Cisco : Security Vulnerabilities, CVEs, Published In 2014 (Bypass) CVSS score >= 6
The debug console interface on Cisco Small Business SPA300 and SPA500 phones does not properly perform authentication, which allows local users to execute arbitrary debug-shell commands, or read or modify data in memory or a filesystem, via direct access to this interface, aka Bug ID CSCun77435.
Max CVSS
6.9
EPSS Score
0.09%
Published
2014-07-09
Updated
2017-08-29
Cisco Adaptive Security Appliance (ASA) Software allows remote authenticated users to read files by sending a crafted URL to the HTTP server, as demonstrated by reading the running configuration, aka Bug ID CSCun78551.
Max CVSS
6.8
EPSS Score
0.11%
Published
2014-05-07
Updated
2023-08-11
Cisco Video Surveillance Operations Manager (VSOM) does not require authentication for MySQL database connections, which allows remote attackers to obtain sensitive information, modify data, or cause a denial of service by leveraging network connectivity from a client system with a crafted host name, aka Bug ID CSCud10992.
Max CVSS
6.8
EPSS Score
1.73%
Published
2014-01-24
Updated
2017-08-29
The Flex-VPN load-balancing feature in the ipsec-ikev2 implementation in Cisco IOS before 15.1(1)SY3 does not require authentication, which allows remote attackers to trigger the forwarding of VPN traffic to an attacker-controlled destination, or the discarding of this traffic, by arranging for an arbitrary device to become a cluster member, aka Bug ID CSCub93641.
Max CVSS
6.4
EPSS Score
0.30%
Published
2014-04-23
Updated
2014-04-23
4 vulnerabilities found