CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Cisco : Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
451 CVE-2015-4318 399 DoS 2015-08-20 2017-09-21
5.0
None Remote Low Not required None None Partial
Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote attackers to cause a denial of service via invalid variables in a GET request, aka Bug ID CSCuv40528.
452 CVE-2015-4317 399 DoS 2015-08-20 2017-09-21
5.0
None Remote Low Not required None None Partial
Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote attackers to cause a denial of service via invalid variables in an authentication packet, aka Bug ID CSCuv40469.
453 CVE-2015-4316 20 2015-08-20 2017-09-21
5.5
None Remote Low ??? Partial None Partial
The Mobile and Remote Access (MRA) endpoint-validation feature in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 improperly validates the phone line used for registration, which allows remote authenticated users to conduct impersonation attacks via a crafted registration, aka Bug ID CSCuv40396.
454 CVE-2015-4315 20 DoS 2015-08-20 2017-09-21
5.5
None Remote Low ??? Partial None Partial
The Call Policy Configuration page in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.3 improperly validates external DTDs, which allows remote authenticated users to read arbitrary files or cause a denial of service via a crafted XML document, aka Bug ID CSCuv31853.
455 CVE-2015-4299 284 2015-08-19 2016-12-28
5.5
None Remote Low ??? None Partial Partial
Cisco Unified Web and E-Mail Interaction Manager 9.0(2) improperly performs authorization, which allows remote authenticated users to remove default messaging-queue system folders via unspecified vectors, aka Bug ID CSCuo89046.
456 CVE-2015-4297 2015-08-19 2016-11-28
5.8
None Remote Medium Not required Partial Partial None
Open redirect vulnerability in Cisco WebEx Node for Media Convergence Server (MCS) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted HTTP request parameters, aka Bug ID CSCuv32136.
457 CVE-2015-4293 399 DoS 2015-07-30 2015-08-21
5.0
None Remote Low Not required None None Partial
The packet-reassembly implementation in Cisco IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (CPU consumption or packet loss) via fragmented (1) IPv4 or (2) IPv6 packets that trigger ATTN-3-SYNC_TIMEOUT errors after reassembly failures, aka Bug ID CSCuo37957.
458 CVE-2015-4287 264 Bypass +Info 2015-07-29 2015-07-29
5.0
None Remote Low Not required Partial None None
Cisco Firepower Extensible Operating System 1.1(1.86) on Firepower 9000 devices allows remote attackers to bypass intended access restrictions and obtain sensitive device information by visiting an unspecified web page, aka Bug ID CSCuu82230.
459 CVE-2015-4286 20 2015-07-29 2015-09-03
5.0
None Remote Low Not required Partial None None
The web framework in Cisco UCS Central Software 1.3(0.99) allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuu41377.
460 CVE-2015-4285 399 DoS 2015-07-23 2015-09-03
5.0
None Remote Low Not required None None Partial
The Local Packet Transport Services (LPTS) implementation in Cisco IOS XR 5.1.2, 5.1.3, 5.2.1, and 5.2.2 on ASR9k devices makes incorrect decisions about the opening of TCP and UDP ports during the processing of flow base entries, which allows remote attackers to cause a denial of service (resource consumption) by sending traffic to these ports continuously, aka Bug ID CSCur88273.
461 CVE-2015-4280 399 DoS 2015-07-18 2017-09-22
5.0
None Remote Low Not required None None Partial
Cisco Prime Collaboration Assurance 10.0 allows remote attackers to cause a denial of service (HTTP service outage) via a crafted HTTP request, aka Bug ID CSCum38844.
462 CVE-2015-4275 399 DoS 2015-07-16 2017-09-22
5.0
None Remote Low Not required None None Partial
The Packet Data Network Gateway (aka PGW) component on Cisco ASR 5000 devices with software 18.0.0.59167 and 18.0.0.59211 allows remote attackers to cause a denial of service via a malformed header in a GTPv2 packet, aka Bug ID CSCut11534.
463 CVE-2015-4273 20 DoS 2015-07-15 2016-12-28
5.0
None Remote Low Not required None None Partial
The Packet Data Network Gateway (aka PGW) component on Cisco ASR 5000 devices with software 15.0(912), 15.0(935), and 15.0(938) allows remote attackers to cause a denial of service (Session Manager outage) via malformed fields in an IP packet, aka Bug ID CSCut38476.
464 CVE-2015-4240 399 DoS 2015-07-08 2016-12-29
5.0
None Remote Low Not required None None Partial
Cisco IP Communicator 8.6(4) allows remote attackers to cause a denial of service (service outage) via an unspecified URL in a GET request, aka Bug ID CSCuu37656.
465 CVE-2015-4229 200 +Info 2015-06-30 2017-01-04
5.0
None Remote Low Not required Partial None None
The web framework in Cisco Unified Communications Domain Manager 8.1(4)ER1 allows remote attackers to obtain sensitive information by visiting a bvsmweb URL, aka Bug ID CSCuq22589.
466 CVE-2015-4228 399 DoS 2015-07-02 2015-07-02
5.4
None Remote High Not required None None Complete
Cisco Digital Content Manager (DCM) 15.0.0 might allow remote ad servers to cause a denial of service (reboot) via malformed ad messages, aka Bug ID CSCur13999.
467 CVE-2015-4223 399 DoS 2015-06-25 2016-12-28
5.0
None Remote Low Not required None Partial None
Cisco IOS XR 5.1.3 allows remote attackers to cause a denial of service (process reload) via crafted MPLS Label Distribution Protocol (LDP) packets, aka Bug ID CSCuu77478.
468 CVE-2015-4218 200 +Info 2015-06-24 2016-12-28
5.0
None Remote Low Not required Partial None None
The web-based user interface in Cisco Jabber through 9.6(3) and 9.7 through 9.7(5) on Windows allows remote attackers to obtain sensitive information via a crafted value in a GET request, aka Bug IDs CSCuu65622 and CSCuu70858.
469 CVE-2015-4216 200 Bypass +Info 2015-06-26 2016-12-28
5.0
None Remote Low Not required Partial None None
The remote-support feature on Cisco Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Appliance (SMAv) devices before 2015-06-25 uses the same default SSH root authorized key across different customers' installations, which makes it easier for remote attackers to bypass authentication by leveraging knowledge of a private key from another installation, aka Bug IDs CSCuu95988, CSCuu95994, and CSCuu96630.
470 CVE-2015-4212 200 +Info 2015-06-24 2016-12-28
5.0
None Remote Low Not required Partial None None
Cisco WebEx Meeting Center allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by discovering credentials, aka Bug ID CSCut17466.
471 CVE-2015-4207 200 Bypass +Info 2015-06-23 2016-12-28
5.0
None Remote Low Not required Partial None None
Cisco WebEx Meeting Center places a meeting's access number in a URL, which allows remote attackers to obtain sensitive information and bypass intended attendance restrictions by visiting a meeting-registration page, aka Bug ID CSCus62147.
472 CVE-2015-4201 20 DoS 2015-06-20 2016-12-28
5.0
None Remote Low Not required None None Partial
The Gateway General Packet Radio Service Support Node (GGSN) component on Cisco ASR 5000 devices with software 17.2.0.59184 and 18.0.L0.59219 allows remote attackers to cause a denial of service (Session Manager restart) via an invalid TCP/IP header, aka Bug ID CSCut68058.
473 CVE-2015-4196 255 2015-07-04 2016-12-28
5.0
None Remote Low Not required Partial None None
Platform Software before 4.4.5 in Cisco Unified Communications Domain Manager (CDM) 8.x has a hardcoded password for a privileged account, which allows remote attackers to obtain root access by leveraging knowledge of this password and entering it in an SSH session, aka Bug ID CSCuq45546.
474 CVE-2015-4194 200 +Info 2015-06-19 2016-12-28
5.0
None Remote Low Not required Partial None None
The web-based administrative interface in Cisco WebEx Meeting Center provides different error messages for failed login attempts depending on whether the username exists or corresponds to a privileged account, which allows remote attackers to enumerate account names and obtain sensitive information via a series of requests, aka Bug ID CSCuf28861.
475 CVE-2015-4191 399 DoS 2015-06-19 2016-12-28
5.0
None Remote Low Not required None None Partial
Cisco IOS XR 5.2.1 allows remote attackers to cause a denial of service (ipv6_io service reload) via a malformed IPv6 packet, aka Bug ID CSCuq95565.
476 CVE-2015-4188 89 Exec Code Sql 2015-06-17 2016-12-07
5.0
None Remote Low Not required Partial None None
SQL injection vulnerability in the Manager interface in Cisco Prime Collaboration 10.5(1) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug IDs CSCuu29910, CSCuu29928, and CSCuu59104.
477 CVE-2015-4184 20 Bypass 2015-06-13 2017-01-04
5.0
None Remote Low Not required None Partial None
The anti-spam scanner on Cisco Email Security Appliance (ESA) devices 3.3.1-09, 7.5.1-gpl-022, and 8.5.6-074 allows remote attackers to bypass intended e-mail restrictions via a malformed DNS SPF record, aka Bug IDs CSCuu35853 and CSCuu37733.
478 CVE-2015-4182 264 Bypass +Info 2015-06-12 2017-01-04
5.5
None Remote Low ??? Partial Partial None
The administrative web interface in Cisco Identity Services Engine (ISE) before 1.3 allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or change settings, via unspecified vectors, aka Bug ID CSCui72087.
479 CVE-2015-0775 399 DoS 2015-06-12 2017-01-04
5.0
None Remote Low Not required None None Partial
The banner (aka MOTD) implementation in Cisco NX-OS 4.1(2)E1(1f) on Nexus 4000 devices, 5.2(1)SV3(2.1) on Nexus 1000V devices, 6.0(2)N2(2) on Nexus 5000 devices, 6.2(11) on MDS 9000 devices, 6.2(12) on Nexus 7000 devices, 7.0(3) on Nexus 9000 devices, and 7.2(0)ZN(99.67) on Nexus 3000 devices allows remote attackers to cause a denial of service (login process reset) via an unspecified terminal-session request during TELNET session setup, aka Bug IDs CSCuo10554, CSCuu75466, CSCuu75471, CSCuu75484, CSCuu75498, CSCuu77170, and CSCuu77182.
480 CVE-2015-0773 264 2015-06-12 2017-01-04
5.5
None Remote Low ??? None Partial Partial
Cisco FireSIGHT System Software 5.3.1.3 and 6.0.0 allows remote authenticated users to delete an arbitrary user's dashboard via a modified VPN deletion request in a management session, aka Bug ID CSCut67078.
481 CVE-2015-0770 20 Http R.Spl. 2015-06-07 2017-01-04
5.0
None Remote Low Not required None Partial None
CRLF injection vulnerability in Cisco TelePresence TC 6.x before 6.3.4 and 7.x before 7.3.3 on Integrator C SX20 devices allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL, aka Bug ID CSCut79341.
482 CVE-2015-0765 399 DoS 2015-06-04 2017-01-04
5.0
None Remote Low Not required None None Partial
Cisco ONS 15454 System Software 10.30 and 10.301 allows remote attackers to cause a denial of service (tNetTask CPU consumption or card reset) via a flood of (1) IP or (2) Ethernet traffic, aka Bug ID CSCus57263.
483 CVE-2015-0764 200 +Info 2015-06-04 2017-01-04
5.0
None Remote Low Not required Partial None None
Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to read arbitrary files via a crafted resource request, aka Bug ID CSCus95603.
484 CVE-2015-0763 200 +Info 2015-06-04 2017-01-04
5.0
None Remote Low Not required Partial None None
Cisco Unified MeetingPlace 8.6(1.2) does not properly validate session IDs in http URLs, which allows remote attackers to obtain sensitive session information via a crafted URL, aka Bug ID CSCuu60338.
485 CVE-2015-0757 200 +Info 2015-05-29 2017-03-24
5.0
None Remote Low Not required Partial None None
The web framework in Cisco Identity Services Engine (ISE) 1.2(1.901) and 1.3(0.722) does not properly implement session handlers, which allows remote attackers to obtain sensitive information by reading web pages, as demonstrated by MnT reports, aka Bug ID CSCuq23140.
486 CVE-2015-0746 254 DoS 2015-05-22 2016-04-06
5.0
None Remote Low Not required None None Partial
The REST API in Cisco Access Control Server (ACS) 5.5(0.46.2) allows remote attackers to cause a denial of service (API outage) by sending many requests, aka Bug ID CSCut62022.
487 CVE-2015-0745 200 +Info 2015-05-30 2017-01-04
5.0
None Remote Low Not required Partial None None
Cisco Headend System Release allows remote attackers to read temporary script files or archive files, and consequently obtain sensitive information, via a crafted header in an HTTP request, aka Bug ID CSCus44909.
488 CVE-2015-0743 399 DoS 2015-05-30 2017-01-04
5.0
None Remote Low Not required None None Partial
Cisco Headend System Release allows remote attackers to cause a denial of service (DHCP and TFTP outage) via a flood of crafted UDP traffic, aka Bug ID CSCus04097.
489 CVE-2015-0742 399 DoS 2015-05-21 2017-01-06
5.0
None Remote Low Not required None None Partial
The Protocol Independent Multicast (PIM) application in Cisco Adaptive Security Appliance (ASA) Software 9.2(0.0), 9.2(0.104), 9.2(3.1), 9.2(3.4), 9.3(1.105), 9.3(2.100), 9.4(0.115), 100.13(0.21), 100.13(20.3), 100.13(21.9), and 100.14(1.1) does not properly implement multicast-forwarding registration, which allows remote attackers to cause a denial of service (forwarding outage) via a crafted multicast packet, aka Bug ID CSCus74398.
490 CVE-2015-0730 20 DoS 2015-05-16 2017-01-06
5.0
None Remote Low Not required None None Partial
The SMB module in Cisco Wide Area Application Services (WAAS) 6.0(1) allows remote attackers to cause a denial of service (module reload) via an invalid field in a Negotiate Protocol request, aka Bug ID CSCuo75645.
491 CVE-2015-0706 2015-04-23 2015-04-23
5.8
None Remote Medium Not required Partial Partial None
Open redirect vulnerability in Cisco FireSIGHT System Software 5.3.1.1, 5.3.1.2, and 6.0.0 in FireSIGHT Management Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted HTTP header, aka Bug IDs CSCut06060, CSCut06056, and CSCus98966.
492 CVE-2015-0699 89 Exec Code Sql 2015-04-15 2017-01-06
5.0
None Remote Low Not required Partial None None
SQL injection vulnerability in the Interactive Voice Response (IVR) component in Cisco Unified Communications Manager (UCM) 10.5(1.98991.13) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCut21563.
493 CVE-2015-0697 601 2015-04-15 2017-01-06
5.8
None Remote Medium Not required Partial Partial None
Open redirect vulnerability in the login page in Cisco TC Software before 6.3-26 and 7.x before 7.3.0 on Cisco TelePresence Collaboration Desk and Room Endpoints devices allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuq94980.
494 CVE-2015-0689 119 Overflow Bypass 2017-09-19 2017-09-22
5.0
None Remote Low Not required None Partial None
Cisco Cloud Web Security before 3.0.1.7 allows remote attackers to bypass intended filtering protection mechanisms by leveraging improper handling of HTTP methods, aka Bug ID CSCut69743.
495 CVE-2015-0671 399 DoS 2015-03-20 2015-03-20
5.0
None Remote Low Not required None None Partial
The DNS implementation in Cisco Videoscape Distribution Suite for Internet Streaming (VDS-IS) 3.2(1) allows remote attackers to cause a denial of service (CPU consumption and network-resource consumption) via crafted packets, aka Bug ID CSCun15911.
496 CVE-2015-0659 2015-03-06 2015-11-02
5.0
None Remote Low Not required None Partial None
The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS allows remote attackers to trigger self-referential adjacencies via a crafted Autonomic Networking (AN) message, aka Bug ID CSCup62157.
497 CVE-2015-0657 20 DoS 2015-03-06 2015-11-02
5.0
None Remote Low Not required None None Partial
Cisco IOS XR allows remote attackers to cause a denial of service (RSVP process reload) via a malformed RSVP packet, aka Bug ID CSCur69192.
498 CVE-2015-0632 362 DoS 2015-02-27 2015-11-02
5.7
None Local Network Medium Not required None None Complete
Race condition in the Neighbor Discovery (ND) protocol implementation in Cisco IOS and IOS XE allows remote attackers to cause a denial of service via a flood of Router Solicitation messages on the local network, aka Bug ID CSCuo67770.
499 CVE-2015-0628 200 Bypass +Info 2015-02-20 2015-02-20
5.0
None Remote Low Not required Partial None None
The proxy engine on Cisco Web Security Appliance (WSA) devices allows remote attackers to bypass intended proxying restrictions via a malformed HTTP method, aka Bug ID CSCus79174.
500 CVE-2015-0619 399 DoS 2015-02-12 2017-09-08
5.0
None Remote Low Not required None None Partial
Memory leak in the embedded web server in the WebVPN subsystem in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to cause a denial of service (memory consumption and SSL outage) via multiple crafted HTTP requests, aka Bug ID CSCue05458.
Total number of vulnerabilities : 885   Page : 1 2 3 4 5 6 7 8 9 10 (This Page)11 12 13 14 15 16 17 18
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.