CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Cisco : Security Vulnerabilities (CVSS score between 4 and 4.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-2145 22 Dir. Trav. 2014-04-05 2014-04-07
4.0
None Remote Low Single system Partial None None
Directory traversal vulnerability in the messaging API in Cisco Unity Connection allows remote authenticated users to read arbitrary files via vectors related to unenforced access constraints for .wav files and the audio/x-wav MIME type, aka Bug ID CSCun91071.
2 CVE-2014-2141 119 DoS Overflow 2014-04-10 2014-04-10
4.0
None Remote Low Single system None None Partial
The session-termination functionality on Cisco ONS 15454 controller cards with software 9.6 and earlier does not initialize an unspecified pointer, which allows remote authenticated users to cause a denial of service (card reset) via crafted session-close actions, aka Bug ID CSCug97416.
3 CVE-2014-2138 20 2014-04-01 2014-04-02
4.3
None Remote Medium Not required None Partial None
CRLF injection vulnerability in the web framework in Cisco Security Manager 4.2 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL, aka Bug ID CSCun82349.
4 CVE-2014-2137 20 2014-04-01 2014-04-02
4.3
None Remote Medium Not required None Partial None
CRLF injection vulnerability in the web framework in Cisco Web Security Appliance (WSA) 7.7 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL, aka Bug ID CSCuj61002.
5 CVE-2014-2125 79 XSS 2014-04-01 2014-04-02
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Web Inbox in Cisco Unity Connection 8.6(2a)SU3 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui33028.
6 CVE-2014-2120 79 XSS 2014-03-18 2014-03-19
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the WebVPN login page in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun19025.
7 CVE-2014-2118 79 XSS 2014-03-27 2014-03-28
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in dashboard-related HTML documents in Cisco Prime Security Manager (aka PRSM) 9.2(.1-2) and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCun50687.
8 CVE-2014-2117 20 2014-04-04 2014-04-04
4.3
None Remote Medium Not required None Partial None
Multiple open redirect vulnerabilities in Cisco Emergency Responder (ER) 8.6 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified parameters, aka Bug ID CSCun37909.
9 CVE-2014-2116 20 2014-04-04 2014-04-04
4.3
None Remote Medium Not required None Partial None
Cisco Emergency Responder (ER) 8.6 and earlier allows remote attackers to inject web pages and modify dynamic content via unspecified parameters, aka Bug ID CSCun37882.
10 CVE-2014-2114 79 XSS 2014-04-04 2014-04-04
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in UserServlet in Cisco Emergency Responder (ER) 8.6 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun24384.
11 CVE-2014-2104 79 XSS 2014-03-01 2014-03-03
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the Business Voice Services Manager (BVSM) page in Cisco Unified Communications Domain Manager 9.0(.1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCum78536, CSCum78526, CSCum69809, and CSCum63113.
12 CVE-2014-2102 264 +Info 2014-02-26 2014-02-27
4.0
None Remote Low Single system Partial None None
Cisco Unified Contact Center Express (Unified CCX) does not properly restrict the content of the CCMConfig page, which allows remote authenticated users to obtain sensitive information by examining this content, aka Bug ID CSCum95575.
13 CVE-2014-0746 200 +Info 2014-02-26 2014-03-10
4.0
None Remote Low Single system Partial None None
The disaster recovery system (DRS) in Cisco Unified Contact Center Express (Unified CCX) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCum95536.
14 CVE-2014-0739 287 Bypass 2014-02-22 2014-03-05
4.3
None Remote Medium Not required None Partial None
Race condition in the Phone Proxy component in Cisco Adaptive Security Appliance (ASA) Software 9.1(.3) and earlier allows remote attackers to bypass sec_db authentication and provide certain pass-through services to untrusted devices via a crafted configuration-file TFTP request, aka Bug ID CSCuj66766.
15 CVE-2014-0738 287 Bypass 2014-02-22 2014-03-05
4.3
None Remote Medium Not required None Partial None
The Phone Proxy component in Cisco Adaptive Security Appliance (ASA) Software 9.1(.3) and earlier allows remote attackers to bypass authentication and change trust relationships by injecting a Certificate Trust List (CTL) file, aka Bug ID CSCuj66770.
16 CVE-2014-0737 287 Bypass 2014-02-22 2014-03-05
4.3
None Remote Medium Not required None Partial None
The Cisco Unified IP Phone 7960G 9.2(1) and earlier allows remote attackers to bypass authentication and change trust relationships by injecting a Certificate Trust List (CTL) file, aka Bug ID CSCuj66795.
17 CVE-2014-0735 79 XSS 2014-02-20 2014-02-20
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum46470.
18 CVE-2014-0724 20 Bypass 2014-02-13 2014-02-13
4.0
None Remote Low Single system Partial None None
The bulk administration interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to bypass authentication and read arbitrary files by using an unspecified prompt, aka Bug ID CSCum05340.
19 CVE-2014-0723 79 XSS 2014-02-13 2014-02-13
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum05343.
20 CVE-2014-0682 264 Bypass 2014-01-29 2014-02-06
4.9
None Remote Medium Single system Partial None Partial
Cisco WebEx Meetings Server allows remote authenticated users to bypass authorization checks and (1) join arbitrary meetings, or (2) terminate a meeting without having a host role, via a crafted URL, aka Bug ID CSCuj42346.
21 CVE-2014-0681 79 XSS 2014-01-29 2014-02-06
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Cisco Identity Services Engine (ISE) 1.2 patch 2 and earlier allows remote attackers to inject arbitrary web script or HTML via a report containing a crafted URL that is not properly handled during generation of report-output pages, aka Bug ID CSCui15064.
22 CVE-2014-0680 79 XSS 2014-01-29 2014-02-06
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the HTTP control interface in the NAC Web Agent component in Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCui15038.
23 CVE-2014-0673 79 XSS 2014-01-25 2014-02-06
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the web interface on Cisco Video Surveillance 5000 HD IP Dome cameras allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCud10943 and CSCud10950.
24 CVE-2014-0672 264 2014-01-22 2014-04-04
4.0
None Remote Low Single system Partial None None
The Search and Play interface in Cisco MediaSense does not properly enforce authorization requirements, which allows remote authenticated users to download arbitrary recordings via a request to this interface.
25 CVE-2014-0670 79 XSS 2014-01-22 2014-01-31
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Search and Play interface in Cisco MediaSense allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCum16686.
26 CVE-2014-0668 79 XSS 2014-01-19 2014-01-31
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the portal in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCue65949.
27 CVE-2014-0666 22 Exec Code Dir. Trav. 2014-01-16 2014-01-23
4.3
None Remote Medium Not required None Partial None
Directory traversal vulnerability in the Send Screen Capture implementation in Cisco Jabber 9.2(.1) and earlier on Windows allows remote attackers to upload arbitrary types of files, and consequently execute arbitrary code, via modified packets, aka Bug ID CSCug48056.
28 CVE-2014-0665 264 +Info 2014-01-15 2014-01-23
4.0
None Remote Low Single system Partial None None
The RBAC implementation in Cisco Identity Services Engine (ISE) Software does not properly verify privileges for support-bundle downloads, which allows remote authenticated users to obtain sensitive information via a download action, as demonstrated by obtaining read access to the user database, aka Bug ID CSCul83904.
29 CVE-2014-0663 79 XSS 2014-01-10 2014-01-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the web framework in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCum03625.
30 CVE-2014-0657 264 Bypass 2014-01-08 2014-01-17
4.0
None Remote Low Single system Partial None None
The administration portal in Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier does not properly handle role restrictions, which allows remote authenticated users to bypass role-based access control via multiple visits to a forbidden portal URL, aka Bug ID CSCuj83540.
31 CVE-2014-0656 20 2014-01-08 2014-01-17
4.0
None Remote Low Single system None Partial None
Cisco Context Directory Agent (CDA) allows remote authenticated users to trigger the omission of certain user-interface data via crafted field values, aka Bug ID CSCuj45353.
32 CVE-2014-0655 20 2014-01-08 2014-01-17
4.3
None Remote Medium Not required None Partial None
The Identity Firewall (IDFW) functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to change the user-cache contents via a replay attack involving crafted RADIUS Change of Authorization (CoA) messages, aka Bug ID CSCuj45332.
33 CVE-2014-0654 20 2014-01-08 2014-01-17
4.3
None Remote Medium Not required None Partial None
Cisco Context Directory Agent (CDA) allows remote attackers to modify the cache via a replay attack involving crafted RADIUS accounting messages, aka Bug ID CSCuj45383.
34 CVE-2014-0653 20 2014-01-08 2014-01-17
4.3
None Remote Medium Not required None Partial None
The Identity Firewall (IDFW) functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to trigger authentication-state modifications via a crafted NetBIOS logout probe response, aka Bug ID CSCuj45340.
35 CVE-2014-0652 79 XSS 2014-01-08 2014-01-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Mappings page in Cisco Context Directory Agent (CDA) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuj45358.
36 CVE-2014-0651 264 2014-01-08 2014-01-17
4.9
None Remote Medium Single system Partial Partial None
The administrative interface in Cisco Context Directory Agent (CDA) does not properly enforce authorization requirements, which allows remote authenticated users to obtain administrative access by hijacking a session, aka Bug ID CSCuj45347.
37 CVE-2013-6982 20 DoS 2014-01-08 2014-01-17
4.3
None Remote Medium Not required None None Partial
The BGP implementation in Cisco NX-OS 6.2(2a) and earlier does not properly handle the interaction of UPDATE messages with IPv6, VPNv4, and VPNv6 labeled unicast-address families, which allows remote attackers to cause a denial of service (peer reset) via a crafted message, aka Bug ID CSCuj03174.
38 CVE-2013-6978 200 +Info 2013-12-21 2014-01-03
4.0
None Remote Low Single system Partial None None
The disaster recovery system (DRS) component in Cisco Unified Communications Manager (UCM) 9.1(1) and earlier allows remote authenticated users to obtain sensitive device information by reading "extraneous information" in HTML source code, aka Bug ID CSCuj39249.
39 CVE-2013-6974 79 XSS 2014-01-10 2014-02-06
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the web interface in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud89431.
40 CVE-2013-6973 200 +Info 2013-12-14 2014-01-13
4.3
None Remote Medium Not required Partial None None
Cisco WebEx Training Center allows remote attackers to discover registration IDs via a crafted URL, aka Bug ID CSCul57121.
41 CVE-2013-6969 20 2013-12-14 2013-12-16
4.3
None Remote Medium Not required None Partial None
The training-registration page in Cisco WebEx Training Center allows remote attackers to modify unspecified fields via unknown vectors, aka Bug ID CSCul35990.
42 CVE-2013-6963 79 XSS 2013-12-14 2014-01-13
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the registration component in Cisco WebEx Training Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36207.
43 CVE-2013-6962 79 XSS 2013-12-14 2013-12-16
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the mobile-browser subsystem in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36228.
44 CVE-2013-6961 79 XSS 2013-12-14 2013-12-16
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Collaboration Partner Access Console (CPAC) in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36237.
45 CVE-2013-6960 79 XSS 2013-12-14 2013-12-16
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Cisco WebEx Meeting Center allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36248.
46 CVE-2013-6711 79 XSS 2013-12-14 2014-01-13
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the product-creation administrative page in Cisco WebEx Sales Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul25540.
47 CVE-2013-6707 399 DoS 2013-12-07 2013-12-13
4.3
None Remote Medium Not required None None Partial
Memory leak in the connection-manager implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1(.3) and earlier allows remote attackers to cause a denial of service (multi-protocol management outage) by making multiple management session requests, aka Bug ID CSCug33233.
48 CVE-2013-6702 20 DoS 2013-12-04 2014-01-13
4.3
None Remote Medium Not required None None Partial
The management implementation on Cisco ONS 15454 controller cards with software 9.8 and earlier allows remote attackers to cause a denial of service (card reset) via crafted packets, aka Bug ID CSCtz50902.
49 CVE-2013-6698 264 XSS 2013-11-22 2013-11-25
4.3
None Remote Medium Not required None Partial None
The web interface on Cisco Wireless LAN Controller (WLC) devices does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCuf77821.
50 CVE-2013-6695 264 +Info 2013-12-02 2014-03-04
4.0
None Remote Low Single system Partial None None
The RBAC implementation in Cisco Secure Access Control System (ACS) does not properly verify privileges for support-bundle downloads, which allows remote authenticated users to obtain sensitive information via a download action, as demonstrated by obtaining read access to the user database, aka Bug ID CSCuj39274.
Total number of vulnerabilities : 226   Page : 1 (This Page)2 3 4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.