CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Cisco : Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
651 CVE-2012-5424 20 Bypass 2012-11-07 2017-08-29
5.0
None Remote Low Not required Partial None None
Cisco Secure Access Control System (ACS) 5.x before 5.2 Patch 11 and 5.3 before 5.3 Patch 7, when a certain configuration involving TACACS+ and LDAP is used, does not properly validate passwords, which allows remote attackers to bypass authentication by sending a valid username and a crafted password string, aka Bug ID CSCuc65634.
652 CVE-2012-5415 362 DoS 2013-04-16 2013-04-16
5.4
None Remote High Not required None None Complete
Race condition on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (CPU consumption or device reload) by establishing multiple connections, leading to improper handling of hash lookups for secondary flows, aka Bug IDs CSCue31622 and CSCuc71272.
653 CVE-2012-5044 119 DoS Overflow Mem. Corr. 2014-04-23 2014-04-23
5.4
None Remote High Not required None None Complete
Cisco IOS before 15.3(1)T, when media flow-around is not used, allows remote attackers to cause a denial of service (media loops and stack memory corruption) via VoIP traffic, aka Bug ID CSCub45809.
654 CVE-2012-4658 287 DoS 2014-04-23 2014-04-23
5.0
None Remote Low Not required None None Partial
The ios-authproxy implementation in Cisco IOS before 15.1(1)SY3 allows remote attackers to cause a denial of service (webauth and HTTP service outage) via vectors that trigger incorrectly terminated HTTP sessions, aka Bug ID CSCtz99447.
655 CVE-2012-4117 20 2013-10-19 2013-10-21
5.8
None Remote Medium Not required Partial Partial None
The fabric-interconnect component in Cisco Unified Computing System (UCS) does not properly verify X.509 certificates, which allows man-in-the-middle attackers to watch SSL KVM video-channel traffic or modify this traffic via a crafted certificate, aka Bug ID CSCtr73033.
656 CVE-2012-4115 310 +Info 2013-10-21 2013-10-21
5.8
None Remote Medium Not required Partial Partial None
The fabric-interconnect component in Cisco Unified Computing System (UCS) does not encrypt KVM virtual-media data, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or modify this traffic by inserting packets into the client-server data stream, aka Bug ID CSCtr72964.
657 CVE-2012-4114 310 2013-10-19 2013-10-21
5.8
None Remote Medium Not required Partial Partial None
The fabric-interconnect KVM module in Cisco Unified Computing System (UCS) does not encrypt video data, which allows man-in-the-middle attackers to watch KVM display content by sniffing the network or modify this traffic by inserting packets into the client-server data stream, aka Bug ID CSCtr72949.
658 CVE-2012-4098 20 DoS 2013-10-05 2017-08-29
5.0
None Remote Low Not required None None Partial
The BGP implementation in Cisco NX-OS does not properly filter AS paths, which allows remote attackers to cause a denial of service (BGP service reset and resync) via a malformed UPDATE message, aka Bug ID CSCtn13055.
659 CVE-2012-4095 20 +Priv 2013-10-02 2016-09-22
5.5
None Local High ??? Complete Complete None
The local file editor in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges, and read or modify arbitrary files, via unspecified key bindings, aka Bug ID CSCtn04521.
660 CVE-2012-4094 119 DoS Overflow 2013-09-24 2017-08-29
5.4
None Remote High Not required None None Complete
Buffer overflow in the Smart Call Home feature in the fabric interconnect in Cisco Unified Computing System (UCS) allows remote attackers to cause a denial of service by reading and forging control messages associated with Smart Call Home reports, aka Bug ID CSCtl00198.
661 CVE-2012-4092 20 2013-09-26 2016-09-22
5.8
None Remote Medium Not required Partial Partial None
The management interface in the Central Software component in Cisco Unified Computing System (UCS) does not properly validate the identity of vCenter consoles, which allows man-in-the-middle attackers to read or modify an inter-device data stream by spoofing an identity, aka Bug ID CSCtk00683.
662 CVE-2012-4091 20 DoS 2013-10-05 2017-08-29
5.0
None Remote Low Not required None None Partial
The RIP service engine in Cisco NX-OS allows remote attackers to cause a denial of service (engine restart) via a malformed (1) RIPv4 or (2) RIPv6 message, aka Bug ID CSCtj73415.
663 CVE-2012-4087 20 Exec Code 2013-09-24 2017-08-29
5.1
None Remote High Not required Partial Partial Partial
A cluster setup script for fabric interconnect devices in Cisco Unified Computing System (UCS) allows remote attackers to execute arbitrary commands via invalid parameters, aka Bug ID CSCtg20793.
664 CVE-2012-4086 77 Exec Code 2013-09-25 2017-08-29
5.1
None Remote High Not required Partial Partial Partial
A setup script for fabric interconnect devices in Cisco Unified Computing System (UCS) allows remote attackers to execute arbitrary commands via invalid parameters, aka Bug ID CSCtg20790.
665 CVE-2012-4085 20 2013-09-24 2017-08-29
5.0
None Remote Low Not required Partial None None
The Intelligent Platform Management Interface (IPMI) implementation in the Blade Management Controller in Cisco Unified Computing System (UCS) allows remote attackers to enumerate valid usernames by observing IPMI interface responses, aka Bug ID CSCtg20761.
666 CVE-2012-4079 20 DoS 2013-09-26 2016-09-22
5.0
None Remote Low Not required None None Partial
The XML API service in the Fabric Interconnect component in Cisco Unified Computing System (UCS) allows remote attackers to cause a denial of service (API service outage) via a malformed XML document in a packet, aka Bug ID CSCtg48206.
667 CVE-2012-4074 255 +Info 2013-09-20 2016-09-23
5.8
None Remote Medium Not required Partial Partial None
The Board Management Controller (BMC) in the Serial over LAN (SoL) subsystem in Cisco Unified Computing System (UCS) relies on a hardcoded private key, which allows man-in-the-middle attackers to obtain sensitive information or modify the data stream by leveraging knowledge of this key, aka Bug ID CSCte90338.
668 CVE-2012-4073 310 2013-09-20 2016-09-09
5.8
None Remote Medium Not required Partial Partial None
The KVM subsystem in the client in Cisco Unified Computing System (UCS) does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers, and read or modify KVM data, via a crafted certificate, aka Bug ID CSCte90332.
669 CVE-2012-3946 264 Bypass 2014-04-24 2014-04-24
5.0
None Remote Low Not required Partial None None
Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682.
670 CVE-2012-3919 399 DoS 2012-09-16 2017-08-29
5.0
None Remote Low Not required None None Partial
The Cisco Application Control Engine (ACE) module 3.0 for Cisco Catalyst switches and Cisco routers does not properly monitor Load Balancer (LB) queues, which allows remote attackers to cause a denial of service (incorrect memory access and module reboot) via application traffic, aka Bug ID CSCtw70879.
671 CVE-2012-3915 119 DoS Overflow 2012-09-16 2017-08-29
5.0
None Remote Low Not required None None Partial
The DMVPN tunnel implementation in Cisco IOS 15.2 allows remote attackers to cause a denial of service (persistent IKE state) via a large volume of hub-to-spoke traffic, aka Bug ID CSCtq39602.
672 CVE-2012-3913 DoS 2013-08-01 2013-08-01
5.0
None Remote Low Not required None None Partial
The Cisco VC220 and VC240 cameras allow remote attackers to cause a denial of service (WebUI outage) via crafted packets, aka Bug IDs CSCtf73188, CSCtf88059, CSCtf87951, CSCtf87908, and CSCtf88019.
673 CVE-2012-3062 20 DoS 2014-04-23 2014-04-23
5.7
None Local Network Medium Not required None None Complete
Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on a network that contains many IPv6 hosts, aka Bug ID CSCtr88193.
674 CVE-2012-2499 310 2012-08-06 2012-08-07
5.8
None Remote Medium Not required Partial Partial None
The IPsec implementation in Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz26985.
675 CVE-2012-2490 20 2012-08-06 2012-08-07
5.0
None Remote Low Not required None Partial None
Cisco IP Communicator 8.6 allows man-in-the-middle attackers to modify the Certificate Trust List via unspecified vectors, aka Bug ID CSCtz01471.
676 CVE-2012-1367 20 DoS 2012-08-06 2012-08-06
5.0
None Remote Low Not required None None Partial
The MallocLite implementation in Cisco IOS 12.0, 12.2, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (Route Processor crash) via a BGP UPDATE message with a modified local-preference (aka LOCAL_PREF) attribute length, aka Bug ID CSCtq06538.
677 CVE-2012-1348 200 +Info 2012-08-06 2012-08-07
5.0
None Remote Low Not required Partial None None
Cisco Wide Area Application Services (WAAS) appliances with software 4.4, 5.0, and 5.1 include a one-way hash of a password within output text, which might allow remote attackers to obtain sensitive information via a brute-force attack on the hash string, aka Bug ID CSCty17279.
678 CVE-2012-1346 399 DoS 2012-08-06 2012-08-07
5.0
None Remote Low Not required None None Partial
Cisco Emergency Responder 8.6 and 9.2 allows remote attackers to cause a denial of service (CPU consumption) by sending malformed UDP packets to the CERPT port, aka Bug ID CSCtx38369.
679 CVE-2012-1342 863 Bypass 2012-08-06 2020-03-24
5.0
None Remote Low Not required None Partial None
Cisco Carrier Routing System (CRS) 3.9, 4.0, and 4.1 allows remote attackers to bypass ACL entries via fragmented packets, aka Bug ID CSCtj10975.
680 CVE-2012-1339 119 DoS Overflow 2012-08-06 2018-10-30
5.0
None Remote Low Not required None None Partial
The Fabric Interconnect component in Cisco Unified Computing System (UCS) 2.0 allows remote attackers to cause a denial of service (process crash) via an attempted SSH session, aka Bug ID CSCtt94543.
681 CVE-2012-1326 20 2020-01-15 2020-01-23
5.8
None Remote Medium Not required Partial Partial None
Cisco IronPort Web Security Appliance up to and including 7.5 does not validate the basic constraints of the certificate authority which could lead to MITM attacks
682 CVE-2012-1317 119 DoS Overflow 2014-04-23 2014-04-23
5.4
None Remote High Not required None None Complete
The multicast implementation in Cisco IOS before 15.1(1)SY allows remote attackers to cause a denial of service (Route Processor crash) by sending packets at a high rate, aka Bug ID CSCts37717.
683 CVE-2012-0376 DoS 2012-05-03 2012-05-10
5.0
None Remote Low Not required None None Partial
The voice-sipstack component in Cisco Unified Communications Manager (CUCM) 8.5 allows remote attackers to cause a denial of service (core dump) via vectors involving SIP messages that arrive after an upgrade, aka Bug ID CSCtj87367.
684 CVE-2012-0361 264 DoS 2012-05-02 2012-10-30
5.0
None Remote Low Not required None None Partial
The sccp-protocol component in Cisco IP Communicator (CIPC) 7.0 through 8.6 does not limit the rate of SCCP messages to Cisco Unified Communications Manager (CUCM), which allows remote attackers to cause a denial of service via vectors that trigger (1) on hook and (2) off hook messages, as demonstrated by a Plantronics headset, aka Bug ID CSCti40315.
685 CVE-2012-0360 399 DoS 2014-04-23 2014-04-23
5.0
None Remote Low Not required None None Partial
Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCtn22376.
686 CVE-2012-0339 20 2012-05-02 2012-10-30
5.0
None Remote Low Not required None Partial None
Cisco IOS 12.2 through 12.4 and 15.0 does not recognize the vrf-also keyword during enforcement of access-class commands, which allows remote attackers to establish TELNET connections from arbitrary source IP addresses via a standard TELNET client, aka Bug ID CSCsi77774.
687 CVE-2012-0338 20 2012-05-02 2012-10-30
5.0
None Remote Low Not required None Partial None
Cisco IOS 12.2 through 12.4 and 15.0 does not recognize the vrf-also keyword during enforcement of access-class commands, which allows remote attackers to establish SSH connections from arbitrary source IP addresses via a standard SSH client, aka Bug ID CSCsv86113.
688 CVE-2011-4650 399 2017-08-07 2017-08-25
5.0
None Remote Low Not required None None Partial
Cisco Data Center Network Manager is affected by Excessive Logging During a TCP Flood on Java Ports. If the size of server.log becomes very big because of too much logging by the DCNM server, then the CPU utilization increases. Known Affected Releases: 5.2(1). Known Fixed Releases: 6.0(0)SL1(0.14) 5.2(2.73)S0. Product identification: CSCtt15295.
689 CVE-2011-4232 200 +Info 2012-05-03 2012-05-30
5.0
None Remote Low Not required Partial None None
The web server in Cisco Unified MeetingPlace 6.1 and 8.5 produces different responses for directory queries depending on whether the directory exists, which allows remote attackers to enumerate directory names via a series of queries, aka Bug ID CSCtt94070.
690 CVE-2011-4022 287 DoS 2012-05-03 2012-05-11
5.0
None Remote Low Not required None None Partial
The sensor in Cisco Intrusion Prevention System (IPS) 7.0 and 7.1 allows remote attackers to cause a denial of service (file-handle exhaustion and mainApp hang) by making authentication attempts that exceed the configured limit, aka Bug ID CSCto51204.
691 CVE-2011-4019 399 DoS 2012-05-03 2012-05-30
5.4
None Remote High Not required None None Complete
Memory leak in Cisco IOS 12.4 and 15.0 through 15.2, and Cisco Unified Communications Manager (CUCM) 7.x, allows remote attackers to cause a denial of service (memory consumption) via a crafted response to a SIP SUBSCRIBE message, aka Bug IDs CSCto93837 and CSCtj61883.
692 CVE-2011-4016 20 DoS 2012-05-02 2016-12-07
5.4
None Remote High Not required None None Complete
The PPP implementation in Cisco IOS 12.2 and 15.0 through 15.2, when Point-to-Point Termination and Aggregation (PTA) and L2TP are used, allows remote attackers to cause a denial of service (device crash) via crafted network traffic, aka Bug ID CSCtf71673.
693 CVE-2011-4015 20 DoS 2012-05-02 2012-10-30
5.0
None Remote Low Not required None None Partial
Cisco IOS 15.2S allows remote attackers to cause a denial of service (interface queue wedge) via malformed UDP traffic on port 465, aka Bug ID CSCts48300.
694 CVE-2011-4007 20 DoS 2012-05-02 2012-10-30
5.4
None Remote High Not required None None Complete
Cisco IOS 15.0 and 15.1 and IOS XE 3.x do not properly handle the "set mpls experimental imposition" command, which allows remote attackers to cause a denial of service (device crash) via network traffic that triggers (1) fragmentation or (2) reassembly, aka Bug ID CSCtr56576.
695 CVE-2011-3283 20 DoS 2012-05-02 2017-12-07
5.0
None Remote Low Not required None None Partial
Cisco Carrier Routing System 3.9.1 allows remote attackers to cause a denial of service (Metro subsystem crash) via a fragmented GRE packet, aka Bug ID CSCts14887.
696 CVE-2011-2586 20 DoS 2012-05-02 2012-10-30
5.4
None Remote High Not required None None Complete
The HTTP client in Cisco IOS 12.4 and 15.0 allows user-assisted remote attackers to cause a denial of service (device crash) via a malformed HTTP response to a request for service installation, aka Bug ID CSCts12249.
697 CVE-2011-2583 20 DoS 2012-05-02 2017-12-14
5.0
None Remote Low Not required None None Partial
Cisco Unified Contact Center Express (aka CCX) 8.0 and 8.5 allows remote attackers to cause a denial of service via network traffic, as demonstrated by an SEC-BE-STABLE test case, aka Bug ID CSCth33834.
698 CVE-2011-2395 16 Bypass 2011-06-09 2017-08-29
5.0
None Remote Low Not required None Partial None
The Neighbor Discovery (ND) protocol implementation in Cisco IOS on unspecified switches allows remote attackers to bypass the Router Advertisement Guarding functionality via a fragmented IPv6 packet in which the Router Advertisement (RA) message is contained in the second fragment, as demonstrated by (1) a packet in which the first fragment contains a long Destination Options extension header or (2) a packet in which the first fragment contains an ICMPv6 Echo Request message.
699 CVE-2011-2059 200 +Info 2011-10-22 2020-05-11
5.0
None Remote Low Not required Partial None None
The ipv6 component in Cisco IOS before 15.1(4)M1.3 allows remote attackers to conduct fingerprinting attacks and obtain potentially sensitive information about the presence of the IOS operating system via an ICMPv6 Echo Request packet containing a Hop-by-Hop (HBH) extension header (EH) with a 0x0c01050c value in the PadN option data, aka Bug ID CSCtq02219.
700 CVE-2011-2057 20 DoS 2011-10-22 2020-08-05
5.0
None Remote Low Not required None None Partial
The cat6000-dot1x component in Cisco IOS 12.2 before 12.2(33)SXI7 does not properly handle (1) a loop between a dot1x enabled port and an open-authentication dot1x enabled port and (2) a loop between a dot1x enabled port and a non-dot1x port, which allows remote attackers to cause a denial of service (traffic storm) via unspecified vectors that trigger many Spanning Tree Protocol (STP) Bridge Protocol Data Unit (BPDU) frames, aka Bug ID CSCtq36327.
Total number of vulnerabilities : 885   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 (This Page)15 16 17 18
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.