephone Adapters Remote Code Execution Vulnerabilities

CWE-119 / CVE-2019-15240, CVE-2019-15241, CVE-2019-15242, CVE-2019-15243, CVE-2019-15244, CVE-2019-15245, CVE-2019-15246, CVE-2019-15247, CVE-2019-15248, CVE-2019-15249, CVE-2019-15250, CVE-2019-15251, CVE-2019-15252

Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges.

Cisco Small Business Smart and Managed Switches Cross-Site Request Forgery Vulnerability

CWE-352 / CVE-2019-12636

A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.

Cisco Aironet Access Points Point-to-Point Tunneling Protocol Denial of Service Vulnerability

CWE-20CVE-2019-15261

A vulnerability in the Point-to-Point Tunneling Protocol (PPTP) VPN packet processing functionality in Cisco Aironet Access Points (APs) could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition.

Cisco Aironet Access Points and Catalyst 9100 Access Points CAPWAP Denial of Service Vulnerability

CWE-400CVE-2019-15264

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol implementation of Cisco Aironet and Catalyst 9100 Access Points (APs) could allow an unauthenticated, adjacent attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition.

Cisco Wireless LAN Controller Path Traversal Vulnerability

CWE-22CVE-2019-15266

A vulnerability in the CLI of Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, local attacker to view system files that should be restricted.

Cisco Expressway Series and TelePresence Video Communication Server Cross-Site Scripting Vulnerability

CWE-79 / CVE-2019-12705

A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system.

Cisco TelePresence Collaboration Endpoint Software Privilege Escalation Vulnerability

CWE-264CVE-2019-15277

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to execute code with root privileges.

Cisco TelePresence Collaboration Endpoint Software Privilege Escalation Vulnerability

CWE-264CVE-2019-15275

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges.

Cisco TelePresence Collaboration Endpoint Software Arbitrary File Write Vulnerability

CWE-275CVE-2019-15962

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to write files to the /root directory of an affected device.

Cisco TelePresence Collaboration Endpoint Software Arbitrary File Overwrite Vulnerabilities

CWE-20CVE-2019-15273

Multiple vulnerabilities in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to overwrite arbitrary files.

Cisco TelePresence Collaboration Endpoint Software Command Injection Vulnerability

CWE-78CVE-2019-15274

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to perform command injections.

Cisco SPA100 Series Analog Telephone Adapters Web Management Interface Denial of Service Vulnerability

CWE-399CVE-2019-15258

A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to cause a denial of service condition on an affected device.

Cisco SPA100 Series Analog Telephone Adapters Web-Based Management Interface File Disclosure Vulnerability

CWE-200CVE-2019-12704

A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to view the contents of arbitrary files on an affected device.

Cisco SPA100 Series Analog Telephone Adapters Running Configuration Information Disclosure Vulnerability

CWE-200CVE-2019-15257

A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to access sensitive information on an affected device.

Cisco SPA100 Series Analog Telephone Adapters Reflected Cross-Site Scripting Vulnerability

CWE-79CVE-2019-12702

A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to conduct cross-site scripting attacks.

Cisco SPA122 ATA with Router Devices DHCP Services Cross-Site Scripting Vulnerability

CWE-79CVE-2019-12703

A vulnerability in the web-based management interface of Cisco SPA122 ATA with Router Devices could allow an unauthenticated, adjacent attacker to conduct cross-site scripting attacks.

Cisco SPA100 Series Analog Telephone Adapters Administrative Credentials Information Disclosure Vulnerability

CWE-200CVE-2019-12708

vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to access sensitive information on an affected device.

Cisco Small Business Smart and Managed Switches Cross-Site Scripting Vulnerability

CWE-79CVE-2019-12718

A vulnerability in the web-based interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface.

Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability

CWE-79CVE-2019-15281

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.

Cisco Identity Services Engine Multiple Stored Cross-Site Scripting Vulnerabilities

CWE-79CVE-2019-12637

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web-based management interface.

Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability

CWE-79CVE-2019-12638

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web-based management interface.

Cisco Identity Services Engine Information Disclosure Vulnerability

CWE-306CVE-2019-15282

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker read tcpdump files generated on an affected device.

Cisco Firepower Management Center Software Stored Cross-Site Scripting Vulnerability

CWE-79 CVE-2019-15280

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface.

Cisco Firepower Management Center Multiple Cross-Site Scripting Vulnerabilities

CWE-79 CVE-2019-15268, CVE-2019-15269

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface.

Cisco Firepower Management Center Stored Cross-Site Scripting Vulnerability

CWE-89 CVE-2019-15270

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface.

Cisco Aironet Access Points Bridge Protocol Data Unit Port Disable Denial of Service Vulnerability

CWE-20 CVE-2019-15265

A vulnerability in the bridge protocol data unit (BPDU) forwarding functionality of Cisco Aironet Access Points (APs) could allow an unauthenticated, adjacent attacker to cause an AP port to go into an error disabled state.