The disaster recovery system (DRS) component in Cisco Unified Communications Manager (UCM) 9.1(1) and earlier allows remote authenticated users to obtain sensitive device information by reading "extraneous information" in HTML source code, aka Bug ID CSCuj39249.
Max CVSS
4.0
EPSS Score
0.25%
Published
2013-12-21
Updated
2017-08-29
Cisco WebEx Training Center allows remote attackers to discover registration IDs via a crafted URL, aka Bug ID CSCul57121.
Max CVSS
4.3
EPSS Score
0.35%
Published
2013-12-14
Updated
2017-11-29
Cisco WebEx Training Center allows remote attackers to discover session numbers, and bypass host approval for audio-conference attendance, by reading HTML source code, aka Bug ID CSCul57126.
Max CVSS
5.0
EPSS Score
0.29%
Published
2013-12-14
Updated
2017-11-29
Cisco WebEx Meeting Center allows remote attackers to obtain sensitive information by reading verbose error messages within server responses, aka Bug ID CSCul35928.
Max CVSS
5.0
EPSS Score
0.32%
Published
2013-12-14
Updated
2017-11-29
Cisco WebEx Training Center provides different error messages for registration attempts depending on whether the e-mail address exists, which allows remote attackers to enumerate attendees via a series of requests, aka Bug ID CSCul36003.
Max CVSS
5.0
EPSS Score
0.26%
Published
2013-12-14
Updated
2017-11-29
The registration component in Cisco WebEx Training Center provides the training-session URL before payment is completed, which allows remote attackers to bypass intended access restrictions and join an audio conference by entering credential fields from this URL, aka Bug ID CSCul57111.
Max CVSS
5.0
EPSS Score
0.13%
Published
2013-12-14
Updated
2016-09-15
Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to read arbitrary text files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCud80148.
Max CVSS
7.8
EPSS Score
0.28%
Published
2013-09-23
Updated
2017-08-29
DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to read arbitrary files via unspecified vectors, aka Bug ID CSCue77029.
Max CVSS
7.8
EPSS Score
5.10%
Published
2013-09-23
Updated
2013-09-23
Cisco Mobility Services Engine does not properly set up the Oracle SSL service, which allows remote attackers to obtain an unauthenticated session to the database-replication port, and consequently obtain sensitive information, via an SSL connection, aka Bug ID CSCue50794.
Max CVSS
5.0
EPSS Score
0.17%
Published
2013-09-04
Updated
2016-11-04
The web portal in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive stack-trace information via unspecified vectors that trigger a stack exception, aka Bug ID CSCug34854.
Max CVSS
4.0
EPSS Score
0.08%
Published
2013-08-05
Updated
2013-08-05
The web interface in Cisco Secure Access Control System (ACS) does not properly suppress error-condition details, which allows remote authenticated users to obtain sensitive information via an unspecified request that triggers an error, aka Bug ID CSCue65957.
Max CVSS
4.0
EPSS Score
0.08%
Published
2013-07-15
Updated
2013-07-16
The web framework in Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance provides different responses to requests for arbitrary pathnames depending on whether the pathname exists, which allows remote attackers to enumerate directories and files via a series of crafted requests, aka Bug ID CSCuh64574.
Max CVSS
5.0
EPSS Score
0.11%
Published
2013-06-26
Updated
2013-06-27
The administrative web interface in the Access Control Server in Cisco Secure Access Control System (ACS) does not properly restrict the report view page, which allows remote authenticated users to obtain sensitive information via a direct request, aka Bug ID CSCue79279.
Max CVSS
4.0
EPSS Score
0.08%
Published
2013-06-12
Updated
2018-10-30
The HTTP implementation in Cisco WebEx Node for MCS and WebEx Meetings Server allows remote attackers to read cache files via a crafted request, aka Bug IDs CSCue36664 and CSCue36629.
Max CVSS
5.0
EPSS Score
0.11%
Published
2013-05-03
Updated
2013-05-03
Memory leak in the SNMP module in Cisco IOS XR allows remote authenticated users to cause a denial of service (memory consumption and process restart) via crafted SNMP packets, aka Bug ID CSCue31546.
Max CVSS
4.0
EPSS Score
0.09%
Published
2013-04-29
Updated
2013-05-01
The ISAKMP implementation on Cisco Adaptive Security Appliances (ASA) devices generates different responses for IKE aggressive-mode messages depending on whether invalid VPN groups are specified, which allows remote attackers to enumerate groups via a series of messages, aka Bug ID CSCue73708.
Max CVSS
5.0
EPSS Score
0.16%
Published
2013-04-18
Updated
2023-08-11
The web interface in the Manager component in Cisco Unified Computing System (UCS) 1.x and 2.x before 2.0(2m) allows remote attackers to obtain sensitive information by reading a (1) technical-support bundle file or (2) on-device configuration backup, aka Bug ID CSCtq86543.
Max CVSS
9.3
EPSS Score
0.23%
Published
2013-04-25
Updated
2013-04-25
The XML parser in Cisco Security Monitoring, Analysis, and Response System (MARS) allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCue55093.
Max CVSS
4.3
EPSS Score
0.17%
Published
2013-03-06
Updated
2013-03-06
The search function in Cisco Webex Social (formerly Cisco Quad) allows remote authenticated users to read files via unspecified parameters, aka Bug ID CSCud40235.
Max CVSS
4.0
EPSS Score
0.08%
Published
2013-02-06
Updated
2013-02-07
The fabric-interconnect component in Cisco Unified Computing System (UCS) does not encrypt KVM media traffic, which allows remote attackers to obtain sensitive information, and consequently complete the authentication process for a server connection, by sniffing the network, aka Bug ID CSCtr72970.
Max CVSS
4.3
EPSS Score
0.15%
Published
2013-10-19
Updated
2013-10-21
20 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!