Cisco : Security Vulnerabilities, CVEs, Published In 2013

Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Scientific Atlanta DPR2320R2 routers with software 2.0.2r1262-090417 allow remote attackers to hijack the authentication of administrators for requests that (1) change a password via the Password parameter to goform/RgSecurity; (2) reboot the device via the Restart parameter to goform/restart; (3) modify Wi-Fi settings, as demonstrated by the WpaPreSharedKey parameter to goform/wlanSecurity; or (4) modify parental controls via the ParentalPassword parameter to goform/RgParentalBasic.

The TFTP service in Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to obtain sensitive information from a phone via an RRQ operation, as demonstrated by discovering a cleartext UseUserCredential field in an SPDefault.cnf.xml file. NOTE: the vendor reportedly disputes the significance of this report, stating that this is an expected default behavior, and that the product's documentation describes use of the TFTP Encrypted Config option in addressing this issue

SQL injection vulnerability in the web interface in Cisco Unified Presence Server allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuh35615.

Cisco IOS XE 3.7S(.1) and earlier allows remote attackers to cause a denial of service (Packet Processor crash) via fragmented MPLS IP packets, aka Bug ID CSCul00709.

The VTY authentication implementation in Cisco IOS XE 03.02.xxSE and 03.03.xxSE incorrectly relies on the Linux-IOS internal-network configuration, which allows remote attackers to bypass authentication by leveraging access to a 192.168.x.2 source IP address, aka Bug ID CSCuj90227.

The disaster recovery system (DRS) component in Cisco Unified Communications Manager (UCM) 9.1(1) and earlier allows remote authenticated users to obtain sensitive device information by reading "extraneous information" in HTML source code, aka Bug ID CSCuj39249.

Cross-site request forgery (CSRF) vulnerability in goform/Quick_setup on Cisco EPC3925 devices allows remote attackers to hijack the authentication of administrators for requests that change a password via the Password and PasswordReEnter parameters, aka Bug ID CSCuh37496.

Cisco WebEx Training Center allows remote attackers to discover registration IDs via a crafted URL, aka Bug ID CSCul57121.

Cisco WebEx Training Center allows remote attackers to discover session numbers, and bypass host approval for audio-conference attendance, by reading HTML source code, aka Bug ID CSCul57126.

Open redirect vulnerability in Cisco WebEx Training Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul57140.

Cisco WebEx Meeting Center allows remote attackers to obtain sensitive information by reading verbose error messages within server responses, aka Bug ID CSCul35928.

The training-registration page in Cisco WebEx Training Center allows remote attackers to modify unspecified fields via unknown vectors, aka Bug ID CSCul35990.

Cisco WebEx Training Center provides different error messages for registration attempts depending on whether the e-mail address exists, which allows remote attackers to enumerate attendees via a series of requests, aka Bug ID CSCul36003.

Open redirect vulnerability in the mobile-browser subsystem in Cisco WebEx Sales Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul36020.

Open redirect vulnerability in Cisco WebEx Training Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul36031.

The registration component in Cisco WebEx Training Center provides the training-session URL before e-mail confirmation is completed, which allows remote attackers to bypass intended access restrictions and join an audio conference by entering credential fields from this URL, aka Bug ID CSCul36183.

Cisco WebEx Meeting Center allows remote authenticated users to bypass access control and inject content from a different WebEx site via unspecified vectors, aka Bug ID CSCul36197.

Cross-site scripting (XSS) vulnerability in the registration component in Cisco WebEx Training Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36207.

Cross-site scripting (XSS) vulnerability in the mobile-browser subsystem in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36228.

Cross-site scripting (XSS) vulnerability in the Collaboration Partner Access Console (CPAC) in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36237.

Multiple cross-site scripting (XSS) vulnerabilities in Cisco WebEx Meeting Center allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36248.

Open redirect vulnerability in Cisco WebEx Sales Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul25557.

Cross-site scripting (XSS) vulnerability in the product-creation administrative page in Cisco WebEx Sales Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul25540.

Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Training Center allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCul25567.

The registration component in Cisco WebEx Training Center provides the training-session URL before payment is completed, which allows remote attackers to bypass intended access restrictions and join an audio conference by entering credential fields from this URL, aka Bug ID CSCul57111.