CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Cisco : Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
601 CVE-2013-5544 399 DoS 2013-10-22 2013-10-22
5.4
None Remote High Not required None None Complete
The VPN authentication functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to cause a denial of service (device reload) by sending many username-from-cert IKE requests, aka Bug ID CSCua91108.
602 CVE-2013-5536 20 DoS 2013-10-24 2013-10-24
5.0
None Remote Low Not required None None Partial
Cisco Secure Access Control System (ACS) does not properly implement an incoming-packet firewall rule, which allows remote attackers to cause a denial of service (process crash) via a flood of crafted packets, aka Bug ID CSCui51521.
603 CVE-2013-5531 287 Bypass 2013-10-25 2013-10-25
5.0
None Remote Low Not required Partial None None
Cisco Identity Services Engine (ISE) 1.x before 1.1.1 allows remote attackers to bypass authentication, and read support-bundle configuration and credentials data, via a crafted session on TCP port 443, aka Bug ID CSCty20405.
604 CVE-2013-5527 20 DoS 2013-10-10 2017-08-29
5.7
None Local Network Medium Not required None None Complete
The OSPF functionality in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (device reload) via crafted options in an LSA type 11 packet, aka Bug ID CSCui21030.
605 CVE-2013-5521 264 DoS 2013-10-25 2013-10-25
5.0
None Remote Low Not required None None Partial
Cisco Identity Services Engine does not properly restrict the creation of guest accounts, which allows remote attackers to cause a denial of service (exhaustion of the account supply) via a series of requests within one session, aka Bug ID CSCue94287.
606 CVE-2013-5517 89 Exec Code Sql 2013-10-02 2013-10-17
5.5
None Remote Low ??? None Partial Partial
SQL injection vulnerability in the web framework in Cisco Unified Communications Domain Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuh96567.
607 CVE-2013-5502 264 +Info 2013-09-23 2016-09-20
5.0
None Remote Low Not required Partial None None
The web interface in Cisco MediaSense does not properly protect the client-server communication channel, which allows remote attackers to obtain sensitive query string or cookie information via unspecified vectors, aka Bug ID CSCuj23344.
608 CVE-2013-5499 DoS 2013-10-10 2013-10-10
5.7
None Local Network Medium Not required None None Complete
The remember feature in the DHCP server in Cisco IOS allows remote attackers to cause a denial of service (device reload) by acquiring a lease and then sending a DHCPRELEASE message, aka Bug ID CSCuh46822.
609 CVE-2013-5498 20 DoS 2013-09-27 2017-08-29
5.0
None Remote Low Not required None None Partial
The PPTP-ALG component in CRS Carrier Grade Services Engine (CGSE) and ASR 9000 Integrated Service Module (ISM) in Cisco IOS XR allows remote attackers to cause a denial of service (module reset) via crafted packet streams, aka Bug ID CSCue91963.
610 CVE-2013-5492 310 +Info 2013-09-13 2013-10-16
5.0
None Remote Low Not required Partial None None
administration.jsp in Cisco SocialMiner allows remote attackers to obtain sensitive information by sniffing the network for HTTP client-server traffic, aka Bug ID CSCuh76780.
611 CVE-2013-5489 264 +Info 2013-09-13 2017-08-29
5.0
None Remote Low Not required Partial None None
The gadget implementation in Cisco SocialMiner does not properly restrict the content of GET requests, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, aka Bug ID CSCuh74125.
612 CVE-2013-5488 20 DoS 2013-09-12 2017-08-29
5.0
None Remote Low Not required None None Partial
Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS), Cisco Security Manager, Cisco Unified Service Monitor, and Cisco Unified Operations Manager, does not properly interact with the ActiveMQ component, which allows remote attackers to cause a denial of service (memory consumption) via simultaneous TCP sessions, aka Bug IDs CSCuh54766, CSCuh01267, CSCuh95976, and CSCuh95969.
613 CVE-2013-5470 20 DoS 2013-09-04 2016-11-04
5.0
None Remote Low Not required None None Partial
Cisco Secure Access Control System (ACS) does not properly handle requests to read from the TACACS+ socket, which allows remote attackers to cause a denial of service (process crash) via malformed TCP packets, aka Bug ID CSCuh12488.
614 CVE-2013-3470 20 DoS 2013-08-30 2016-11-04
5.0
None Remote Low Not required None None Partial
The RIP process in Cisco IOS XR allows remote attackers to cause a denial of service (process crash) via a crafted version-2 RIP packet, aka Bug ID CSCue46731.
615 CVE-2013-3469 200 +Info 2013-09-04 2016-11-04
5.0
None Remote Low Not required Partial None None
Cisco Mobility Services Engine does not properly set up the Oracle SSL service, which allows remote attackers to obtain an unauthenticated session to the database-replication port, and consequently obtain sensitive information, via an SSL connection, aka Bug ID CSCue50794.
616 CVE-2013-3457 22 Dir. Trav. 2013-08-12 2017-08-29
5.0
None Remote Low Not required Partial None None
Absolute path traversal vulnerability in the web interface in Cisco Finesse allows remote attackers to read directory contents via a direct request to a directory URL, aka Bug ID CSCug16772.
617 CVE-2013-3455 255 +Info 2013-08-12 2017-08-29
5.0
None Remote Low Not required Partial None None
Cisco Finesse allows remote attackers to obtain sensitive information by sniffing the network for HTTP query data, aka Bug ID CSCug16732.
618 CVE-2013-3446 20 2013-09-12 2013-09-13
5.8
None Remote Medium Not required Partial Partial None
Open redirect vulnerability in the login page in Cisco Digital Media Manager (DMM) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCub23849.
619 CVE-2013-3445 264 DoS 2013-07-29 2017-11-29
5.0
None Remote Low Not required None None Partial
The firewall subsystem in Cisco Identity Services Engine has an incorrect rule for open ports, which allows remote attackers to cause a denial of service (CPU consumption or process crash) via a flood of malformed IP packets, aka Bug ID CSCug94572.
620 CVE-2013-3441 119 DoS Overflow Mem. Corr. 2013-07-23 2017-11-18
5.4
None Remote High Not required None None Complete
Cisco Aironet 3600 access points allow remote attackers to cause a denial of service (memory corruption and device crash) by disrupting Cisco Wireless LAN Controller communication and consequently forcing many transitions from FlexConnect mode to Standalone mode, aka Bug ID CSCuh71210.
621 CVE-2013-3438 264 Bypass 2013-07-24 2016-09-16
5.0
None Remote Low Not required Partial None None
The web framework in the server in Cisco Unified MeetingPlace Web Conferencing allows remote attackers to bypass intended access restrictions and read unspecified web pages via crafted parameters, aka Bug ID CSCuh86385.
622 CVE-2013-3436 264 Bypass 2013-07-19 2017-11-29
5.0
None Remote Low Not required Partial None None
The default configuration of the Group Encrypted Transport VPN (GET VPN) feature on Cisco IOS uses an improper mechanism for enabling Group Domain of Interpretation (GDOI) traffic flow, which allows remote attackers to bypass the encryption policy via certain uses of UDP port 848, aka Bug ID CSCui07698.
623 CVE-2013-3417 287 2013-09-30 2013-10-10
5.0
None Remote Low Not required Partial None None
The administrative web interface in Cisco Video Surveillance Operations Manager does not properly perform authentication, which allows remote attackers to watch video feeds via a crafted URL, aka Bug ID CSCtg72262.
624 CVE-2013-3407 264 +Info 2013-11-18 2013-11-19
5.0
None Remote Low Not required Partial None None
The web interface in Cisco Server Provisioner 6.4.0 Patch 5-1301292331 and earlier does not require authentication for unspecified pages, which allows remote attackers to obtain sensitive information via a direct request, aka Bug ID CSCug65664.
625 CVE-2013-3398 200 +Info 2013-06-26 2013-06-27
5.0
None Remote Low Not required Partial None None
The web framework in Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance provides different responses to requests for arbitrary pathnames depending on whether the pathname exists, which allows remote attackers to enumerate directories and files via a series of crafted requests, aka Bug ID CSCuh64574.
626 CVE-2013-3393 20 DoS 2013-06-26 2013-08-31
5.0
None Remote Low Not required None None Partial
The Precision Video Engine component in Cisco Jabber for Windows and Cisco Virtualization Experience Media Engine allows remote attackers to cause a denial of service (process crash and call disconnection) via crafted RTP packets, aka Bug IDs CSCuh60706 and CSCue21117.
627 CVE-2013-3381 399 DoS 2013-06-12 2013-06-12
5.0
None Remote Low Not required None None Partial
Cisco Hosted Collaboration Mediation allows remote attackers to cause a denial of service (CPU consumption) via a flood of malformed UDP packets on port 162, aka Bug ID CSCug85756.
628 CVE-2013-1242 399 DoS 2013-05-10 2013-05-10
5.0
None Remote Low Not required None None Partial
Memory leak in the web framework in the server in Cisco Unified Presence (CUP) allows remote attackers to cause a denial of service (memory consumption) via malformed TCP packets, aka Bug ID CSCug38080.
629 CVE-2013-1235 DoS 2013-05-04 2013-05-06
5.0
None Remote Low Not required None None Partial
Cisco Wireless LAN Controller (WLC) devices do not properly address the resource consumption of terminated TELNET sessions, which allows remote attackers to cause a denial of service (TELNET outage) by making many TELNET connections and improperly ending these connections, aka Bug ID CSCug35507.
630 CVE-2013-1232 20 2013-05-04 2013-05-06
5.0
None Remote Low Not required Partial None None
The HTTP implementation in Cisco WebEx Node for MCS, WebEx Meetings Server, and WebEx Node for ASR 1000 Series allows remote attackers to read the contents of uninitialized memory locations via a crafted request, aka Bug IDs CSCue36672, CSCue31363, CSCuf17466, and CSCug61252.
631 CVE-2013-1231 200 +Info 2013-05-03 2013-05-03
5.0
None Remote Low Not required Partial None None
The HTTP implementation in Cisco WebEx Node for MCS and WebEx Meetings Server allows remote attackers to read cache files via a crafted request, aka Bug IDs CSCue36664 and CSCue36629.
632 CVE-2013-1230 119 DoS Overflow 2013-05-01 2013-05-01
5.0
None Remote Low Not required None None Partial
Cisco Unified Communications Domain Manager allows remote attackers to cause a denial of service (CPU consumption) via a flood of malformed UDP packets, aka Bug ID CSCug47057.
633 CVE-2013-1229 20 DoS 2013-05-01 2013-05-01
5.0
None Remote Low Not required None None Partial
TMSSNMPService.exe in TelePresence Manager in Cisco TelePresence Management Suite (TMS) on 64-bit platforms allows remote attackers to cause a denial of service (process crash) via SNMP traps, aka Bug ID CSCue00028.
634 CVE-2013-1204 399 DoS 2013-05-23 2013-05-23
5.0
None Remote Low Not required None None Partial
Memory leak in the SNMP process in Cisco IOS XR allows remote attackers to cause a denial of service (memory consumption or process reload) by sending many port-162 UDP packets, aka Bug ID CSCug80345.
635 CVE-2013-1203 20 DoS 2013-06-18 2013-06-18
5.4
None Remote High Not required None None Complete
Cisco ASA CX Context-Aware Security Software allows remote attackers to cause a denial of service (device reload) via crafted TCP packets that appear to have been forwarded by a Cisco Adaptive Security Appliances (ASA) device, aka Bug ID CSCue88386.
636 CVE-2013-1202 2020-02-07 2020-02-11
5.0
None Remote Low Not required None None Partial
Cisco ACE A2(3.6) allows log retention DoS.
637 CVE-2013-1195 264 Bypass 2013-04-24 2013-04-24
5.0
None Remote Low Not required Partial None None
The time-based ACL implementation on Cisco Adaptive Security Appliances (ASA) devices, and in Cisco Firewall Services Module (FWSM), does not properly handle periodic statements for the time-range command, which allows remote attackers to bypass intended access restrictions by sending network traffic during denied time periods, aka Bug IDs CSCuf79091 and CSCug45850.
638 CVE-2013-1193 DoS 2013-04-16 2013-04-16
5.0
None Remote Low Not required None None Partial
The Secure Shell (SSH) implementation on Cisco Adaptive Security Appliances (ASA) devices, and in Cisco Firewall Services Module (FWSM), does not properly terminate sessions, which allows remote attackers to cause a denial of service (SSH service outage) by repeatedly establishing SSH connections, aka Bug IDs CSCue63881, CSCuf51892, CSCue78671, and CSCug26937.
639 CVE-2013-1190 264 DoS 2013-08-02 2013-10-07
5.0
None Remote Low Not required None None Partial
The C-Series Rack Server component 1.4 in Cisco Unified Computing System (UCS) does not properly restrict inbound access to ports, which allows remote attackers to cause a denial of service (Integrated Management Controller reboot or hang) via crafted packets, as demonstrated by nmap, aka Bug ID CSCtx19850.
640 CVE-2013-1189 20 DoS 2013-04-11 2013-04-11
5.7
None Local Network Medium Not required None None Complete
Cisco Universal Broadband (aka uBR) 10000 series routers, when an IPv4/IPv6 dual-stack modem is used, allow remote attackers to cause a denial of service (routing-engine reload) via unspecified changes to IP address assignments, aka Bug ID CSCue15313.
641 CVE-2013-1188 287 DoS 2013-05-16 2013-05-16
5.0
None Remote Low Not required None None Partial
Cisco Unified Communications Manager (CUCM) does not properly limit the rate of authentication attempts, which allows remote attackers to cause a denial of service (application slowdown) via a series of requests, aka Bug ID CSCud39515.
642 CVE-2013-1187 20 DoS 2013-04-16 2013-04-16
5.0
None Remote Low Not required None None Partial
The Connection Manager in Cisco Jabber Extensible Communications Platform (aka Jabber XCP) does not properly validate login data, which allows remote attackers to cause a denial of service (service crash) by sending a series of malformed login packets, aka Bug ID CSCts76762.
643 CVE-2013-1174 119 DoS Overflow 2013-04-05 2013-04-05
5.0
None Remote Low Not required None None Partial
Cisco Tivoli Business Service Manager (TBSM) in Hosted Collaboration Mediation (HCM) in Cisco Hosted Collaboration Solution allows remote attackers to cause a denial of service (temporary service hang) by sending many TCP packets to certain ports, aka Bug ID CSCue03703.
644 CVE-2013-1162 20 DoS 2013-03-26 2013-03-26
5.0
None Remote Low Not required None None Partial
The traffic engineering (TE) processing subsystem in Cisco IOS XR allows remote attackers to cause a denial of service (process restart) via crafted TE packets, aka Bug ID CSCue04000.
645 CVE-2013-1156 22 Dir. Trav. 2013-05-01 2013-05-01
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to read arbitrary files via a crafted URL, aka Bug ID CSCud51034.
646 CVE-2013-1129 399 DoS 2013-02-19 2013-02-20
5.0
None Remote Low Not required None None Partial
Memory leak in Cisco Unity Connection 9.x allows remote attackers to cause a denial of service (memory consumption and process crash) by sending many TCP requests, aka Bug ID CSCud59736.
647 CVE-2013-1121 399 DoS 2013-09-19 2013-09-20
5.4
None Remote High Not required None None Complete
The regex engine in the BGP implementation in Cisco NX-OS, when a complex regular expression is configured for inbound routes, allows remote attackers to cause a denial of service (device reload) via a crafted AS path set, aka Bug ID CSCuf49554.
648 CVE-2013-1112 20 DoS 2013-01-31 2013-02-02
5.0
None Remote Low Not required None None Partial
Cisco Carrier Routing System (CRS) allows remote attackers to cause a denial of service (packet loss) via short malformed packets that trigger inefficient processing, aka Bug ID CSCud79136.
649 CVE-2013-0149 DoS +Info 2013-08-05 2013-08-13
5.8
None Remote Medium Not required Partial None Partial
The OSPF implementation in Cisco IOS 12.0 through 12.4 and 15.0 through 15.3, IOS-XE 2.x through 3.9.xS, ASA and PIX 7.x through 9.1, FWSM, NX-OS, and StarOS before 14.0.50488 does not properly validate Link State Advertisement (LSA) type 1 packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a (1) unicast or (2) multicast packet, aka Bug IDs CSCug34485, CSCug34469, CSCug39762, CSCug63304, and CSCug39795.
650 CVE-2012-6399 20 2013-05-27 2013-05-28
5.8
None Remote Medium Not required Partial Partial None
Cisco WebEx 4.1 on iOS does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, aka Bug ID CSCud94176.
Total number of vulnerabilities : 885   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 (This Page)14 15 16 17 18
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.