The API in the Guest Server in Cisco Jabber, when HTML5 is used, allows remote attackers to obtain sensitive information by sniffing the network during an HTTP (1) GET or (2) POST response, aka Bug ID CSCus19801.
Max CVSS
4.3
EPSS Score
0.32%
Published
2014-12-23
Updated
2017-01-03
The API in the Guest Server in Cisco Jabber, when the HTML5 CORS feature is used, allows remote attackers to obtain sensitive information by sniffing the network during an HTTP (1) GET or (2) POST request, aka Bug ID CSCus19789.
Max CVSS
4.3
EPSS Score
0.32%
Published
2014-12-23
Updated
2017-01-03
The periodic-backup feature in Cisco Identity Services Engine (ISE) allows remote attackers to discover backup-encryption passwords via a crafted request that triggers inclusion of a password in a reply, aka Bug ID CSCur41673.
Max CVSS
5.0
EPSS Score
0.28%
Published
2014-12-22
Updated
2017-01-03
The Management subsystem in Cisco Unified Computing System 2.1(3f) and earlier allows remote attackers to obtain sensitive information by reading log files, aka Bug ID CSCur99239.
Max CVSS
5.0
EPSS Score
0.26%
Published
2014-12-10
Updated
2015-01-24
Cisco Prime Infrastructure allows remote authenticated users to read device-discovery passwords by examining the HTML source code of the Quick Discovery options page, aka Bug ID CSCum00019.
Max CVSS
4.0
EPSS Score
0.10%
Published
2014-12-20
Updated
2017-01-03
Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote attackers to obtain sensitive credential information by leveraging unspecified HTTP handler access on the local network, aka Cisco-Meraki defect ID 00302012.
Max CVSS
3.3
EPSS Score
0.20%
Published
2014-12-24
Updated
2014-12-24

CVE-2014-7992

Public exploit
The DLSw implementation in Cisco IOS does not initialize packet buffers, which allows remote attackers to obtain sensitive credential information from process memory via a session on TCP port 2067, aka Bug ID CSCur14014.
Max CVSS
5.0
EPSS Score
2.54%
Published
2014-11-18
Updated
2017-09-08
The Unified Messaging Service (UMS) in Cisco Unity Connection 10.5 and earlier allows remote authenticated users to obtain sensitive information by reading log files, aka Bug ID CSCur06493.
Max CVSS
4.0
EPSS Score
0.19%
Published
2014-11-07
Updated
2017-09-08
The syslog-management subsystem in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to obtain an administrator password by waiting for an administrator to copy a file, and then (1) sniffing the network for a syslog message or (2) reading a syslog message in a file on a syslog server, aka Bug IDs CSCuq22357 and CSCur41860.
Max CVSS
4.3
EPSS Score
0.29%
Published
2014-12-20
Updated
2023-08-11
Cisco WebEx Meetings Server allows remote authenticated users to obtain sensitive information by reading logs, aka Bug IDs CSCuq36417 and CSCuq40344.
Max CVSS
4.0
EPSS Score
0.11%
Published
2014-10-05
Updated
2014-10-06
The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to obtain potentially sensitive software-version information by reading the verbose response data that is provided for a request to an unspecified URL, aka Bug ID CSCuq65542.
Max CVSS
5.0
EPSS Score
0.29%
Published
2014-10-05
Updated
2023-08-11
Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obtain sensitive information via crafted packets, aka Bug IDs CSCuh87398 and CSCuh87380.
Max CVSS
5.0
EPSS Score
0.47%
Published
2014-08-29
Updated
2017-08-29
The SNMP module in Cisco NX-OS 7.0(3)N1(1) and earlier on Nexus 5000 and 6000 devices provides different error messages for invalid requests depending on whether the VLAN ID exists, which allows remote attackers to enumerate VLANs via a series of requests, aka Bug ID CSCup85616.
Max CVSS
5.0
EPSS Score
0.50%
Published
2014-08-19
Updated
2017-08-29
The OutlookAction Class in Cisco WebEx Meetings Server allows remote attackers to enumerate user accounts by entering crafted URLs and examining the returned messages, aka Bug ID CSCuj81722.
Max CVSS
5.0
EPSS Score
0.17%
Published
2014-07-28
Updated
2017-08-29
The web framework in Cisco WebEx Meetings Server does not properly restrict the content of query strings, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, aka Bug ID CSCuj81713.
Max CVSS
4.0
EPSS Score
0.13%
Published
2014-07-28
Updated
2017-08-29
The ProfileAction controller in Cisco WebEx Meetings Server (CWMS) 1.5(.1.131) and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned messages, aka Bug ID CSCuj81700.
Max CVSS
5.0
EPSS Score
0.31%
Published
2014-07-26
Updated
2017-08-29
The XML programmatic interface (XML PI) in Cisco WebEx Meeting Server 1.5(.1.131) and earlier allows remote authenticated users to obtain sensitive meeting information via a crafted URL, aka Bug ID CSCum03527.
Max CVSS
4.0
EPSS Score
0.13%
Published
2014-06-21
Updated
2017-01-12
meetinginfo.do in Cisco WebEx Event Center, WebEx Meeting Center, WebEx Sales Center, WebEx Training Center, WebEx Meetings Server 1.5(.1.131) and earlier, and WebEx Business Suite (WBS) 27 before 27.32.31.16, 28 before 28.12.13.18, and 29 before 29.5.1.12 allows remote attackers to obtain sensitive meeting information by leveraging knowledge of a meeting identifier, aka Bug IDs CSCuo68624 and CSCue46738.
Max CVSS
5.0
EPSS Score
0.16%
Published
2014-05-20
Updated
2016-09-07
The Call Detail Records (CDR) Management component in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCun74374.
Max CVSS
4.0
EPSS Score
0.11%
Published
2014-04-29
Updated
2014-04-29
The disaster recovery system (DRS) in Cisco Unified Contact Center Express (Unified CCX) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCum95536.
Max CVSS
4.0
EPSS Score
0.10%
Published
2014-02-27
Updated
2015-08-01
WebEx Meeting Center in Cisco WebEx Business Suite does not properly compose URLs for HTTP GET requests, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) a browser's history, aka Bug ID CSCul98272.
Max CVSS
5.0
EPSS Score
0.29%
Published
2014-03-21
Updated
2014-03-24
21 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!