A vulnerability in SNMP polling for the Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA) could allow an authenticated, remote attacker to discover confidential information about the appliances that should be available only to an administrative user. The vulnerability occurs because the appliances do not protect confidential information at rest in response to Simple Network Management Protocol (SNMP) poll requests. An attacker could exploit this vulnerability by doing a crafted SNMP poll request to the targeted security appliance. An exploit could allow the attacker to discover confidential information that should be restricted, and the attacker could use this information to conduct additional reconnaissance. The attacker must know the configured SNMP community string to exploit this vulnerability. Cisco Bug IDs: CSCve26106, CSCve26202, CSCve26224. Known Affected Releases: 10.0.0-230 (Web Security Appliance), 9.7.2-065 (Email Security Appliance), and 10.1.0-037 (Content Security Management Appliance).
A vulnerability in the file system of Cisco Elastic Services Controllers could allow an authenticated, local attacker to gain access to sensitive user credentials that are stored in an affected system. More Information: CSCvd73677. Known Affected Releases: 2.3(2).
A vulnerability in the Cisco Finesse Notification Service for Cisco Unified Contact Center Enterprise (UCCE) 11.5(1) and 11.6(1) could allow an unauthenticated, remote attacker to retrieve information from agents using the Finesse Desktop. The vulnerability is due to the existence of a user account that has an undocumented, hard-coded password. An attacker could exploit this vulnerability by using the hard-coded credentials to subscribe to the Finesse Notification Service, which would allow the attacker to receive notifications when an agent signs in or out of the Finesse Desktop, when information about an agent changes, or when an agent's state changes. Cisco Bug IDs: CSCvc08314.
A vulnerability in the web interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to insufficient protection of sensitive data when responding to an HTTP request on the web interface. An attacker could exploit the vulnerability by sending a crafted HTTP request to the application to access specific system files. An exploit could allow the attacker to obtain sensitive information about the application which could include user credentials. This vulnerability affects Cisco Prime Collaboration Provisioning Software Releases 10.6 through 11.5. Cisco Bug IDs: CSCvc99626.
The OutlookAction Class in Cisco WebEx Meetings Server allows remote attackers to enumerate user accounts by entering crafted URLs and examining the returned messages, aka Bug ID CSCuj81722.
Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obtain sensitive information via crafted packets, aka Bug IDs CSCuh87398 and CSCuh87380.
The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to obtain potentially sensitive software-version information by reading the verbose response data that is provided for a request to an unspecified URL, aka Bug ID CSCuq65542.
A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding to HTTP requests that are sent to the web interface of the software. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web interface of the software on an affected system. A successful exploit could allow the attacker to access sensitive information about the software. The attacker could use this information to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvc52860.
A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding to HTTP requests that are sent to the web interface of the software. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web interface of the software on an affected system. A successful exploit could allow the attacker to access sensitive information about the software. The attacker could use this information to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvc52856.
The ProfileAction controller in Cisco WebEx Meetings Server (CWMS) 1.5(.1.131) and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned messages, aka Bug ID CSCuj81700.
Cisco WebEx Meetings Server allows remote authenticated users to obtain sensitive information by reading logs, aka Bug IDs CSCuq36417 and CSCuq40344.
The SNMP module in Cisco NX-OS 7.0(3)N1(1) and earlier on Nexus 5000 and 6000 devices provides different error messages for invalid requests depending on whether the VLAN ID exists, which allows remote attackers to enumerate VLANs via a series of requests, aka Bug ID CSCup85616.
The syslog-management subsystem in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to obtain an administrator password by waiting for an administrator to copy a file, and then (1) sniffing the network for a syslog message or (2) reading a syslog message in a file on a syslog server, aka Bug IDs CSCuq22357 and CSCur41860.
A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Virtual Temporary Directory information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding to HTTP requests that are sent to the web interface of the software. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web interface of the software on an affected system. A successful exploit could allow the attacker to access sensitive information about the software. The attacker could use this information to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvc52861.
The Call Detail Records (CDR) Management component in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCun74374.
A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Virtual Directory information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding to HTTP requests that are sent to the web interface of the software. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web interface of the software on an affected system. A successful exploit could allow the attacker to access sensitive information about the software. The attacker could use this information to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvc52858.
A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Temporary File information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding to HTTP requests that are sent to the web interface of the software. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web interface of the software on an affected system. A successful exploit could allow the attacker to access sensitive information about the software. The attacker could use this information to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvc52875.
A vulnerability in the web-based management interface of Cisco IOS and Cisco IOx Software could allow an unauthenticated, remote attacker to view confidential information that is displayed without authenticating to the device. Affected Products: This vulnerability affects Cisco IOS Software and Cisco IOx Software running on IR829, IR809, IE4K, and CGR1K platforms. More Information: CSCvb20897. Known Affected Releases: 1.0(0).
A RADIUS Secret Disclosure vulnerability in the web network management interface of Cisco Prime Optical for Service Providers could allow an authenticated, remote attacker to disclose sensitive information in the configuration generated for a device. The attacker must have valid credentials for the device. More Information: CSCvc65257. Known Affected Releases: 10.6(0.1).
A vulnerability in the web interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to disclose sensitive information. More Information: CSCvc04854. Known Affected Releases: 5.8(2.5).
The XML programmatic interface (XML PI) in Cisco WebEx Meeting Server 1.5(.1.131) and earlier allows remote authenticated users to obtain sensitive meeting information via a crafted URL, aka Bug ID CSCum03527.
The web framework in Cisco WebEx Meetings Server does not properly restrict the content of query strings, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, aka Bug ID CSCuj81713.
A vulnerability in the web framework Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. More Information: CSCvb61689. Known Affected Releases: 11.5(1.11007.2). Known Fixed Releases: 12.0(0.98000.162) 12.0(0.98000.178) 12.0(0.98000.383) 12.0(0.98000.488) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.6).
A vulnerability in the web-based management interface of the Cisco Intrusion Prevention System Device Manager (IDM) could allow an unauthenticated, remote attacker to view sensitive information stored in certain HTML comments. More Information: CSCuh91455. Known Affected Releases: 7.2(1)V7.
Cisco WebEx Training Center allows remote attackers to discover session numbers, and bypass host approval for audio-conference attendance, by reading HTML source code, aka Bug ID CSCul57126.
Cisco WebEx Training Center allows remote attackers to discover registration IDs via a crafted URL, aka Bug ID CSCul57121.
Cisco WebEx Training Center provides different error messages for registration attempts depending on whether the e-mail address exists, which allows remote attackers to enumerate attendees via a series of requests, aka Bug ID CSCul36003.
A vulnerability in the web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to access sensitive data. The attacker does not need administrator credentials and could use this information to conduct additional reconnaissance attacks. More Information: CSCvc60031 (Fixed) CSCvc60041 (Fixed) CSCvc60095 (Open) CSCvc60102 (Open). Known Affected Releases: 2.2 2.2(3) 3.0 3.1(0.0) 3.1(0.128) 3.1(4.0) 3.1(5.0) 3.2(0.0) 2.0(4.0.45D).
node-jose is a JavaScript implementation of the JSON Object Signing and Encryption (JOSE) for current web browsers and node.js-based servers. node-jose earlier than version 0.9.3 is vulnerable to an invalid curve attack. This allows an attacker to recover the private secret key when JWE with Key Agreement with Elliptic Curve Diffie-Hellman Ephemeral Static (ECDH-ES) is used.
The registration component in Cisco WebEx Training Center provides the training-session URL before payment is completed, which allows remote attackers to bypass intended access restrictions and join an audio conference by entering credential fields from this URL, aka Bug ID CSCul57111.
Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to read arbitrary text files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCud80148.
DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to read arbitrary files via unspecified vectors, aka Bug ID CSCue77029.
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to view the fully qualified domain name of the Cisco WebEx administration server. More Information: CSCvb60655. Known Affected Releases: 2.7.
The web framework in Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance provides different responses to requests for arbitrary pathnames depending on whether the pathname exists, which allows remote attackers to enumerate directories and files via a series of crafted requests, aka Bug ID CSCuh64574.
The administrative web interface in the Access Control Server in Cisco Secure Access Control System (ACS) does not properly restrict the report view page, which allows remote authenticated users to obtain sensitive information via a direct request, aka Bug ID CSCue79279.
Cisco Mobility Services Engine does not properly set up the Oracle SSL service, which allows remote attackers to obtain an unauthenticated session to the database-replication port, and consequently obtain sensitive information, via an SSL connection, aka Bug ID CSCue50794.
The web interface in Cisco Secure Access Control System (ACS) does not properly suppress error-condition details, which allows remote authenticated users to obtain sensitive information via an unspecified request that triggers an error, aka Bug ID CSCue65957.
The web portal in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive stack-trace information via unspecified vectors that trigger a stack exception, aka Bug ID CSCug34854.
meetinginfo.do in Cisco WebEx Event Center, WebEx Meeting Center, WebEx Sales Center, WebEx Training Center, WebEx Meetings Server 1.5(.1.131) and earlier, and WebEx Business Suite (WBS) 27 before 27.32.31.16, 28 before 28.12.13.18, and 29 before 29.5.1.12 allows remote attackers to obtain sensitive meeting information by leveraging knowledge of a meeting identifier, aka Bug IDs CSCuo68624 and CSCue46738.
Cisco IOS 12.0 through 12.2, when IP routing is disabled, accepts false ICMP redirect messages, which allows remote attackers to cause a denial of service (network routing modification).
A vulnerability in the packet filtering features of Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to bypass Layer 3 and Layer 4 traffic filters. This vulnerability is due to improper traffic filtering conditions on an affected device. An attacker could exploit this vulnerability by sending a crafted packet to the affected device. A successful exploit could allow the attacker to bypass the Layer 3 and Layer 4 traffic filters and inject a crafted packet into the network.
Classic Cisco IOS 9.1 and later allows attackers with access to the login prompt to obtain portions of the command history of previous users, which may allow the attacker to access sensitive data.
A vulnerability in the Secure Storage feature of Cisco IOS and IOS XE Software could allow an authenticated, local attacker to access sensitive system information on an affected device. The vulnerability is due to improper memory operations performed at encryption time, when affected software handles configuration updates. An attacker could exploit this vulnerability by retrieving the contents of specific memory locations of an affected device. A successful exploit could result in the disclosure of keying materials that are part of the device configuration, which can be used to recover critical system information.
A vulnerability in the implementation of a CLI diagnostic command in Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to view sensitive system files that should be restricted. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to incomplete role-based access control (RBAC) verification. An attacker could exploit this vulnerability by authenticating to the device and issuing a specific CLI diagnostic command with crafted user-input parameters. An exploit could allow the attacker to perform an arbitrary read of a file on the device, and the file may contain sensitive information. The attacker needs valid device credentials to exploit this vulnerability.
A vulnerability in the “plug-and-play” services component of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper access restrictions on the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to access running configuration information about devices managed by the IND, including administrative credentials.
A vulnerability in the Inventory Management feature of Cisco Prime Collaboration Provisioning Tool could allow an authenticated, remote attacker to view sensitive information on the system. The vulnerability is due to insufficient protection of restricted information. An attacker could exploit this vulnerability by accessing unauthorized information via the user interface. Cisco Bug IDs: CSCvd61932.
Cisco Linksys E4200 1.0.05 Build 7 devices contain an Information Disclosure Vulnerability which allows remote attackers to obtain private IP addresses and other sensitive information.
The search function in Cisco Webex Social (formerly Cisco Quad) allows remote authenticated users to read files via unspecified parameters, aka Bug ID CSCud40235.
Cisco Collaboration Server (CCS) 5 allows remote attackers to read the source code of JHTML files via URL encoded characters in the filename extension, as demonstrated by (1) changing .jhtml to %2Ejhtml, (2) changing .jhtml to .jhtm%6C, (3) appending %00 after .jhtml, and (4) appending %c0%80 after .jhtml, related to the (a) doc/docindex.jhtml, (b) browserId/wizardForm.jhtml, (c) webline/html/forms/callback.jhtml, (d) webline/html/forms/callbackICM.jhtml, (e) webline/html/agent/AgentFrame.jhtml, (f) webline/html/agent/default/badlogin.jhtml, (g) callme/callForm.jhtml, (h) webline/html/multichatui/nowDefunctWindow.jhtml, (i) browserId/wizard.jhtml, (j) admin/CiscoAdmin.jhtml, (k) msccallme/mscCallForm.jhtml, and (l) webline/html/admin/wcs/LoginPage.jhtml components.
The XML parser in Cisco Security Monitoring, Analysis, and Response System (MARS) allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCue55093.