| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2013-1245 |
20 |
|
Bypass |
2013-05-15 |
2013-05-16 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
The user-management page in Cisco WebEx Social relies on client-side validation of values in the Screen Name, First Name, Middle Name, Last Name, Email Address, and Job Title fields, which allows remote authenticated users to bypass intended access restrictions via crafted requests, aka Bug ID CSCue67190. |
|
2 |
CVE-2013-1240 |
20 |
|
|
2013-05-03 |
2013-05-06 |
4.6 |
None |
Local |
Low |
Single system |
Complete |
None |
None |
|
The command-line interface in Cisco Unified Communications Manager (CUCM) does not properly validate input, which allows local users to read arbitrary files via unspecified vectors, aka Bug ID CSCue25770. |
|
3 |
CVE-2013-1234 |
119 |
|
DoS Overflow |
2013-05-03 |
2013-05-03 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
The SNMP module in Cisco IOS XR allows remote authenticated users to cause a denial of service (process restart) via crafted SNMP packets, aka Bug ID CSCue69472. |
|
4 |
CVE-2013-1227 |
79 |
|
XSS |
2013-04-29 |
2013-04-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the web framework in Cisco Unified Communications Domain Manager allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCug37902. |
|
5 |
CVE-2013-1219 |
|
|
DoS |
2013-04-29 |
2013-05-01 |
4.4 |
None |
Local |
Medium |
Single system |
None |
None |
Complete |
|
SensorApp in Cisco Intrusion Prevention System (IPS) allows local users to cause a denial of service (Regex hardware job failure and application hang) via a (1) initiate signature upgrade, (2) initiate global correlation, (3) show statistics anomaly-detection, or (4) clear database action, aka Bug ID CSCuc74630. |
|
6 |
CVE-2013-1216 |
200 |
|
DoS +Info |
2013-04-29 |
2013-05-01 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
Memory leak in the SNMP module in Cisco IOS XR allows remote authenticated users to cause a denial of service (memory consumption and process restart) via crafted SNMP packets, aka Bug ID CSCue31546. |
|
7 |
CVE-2013-1199 |
362 |
|
DoS |
2013-04-18 |
2013-04-19 |
4.9 |
None |
Remote |
High |
Single system |
None |
None |
Complete |
|
Race condition in the CIFS implementation in the rewriter module in the Clientless SSL VPN component on Cisco Adaptive Security Appliances (ASA) devices allows remote authenticated users to cause a denial of service (device reload) by accessing resources within multiple sessions, aka Bug ID CSCub58996. |
|
8 |
CVE-2013-1198 |
79 |
|
XSS |
2013-04-29 |
2013-04-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in a Flash component in Cisco Unified Computing System (UCS) Central allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud15430. |
|
9 |
CVE-2013-1171 |
79 |
|
XSS |
2013-04-01 |
2013-04-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in the element-list implementation in Cisco Connected Grid Network Management System (CG-NMS) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs CSCue14517, CSCue38914, CSCue38884, CSCue38882, CSCue38881, CSCue38872, CSCue38868, CSCue38866, CSCue38853, and CSCue14540. |
|
10 |
CVE-2013-1160 |
79 |
|
XSS |
2013-05-01 |
2013-05-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the OpenView web menus in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud56743. |
|
11 |
CVE-2013-1159 |
79 |
|
XSS |
2013-05-01 |
2013-05-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Netcool Impact (NCI) web menus in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud56706. |
|
12 |
CVE-2013-1158 |
79 |
|
XSS |
2013-05-01 |
2013-05-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the IBM Tivoli Monitoring (ITM) help menus in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud54397. |
|
13 |
CVE-2013-1157 |
79 |
|
XSS |
2013-05-01 |
2013-05-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the IBM Tivoli Monitoring (ITM) Java servlet container in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud51068. |
|
14 |
CVE-2013-1140 |
200 |
|
+Info |
2013-03-06 |
2013-03-06 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The XML parser in Cisco Security Monitoring, Analysis, and Response System (MARS) allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCue55093. |
|
15 |
CVE-2013-1139 |
264 |
|
+Info |
2013-02-26 |
2013-02-27 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
The nsAPI interface in Cisco Cloud Portal 9.1 SP1 and SP2, and 9.3 through 9.3.2, does not properly check privileges, which allows remote authenticated users to obtain sensitive information via a crafted URL, aka Bug ID CSCud81134. |
|
16 |
CVE-2013-1136 |
399 |
|
DoS |
2013-05-13 |
2013-05-13 |
4.6 |
None |
Local |
Low |
Single system |
None |
None |
Complete |
|
The crypto engine process in Cisco IOS on Aggregation Services Router (ASR) Route Processor 2 does not properly manage memory, which allows local users to cause a denial of service (route processor crash) by creating multiple tunnels and then examining encryption statistics, aka Bug ID CSCuc52193. |
|
17 |
CVE-2013-1123 |
79 |
|
XSS |
2013-02-15 |
2013-02-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in the server in Cisco Unified MeetingPlace 7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCuc65411 and CSCue18706. |
|
18 |
CVE-2013-1114 |
79 |
|
XSS |
2013-02-13 |
2013-02-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unity Express before 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud87527. |
|
19 |
CVE-2013-1113 |
79 |
|
XSS |
2013-01-31 |
2013-02-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager allows remote attackers to inject arbitrary web script or HTML via a crafted parameter value, aka Bug ID CSCue21042. |
|
20 |
CVE-2013-1110 |
264 |
|
Bypass |
2013-01-21 |
2013-02-02 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
Cisco WebEx Training Center allow remote authenticated users to bypass intended privilege restrictions and (1) enable or (2) disable training-center recordings via a crafted URL, aka Bug ID CSCzu81065. |
|
21 |
CVE-2013-1108 |
264 |
|
|
2013-01-21 |
2013-02-02 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
Cisco WebEx Training Center allows remote authenticated users to remove hands-on lab-session reservations via a crafted URL, aka Bug ID CSCzu81064. |
|
22 |
CVE-2013-1107 |
200 |
|
+Info |
2013-02-06 |
2013-02-07 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
The search function in Cisco Webex Social (formerly Cisco Quad) allows remote authenticated users to read files via unspecified parameters, aka Bug ID CSCud40235. |
|
23 |
CVE-2012-6397 |
79 |
|
XSS |
2013-01-17 |
2013-01-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Cisco WebEx Social (formerly Cisco Quad) allows remote attackers to inject arbitrary web script or HTML via a crafted RSS service link, aka Bug ID CSCub61977. |
|
24 |
CVE-2012-6396 |
399 |
|
DoS |
2013-01-19 |
2013-02-02 |
4.9 |
None |
Remote |
High |
Single system |
None |
None |
Complete |
|
Cisco NX-OS on Nexus 7000 series switches does not properly handle certain line-card replacements, which might allow remote authenticated users to cause a denial of service (memory consumption) via a crafted configuration that references interfaces that do not exist on the new card, aka Bug ID CSCud44300. |
|
25 |
CVE-2012-6029 |
79 |
|
XSS |
2013-01-31 |
2013-02-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in the web-authentication function on the Cisco NAC Appliance 4.9.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) cm or (2) uri parameters to (a) perfigo_weblogin.jsp, or the (3) cm, (4) provider, (5) session, (6) uri, (7) userip, or (8) username parameters to (b) perfigo_cm_validate.jsp, aka Bug ID CSCud15109. |
|
26 |
CVE-2012-6007 |
79 |
|
XSS |
2012-12-19 |
2013-01-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in screens/base/web_auth_custom.html on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allows remote authenticated users to inject arbitrary web script or HTML via the headline parameter, aka Bug ID CSCud65187, a different vulnerability than CVE-2012-5992. |
|
27 |
CVE-2012-5429 |
|
|
DoS |
2013-01-17 |
2013-01-18 |
4.6 |
None |
Local |
Low |
Single system |
None |
None |
Complete |
|
The VPN driver in Cisco VPN Client on Windows does not properly interact with the kernel, which allows local users to cause a denial of service (kernel fault and system crash) via a crafted application, aka Bug ID CSCuc81669. |
|
28 |
CVE-2012-3096 |
|
|
DoS |
2012-09-16 |
2013-01-24 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
Cisco Unity Connection (UC) 7.1, 8.0, and 8.5 allows remote authenticated users to cause a denial of service (resource consumption and administration outage) via extended use of the product, aka Bug ID CSCtd79132. |
|
29 |
CVE-2012-2500 |
310 |
|
|
2012-08-06 |
2012-08-07 |
4.0 |
None |
Remote |
High |
Not required |
Partial |
Partial |
None |
|
Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate during WebLaunch of IPsec, which allows man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz29470. |
|
30 |
CVE-2012-2498 |
287 |
|
|
2012-08-06 |
2012-08-07 |
4.0 |
None |
Remote |
High |
Not required |
Partial |
Partial |
None |
|
Cisco AnyConnect Secure Mobility Client 3.0 through 3.0.08066 does not ensure that authentication makes use of a legitimate certificate, which allows user-assisted man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz29197. |
|
31 |
CVE-2012-2495 |
20 |
|
|
2012-06-20 |
2012-06-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The HostScan downloader implementation in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR8 and Cisco Secure Desktop before 3.6.6020 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a version downgrade by using (1) ActiveX or (2) Java components to offer signed code that corresponds to an older software release, aka Bug ID CSCtx74235. |
|
32 |
CVE-2012-2494 |
20 |
|
|
2012-06-20 |
2012-06-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 and 3.x before 3.0 MR8 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a version downgrade by using (1) ActiveX or (2) Java components to offer signed code that corresponds to an older software release, aka Bug ID CSCtw48681. |
|
33 |
CVE-2012-2474 |
200 |
|
DoS +Info |
2012-08-06 |
2012-08-07 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 through 8.4 allows remote authenticated users to cause a denial of service (memory consumption and blank response page) by using the clientless WebVPN feature, aka Bug ID CSCth34278. |
|
34 |
CVE-2012-1365 |
|
|
DoS |
2012-08-06 |
2012-08-06 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
Cisco Unified Computing System (UCS) 1.4 and 2.0 allows remote authenticated users to cause a denial of service (device reload) via a malformed SNMP request to a Fabric Interconnect (FI) device, aka Bug ID CSCts32463. |
|
35 |
CVE-2012-1364 |
|
|
DoS |
2012-08-06 |
2012-08-06 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
Cisco Unified Computing System (UCS) 1.4 and 2.0 allows remote authenticated users to cause a denial of service (device reload) via a malformed SNMP request to a Fabric Interconnect (FI) device, aka Bug ID CSCts32452. |
|
36 |
CVE-2012-1361 |
200 |
|
+Info |
2012-08-06 |
2012-08-07 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Cisco IOS 15.1 and 15.2, when the Multicast Music-on-Hold (MMoH) feature of Cisco Unified Communications Manager (CUCM) is enabled, allows remote attackers to obtain sensitive crosstalk information by listening during a PSTN call, aka Bug ID CSCtx77750. |
|
37 |
CVE-2012-1328 |
94 |
|
+Priv |
2012-05-03 |
2012-05-04 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Cisco Unified IP Phones 9900 series devices with firmware 9.1 and 9.2 do not properly handle downloads of configuration information to an RT phone, which allows local users to gain privileges via unspecified injected data, aka Bug ID CSCts32237. |
|
38 |
CVE-2012-0362 |
264 |
|
Bypass |
2012-05-02 |
2012-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The extended ACL functionality in Cisco IOS 12.2(58)SE2 and 15.0(1)SE discards all lines that end with a log or time keyword, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by sending network traffic, aka Bug ID CSCts01106. |
|
39 |
CVE-2012-0340 |
79 |
|
XSS |
2012-02-13 |
2012-02-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the management interface on the Cisco IronPort Encryption Appliance with software before 6.5.3 allows remote attackers to inject arbitrary web script or HTML via the header parameter to the default URI under admin/, aka bug ID 72410. |
|
40 |
CVE-2011-4237 |
94 |
|
Http R.Spl. |
2012-05-03 |
2012-06-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
CRLF injection vulnerability in autologin.jsp in Cisco CiscoWorks Common Services 4.0, as used in Cisco Prime LAN Management Solution and other products, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter, aka Bug ID CSCtu18693. |
|
41 |
CVE-2011-4014 |
200 |
|
+Info |
2012-05-02 |
2012-08-18 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
The TAC Case Attachment tool in Cisco Wireless Control System (WCS) 7.0 allows remote authenticated users to read arbitrary files under webnms/Temp/ via unspecified vectors, aka Bug ID CSCtq86807. |
|
42 |
CVE-2011-3317 |
79 |
|
XSS |
2012-05-02 |
2012-06-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCtr78192. |
|
43 |
CVE-2011-3309 |
200 |
|
+Info |
2012-05-02 |
2012-10-29 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 through 8.4 process IKE requests despite a vpnclient mode configuration, which allows remote attackers to obtain potentially sensitive information by reading IKE responder traffic, aka Bug ID CSCtt07749. |
|
44 |
CVE-2011-3294 |
79 |
|
XSS |
2011-10-19 |
2012-05-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the login page in the administrative interface on Cisco TelePresence Video Communication Servers (VCS) with software before X7.0 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header, aka Bug ID CSCts80342. |
|
45 |
CVE-2011-2545 |
79 |
|
XSS |
2012-06-13 |
2012-06-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the SIP implementation on the Cisco SPA8000 and SPA8800 before 6.1.11, SPA2102 and SPA3102 before 5.2.13, and SPA 500 series IP phones before 7.4.9 allows remote attackers to inject arbitrary web script or HTML via the FROM field of an INVITE message, aka Bug IDs CSCtr27277, CSCtr27256, CSCtr27274, and CSCtr14715. |
|
46 |
CVE-2011-2060 |
399 |
|
DoS |
2011-10-21 |
2012-05-13 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The platform-sw component on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 before 8.2(5.3), 8.3 before 8.3(2.20), and 8.4 before 8.4(2.1) does not properly handle non-ASCII characters in an interface description, which allows local users to cause a denial of service (reload without configuration) via a crafted description, aka Bug ID CSCtq50523. |
|
47 |
CVE-2011-0962 |
79 |
1
|
XSS |
2011-05-20 |
2011-05-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in CSCOnm/servlet/com.cisco.nm.help.ServerHelpEngine in the Common Services Device Center in Cisco Unified Operations Manager (CUOM) before 8.6 allows remote attackers to inject arbitrary web script or HTML via the tag parameter, aka Bug ID CSCto12712. |
|
48 |
CVE-2011-0961 |
79 |
1
|
XSS |
2011-05-20 |
2011-05-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in cwhp/device.center.do in the Help servlet in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the device parameter, aka Bug ID CSCto12704. |
|
49 |
CVE-2011-0959 |
79 |
1
|
XSS |
2011-05-20 |
2011-05-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to inject arbitrary web script or HTML via (1) the extn parameter to iptm/advancedfind.do, (2) the deviceInstanceName parameter to iptm/ddv.do, the (3) cmd or (4) group parameter to iptm/eventmon, the (5) clusterName or (6) deviceName parameter to iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp, or the (7) ccmName or (8) clusterName parameter to iptm/logicalTopo.do, aka Bug ID CSCtn61716. |
|
50 |
CVE-2010-4685 |
310 |
|
Bypass |
2011-01-07 |
2011-01-19 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
Cisco IOS before 15.0(1)XA1 does not clear the public key cache upon a change to a certificate map, which allows remote authenticated users to bypass a certificate ban by connecting with a banned certificate that had previously been valid, aka Bug ID CSCta79031. |
