The vulnerability is due to exhaustion of file descriptors while processing a high volume of traffic. Published: J7:29:00 AM -0400Ī vulnerability in the file descriptor handling of Cisco TelePresence Video Communication Server (VCS) Expressway could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. A successful exploit could allow the attacker to hijack an authenticated user's browser session. An attacker could exploit this vulnerability by using a hijacked session identifier to connect to the application through the web-based management interface. The vulnerability exists because the affected application does not assign a new session identifier to a user session when a user authenticates to the application. Published: J7:29:00 AM -0400Ī vulnerability in the session identification management functionality of the web-based management interface for Cisco Meeting Server could allow an unauthenticated, local attacker to hijack a valid user session identifier, aka Session Fixation. An exploit could allow the attacker to have access to a restricted set of user-level BIOS commands. An attacker could exploit this vulnerability by submitting an empty password value to an affected device's BIOS authentication prompt. The vulnerability is due to improper security restrictions that are imposed by the affected system.
A vulnerability in BIOS authentication management of Cisco 5000 Series Enterprise Network Compute System and Cisco Unified Computing (UCS) E-Series Servers could allow an unauthenticated, local attacker to bypass the BIOS authentication and execute actions as an unprivileged user.