| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complex
ity
|
Authen
tication
|
Confiden
tiality
|
Integrity
|
Availa
bility
|
|
1 |
CVE-2012-1337 |
119 |
|
Exec Code Overflow |
2012-04-05 |
2012-04-05 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP10, and T27 LD before SP32 CP1 allows remote attackers to execute arbitrary code via a crafted WRF file, a different vulnerability than CVE-2012-1335 and CVE-2012-1336. |
|
2 |
CVE-2012-1336 |
119 |
|
Exec Code Overflow |
2012-04-05 |
2012-04-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP10, and T27 LD before SP32 CP1 allows remote attackers to execute arbitrary code via a crafted WRF file, a different vulnerability than CVE-2012-1335 and CVE-2012-1337. |
|
3 |
CVE-2012-1335 |
119 |
|
Exec Code Overflow |
2012-04-05 |
2012-04-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP10, and T27 LD before SP32 CP1 allows remote attackers to execute arbitrary code via a crafted WRF file, a different vulnerability than CVE-2012-1336 and CVE-2012-1337. |
|
4 |
CVE-2012-1328 |
94 |
|
+Priv |
2012-05-03 |
2012-05-04 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Cisco Unified IP Phones 9900 series devices with firmware 9.1 and 9.2 do not properly handle downloads of configuration information to an RT phone, which allows local users to gain privileges via unspecified injected data, aka Bug ID CSCts32237. |
|
5 |
CVE-2012-1327 |
16 |
|
DoS |
2012-05-03 |
2012-05-10 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
|
dot11t/t_if_dot11_hal_ath.c in Cisco IOS 12.3, 12.4, 15.0, and 15.1 allows remote attackers to cause a denial of service (assertion failure and reboot) via 802.11 wireless traffic, as demonstrated by a video call from Apple iOS 5.0 on an iPhone 4S, aka Bug ID CSCtt94391. |
|
6 |
CVE-2012-1324 |
362 |
|
DoS |
2012-05-03 |
2012-05-10 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
Race condition in the Zone-Based Firewall in Cisco IOS 15.1 and 15.2, when IPS policies are configured, allows remote attackers to cause a denial of service (device crash) by sending IPv6 packets, aka Bug ID CSCtk53534. |
|
7 |
CVE-2012-1315 |
399 |
|
DoS |
2012-03-29 |
2012-04-02 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Memory leak in the SIP inspection feature in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted transit SIP traffic, aka Bug ID CSCti46171. |
|
8 |
CVE-2012-1314 |
399 |
|
DoS |
2012-03-29 |
2012-04-02 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The WAAS Express feature in Cisco IOS 15.1 and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted transit traffic, aka Bug ID CSCtt45381. |
|
9 |
CVE-2012-1312 |
399 |
|
DoS |
2012-03-29 |
2012-04-02 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
The MACE feature in Cisco IOS 15.1 and 15.2 allows remote attackers to cause a denial of service (device reload) via crafted transit traffic, aka Bug IDs CSCtq64987 and CSCtu57226. |
|
10 |
CVE-2012-1311 |
399 |
|
DoS |
2012-03-29 |
2012-04-02 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The RSVP feature in Cisco IOS 15.0 and 15.1 and IOS XE 3.2.xS through 3.4.xS before 3.4.2S, when a VRF interface is configured, allows remote attackers to cause a denial of service (interface queue wedge and service outage) via crafted RSVP packets, aka Bug ID CSCts80643. |
|
11 |
CVE-2012-1310 |
399 |
|
DoS |
2012-03-29 |
2012-04-02 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Memory leak in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted IP packets, aka Bug ID CSCto89536. |
|
12 |
CVE-2012-0388 |
399 |
|
DoS |
2012-03-29 |
2012-04-02 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Memory leak in the H.323 inspection feature in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via malformed transit H.323 traffic, aka Bug ID CSCtq45553. |
|
13 |
CVE-2012-0387 |
399 |
|
DoS |
2012-03-29 |
2012-04-02 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Memory leak in the HTTP Inspection Engine feature in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted transit HTTP traffic, aka Bug ID CSCtq36153. |
|
14 |
CVE-2012-0386 |
310 |
|
DoS |
2012-03-29 |
2012-04-02 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The SSHv2 implementation in Cisco IOS 12.2, 12.4, 15.0, 15.1, and 15.2 and IOS XE 2.3.x through 2.6.x and 3.1.xS through 3.4.xS before 3.4.2S allows remote attackers to cause a denial of service (device reload) via a crafted username in a reverse SSH login attempt, aka Bug ID CSCtr49064. |
|
15 |
CVE-2012-0385 |
20 |
|
DoS |
2012-03-29 |
2012-04-04 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The Smart Install feature in Cisco IOS 12.2, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (device reload) by sending a malformed Smart Install message over TCP, aka Bug ID CSCtt16051. |
|
16 |
CVE-2012-0384 |
264 |
|
Exec Code Bypass |
2012-03-29 |
2012-04-04 |
8.5 |
None |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
|
Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS before 3.1.2S, 3.2.xS through 3.4.xS before 3.4.2S, 3.5.xS before 3.5.1S, and 3.1.xSG and 3.2.xSG before 3.2.2SG, when AAA authorization is enabled, allow remote authenticated users to bypass intended access restrictions and execute commands via a (1) HTTP or (2) HTTPS session, aka Bug ID CSCtr91106. |
|
17 |
CVE-2012-0383 |
399 |
|
DoS |
2012-03-29 |
2012-04-04 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Memory leak in the NAT feature in Cisco IOS 12.4, 15.0, and 15.1 allows remote attackers to cause a denial of service (memory consumption, and device hang or reload) via SIP packets that require translation, related to a "memory starvation vulnerability," aka Bug ID CSCti35326. |
|
18 |
CVE-2012-0382 |
399 |
|
DoS |
2012-03-29 |
2012-04-04 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
The Multicast Source Discovery Protocol (MSDP) implementation in Cisco IOS 12.0, 12.2 through 12.4, and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS through 3.4.xS before 3.4.1S and 3.1.xSG and 3.2.xSG before 3.2.2SG allows remote attackers to cause a denial of service (device reload) via encapsulated IGMP data in an MSDP packet, aka Bug ID CSCtr28857. |
|
19 |
CVE-2012-0381 |
310 |
|
DoS |
2012-03-29 |
2012-04-24 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS through 3.4.xS before 3.4.2S, 3.5.xS before 3.5.1S, and 3.2.xSG before 3.2.2SG allows remote attackers to cause a denial of service (device reload) by sending IKE UDP packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCts38429. |
|
20 |
CVE-2012-0378 |
189 |
|
DoS |
2012-05-03 |
2012-05-10 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 through 8.4 allow remote attackers to cause a denial of service (connection limit exceeded) by triggering a large number of stale connections that result in an incorrect value for an MPF connection count, aka Bug ID CSCtv19854. |
|
21 |
CVE-2012-0376 |
|
|
DoS |
2012-05-03 |
2012-05-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The voice-sipstack component in Cisco Unified Communications Manager (CUCM) 8.5 allows remote attackers to cause a denial of service (core dump) via vectors involving SIP messages that arrive after an upgrade, aka Bug ID CSCtj87367. |
|
22 |
CVE-2012-0371 |
264 |
|
|
2012-02-29 |
2012-03-02 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Cisco Wireless LAN Controller (WLC) devices with software 4.x, 5.x, 6.0, and 7.0 before 7.0.220.4, when CPU-based ACLs are enabled, allow remote attackers to read or modify the configuration via unspecified vectors, aka Bug ID CSCtu56709. |
|
23 |
CVE-2012-0370 |
399 |
|
DoS |
2012-02-29 |
2012-03-05 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Cisco Wireless LAN Controller (WLC) devices with software 4.x, 5.x, 6.0, and 7.0 before 7.0.220.0 and 7.1 before 7.1.91.0, when WebAuth is enabled, allow remote attackers to cause a denial of service (device reload) via a sequence of (1) HTTP or (2) HTTPS packets, aka Bug ID CSCtt47435. |
|
24 |
CVE-2012-0369 |
399 |
|
DoS |
2012-02-29 |
2012-03-05 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Cisco Wireless LAN Controller (WLC) devices with software 6.0 and 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 before 7.2.103.0 allow remote attackers to cause a denial of service (device reload) via a sequence of IPv6 packets, aka Bug ID CSCtt07949. |
|
25 |
CVE-2012-0368 |
399 |
|
DoS |
2012-02-29 |
2012-03-07 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The administrative management interface on Cisco Wireless LAN Controller (WLC) devices with software 4.x, 5.x, 6.0, and 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 before 7.2.103.0 allows remote attackers to cause a denial of service (device crash) via a malformed URL in an HTTP request, aka Bug ID CSCts81997. |
|
26 |
CVE-2012-0367 |
399 |
|
DoS |
2012-02-29 |
2012-03-01 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Cisco Unity Connection before 7.1.5b(Su5), 8.0 and 8.5 before 8.5.1(Su3), and 8.6 before 8.6.2 allows remote attackers to cause a denial of service (services crash) via a series of crafted TCP segments, aka Bug ID CSCtq67899. |
|
27 |
CVE-2012-0366 |
264 |
|
|
2012-02-29 |
2012-03-01 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
Cisco Unity Connection before 7.1.3b(Su2) allows remote authenticated users to change the administrative password by leveraging the Help Desk Administrator role, aka Bug ID CSCtd45141. |
|
28 |
CVE-2012-0365 |
22 |
|
Dir. Trav. |
2012-02-24 |
2012-03-06 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
Directory traversal vulnerability in the Local TFTP file-upload application on Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allows remote authenticated users to upload software to arbitrary directories via unspecified vectors, aka Bug ID CSCtw56009. |
|
29 |
CVE-2012-0364 |
264 |
|
|
2012-02-24 |
2012-03-06 |
7.8 |
None |
Remote |
Low |
Not required |
None |
Complete |
None |
|
Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allow remote attackers to replace the configuration file via an upload request to an unspecified URL, aka Bug ID CSCtw55495. |
|
30 |
CVE-2012-0363 |
94 |
|
Exec Code |
2012-02-24 |
2012-03-06 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
The web interface on Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allows remote authenticated users to execute arbitrary commands via unspecified vectors, related to a "command injection vulnerability," aka Bug ID CSCtt46871. |
|
31 |
CVE-2012-0362 |
264 |
|
Bypass |
2012-05-02 |
2012-05-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The extended ACL functionality in Cisco IOS 12.2(58)SE2 and 15.0(1)SE discards all lines that end with a log or time keyword, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by sending network traffic, aka Bug ID CSCts01106. |
|
32 |
CVE-2012-0361 |
264 |
|
DoS |
2012-05-02 |
2012-05-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The sccp-protocol component in Cisco IP Communicator (CIPC) 7.0 through 8.6 does not limit the rate of SCCP messages to Cisco Unified Communications Manager (CUCM), which allows remote attackers to cause a denial of service via vectors that trigger (1) on hook and (2) off hook messages, as demonstrated by a Plantronics headset, aka Bug ID CSCti40315. |
|
33 |
CVE-2012-0359 |
399 |
|
DoS |
2012-02-29 |
2012-03-01 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The Cisco Cius with software before 9.2(1) SR2 allows remote attackers to cause a denial of service (device crash or hang) via malformed network traffic, aka Bug ID CSCto71445. |
|
34 |
CVE-2012-0358 |
119 |
|
Exec Code Overflow |
2012-03-14 |
2012-03-15 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the Cisco Port Forwarder ActiveX control in cscopf.ocx, as distributed through the Clientless VPN feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.0 through 7.2 before 7.2(5.6), 8.0 before 8.0(5.26), 8.1 before 8.1(2.53), 8.2 before 8.2(5.18), 8.3 before 8.3(2.28), 8.2 before 8.4(2.16), and 8.6 before 8.6(1.1), allows remote attackers to execute arbitrary code via unspecified vectors, aka Bug ID CSCtr00165. |
|
35 |
CVE-2012-0356 |
20 |
|
DoS |
2012-03-14 |
2012-03-15 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 7.0 through 7.2 before 7.2(5.7), 8.0 before 8.0(5.27), 8.1 before 8.1(2.53), 8.2 before 8.2(5.8), 8.3 before 8.3(2.25), 8.4 before 8.4(2.5), and 8.5 before 8.5(1.2) and the Firewall Services Module (FWSM) 3.1 and 3.2 before 3.2(23) and 4.0 and 4.1 before 4.1(8) in Cisco Catalyst 6500 series devices, when multicast routing is enabled, allow remote attackers to cause a denial of service (device reload) via a crafted IPv4 PIM message, aka Bug IDs CSCtr47517 and CSCtu97367. |
|
36 |
CVE-2012-0355 |
20 |
|
DoS |
2012-03-14 |
2012-03-15 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.4 before 8.4(2.11) and 8.5 before 8.5(1.4) allow remote attackers to cause a denial of service (device reload) via (1) IPv4 or (2) IPv6 packets that trigger syslog message 305006, aka Bug ID CSCts39634. |
|
37 |
CVE-2012-0354 |
20 |
|
DoS |
2012-03-14 |
2012-03-15 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
The Threat Detection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.0 through 8.2 before 8.2(5.20), 8.3 before 8.3(2.29), 8.4 before 8.4(3), 8.5 before 8.5(1.6), and 8.6 before 8.6(1.1) allows remote attackers to cause a denial of service (device reload) via (1) IPv4 or (2) IPv6 packets that trigger a shun event, aka Bug ID CSCtw35765. |
|
38 |
CVE-2012-0353 |
20 |
|
DoS |
2012-03-14 |
2012-03-15 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
The UDP inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.0 before 8.0(5.25), 8.1 before 8.1(2.50), 8.2 before 8.2(5.5), 8.3 before 8.3(2.22), 8.4 before 8.4(2.1), and 8.5 before 8.5(1.2) does not properly handle flows, which allows remote attackers to cause a denial of service (device reload) via a crafted series of (1) IPv4 or (2) IPv6 UDP packets, aka Bug ID CSCtq10441. |
|
39 |
CVE-2012-0352 |
399 |
|
DoS |
2012-02-16 |
2012-02-17 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Cisco NX-OS 4.2.x before 4.2(1)SV1(5.1) on Nexus 1000v series switches; 4.x and 5.0.x before 5.0(2)N1(1) on Nexus 5000 series switches; and 4.2.x before 4.2.8, 5.0.x before 5.0.5, and 5.1.x before 5.1.1 on Nexus 7000 series switches allows remote attackers to cause a denial of service (netstack process crash and device reload) via a malformed IP packet, aka Bug IDs CSCti23447, CSCti49507, and CSCtj01991. |
|
40 |
CVE-2012-0340 |
79 |
|
XSS |
2012-02-13 |
2012-02-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the management interface on the Cisco IronPort Encryption Appliance with software before 6.5.3 allows remote attackers to inject arbitrary web script or HTML via the header parameter to the default URI under admin/, aka bug ID 72410. |
|
41 |
CVE-2012-0339 |
20 |
|
|
2012-05-02 |
2012-05-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Cisco IOS 12.2 through 12.4 and 15.0 does not recognize the vrf-also keyword during enforcement of access-class commands, which allows remote attackers to establish TELNET connections from arbitrary source IP addresses via a standard TELNET client, aka Bug ID CSCsi77774. |
|
42 |
CVE-2012-0338 |
20 |
|
|
2012-05-02 |
2012-05-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Cisco IOS 12.2 through 12.4 and 15.0 does not recognize the vrf-also keyword during enforcement of access-class commands, which allows remote attackers to establish SSH connections from arbitrary source IP addresses via a standard SSH client, aka Bug ID CSCsv86113. |
|
43 |
CVE-2012-0337 |
89 |
|
Exec Code Sql |
2012-05-02 |
2012-05-11 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the web component in Cisco Unified MeetingPlace 7.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtx08939. |
|
44 |
CVE-2012-0335 |
287 |
|
+Info |
2012-05-02 |
2012-05-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 through 8.4 do not properly perform proxy authentication during attempts to cut through a firewall, which allows remote attackers to obtain sensitive information via a connection attempt, aka Bug ID CSCtx42746. |
|
45 |
CVE-2012-0333 |
287 |
|
|
2012-05-02 |
2012-05-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and earlier do not require authentication for Push XML requests, which allows remote attackers to make telephone calls via an XML document, aka Bug ID CSCts08768. |
|
46 |
CVE-2012-0331 |
399 |
|
DoS |
2012-02-29 |
2012-03-01 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Cisco TelePresence Video Communication Server with software before X7.0.1 allows remote attackers to cause a denial of service (device crash) via a crafted SIP packet, as demonstrated by a SIP INVITE message from a Tandberg device, aka Bug ID CSCtq73319. |
|
47 |
CVE-2012-0330 |
399 |
|
DoS |
2012-02-29 |
2012-03-01 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Cisco TelePresence Video Communication Server with software before X7.0.1 allows remote attackers to cause a denial of service (device crash) via a malformed SIP message, aka Bug ID CSCtr20426. |
|
48 |
CVE-2012-0329 |
94 |
|
Exec Code |
2012-01-19 |
2012-01-30 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
Cisco Digital Media Manager 5.2.2 and earlier, and 5.2.3, allows remote authenticated users to execute arbitrary code via vectors involving a URL and an administrative resource, aka Bug ID CSCts63878. |
|
49 |
CVE-2011-4659 |
264 |
|
|
2012-01-19 |
2012-02-10 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Cisco TelePresence Software before TE 4.1.1 on the Cisco IP Video Phone E20 has a default password for the root account after an upgrade to TE 4.1.0, which makes it easier for remote attackers to modify the configuration via an SSH session, aka Bug ID CSCtw69889, a different vulnerability than CVE-2011-2555. |
|
50 |
CVE-2011-4500 |
16 |
|
|
2011-11-22 |
2011-11-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The UPnP IGD implementation on the Cisco Linksys WRT54GX with firmware 2.00.05, when UPnP is enabled, configures the SOAP server to listen on the WAN port, which allows remote attackers to administer the firewall via SOAP requests. |
