| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2013-1244 |
79 |
|
XSS |
2013-05-15 |
2013-05-16 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the portal module in Cisco WebEx Social allows remote authenticated users to inject arbitrary web script or HTML via a javascript: URL in the link field in a post, aka Bug ID CSCue67199. |
|
2 |
CVE-2012-3924 |
|
|
DoS |
2012-09-16 |
2013-03-25 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
None |
Partial |
|
The SSLVPN implementation in Cisco IOS 15.1 and 15.2, when DTLS is enabled, does not properly handle certain outbound ACL configurations, which allows remote authenticated users to cause a denial of service (device crash) via a session involving a PPP over ATM (PPPoA) interface, aka Bug ID CSCty97961. |
|
3 |
CVE-2012-3923 |
|
|
DoS |
2012-09-16 |
2013-03-25 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
None |
Partial |
|
The SSLVPN implementation in Cisco IOS 12.4, 15.0, 15.1, and 15.2, when DTLS is not enabled, does not properly handle certain outbound ACL configurations, which allows remote authenticated users to cause a denial of service (device crash) via a session involving a PPP over ATM (PPPoA) interface, aka Bug ID CSCte41827. |
|
4 |
CVE-2012-1370 |
119 |
|
DoS Overflow |
2012-08-06 |
2012-08-06 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
None |
Partial |
|
Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 allows remote authenticated users to cause a denial of service (vpnagentd process crash) via a crafted packet, aka Bug ID CSCty01670. |
|
5 |
CVE-2012-1344 |
119 |
|
DoS Overflow |
2012-08-06 |
2013-04-01 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
None |
Partial |
|
Cisco IOS 15.1 and 15.2, when a clientless SSL VPN is configured, allows remote authenticated users to cause a denial of service (device reload) by using a web browser to refresh the SSL VPN portal page, as demonstrated by the Android browser, aka Bug ID CSCtr86328. |
|
6 |
CVE-2011-3289 |
264 |
|
Bypass |
2012-05-02 |
2012-10-29 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
Cisco IOS 12.4 and 15.0 through 15.2 allows physically proximate attackers to bypass the No Service Password-Recovery feature and read the start-up configuration via unspecified vectors, aka Bug ID CSCtr97640. |
|
7 |
CVE-2011-2544 |
79 |
1
|
DoS XSS CSRF |
2011-09-23 |
2012-02-13 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the web interface in Cisco TelePresence System MXP Series F9.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a crafted Call ID, as demonstrated by resultant cross-site request forgery (CSRF) attacks that change passwords or cause a denial of service, aka Bug ID CSCtq46488. |
|
8 |
CVE-2009-5007 |
59 |
|
|
2010-10-14 |
2010-11-11 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
The Cisco trial client on Linux for Cisco AnyConnect SSL VPN allows local users to overwrite arbitrary files via a symlink attack on unspecified temporary files. |
|
9 |
CVE-2009-2977 |
310 |
|
+Info |
2009-08-27 |
2009-09-04 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
The Cisco Security Monitoring, Analysis and Response System (CS-MARS) 6.0.4 and earlier stores cleartext passwords in log/sysbacktrace.## files within error-logs.tar.gz archives, which allows context-dependent attackers to obtain sensitive information by reading these files. |
|
10 |
CVE-2009-2056 |
264 |
|
DoS |
2009-08-21 |
2009-08-21 |
3.3 |
None |
Remote |
Low |
Multiple systems |
None |
None |
Partial |
|
Cisco IOS XR 3.8.1 and earlier allows remote authenticated users to cause a denial of service (process crash) via vectors involving a BGP UPDATE message with many AS numbers prepended to the AS path. |
|
11 |
CVE-2009-2048 |
79 |
|
XSS |
2009-07-16 |
2009-08-12 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Administration interface in Cisco Customer Response Solutions (CRS) before 7.0(1) SR2 in Cisco Unified Contact Center Express (aka CCX) server allows remote authenticated users to inject arbitrary web script or HTML into the CCX database via unspecified vectors. |
|
12 |
CVE-2009-1556 |
200 |
|
+Info |
2009-05-06 |
2009-05-23 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
|
img/main.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote authenticated users to read arbitrary files in img/ via a filename in the next_file parameter, as demonstrated by reading .htpasswd to obtain the admin password, a different vulnerability than CVE-2004-2507. |
|
13 |
CVE-2009-1154 |
119 |
|
DoS Overflow |
2009-08-21 |
2009-08-21 |
3.3 |
None |
Remote |
Low |
Multiple systems |
None |
None |
Partial |
|
Cisco IOS XR 3.8.1 and earlier allows remote attackers to cause a denial of service (process crash) via a long BGP UPDATE message, as demonstrated by a message with many AS numbers in the AS Path Attribute. |
|
14 |
CVE-2009-0743 |
79 |
|
XSS |
2009-02-27 |
2009-03-06 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the edit account page in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote authenticated users to inject arbitrary web script or HTML via the E-mail Address field. |
|
15 |
CVE-2008-4542 |
79 |
|
XSS |
2008-10-13 |
2008-12-24 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Cisco Unity 4.x before 4.2(1)ES162, 5.x before 5.0(1)ES56, and 7.x before 7.0(2)ES8 allows remote authenticated administrators to inject arbitrary web script or HTML by entering it in the database (aka data store). |
|
16 |
CVE-2007-6190 |
200 |
|
+Info |
2007-11-29 |
2008-11-15 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
|
The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobility feature is enabled, allows remote authenticated users of other phones associated with the same CUCM server to eavesdrop on the physical environment via a CiscoIPPhoneExecute message containing a URL attribute of an ExecuteItem element that specifies a Real-Time Transport Protocol (RTP) audio stream. |
|
17 |
CVE-2007-1467 |
|
|
XSS |
2007-03-16 |
2008-09-05 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.html and (2) PreSearch.class in Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP Communicator, Unified Video Advantage, Unified Videoconferencing 35xx products, Unified Videoconferencing Manager, WAN Manager, Security Device Manager, Network Analysis Module (NAM), CiscoWorks and related products, Wireless LAN Solution Engine (WLSE), 2006 Wireless LAN Controllers (WLC), and Wireless Control System (WCS) allow remote attackers to inject arbitrary web script or HTML via the text field of the search form. |
