CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Cisco : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2015-0707 79 XSS 2015-04-22 2015-04-23
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in Cisco FireSIGHT System Software 5.3.1.1 and 6.0.0 in FireSIGHT Management Center allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCus85425.
2 CVE-2015-0706 2015-04-22 2015-04-23
5.8
None Remote Medium Not required Partial Partial None
Open redirect vulnerability in Cisco FireSIGHT System Software 5.3.1.1, 5.3.1.2, and 6.0.0 in FireSIGHT Management Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted HTTP header, aka Bug IDs CSCut06060, CSCut06056, and CSCus98966.
3 CVE-2015-0705 352 CSRF 2015-04-21 2015-04-23
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the SOAP API endpoints of the web-services directory in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts, aka Bug ID CSCus97494.
4 CVE-2015-0704 352 CSRF 2015-04-21 2015-04-23
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in API features in Cisco Unified MeetingPlace 8.6(1.9) allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus95884.
5 CVE-2015-0703 79 XSS 2015-04-20 2015-04-21
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the administrative web interface in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCus95857.
6 CVE-2015-0702 Exec Code 2015-04-20 2015-04-21
9.0
None Remote Low Single system Complete Complete Complete
Unrestricted file upload vulnerability in the Custom Prompts upload implementation in Cisco Unified MeetingPlace 8.6(1.9) allows remote authenticated users to execute arbitrary code by using the languageShortName parameter to upload a file that provides shell access, aka Bug ID CSCus95712.
7 CVE-2015-0700 352 CSRF 2015-04-16 2015-04-17
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the Dashboard page in the monitoring-and-report section in Cisco Secure Access Control Server Solution Engine before 5.5(0.46.5) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj62924.
8 CVE-2015-0699 89 Exec Code Sql 2015-04-15 2015-04-15
5.0
None Remote Low Not required Partial None None
SQL injection vulnerability in the Interactive Voice Response (IVR) component in Cisco Unified Communications Manager (UCM) 10.5(1.98991.13) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCut21563.
9 CVE-2015-0698 79 XSS 2015-04-15 2015-04-15
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in filter search forms in admin web pages on Cisco Web Security Appliance (WSA) devices with software 8.5.0-497 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCut39213.
10 CVE-2015-0697 2015-04-15 2015-04-15
5.8
None Remote Medium Not required Partial Partial None
Open redirect vulnerability in the login page in Cisco TC Software before 6.3-26 and 7.x before 7.3.0 on Cisco TelePresence Collaboration Desk and Room Endpoints devices allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuq94980.
11 CVE-2015-0696 79 XSS 2015-04-15 2015-04-23
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the login page in Cisco TC Software before 7.1.0 on Cisco TelePresence Collaboration Desk and Room Endpoints devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuq94977.
12 CVE-2015-0695 19 DoS 2015-04-16 2015-04-17
7.8
None Remote Low Not required None None Complete
Cisco IOS XR 4.3.4 through 5.3.0 on ASR 9000 devices, when uRPF, PBR, QoS, or an ACL is configured, does not properly handle bridge-group virtual interface (BVI) traffic, which allows remote attackers to cause a denial of service (chip and card hangs and reloads) by triggering use of a BVI interface for IPv4 packets, aka Bug ID CSCur62957.
13 CVE-2015-0694 284 Bypass 2015-04-10 2015-04-17
5.0
None Remote Low Not required None Partial None
Cisco ASR 9000 devices with software 5.3.0.BASE do not recognize that certain ACL entries have a single-host constraint, which allows remote attackers to bypass intended network-resource access restrictions by using an address that was not supposed to have been allowed, aka Bug ID CSCur28806.
14 CVE-2015-0693 20 Exec Code +Priv 2015-04-15 2015-04-15
7.2
None Local Low Not required Complete Complete Complete
Cisco Web Security Appliance (WSA) devices with software 8.5.0-ise-147 do not properly restrict use of the pickle Python module during certain tunnel-status checks, which allows local users to execute arbitrary Python code and gain privileges via a crafted pickle file, aka Bug ID CSCut39259.
15 CVE-2015-0692 264 Exec Code +Priv 2015-04-10 2015-04-13
7.2
None Local Low Not required Complete Complete Complete
Cisco Web Security Appliance (WSA) devices with software 8.5.0-ise-147 do not properly restrict use of the pickle Python module during certain tunnel-status checks, which allows local users to execute arbitrary Python code and gain privileges via crafted serialized objects, aka Bug ID CSCut39230.
16 CVE-2015-0691 264 Exec Code 2015-04-16 2015-04-17
9.3
None Remote Medium Not required Complete Complete Complete
A certain Cisco JAR file, as distributed in Cache Cleaner in Cisco Secure Desktop (CSD), allows remote attackers to execute arbitrary commands via a crafted web site, aka Bug ID CSCup83001.
17 CVE-2015-0690 79 XSS 2015-04-06 2015-04-09
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the HTML help system on Cisco Wireless LAN Controller (WLC) devices before 8.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCun95178.
18 CVE-2015-0688 399 DoS 2015-04-03 2015-04-09
7.1
None Remote Medium Not required None None Complete
Cisco IOS XE 3.10.2S on an ASR 1000 device with an Embedded Services Processor (ESP) module, when NAT is enabled, allows remote attackers to cause a denial of service (module crash) via malformed H.323 packets, aka Bug ID CSCup21070.
19 CVE-2015-0687 399 DoS 2015-04-02 2015-04-09
6.3
None Remote Medium Single system None None Complete
The SNMP implementation in Cisco IOS 15.1(2)SG4 on Catalyst 4500 devices, when single-switch Virtual Switching System (VSS) is configured, allows remote authenticated users to cause a denial of service (device crash) by performing SNMP polling, aka Bug ID CSCuq04574.
20 CVE-2015-0686 399 DoS 2015-04-02 2015-04-09
6.3
None Remote Medium Single system None None Complete
The SNMP implementation in Cisco NX-OS 6.1(2)I2(3) on Nexus 9000 devices, when a Reset High Availability (HA) policy is configured, allows remote authenticated users to cause a denial of service (device reload) via unspecified vectors, aka Bug ID CSCuq92240.
21 CVE-2015-0685 20 DoS 2015-04-02 2015-04-09
7.8
None Remote Low Not required None None Complete
Cisco IOS XE before 3.7.5S on ASR 1000 devices does not properly handle route adjacencies, which allows remote attackers to cause a denial of service (device hang) via crafted IP packets, aka Bug ID CSCub31873.
22 CVE-2015-0684 89 Exec Code Sql 2015-04-03 2015-04-09
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the Image Management component in Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuq52515.
23 CVE-2015-0683 200 +Info File Inclusion 2015-04-03 2015-04-09
4.0
None Remote Low Single system Partial None None
Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to obtain sensitive information via a file-inclusion attack, aka Bug ID CSCup94744.
24 CVE-2015-0682 264 Exec Code 2015-04-03 2015-04-09
6.5
None Remote Low Single system Partial Partial Partial
Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary code by visiting a "deprecated page," aka Bug ID CSCup90168.
25 CVE-2015-0680 200 +Info 2015-03-27 2015-04-02
4.0
None Remote Low Single system Partial None None
Cisco Unified Call Manager (CM) 9.1(2.1000.28) does not properly restrict resource requests, which allows remote authenticated users to read arbitrary files via unspecified vectors, aka Bug ID CSCuq44439.
26 CVE-2015-0679 20 DoS 2015-03-27 2015-04-02
6.1
None Local Network Low Not required None None Complete
The web-authentication functionality on Cisco Wireless LAN Controller (WLC) devices 7.3(103.8) and 7.4(110.0) allows remote attackers to cause a denial of service (device reload) via a malformed password, aka Bug ID CSCui57980.
27 CVE-2015-0678 20 DoS 2015-04-10 2015-04-17
7.8
None Remote Low Not required None None Complete
The virtualization layer in Cisco ASA FirePOWER Software before 5.3.1.2 and 5.4.x before 5.4.0.1 and ASA Context-Aware (CX) Software before 9.3.2.1-9 allows remote attackers to cause a denial of service (device reload) by rapidly sending crafted packets to the management interface, aka Bug IDs CSCus11007 and CSCun56954.
28 CVE-2015-0677 20 DoS 2015-04-12 2015-04-23
7.8
None Remote Low Not required None None Complete
The XML parser in Cisco Adaptive Security Appliance (ASA) Software 8.4 before 8.4(7.28), 8.6 before 8.6(1.17), 9.0 before 9.0(4.33), 9.1 before 9.1(6), 9.2 before 9.2(3.4), and 9.3 before 9.3(3), when Clientless SSL VPN, AnyConnect SSL VPN, or AnyConnect IKEv2 VPN is used, allows remote attackers to cause a denial of service (VPN outage or device reload) via a crafted XML document, aka Bug ID CSCus95290.
29 CVE-2015-0676 20 DoS 2015-04-12 2015-04-23
7.1
None Remote Medium Not required None None Complete
The DNS implementation in Cisco Adaptive Security Appliance (ASA) Software 7.2 before 7.2(5.16), 8.2 before 8.2(5.57), 8.3 before 8.3(2.44), 8.4 before 8.4(7.28), 8.5 before 8.5(1.24), 8.6 before 8.6(1.17), 8.7 before 8.7(1.16), 9.0 before 9.0(4.33), 9.1 before 9.1(6.1), 9.2 before 9.2(3.4), and 9.3 before 9.3(3) allows man-in-the-middle attackers to cause a denial of service (memory consumption or device outage) by triggering outbound DNS queries and then sending crafted responses to these queries, aka Bug ID CSCuq77655.
30 CVE-2015-0675 284 2015-04-12 2015-04-17
8.3
None Local Network Low Not required Complete Complete Complete
The failover ipsec implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1 before 9.1(6), 9.2 before 9.2(3.3), and 9.3 before 9.3(3) does not properly validate failover communication messages, which allows remote attackers to reconfigure an ASA device, and consequently obtain administrative control, by sending crafted UDP packets over the local network to the failover interface, aka Bug ID CSCur21069.
31 CVE-2015-0673 200 +Info 2015-03-26 2015-03-30
4.0
None Remote Low Single system Partial None None
Cisco Mobility Services Engine (MSE) 8.0(110.0) allows remote authenticated users to discover the passwords of arbitrary users by (1) reading log files or (2) using an unspecified GUI feature, aka Bug ID CSCut24792.
32 CVE-2015-0672 399 DoS 2015-03-26 2015-03-30
5.0
None Remote Low Not required None None Partial
The DHCPv4 server in Cisco IOS XR 5.2.2 on ASR 9000 devices allows remote attackers to cause a denial of service (service outage) via a flood of crafted DHCP packets, aka Bug ID CSCup67822.
33 CVE-2015-0671 399 DoS 2015-03-19 2015-03-20
5.0
None Remote Low Not required None None Partial
The DNS implementation in Cisco Videoscape Distribution Suite for Internet Streaming (VDS-IS) 3.2(1) allows remote attackers to cause a denial of service (CPU consumption and network-resource consumption) via crafted packets, aka Bug ID CSCun15911.
34 CVE-2015-0670 287 2015-03-20 2015-03-27
6.4
None Remote Low Not required Partial Partial None
The default configuration of Cisco Small Business IP phones SPA 300 7.5.5 and SPA 500 7.5.5 does not properly support authentication, which allows remote attackers to read audio-stream data or originate telephone calls via a crafted XML request, aka Bug ID CSCuo52482.
35 CVE-2015-0669 20 DoS 2015-03-20 2015-03-27
6.4
None Remote Low Not required None Partial Partial
The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 15.4S and 15.4(3)S allows remote attackers to modify configuration settings or cause a denial of service (partial service outage) by sending crafted Autonomic Networking (AN) messages on an intranet network, aka Bug ID CSCup62167.
36 CVE-2015-0668 79 XSS 2015-03-19 2015-03-27
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the administration portal in Cisco WebEx Meetings Server 2.5 and 2.5.99.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuq66737.
37 CVE-2015-0667 284 Bypass 2015-03-18 2015-03-24
5.0
None Remote Low Not required None Partial None
The Management Interface on Cisco Content Services Switch (CSS) 11500 devices 8.20.4.02 and earlier allows remote attackers to bypass intended restrictions on local-network device access via crafted SSH packets, aka Bug ID CSCut14855.
38 CVE-2015-0666 22 Dir. Trav. 2015-04-03 2015-04-09
7.8
None Remote Low Not required Complete None None
Directory traversal vulnerability in the fmserver servlet in Cisco Prime Data Center Network Manager (DCNM) before 7.1(1) allows remote attackers to read arbitrary files via a crafted pathname, aka Bug ID CSCus00241.
39 CVE-2015-0665 22 Dir. Trav. 2015-03-16 2015-03-23
6.6
None Local Low Not required None Complete Complete
The Hostscan module in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to write to arbitrary files via crafted IPC messages, aka Bug ID CSCus79173.
40 CVE-2015-0664 20 +Priv 2015-03-18 2015-03-24
4.3
None Local Low Single system Partial Partial Partial
The IPC channel in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to write to arbitrary userspace memory locations, and consequently gain privileges, via crafted messages, aka Bug ID CSCus79195.
41 CVE-2015-0663 264 2015-03-16 2015-03-23
6.6
None Local Low Not required None Complete Complete
Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier does not properly implement access control for IPC messages, which allows local users to write to arbitrary files via crafted messages, aka Bug ID CSCus79392.
42 CVE-2015-0662 264 +Priv 2015-03-16 2015-03-23
7.2
None Local Low Not required Complete Complete Complete
Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to gain privileges via crafted IPC messages that trigger use of root privileges for a software-package installation, aka Bug ID CSCus79385.
43 CVE-2015-0661 20 DoS 2015-03-05 2015-03-11
4.0
None Remote Low Single system None None Partial
The SNMPv2 implementation in Cisco IOS XR allows remote authenticated users to cause a denial of service (snmpd daemon reload) via a malformed SNMP packet, aka Bug ID CSCur25858.
44 CVE-2015-0660 284 Exec Code 2015-03-13 2015-03-18
7.2
None Local Low Not required Complete Complete Complete
Cisco Virtual TelePresence Server Software does not properly restrict use of the serial port, which allows local users to execute arbitrary OS commands as root by leveraging vSphere controller administrative privileges, aka Bug ID CSCus61123.
45 CVE-2015-0659 2015-03-05 2015-03-11
5.0
None Remote Low Not required None Partial None
The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS allows remote attackers to trigger self-referential adjacencies via a crafted Autonomic Networking (AN) message, aka Bug ID CSCup62157.
46 CVE-2015-0658 20 Exec Code 2015-03-27 2015-04-01
7.9
None Local Network Medium Not required Complete Complete Complete
The DHCP implementation in the PowerOn Auto Provisioning (POAP) feature in Cisco NX-OS does not properly restrict the initialization process, which allows remote attackers to execute arbitrary commands as root by sending crafted response packets on the local network, aka Bug ID CSCur14589.
47 CVE-2015-0657 20 DoS 2015-03-05 2015-03-11
5.0
None Remote Low Not required None None Partial
Cisco IOS XR allows remote attackers to cause a denial of service (RSVP process reload) via a malformed RSVP packet, aka Bug ID CSCur69192.
48 CVE-2015-0656 79 XSS 2015-03-03 2015-03-09
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the login page in Cisco Network Analysis Module (NAM) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCum81269.
49 CVE-2015-0655 79 XSS 2015-02-27 2015-03-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Unified Web Interaction Manager in Cisco Unified Web and E-Mail Interaction Manager allows remote attackers to inject arbitrary web script or HTML via vectors related to a POST request, aka Bug ID CSCus74184.
50 CVE-2015-0654 362 DoS 2015-03-12 2015-03-17
7.1
None Remote Medium Not required None None Complete
Race condition in the TLS implementation in MainApp in the management interface in Cisco Intrusion Prevention System (IPS) Software before 7.3(3)E4 allows remote attackers to cause a denial of service (process hang) by establishing many HTTPS sessions, aka Bug ID CSCuq40652.
Total number of vulnerabilities : 2095   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.