CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Cisco : Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2015-4229 200 +Info 2015-06-30 2015-06-30
5.0
None Remote Low Not required Partial None None
The web framework in Cisco Unified Communications Domain Manager 8.1(4)ER1 allows remote attackers to obtain sensitive information by visiting a bvsmweb URL, aka Bug ID CSCuq22589.
2 CVE-2015-4228 399 DoS 2015-07-02 2015-07-02
5.4
None Remote High Not required None None Complete
Cisco Digital Content Manager (DCM) 15.0.0 might allow remote ad servers to cause a denial of service (reboot) via malformed ad messages, aka Bug ID CSCur13999.
3 CVE-2015-4223 399 DoS 2015-06-25 2015-06-26
5.0
None Remote Low Not required None Partial None
Cisco IOS XR 5.1.3 allows remote attackers to cause a denial of service (process reload) via crafted MPLS Label Distribution Protocol (LDP) packets, aka Bug ID CSCuu77478.
4 CVE-2015-4218 200 +Info 2015-06-24 2015-06-24
5.0
None Remote Low Not required Partial None None
The web-based user interface in Cisco Jabber through 9.6(3) and 9.7 through 9.7(5) on Windows allows remote attackers to obtain sensitive information via a crafted value in a GET request, aka Bug IDs CSCuu65622 and CSCuu70858.
5 CVE-2015-4216 200 Bypass +Info 2015-06-26 2015-06-26
5.0
None Remote Low Not required Partial None None
The remote-support feature on Cisco Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Appliance (SMAv) devices before 2015-06-25 uses the same default SSH root authorized key across different customers' installations, which makes it easier for remote attackers to bypass authentication by leveraging knowledge of a private key from another installation, aka Bug IDs CSCuu95988, CSCuu95994, and CSCuu96630.
6 CVE-2015-4212 200 +Info 2015-06-24 2015-06-24
5.0
None Remote Low Not required Partial None None
Cisco WebEx Meeting Center allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by discovering credentials, aka Bug ID CSCut17466.
7 CVE-2015-4207 200 Bypass +Info 2015-06-23 2015-06-23
5.0
None Remote Low Not required Partial None None
Cisco WebEx Meeting Center places a meeting's access number in a URL, which allows remote attackers to obtain sensitive information and bypass intended attendance restrictions by visiting a meeting-registration page, aka Bug ID CSCus62147.
8 CVE-2015-4205 399 DoS 2015-06-23 2015-06-23
5.7
None Local Network Medium Not required None None Complete
Cisco IOS XR 5.3.1 on ASR 9000 devices allows remote attackers to cause a denial of service (NPU chip reset or line-card reload) by sending crafted IEEE 802.3x flow-control PAUSE frames on the local network, aka Bug ID CSCut19959.
9 CVE-2015-4203 362 DoS 2015-06-23 2015-06-23
5.4
None Remote High Not required None None Complete
Race condition in Cisco IOS 12.2SCH in the Performance Routing Engine (PRE) module on uBR10000 devices, when NetFlow and an MPLS IPv6 VPN are configured, allows remote attackers to cause a denial of service (PXF process crash) by sending malformed MPLS 6VPE packets quickly, aka Bug ID CSCud83396.
10 CVE-2015-4202 200 +Info 2015-06-20 2015-06-22
5.0
None Remote Low Not required Partial None None
Cisco IOS 12.2SCH on uBR10000 router Cable Modem Termination Systems (CMTS) does not properly restrict access to the IP Detail Record (IPDR) service, which allows remote attackers to obtain potentially sensitive MAC address and network-utilization information via crafted IPDR packets, aka Bug ID CSCua39203.
11 CVE-2015-4201 20 DoS 2015-06-20 2015-06-22
5.0
None Remote Low Not required None None Partial
The Gateway General Packet Radio Service Support Node (GGSN) component on Cisco ASR 5000 devices with software 17.2.0.59184 and 18.0.L0.59219 allows remote attackers to cause a denial of service (Session Manager restart) via an invalid TCP/IP header, aka Bug ID CSCut68058.
12 CVE-2015-4194 200 +Info 2015-06-18 2015-06-19
5.0
None Remote Low Not required Partial None None
The web-based administrative interface in Cisco WebEx Meeting Center provides different error messages for failed login attempts depending on whether the username exists or corresponds to a privileged account, which allows remote attackers to enumerate account names and obtain sensitive information via a series of requests, aka Bug ID CSCuf28861.
13 CVE-2015-4191 399 DoS 2015-06-18 2015-06-19
5.0
None Remote Low Not required None None Partial
Cisco IOS XR 5.2.1 allows remote attackers to cause a denial of service (ipv6_io service reload) via a malformed IPv6 packet, aka Bug ID CSCuq95565.
14 CVE-2015-4188 89 Exec Code Sql 2015-06-17 2015-06-17
5.0
None Remote Low Not required Partial None None
SQL injection vulnerability in the Manager interface in Cisco Prime Collaboration 10.5(1) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug IDs CSCuu29910, CSCuu29928, and CSCuu59104.
15 CVE-2015-4184 20 Bypass 2015-06-13 2015-06-15
5.0
None Remote Low Not required None Partial None
The anti-spam scanner on Cisco Email Security Appliance (ESA) devices 3.3.1-09, 7.5.1-gpl-022, and 8.5.6-074 allows remote attackers to bypass intended e-mail restrictions via a malformed DNS SPF record, aka Bug IDs CSCuu35853 and CSCuu37733.
16 CVE-2015-4182 264 Bypass +Info 2015-06-12 2015-06-15
5.5
None Remote Low Single system Partial Partial None
The administrative web interface in Cisco Identity Services Engine (ISE) before 1.3 allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or change settings, via unspecified vectors, aka Bug ID CSCui72087.
17 CVE-2015-0776 399 DoS 2015-06-12 2015-06-15
5.0
None Remote Low Not required None None Partial
telnetd in Cisco IOS XR 5.0.1 on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (device reload) via a malformed TELNET packet, aka Bug ID CSCuq31566.
18 CVE-2015-0775 399 DoS 2015-06-12 2015-06-15
5.0
None Remote Low Not required None None Partial
The banner (aka MOTD) implementation in Cisco NX-OS 4.1(2)E1(1f) on Nexus 4000 devices, 5.2(1)SV3(2.1) on Nexus 1000V devices, 6.0(2)N2(2) on Nexus 5000 devices, 6.2(11) on MDS 9000 devices, 6.2(12) on Nexus 7000 devices, 7.0(3) on Nexus 9000 devices, and 7.2(0)ZN(99.67) on Nexus 3000 devices allows remote attackers to cause a denial of service (login process reset) via an unspecified terminal-session request during TELNET session setup, aka Bug IDs CSCuo10554, CSCuu75466, CSCuu75471, CSCuu75484, CSCuu75498, CSCuu77170, and CSCuu77182.
19 CVE-2015-0773 264 2015-06-12 2015-06-12
5.5
None Remote Low Single system None Partial Partial
Cisco FireSIGHT System Software 5.3.1.3 and 6.0.0 allows remote authenticated users to delete an arbitrary user's dashboard via a modified VPN deletion request in a management session, aka Bug ID CSCut67078.
20 CVE-2015-0770 20 Http R.Spl. 2015-06-07 2015-06-08
5.0
None Remote Low Not required None Partial None
CRLF injection vulnerability in Cisco TelePresence TC 6.x before 6.3.4 and 7.x before 7.3.3 on Integrator C SX20 devices allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL, aka Bug ID CSCut79341.
21 CVE-2015-0765 399 DoS 2015-06-04 2015-06-04
5.0
None Remote Low Not required None None Partial
Cisco ONS 15454 System Software 10.30 and 10.301 allows remote attackers to cause a denial of service (tNetTask CPU consumption or card reset) via a flood of (1) IP or (2) Ethernet traffic, aka Bug ID CSCus57263.
22 CVE-2015-0764 200 +Info 2015-06-04 2015-06-04
5.0
None Remote Low Not required Partial None None
Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to read arbitrary files via a crafted resource request, aka Bug ID CSCus95603.
23 CVE-2015-0763 200 +Info 2015-06-04 2015-06-04
5.0
None Remote Low Not required Partial None None
Cisco Unified MeetingPlace 8.6(1.2) does not properly validate session IDs in http URLs, which allows remote attackers to obtain sensitive session information via a crafted URL, aka Bug ID CSCuu60338.
24 CVE-2015-0757 200 +Info 2015-05-29 2015-06-02
5.0
None Remote Low Not required Partial None None
The web framework in Cisco Identity Services Engine (ISE) 1.2(1.901) and 1.3(0.722) does not properly implement session handlers, which allows remote attackers to obtain sensitive information by reading web pages, as demonstrated by MnT reports, aka Bug ID CSCuq23140.
25 CVE-2015-0746 254 DoS 2015-05-21 2015-06-03
5.0
None Remote Low Not required None None Partial
The REST API in Cisco Access Control Server (ACS) 5.5(0.46.2) allows remote attackers to cause a denial of service (API outage) by sending many requests, aka Bug ID CSCut62022.
26 CVE-2015-0745 200 +Info 2015-05-30 2015-06-02
5.0
None Remote Low Not required Partial None None
Cisco Headend System Release allows remote attackers to read temporary script files or archive files, and consequently obtain sensitive information, via a crafted header in an HTTP request, aka Bug ID CSCus44909.
27 CVE-2015-0743 399 DoS 2015-05-30 2015-06-02
5.0
None Remote Low Not required None None Partial
Cisco Headend System Release allows remote attackers to cause a denial of service (DHCP and TFTP outage) via a flood of crafted UDP traffic, aka Bug ID CSCus04097.
28 CVE-2015-0742 17 DoS 2015-05-21 2015-05-21
5.0
None Remote Low Not required None None Partial
The Protocol Independent Multicast (PIM) application in Cisco Adaptive Security Appliance (ASA) Software 9.2(0.0), 9.2(0.104), 9.2(3.1), 9.2(3.4), 9.3(1.105), 9.3(2.100), 9.4(0.115), 100.13(0.21), 100.13(20.3), 100.13(21.9), and 100.14(1.1) does not properly implement multicast-forwarding registration, which allows remote attackers to cause a denial of service (forwarding outage) via a crafted multicast packet, aka Bug ID CSCus74398.
29 CVE-2015-0730 20 DoS 2015-05-16 2015-05-18
5.0
None Remote Low Not required None None Partial
The SMB module in Cisco Wide Area Application Services (WAAS) 6.0(1) allows remote attackers to cause a denial of service (module reload) via an invalid field in a Negotiate Protocol request, aka Bug ID CSCuo75645.
30 CVE-2015-0712 399 DoS 2015-05-01 2015-05-11
5.0
None Remote Low Not required None None Partial
The session-manager service in Cisco StarOS 12.0, 12.2(300), 14.0, and 14.0(600) on ASR 5000 devices allows remote attackers to cause a denial of service (service reload and packet loss) via malformed HTTP packets, aka Bug ID CSCud14217.
31 CVE-2015-0711 399 DoS 2015-04-28 2015-05-11
5.0
None Remote Low Not required None None Partial
The hamgr service in the IPv6 Proxy Mobile (PM) implementation in Cisco StarOS 18.1.0.59776 on ASR 5000 devices allows remote attackers to cause a denial of service (service reload and call-processing outage) via malformed PM packets, aka Bug ID CSCut94711.
32 CVE-2015-0706 2015-04-22 2015-04-23
5.8
None Remote Medium Not required Partial Partial None
Open redirect vulnerability in Cisco FireSIGHT System Software 5.3.1.1, 5.3.1.2, and 6.0.0 in FireSIGHT Management Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted HTTP header, aka Bug IDs CSCut06060, CSCut06056, and CSCus98966.
33 CVE-2015-0699 89 Exec Code Sql 2015-04-15 2015-04-15
5.0
None Remote Low Not required Partial None None
SQL injection vulnerability in the Interactive Voice Response (IVR) component in Cisco Unified Communications Manager (UCM) 10.5(1.98991.13) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCut21563.
34 CVE-2015-0697 2015-04-15 2015-04-15
5.8
None Remote Medium Not required Partial Partial None
Open redirect vulnerability in the login page in Cisco TC Software before 6.3-26 and 7.x before 7.3.0 on Cisco TelePresence Collaboration Desk and Room Endpoints devices allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuq94980.
35 CVE-2015-0694 284 Bypass 2015-04-10 2015-04-17
5.0
None Remote Low Not required None Partial None
Cisco ASR 9000 devices with software 5.3.0.BASE do not recognize that certain ACL entries have a single-host constraint, which allows remote attackers to bypass intended network-resource access restrictions by using an address that was not supposed to have been allowed, aka Bug ID CSCur28806.
36 CVE-2015-0672 399 DoS 2015-03-26 2015-03-30
5.0
None Remote Low Not required None None Partial
The DHCPv4 server in Cisco IOS XR 5.2.2 on ASR 9000 devices allows remote attackers to cause a denial of service (service outage) via a flood of crafted DHCP packets, aka Bug ID CSCup67822.
37 CVE-2015-0671 399 DoS 2015-03-19 2015-03-20
5.0
None Remote Low Not required None None Partial
The DNS implementation in Cisco Videoscape Distribution Suite for Internet Streaming (VDS-IS) 3.2(1) allows remote attackers to cause a denial of service (CPU consumption and network-resource consumption) via crafted packets, aka Bug ID CSCun15911.
38 CVE-2015-0667 284 Bypass 2015-03-18 2015-03-24
5.0
None Remote Low Not required None Partial None
The Management Interface on Cisco Content Services Switch (CSS) 11500 devices 8.20.4.02 and earlier allows remote attackers to bypass intended restrictions on local-network device access via crafted SSH packets, aka Bug ID CSCut14855.
39 CVE-2015-0659 2015-03-05 2015-03-11
5.0
None Remote Low Not required None Partial None
The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS allows remote attackers to trigger self-referential adjacencies via a crafted Autonomic Networking (AN) message, aka Bug ID CSCup62157.
40 CVE-2015-0657 20 DoS 2015-03-05 2015-03-11
5.0
None Remote Low Not required None None Partial
Cisco IOS XR allows remote attackers to cause a denial of service (RSVP process reload) via a malformed RSVP packet, aka Bug ID CSCur69192.
41 CVE-2015-0632 362 DoS 2015-02-26 2015-03-09
5.7
None Local Network Medium Not required None None Complete
Race condition in the Neighbor Discovery (ND) protocol implementation in Cisco IOS and IOS XE allows remote attackers to cause a denial of service via a flood of Router Solicitation messages on the local network, aka Bug ID CSCuo67770.
42 CVE-2015-0628 200 Bypass +Info 2015-02-19 2015-02-20
5.0
None Remote Low Not required Partial None None
The proxy engine on Cisco Web Security Appliance (WSA) devices allows remote attackers to bypass intended proxying restrictions via a malformed HTTP method, aka Bug ID CSCus79174.
43 CVE-2015-0619 399 DoS 2015-02-11 2015-02-18
5.0
None Remote Low Not required None None Partial
Memory leak in the embedded web server in the WebVPN subsystem in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to cause a denial of service (memory consumption and SSL outage) via multiple crafted HTTP requests, aka Bug ID CSCue05458.
44 CVE-2015-0617 399 DoS 2015-02-17 2015-02-20
5.0
None Remote Low Not required None None Partial
Cisco ASR 5500 System Architecture Evolution (SAE) Gateway devices allow remote attackers to cause a denial of service (CPU consumption and SNMP outage) via malformed SNMP packets, aka Bug ID CSCur13393.
45 CVE-2015-0604 20 2015-02-06 2015-02-19
5.0
None Remote Low Not required None Partial None
The web framework on Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allows remote attackers to upload files to arbitrary locations on a phone's filesystem via crafted HTTP requests, aka Bug ID CSCup90424.
46 CVE-2015-0602 200 +Info 2015-02-07 2015-02-13
5.0
None Remote Low Not required Partial None None
The mobility extension on Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allows remote attackers to obtain sensitive information by sniffing the network, aka Bug ID CSCuq12117.
47 CVE-2015-0600 20 DoS 2015-02-07 2015-02-13
5.0
None Remote Low Not required None None Partial
The mobility extension on Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allows remote attackers to cause a denial of service (logoff) via crafted packets, aka Bug ID CSCuq12139.
48 CVE-2015-0597 200 +Info 2015-02-01 2015-02-11
5.0
None Remote Low Not required Partial None None
The Forgot Password feature in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to enumerate administrative accounts via crafted packets, aka Bug IDs CSCuj67166 and CSCuj67159.
49 CVE-2015-0595 200 +Info 2015-02-01 2015-02-11
5.0
None Remote Low Not required Partial None None
The XMLAPI in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to obtain sensitive information by reading return messages from crafted GET requests, aka Bug ID CSCuj67079.
50 CVE-2015-0591 399 DoS 2015-01-15 2015-01-27
5.0
None Remote Low Not required None None Partial
Cisco Unified Communications Domain Manager (UCDM) 10 allows remote attackers to cause a denial of service (daemon hang and GUI outage) via a flood of malformed TCP packets, aka Bug ID CSCur44177.
Total number of vulnerabilities : 490   Page : 1 (This Page)2 3 4 5 6 7 8 9 10
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.