CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Cisco : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-4349 +Priv 2016-04-28 2016-05-03
7.2
None Local Low Not required Complete Complete Complete
Untrusted search path vulnerability in Cisco WebEx Productivity Tools 2.40.5001.10012 allows local users to gain privileges via a Trojan horse cryptsp.dll, dwmapi.dll, msimg32.dll, ntmarta.dll, propsys.dll, riched20.dll, rpcrtremote.dll, secur32.dll, sxs.dll, or uxtheme.dll file in the current working directory, aka Bug ID CSCuy56140.
2 CVE-2016-1467 399 DoS 2016-07-27 2016-07-28
6.1
None Local Network Low Not required None None Complete
Cisco Videoscape Session Resource Manager (VSRM) allows remote attackers to cause a denial of service (device restart) by sending a traffic flood to upstream devices, aka Bug ID CSCva01813.
3 CVE-2016-1465 399 DoS 2016-07-27 2016-07-28
6.1
None Local Network Low Not required None None Complete
Cisco Nexus 1000v Application Virtual Switch (AVS) devices before 5.2(1)SV3(1.5i) allow remote attackers to cause a denial of service (ESXi hypervisor crash and purple screen) via a crafted Cisco Discovery Protocol packet that triggers an out-of-bounds memory access, aka Bug ID CSCuw57985.
4 CVE-2016-1463 20 Bypass 2016-07-27 2016-07-28
5.0
None Remote Low Not required None Partial None
Cisco FireSIGHT System Software 5.3.0, 5.3.1, 5.4.0, 6.0, and 6.0.1 allows remote attackers to bypass Snort rules via crafted parameters in the header of an HTTP packet, aka Bug ID CSCuz20737.
5 CVE-2016-1462 79 XSS 2016-07-27 2016-07-28
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Prime Service Catalog (PSC) 11.0 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuz63795.
6 CVE-2016-1460 399 DoS 2016-07-27 2016-07-28
6.1
None Local Network Low Not required None None Complete
Cisco Wireless LAN Controller (WLC) devices 7.4(121.0) and 8.0(0.30220.385) allow remote attackers to cause a denial of service via crafted wireless management frames, aka Bug ID CSCun92979.
7 CVE-2016-1459 399 DoS 2016-07-17 2016-07-19
4.9
None Remote High Single system None None Complete
Cisco IOS 12.4 and 15.0 through 15.5 and IOS XE 3.13 through 3.17 allow remote authenticated users to cause a denial of service (device reload) via crafted attributes in a BGP message, aka Bug ID CSCuz21061.
8 CVE-2016-1456 264 Exec Code 2016-07-15 2016-07-18
7.2
None Local Low Not required Complete Complete Complete
The CLI in Cisco IOS XR 6.x through 6.0.1 allows local users to execute arbitrary OS commands in a privileged context by leveraging unspecified container access, aka Bug ID CSCuz62721.
9 CVE-2016-1452 254 2016-07-15 2016-07-20
6.4
None Remote Low Not required Partial Partial None
Cisco ASR 5000 devices with software 18.3 through 20.0.0 allow remote attackers to make configuration changes over SNMP by leveraging knowledge of the read-write community, aka Bug ID CSCuz29526.
10 CVE-2016-1451 79 XSS 2016-07-15 2016-07-18
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Meeting Server (formerly Acano Conferencing Server) 1.7 through 1.9 allows remote attackers to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCva19922.
11 CVE-2016-1450 20 2016-07-15 2016-07-15
6.0
None Remote Medium Single system Partial Partial Partial
Cisco WebEx Meetings Server 2.6 allows remote authenticated users to conduct command-injection attacks via vectors related to an upload's file type, aka Bug ID CSCuy92715.
12 CVE-2016-1449 79 XSS 2016-07-15 2016-07-15
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Cisco WebEx Meetings Server 2.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy92711.
13 CVE-2016-1448 352 CSRF 2016-07-17 2016-07-18
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 2.7 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuy92706.
14 CVE-2016-1447 79 XSS 2016-07-15 2016-07-15
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the administrator interface in Cisco WebEx Meetings Server 2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuy83194.
15 CVE-2016-1446 89 Exec Code Sql 2016-07-15 2016-07-15
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in Cisco WebEx Meetings Server 2.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuy83200.
16 CVE-2016-1445 20 Bypass 2016-07-11 2016-07-12
4.3
None Remote Medium Not required Partial None None
Cisco Adaptive Security Appliance (ASA) Software 8.2 through 9.4.3.3 allows remote attackers to bypass intended ICMP Echo Reply ACLs via vectors related to subtypes.
17 CVE-2016-1444 20 Bypass 2016-07-07 2016-07-08
5.8
None Remote Medium Not required Partial Partial None
The Mobile and Remote Access (MRA) component in Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7 and Expressway X8.1 through X8.6 mishandles certificates, which allows remote attackers to bypass authentication via an arbitrary trusted certificate, aka Bug ID CSCuz64601.
18 CVE-2016-1443 254 Bypass +Info 2016-07-07 2016-07-08
6.8
None Remote Medium Not required Partial Partial Partial
The virtual network stack on Cisco AMP Threat Grid Appliance devices before 2.1.1 allows remote attackers to bypass a sandbox protection mechanism, and consequently obtain sensitive interprocess information or modify interprocess data, via a crafted malware sample.
19 CVE-2016-1442 20 Exec Code 2016-07-07 2016-07-08
9.0
None Remote Low Single system Complete Complete Complete
The administrative web interface in Cisco Prime Infrastructure (PI) before 3.1.1 allows remote authenticated users to execute arbitrary commands via crafted field values, aka Bug ID CSCuy96280.
20 CVE-2016-1441 20 Bypass 2016-07-02 2016-07-05
6.4
None Remote Low Not required Partial Partial None
Cisco Cloud Network Automation Provisioner (CNAP) 1.0(0) in Cisco Configuration Assistant (CCA) allows remote attackers to bypass intended filesystem and administrative-endpoint restrictions via GET API calls, aka Bug ID CSCuy77145.
21 CVE-2016-1440 399 DoS 2016-07-02 2016-07-05
5.0
None Remote Low Not required None None Partial
The proxy process on Cisco Web Security Appliance (WSA) devices through 9.1.0-070 allows remote attackers to cause a denial of service (CPU consumption) by establishing an FTP session and then improperly terminating the control connection after a file transfer, aka Bug ID CSCuy43468.
22 CVE-2016-1439 79 XSS 2016-06-22 2016-06-23
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Contact Center Enterprise through 10.5(2) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux59650.
23 CVE-2016-1438 20 Bypass 2016-06-22 2016-06-23
5.0
None Remote Low Not required None Partial None
Cisco AsyncOS 9.7.0-125 on Email Security Appliance (ESA) devices allows remote attackers to bypass intended spam filtering via crafted executable content in a ZIP archive, aka Bug ID CSCuy39210.
24 CVE-2016-1437 89 Exec Code Sql 2016-06-22 2016-06-23
4.0
None Remote Low Single system Partial None None
SQL injection vulnerability in the SQL database in Cisco Prime Collaboration Deployment before 11.5.1 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuy92549.
25 CVE-2016-1436 119 DoS Overflow 2016-06-22 2016-06-23
5.0
None Remote Low Not required None None Partial
The General Packet Radio Switching Tunneling Protocol 1 (aka GTPv1) implementation on Cisco ASR 5000 Packet Data Network Gateway devices before 19.4 allows remote attackers to cause a denial of service (Session Manager process restart) via a crafted GTPv1 packet, aka Bug ID CSCuz46198.
26 CVE-2016-1435 264 2016-06-22 2016-06-23
6.2
None Local High Not required Complete Complete Complete
Cisco 8800 phones with software 11.0(1) do not properly enforce mounted-filesystem permissions, which allows local users to write to arbitrary files by leveraging shell access, aka Bug ID CSCuz03014.
27 CVE-2016-1434 22 Dir. Trav. 2016-06-22 2016-06-23
4.0
None Remote Low Single system None Partial None
The license-certificate upload functionality on Cisco 8800 phones with software 11.0(1) allows remote authenticated users to delete arbitrary files via an invalid file, aka Bug ID CSCuz03010.
28 CVE-2016-1432 399 DoS 2016-06-17 2016-06-20
6.8
None Remote Low Single system None None Complete
Cisco IOS XE 3.15S and 3.16S on cBR-8 Converged Broadband Router devices allows remote authenticated users to cause a denial of service (NULL pointer dereference and card restart) via a crafted SNMP request, aka Bug ID CSCuu68862.
29 CVE-2016-1431 79 XSS 2016-06-17 2016-06-20
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Cisco Firepower Management Center 4.10.3, 5.2.0, 5.3.0, 5.3.1, and 5.4.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCur25516.
30 CVE-2016-1428 399 DoS 2016-06-22 2016-06-23
6.8
None Remote Low Single system None None Complete
Double free vulnerability in Cisco IOS XE 3.15S, 3.16S, and 3.17S allows remote authenticated users to cause a denial of service (device restart) via a sequence of crafted SNMP read requests, aka Bug ID CSCux13174.
31 CVE-2016-1427 287 +Info 2016-06-17 2016-06-20
5.0
None Remote Low Not required Partial None None
The System Configuration Protocol (SCP) core messaging interface in Cisco Prime Network Registrar 8.2 before 8.2.3.1 and 8.3 before 8.3.2 allows remote attackers to obtain sensitive information via crafted SCP messages, aka Bug ID CSCuv35694.
32 CVE-2016-1426 399 DoS 2016-07-15 2016-07-18
7.8
None Remote Low Not required None None Complete
Cisco IOS XR 5.x through 5.2.5 on NCS 6000 devices allows remote attackers to cause a denial of service (timer consumption and Route Processor reload) via crafted SSH traffic, aka Bug ID CSCux76819.
33 CVE-2016-1425 119 DoS Overflow 2016-07-03 2016-07-05
6.1
None Local Network Low Not required None None Complete
Cisco IOS 15.0(2)SG5, 15.1(2)SG3, 15.2(1)E, 15.3(3)S, and 15.4(1.13)S allows remote attackers to cause a denial of service (device crash) via a crafted LLDP packet, aka Bug ID CSCun66735.
34 CVE-2016-1424 119 DoS Overflow 2016-06-18 2016-06-20
6.1
None Local Network Low Not required None None Complete
Cisco IOS 15.2(1)T1.11 and 15.2(2)TST allows remote attackers to cause a denial of service (device crash) via a crafted LLDP packet, aka Bug ID CSCun63132.
35 CVE-2016-1421 119 DoS Overflow 2016-06-09 2016-06-10
5.0
None Remote Low Not required None None Partial
The web application on Cisco IP 8800 devices allows remote attackers to cause a denial of service (out-of-bounds memory access and web-server outage) via a crafted request, aka Bug ID CSCuz03034.
36 CVE-2016-1420 2016-06-09 2016-06-10
7.2
None Local Low Not required Complete Complete Complete
The installation component on Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.3(2f) mishandles binary files, which allows local users to obtain root access via unspecified vectors, aka Bug ID CSCuz72347.
37 CVE-2016-1419 20 DoS 2016-06-09 2016-06-10
6.8
None Local Network Low Not required None Partial Complete
Cisco Access Point devices with software 8.2(102.43) allow remote attackers to cause a denial of service (device reload) via crafted ARP packets, aka Bug ID CSCuy55803.
38 CVE-2016-1418 20 2016-06-08 2016-06-15
7.2
None Local Low Not required Complete Complete Complete
Cisco Aironet Access Point Software 8.2(100.0) on 1830e, 1830i, 1850e, 1850i, 2800, and 3800 access points allows local users to obtain Linux root access via crafted CLI command parameters, aka Bug ID CSCuy64037.
39 CVE-2016-1416 264 2016-07-02 2016-07-05
10.0
None Remote Low Not required Complete Complete Complete
Cisco Prime Collaboration Provisioning 10.6 SP2 (aka 10.6.0.10602) mishandles LDAP authentication, which allows remote attackers to obtain administrator privileges via a crafted login attempt, aka Bug ID CSCuv37513.
40 CVE-2016-1413 94 2016-05-27 2016-05-31
4.0
None Remote Low Single system None Partial None
The web interface in Cisco Firepower Management Center 5.4.0 through 6.0.0.1 allows remote authenticated users to modify pages by placing crafted code in a parameter value, aka Bug ID CSCuy76517.
41 CVE-2016-1410 200 +Info 2016-05-27 2016-05-31
5.0
None Remote Low Not required Partial None None
Cisco WebEx Meeting Center Original Release Base allows remote attackers to obtain sensitive information about username validity by (1) attending or (2) hosting a meeting, aka Bug ID CSCux84312.
42 CVE-2016-1409 20 DoS 2016-05-29 2016-06-08
5.0
None Remote Low Not required None None Partial
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS XE 2.1 through 3.17S, IOS XR 2.0.0 through 5.3.2, and NX-OS allows remote attackers to cause a denial of service (packet-processing outage) via crafted ND messages, aka Bug ID CSCuz66542, as exploited in the wild in May 2016.
43 CVE-2016-1408 20 Exec Code 2016-07-02 2016-07-05
6.5
None Remote Low Single system Partial Partial Partial
Cisco Prime Infrastructure 1.2 through 3.1 and Evolved Programmable Network Manager (EPNM) 1.2 and 2.0 allow remote authenticated users to execute arbitrary commands or upload files via a crafted HTTP request, aka Bug ID CSCuz01488.
44 CVE-2016-1407 20 DoS 2016-05-24 2016-06-01
5.0
None Remote Low Not required None None Partial
Cisco IOS XR through 5.3.2 mishandles Local Packet Transport Services (LPTS) flow-base entries, which allows remote attackers to cause a denial of service (session drop) by making many connection attempts to open TCP ports, aka Bug ID CSCux95576.
45 CVE-2016-1406 284 +Priv Bypass +Info 2016-05-24 2016-05-25
6.5
None Remote Low Single system Partial Partial Partial
The API web interface in Cisco Prime Infrastructure before 3.1 and Cisco Evolved Programmable Network Manager before 1.2.4 allows remote authenticated users to bypass intended RBAC restrictions and obtain sensitive information, and consequently gain privileges, via crafted JSON data, aka Bug ID CSCuy12409.
46 CVE-2016-1405 119 DoS Overflow 2016-06-08 2016-06-16
5.0
None Remote Low Not required None None Partial
libclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware Protection (AMP) on Cisco Email Security Appliance (ESA) devices before 9.7.0-125 and Web Security Appliance (WSA) devices before 9.0.1-135 and 9.1.x before 9.1.1-041, allows remote attackers to cause a denial of service (AMP process restart) via a crafted document, aka Bug IDs CSCuv78533 and CSCuw60503.
47 CVE-2016-1404 200 +Info 2016-05-29 2016-05-31
5.0
None Remote Low Not required Partial None None
Cisco UCS Invicta 4.3, 4.5, and 5.0.1 on Invicta appliances and Invicta Scaling System uses the same hardcoded GnuPG encryption key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by sniffing network traffic to an Autosupport server and leveraging knowledge of this key from another installation, aka Bug ID CSCur85504.
48 CVE-2016-1403 20 Exec Code +Priv 2016-06-04 2016-06-07
7.2
None Local Low Not required Complete Complete Complete
CISCO IP 8800 phones with software 11.0.1 and earlier allow local users to gain privileges for OS command execution via crafted CLI commands, aka Bug ID CSCuz03005.
49 CVE-2016-1402 119 DoS Overflow 2016-05-20 2016-05-25
5.0
None Remote Low Not required None None Partial
The Active Directory (AD) integration component in Cisco Identity Service Engine (ISE) before 1.2.0.899 patch 7, when AD group-membership authorization is enabled, allows remote attackers to cause a denial of service (authentication outage) via a crafted Password Authentication Protocol (PAP) authentication request, aka Bug ID CSCun25815.
50 CVE-2016-1401 79 XSS 2016-05-20 2016-06-16
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Computing System (UCS) Central Software 1.4(1a) allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuy91250.
Total number of vulnerabilities : 2620   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.