A vulnerability in the web application of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to create arbitrary user accounts. The vulnerability is due to the lack of authorization controls in the web application. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to add user accounts to the configuration of an affected device. These accounts would not be administrator or operator accounts.

Cisco Smart Software Manager本地（SSM On-Prem）Web应用程序中的漏洞可能允许未经身份验证的远程攻击者创建任意用户帐户。该漏洞是由于Web应用程序中缺少授权控制所致。攻击者可以通过向受影响的设备发送特制的HTTP请求来利用此漏洞。成功利用此漏洞可能使攻击者将用户帐户添加到受影响设备的配置中。这些帐户不是管理员帐户或操作员帐户。

A vulnerability in Cisco Webex Meetings Desktop App could allow an unauthenticated, remote attacker to execute programs on an affected end-user system. The vulnerability is due to improper validation of input that is supplied to application URLs. The attacker could exploit this vulnerability by persuading a user to follow a malicious URL. A successful exploit could allow the attacker to cause the application to execute other programs that are already present on the end-user system. If malicious files are planted on the system or on an accessible network file path, the attacker could execute arbitrary code on the affected system.

Cisco Webex Meetings Desktop App中的漏洞可能允许未经身份验证的远程攻击者在受影响的最终用户系统上执行程序。该漏洞是由于提供给应用程序URL的输入的验证不正确造成的。攻击者可以通过诱使用户遵循恶意URL来利用此漏洞。成功的利用可能使攻击者导致应用程序执行最终用户系统上已经存在的其他程序。如果恶意文件植入系统或可访问的网络文件路径中，则攻击者可以在受影响的系统上执行任意代码。

Multiple vulnerabilities in the web-based management interface of Cisco RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands. For more information about these vulnerabilities, see the Details section of this advisory.

Cisco RV110W，RV130，RV130W和RV215W系列路由器的基于Web的管理界面中的多个漏洞可能允许经过身份验证的具有管理特权的远程攻击者执行任意命令。有关这些漏洞的更多信息，请参见本通报的“详细信息”部分。

Multiple vulnerabilities in the web-based management interface of Cisco RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands. For more information about these vulnerabilities, see the Details section of this advisory.

Cisco RV110W，RV130，RV130W和RV215W系列路由器的基于Web的管理界面中的多个漏洞可能允许经过身份验证的具有管理特权的远程攻击者执行任意命令。有关这些漏洞的更多信息，请参见本通报的“详细信息”部分。

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input to scripts. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending malicious requests to an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system.

Cisco Small Business RV320和RV325系列路由器以及Cisco Small Business RV016，RV042和RV082路由器的基于Web的管理界面中的多个漏洞可能允许经过身份验证的具有管理特权的远程攻击者在受影响的设备上执行任意命令。存在这些漏洞是因为基于Web的管理界面无法正确验证用户提供的脚本输入。具有足以登录到基于Web的管理界面的管理特权的攻击者可以通过向受影响的设备发送恶意请求来利用每个漏洞。成功利用此漏洞可能使攻击者在底层操作系统上以root特权执行任意命令。

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input to scripts. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending malicious requests to an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system.

Cisco Small Business RV320和RV325系列路由器以及Cisco Small Business RV016，RV042和RV082路由器的基于Web的管理界面中的多个漏洞可能允许经过身份验证的具有管理特权的远程攻击者在受影响的设备上执行任意命令。存在这些漏洞是因为基于Web的管理界面无法正确验证用户提供的脚本输入。具有足以登录到基于Web的管理界面的管理特权的攻击者可以通过向受影响的设备发送恶意请求来利用每个漏洞。成功利用此漏洞可能使攻击者在底层操作系统上以root特权执行任意命令。

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input to scripts. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending malicious requests to an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system.

Cisco Small Business RV320和RV325系列路由器以及Cisco Small Business RV016，RV042和RV082路由器的基于Web的管理界面中的多个漏洞可能允许经过身份验证的具有管理特权的远程攻击者在受影响的设备上执行任意命令。存在这些漏洞是因为基于Web的管理界面无法正确验证用户提供的脚本输入。具有足以登录到基于Web的管理界面的管理特权的攻击者可以通过向受影响的设备发送恶意请求来利用每个漏洞。成功利用此漏洞可能使攻击者在底层操作系统上以root特权执行任意命令。

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input to scripts. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending malicious requests to an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system.

Cisco Small Business RV320和RV325系列路由器以及Cisco Small Business RV016，RV042和RV082路由器的基于Web的管理界面中的多个漏洞可能允许经过身份验证的具有管理特权的远程攻击者在受影响的设备上执行任意命令。存在这些漏洞是因为基于Web的管理界面无法正确验证用户提供的脚本输入。具有足以登录到基于Web的管理界面的管理特权的攻击者可以通过向受影响的设备发送恶意请求来利用每个漏洞。成功利用此漏洞可能使攻击者在底层操作系统上以root特权执行任意命令。

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input to scripts. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending malicious requests to an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system.

Cisco Small Business RV320和RV325系列路由器以及Cisco Small Business RV016，RV042和RV082路由器的基于Web的管理界面中的多个漏洞可能允许经过身份验证的具有管理特权的远程攻击者在受影响的设备上执行任意命令。存在这些漏洞是因为基于Web的管理界面无法正确验证用户提供的脚本输入。具有足以登录到基于Web的管理界面的管理特权的攻击者可以通过向受影响的设备发送恶意请求来利用每个漏洞。成功利用此漏洞可能使攻击者在底层操作系统上以root特权执行任意命令。

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input to scripts. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending malicious requests to an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system.

Cisco Small Business RV320和RV325系列路由器以及Cisco Small Business RV016，RV042和RV082路由器的基于Web的管理界面中的多个漏洞可能允许经过身份验证的具有管理特权的远程攻击者在受影响的设备上执行任意命令。存在这些漏洞是因为基于Web的管理界面无法正确验证用户提供的脚本输入。具有足以登录到基于Web的管理界面的管理特权的攻击者可以通过向受影响的设备发送恶意请求来利用每个漏洞。成功利用此漏洞可能使攻击者在底层操作系统上以root特权执行任意命令。

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system.

Cisco Small Business RV320和RV325系列路由器以及Cisco Small Business RV016，RV042和RV082路由器的基于Web的管理界面中的多个漏洞可能允许经过身份验证的具有管理特权的远程攻击者在受影响的设备上执行任意代码。该漏洞是由于用户提供的基于Web的管理界面中的脚本输入的边界限制不足所致。具有足以登录到基于Web的管理界面的管理特权的攻击者可以通过向受影响的设备发送包含过大值的精心设计的请求来利用每个漏洞，从而导致堆栈溢出。成功的利用可能使攻击者导致设备崩溃或允许攻击者在基础操作系统上以root用户特权执行任意代码。

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system.

Cisco Small Business RV320和RV325系列路由器以及Cisco Small Business RV016，RV042和RV082路由器的基于Web的管理界面中的多个漏洞可能允许经过身份验证的具有管理特权的远程攻击者在受影响的设备上执行任意代码。该漏洞是由于用户提供的基于Web的管理界面中的脚本输入的边界限制不足所致。具有足以登录到基于Web的管理界面的管理特权的攻击者可以通过向受影响的设备发送包含过大值的精心设计的请求来利用每个漏洞，从而导致堆栈溢出。成功的利用可能使攻击者导致设备崩溃或允许攻击者在基础操作系统上以root用户特权执行任意代码。

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system.

Cisco Small Business RV320和RV325系列路由器以及Cisco Small Business RV016，RV042和RV082路由器的基于Web的管理界面中的多个漏洞可能允许经过身份验证的具有管理特权的远程攻击者在受影响的设备上执行任意代码。该漏洞是由于用户提供的基于Web的管理界面中的脚本输入的边界限制不足所致。具有足以登录到基于Web的管理界面的管理特权的攻击者可以通过向受影响的设备发送包含过大值的精心设计的请求来利用每个漏洞，从而导致堆栈溢出。成功的利用可能使攻击者导致设备崩溃或允许攻击者在基础操作系统上以root用户特权执行任意代码。

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system.

Cisco Small Business RV320和RV325系列路由器以及Cisco Small Business RV016，RV042和RV082路由器的基于Web的管理界面中的多个漏洞可能允许经过身份验证的具有管理特权的远程攻击者在受影响的设备上执行任意代码。该漏洞是由于用户提供的基于Web的管理界面中的脚本输入的边界限制不足所致。具有足以登录到基于Web的管理界面的管理特权的攻击者可以通过向受影响的设备发送包含过大值的精心设计的请求来利用每个漏洞，从而导致堆栈溢出。成功的利用可能使攻击者导致设备崩溃或允许攻击者在基础操作系统上以root用户特权执行任意代码。

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system.

Cisco Small Business RV320和RV325系列路由器以及Cisco Small Business RV016，RV042和RV082路由器的基于Web的管理界面中的多个漏洞可能允许经过身份验证的具有管理特权的远程攻击者在受影响的设备上执行任意代码。该漏洞是由于用户提供的基于Web的管理界面中的脚本输入的边界限制不足所致。具有足以登录到基于Web的管理界面的管理特权的攻击者可以通过向受影响的设备发送包含过大值的精心设计的请求来利用每个漏洞，从而导致堆栈溢出。成功的利用可能使攻击者导致设备崩溃或允许攻击者在基础操作系统上以root用户特权执行任意代码。

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system.

Cisco Small Business RV320和RV325系列路由器以及Cisco Small Business RV016，RV042和RV082路由器的基于Web的管理界面中的多个漏洞可能允许经过身份验证的具有管理特权的远程攻击者在受影响的设备上执行任意代码。该漏洞是由于用户提供的基于Web的管理界面中的脚本输入的边界限制不足所致。具有足以登录到基于Web的管理界面的管理特权的攻击者可以通过向受影响的设备发送包含过大值的精心设计的请求来利用每个漏洞，从而导致堆栈溢出。成功的利用可能使攻击者导致设备崩溃或允许攻击者在基础操作系统上以root用户特权执行任意代码。

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system.

Cisco Small Business RV320和RV325系列路由器以及Cisco Small Business RV016，RV042和RV082路由器的基于Web的管理界面中的多个漏洞可能允许经过身份验证的具有管理特权的远程攻击者在受影响的设备上执行任意代码。该漏洞是由于用户提供的基于Web的管理界面中的脚本输入的边界限制不足所致。具有足以登录到基于Web的管理界面的管理特权的攻击者可以通过向受影响的设备发送包含过大值的精心设计的请求来利用每个漏洞，从而导致堆栈溢出。成功的利用可能使攻击者导致设备崩溃或允许攻击者在基础操作系统上以root用户特权执行任意代码。

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system.

Cisco Small Business RV320和RV325系列路由器以及Cisco Small Business RV016，RV042和RV082路由器的基于Web的管理界面中的多个漏洞可能允许经过身份验证的具有管理特权的远程攻击者在受影响的设备上执行任意代码。该漏洞是由于用户提供的基于Web的管理界面中的脚本输入的边界限制不足所致。具有足以登录到基于Web的管理界面的管理特权的攻击者可以通过向受影响的设备发送包含过大值的精心设计的请求来利用每个漏洞，从而导致堆栈溢出。成功的利用可能使攻击者导致设备崩溃或允许攻击者在基础操作系统上以root用户特权执行任意代码。

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system.

Cisco Small Business RV320和RV325系列路由器以及Cisco Small Business RV016，RV042和RV082路由器的基于Web的管理界面中的多个漏洞可能允许经过身份验证的具有管理特权的远程攻击者在受影响的设备上执行任意代码。该漏洞是由于用户提供的基于Web的管理界面中的脚本输入的边界限制不足所致。具有足以登录到基于Web的管理界面的管理特权的攻击者可以通过向受影响的设备发送包含过大值的精心设计的请求来利用每个漏洞，从而导致堆栈溢出。成功的利用可能使攻击者导致设备崩溃或允许攻击者在基础操作系统上以root用户特权执行任意代码。

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system.

Cisco Small Business RV320和RV325系列路由器以及Cisco Small Business RV016，RV042和RV082路由器的基于Web的管理界面中的多个漏洞可能允许经过身份验证的具有管理特权的远程攻击者在受影响的设备上执行任意代码。该漏洞是由于用户提供的基于Web的管理界面中的脚本输入的边界限制不足所致。具有足以登录到基于Web的管理界面的管理特权的攻击者可以通过向受影响的设备发送包含过大值的精心设计的请求来利用每个漏洞，从而导致堆栈溢出。成功的利用可能使攻击者导致设备崩溃或允许攻击者在基础操作系统上以root用户特权执行任意代码。

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system.

Cisco Small Business RV320和RV325系列路由器以及Cisco Small Business RV016，RV042和RV082路由器的基于Web的管理界面中的多个漏洞可能允许经过身份验证的具有管理特权的远程攻击者在受影响的设备上执行任意代码。该漏洞是由于用户提供的基于Web的管理界面中的脚本输入的边界限制不足所致。具有足以登录到基于Web的管理界面的管理特权的攻击者可以通过向受影响的设备发送包含过大值的精心设计的请求来利用每个漏洞，从而导致堆栈溢出。成功的利用可能使攻击者导致设备崩溃或允许攻击者在基础操作系统上以root用户特权执行任意代码。

A vulnerability in the software upgrade process of Cisco TelePresence Collaboration Endpoint Software and Cisco RoomOS Software could allow an authenticated, remote attacker to modify the filesystem to cause a denial of service (DoS) or gain privileged access to the root filesystem. The vulnerability is due to insufficient input validation. An attacker with administrative privileges could exploit this vulnerability by sending requests with malformed parameters to the system using the console, Secure Shell (SSH), or web API. A successful exploit could allow the attacker to modify the device configuration or cause a DoS.

Cisco TelePresence Collaboration Endpoint软件和Cisco RoomOS软件的软件升级过程中的漏洞可能允许经过身份验证的远程攻击者修改文件系统，以导致拒绝服务（DoS）或获得对根文件系统的特权访问。该漏洞是由于输入验证不足所致。具有管理特权的攻击者可以通过使用控制台，安全外壳（SSH）或Web API向系统发送带有格式错误的参数的请求来利用此漏洞。成功利用此漏洞可能使攻击者修改设备配置或导致DoS。

A vulnerability in the web server of Cisco Umbrella could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. The vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request that could cause the web application to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to redirect a user to a malicious website.

Cisco Umbrella的Web服务器中的漏洞可能允许未经身份验证的远程攻击者将用户重定向到不希望的网页。该漏洞是由于发送给受影响设备的HTTP请求中URL参数的输入验证不正确引起的。攻击者可以通过发送精心设计的HTTP请求来利用此漏洞，该请求可能导致Web应用程序将请求重定向到指定的恶意URL。成功的利用可能使攻击者将用户重定向到恶意网站。

A vulnerability in the software update feature of Cisco Webex Meetings Desktop App for Mac could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability is due to improper validation of cryptographic protections on files that are downloaded by the application as part of a software update. An attacker could exploit this vulnerability by persuading a user to go to a website that returns files to the client that are similar to files that are returned from a valid Webex website. The client may fail to properly validate the cryptographic protections of the provided files before executing them as part of an update. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the user.

Mac版Cisco Webex Meetings Desktop App的软件更新功能中的漏洞可能允许未经身份验证的远程攻击者在受影响的系统上执行任意代码。该漏洞是由于对应用程序作为软件更新的一部分下载的文件上的密码保护验证不正确造成的。攻击者可以说服用户访问一个将文件返回给客户端的网站，该文件类似于从有效Webex网站返回的文件，从而可以利用此漏洞。客户端可能无法正确验证所提供文件的密码保护，然后再将其作为更新的一部分执行。成功利用该漏洞可能使攻击者利用用户的特权在受影响的系统上执行任意代码。

A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system. The vulnerability is due to unsafe usage of shared memory that is used by the affected software. An attacker with permissions to view system memory could exploit this vulnerability by running an application on the local system that is designed to read shared memory. A successful exploit could allow the attacker to retrieve sensitive information from the shared memory, including usernames, meeting information, or authentication tokens that could aid the attacker in future attacks.

Windows版Cisco Webex Meetings Desktop App中的漏洞可能允许经过身份验证的本地攻击者访问受影响系统上的敏感信息。该漏洞是由于不安全地使用了受影响的软件所使用的共享内存。具有查看系统内存权限的攻击者可以通过在本地系统上运行旨在读取共享内存的应用程序来利用此漏洞。成功的利用可能使攻击者能够从共享内存中检索敏感信息，包括用户名，会议信息或身份验证令牌，这些信息可能会帮助攻击者将来进行攻击。

A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. The vulnerability is due to a race condition that could occur when scanning malicious files. An attacker with local shell access could exploit this vulnerability by executing a script that could trigger the race condition. A successful exploit could allow the attacker to delete arbitrary files on the system that the attacker would not normally have privileges to delete, producing system instability or causing the endpoint software to stop working.

Cisco AMP for Endpoints和Clam AntiVirus的端点软件中的漏洞可能允许经过身份验证的本地攻击者导致运行中的软件删除系统上的任意文件。该漏洞是由于扫描恶意文件时可能发生的竞争状况造成的。具有本地Shell访问权限的攻击者可以通过执行可能触发竞争条件的脚本来利用此漏洞。成功利用此漏洞可能会使攻击者删除系统上任意文件，而这些文件通常是攻击者通常无权删除的，从而导致系统不稳定或导致端点软件停止工作。

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need administrative credentials on the affected device.

思科数据中心网络管理器（DCNM）的基于Web的管理界面中的漏洞可能允许具有管理凭据的经过身份验证的远程攻击者对界面的用户进行跨站点脚本（XSS）攻击。该漏洞是由于基于Web的管理界面进行的输入验证不足所致。攻击者可以通过在接口的特定数据字段中插入恶意数据来利用此漏洞。成功的利用可能使攻击者能够在受影响的接口的上下文中执行任意脚本代码，或访问敏感的基于浏览器的信息。要利用此漏洞，攻击者需要在受影响的设备上具有管理凭据。

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need administrative credentials on the affected device.

思科数据中心网络管理器（DCNM）的基于Web的管理界面中的漏洞可能允许具有管理凭据的经过身份验证的远程攻击者对界面的用户进行跨站点脚本（XSS）攻击。该漏洞是由于基于Web的管理界面进行的输入验证不足所致。攻击者可以通过在接口的特定数据字段中插入恶意数据来利用此漏洞。成功的利用可能使攻击者能够在受影响的接口的上下文中执行任意脚本代码，或访问敏感的基于浏览器的信息。要利用此漏洞，攻击者需要在受影响的设备上具有管理凭据。

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by interacting with the interface in a way that injects malicious content in a log file. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

思科数据中心网络管理器（DCNM）的基于Web的管理界面中的漏洞可能允许未经身份验证的远程攻击者对界面的用户进行跨站点脚本（XSS）攻击。该漏洞是由于基于Web的管理界面进行的输入验证不足所致。攻击者可以通过与接口进行交互，从而将恶意内容注入到日志文件中，从而利用此漏洞。成功的利用可能使攻击者能够在受影响的接口的上下文中执行任意脚本代码，或访问敏感的基于浏览器的信息。

A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending malicious requests to the device, which could allow the attacker to bypass access restrictions. A successful attack could allow the attacker to view sensitive information, including device call logs that contain names, usernames, and phone numbers of users of the device.

Cisco IP电话系列7800和系列8800的Web访问功能中的漏洞可能允许未经身份验证的远程攻击者查看受影响设备上的敏感信息。该漏洞是由于受影响设备的基于Web的管理界面上的访问控制不当所致。攻击者可以通过向设备发送恶意请求来利用此漏洞，这可以使攻击者绕过访问限制。成功的攻击可以使攻击者查看敏感信息，包括包含设备用户名称，用户名和电话号码的设备呼叫日志。