| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2013-1242 |
399 |
|
DoS |
2013-05-10 |
2013-05-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Memory leak in the web framework in the server in Cisco Unified Presence (CUP) allows remote attackers to cause a denial of service (memory consumption) via malformed TCP packets, aka Bug ID CSCug38080. |
|
2 |
CVE-2013-1235 |
|
|
DoS |
2013-05-03 |
2013-05-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Cisco Wireless LAN Controller (WLC) devices do not properly address the resource consumption of terminated TELNET sessions, which allows remote attackers to cause a denial of service (TELNET outage) by making many TELNET connections and improperly ending these connections, aka Bug ID CSCug35507. |
|
3 |
CVE-2013-1232 |
20 |
|
|
2013-05-03 |
2013-05-06 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The HTTP implementation in Cisco WebEx Node for MCS, WebEx Meetings Server, and WebEx Node for ASR 1000 Series allows remote attackers to read the contents of uninitialized memory locations via a crafted request, aka Bug IDs CSCue36672, CSCue31363, CSCuf17466, and CSCug61252. |
|
4 |
CVE-2013-1231 |
20 |
|
|
2013-05-03 |
2013-05-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The HTTP implementation in Cisco WebEx Node for MCS and WebEx Meetings Server allows remote attackers to read cache files via a crafted request, aka Bug IDs CSCue36664 and CSCue36629. |
|
5 |
CVE-2013-1230 |
119 |
|
DoS Overflow |
2013-05-01 |
2013-05-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Cisco Unified Communications Domain Manager allows remote attackers to cause a denial of service (CPU consumption) via a flood of malformed UDP packets, aka Bug ID CSCug47057. |
|
6 |
CVE-2013-1229 |
20 |
|
DoS |
2013-05-01 |
2013-05-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
TMSSNMPService.exe in TelePresence Manager in Cisco TelePresence Management Suite (TMS) on 64-bit platforms allows remote attackers to cause a denial of service (process crash) via SNMP traps, aka Bug ID CSCue00028. |
|
7 |
CVE-2013-1214 |
264 |
|
|
2013-04-24 |
2013-04-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The scripts editor in Cisco Unified Contact Center Express (aka Unified CCX) does not properly manage privileges for anonymous logins, which allows remote attackers to read arbitrary scripts by visiting the scripts repository directory, aka Bug ID CSCuf77546. |
|
8 |
CVE-2013-1195 |
264 |
|
Bypass |
2013-04-24 |
2013-04-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The time-based ACL implementation on Cisco Adaptive Security Appliances (ASA) devices, and in Cisco Firewall Services Module (FWSM), does not properly handle periodic statements for the time-range command, which allows remote attackers to bypass intended access restrictions by sending network traffic during denied time periods, aka Bug IDs CSCuf79091 and CSCug45850. |
|
9 |
CVE-2013-1194 |
200 |
|
+Info |
2013-04-18 |
2013-04-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The ISAKMP implementation on Cisco Adaptive Security Appliances (ASA) devices generates different responses for IKE aggressive-mode messages depending on whether invalid VPN groups are specified, which allows remote attackers to enumerate groups via a series of messages, aka Bug ID CSCue73708. |
|
10 |
CVE-2013-1193 |
|
|
DoS |
2013-04-16 |
2013-04-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Secure Shell (SSH) implementation on Cisco Adaptive Security Appliances (ASA) devices, and in Cisco Firewall Services Module (FWSM), does not properly terminate sessions, which allows remote attackers to cause a denial of service (SSH service outage) by repeatedly establishing SSH connections, aka Bug IDs CSCue63881, CSCuf51892, CSCue78671, and CSCug26937. |
|
11 |
CVE-2013-1189 |
20 |
|
DoS |
2013-04-11 |
2013-04-11 |
5.7 |
None |
Local Network |
Medium |
Not required |
None |
None |
Complete |
|
Cisco Universal Broadband (aka uBR) 10000 series routers, when an IPv4/IPv6 dual-stack modem is used, allow remote attackers to cause a denial of service (routing-engine reload) via unspecified changes to IP address assignments, aka Bug ID CSCue15313. |
|
12 |
CVE-2013-1188 |
287 |
|
DoS |
2013-05-15 |
2013-05-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Cisco Unified Communications Manager (CUCM) does not properly limit the rate of authentication attempts, which allows remote attackers to cause a denial of service (application slowdown) via a series of requests, aka Bug ID CSCud39515. |
|
13 |
CVE-2013-1187 |
20 |
|
DoS |
2013-04-16 |
2013-04-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Connection Manager in Cisco Jabber Extensible Communications Platform (aka Jabber XCP) does not properly validate login data, which allows remote attackers to cause a denial of service (service crash) by sending a series of malformed login packets, aka Bug ID CSCts76762. |
|
14 |
CVE-2013-1175 |
399 |
|
DoS |
2013-05-15 |
2013-05-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The SSL logging daemon in the Application Control Engine module in Cisco ACE allows remote attackers to cause a denial of service (disk consumption) via a large number of SSL connections that trigger log entries, aka Bug ID CSCug78957. |
|
15 |
CVE-2013-1174 |
119 |
|
DoS Overflow |
2013-04-05 |
2013-04-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Cisco Tivoli Business Service Manager (TBSM) in Hosted Collaboration Mediation (HCM) in Cisco Hosted Collaboration Solution allows remote attackers to cause a denial of service (temporary service hang) by sending many TCP packets to certain ports, aka Bug ID CSCue03703. |
|
16 |
CVE-2013-1162 |
20 |
|
DoS |
2013-03-25 |
2013-03-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The traffic engineering (TE) processing subsystem in Cisco IOS XR allows remote attackers to cause a denial of service (process restart) via crafted TE packets, aka Bug ID CSCue04000. |
|
17 |
CVE-2013-1156 |
22 |
|
Dir. Trav. |
2013-05-01 |
2013-05-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to read arbitrary files via a crafted URL, aka Bug ID CSCud51034. |
|
18 |
CVE-2013-1138 |
119 |
|
DoS Overflow |
2013-02-25 |
2013-02-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The NAT process on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (connections-table memory consumption) via crafted packets, aka Bug ID CSCue46386. |
|
19 |
CVE-2013-1129 |
399 |
|
DoS |
2013-02-19 |
2013-02-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Memory leak in Cisco Unity Connection 9.x allows remote attackers to cause a denial of service (memory consumption and process crash) by sending many TCP requests, aka Bug ID CSCud59736. |
|
20 |
CVE-2013-1124 |
310 |
|
|
2013-02-28 |
2013-03-01 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The Cisco Network Admission Control (NAC) agent on Mac OS X does not verify the X.509 certificate of an Identity Services Engine (ISE) server during an SSL session, which allows man-in-the-middle attackers to spoof ISE servers via an arbitrary certificate, aka Bug ID CSCub24309. |
|
21 |
CVE-2013-1122 |
20 |
|
DoS |
2013-02-13 |
2013-02-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Cisco NX-OS on the Nexus 7000, when a certain Overlay Transport Virtualization (OTV) configuration is used, allows remote attackers to cause a denial of service (M1-Series module reload) via crafted packets, aka Bug ID CSCud15673. |
|
22 |
CVE-2013-1112 |
20 |
|
DoS |
2013-01-31 |
2013-02-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Cisco Carrier Routing System (CRS) allows remote attackers to cause a denial of service (packet loss) via short malformed packets that trigger inefficient processing, aka Bug ID CSCud79136. |
|
23 |
CVE-2013-1100 |
399 |
|
DoS |
2013-02-13 |
2013-02-14 |
5.4 |
None |
Remote |
High |
Not required |
None |
None |
Complete |
|
The HTTP server in Cisco IOS on Catalyst switches does not properly handle TCP socket events, which allows remote attackers to cause a denial of service (device crash) via crafted packets on TCP port (1) 80 or (2) 443, aka Bug ID CSCuc53853. |
|
24 |
CVE-2012-5444 |
264 |
|
|
2013-01-17 |
2013-01-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Cisco TelePresence Video Communication Server (VCS) X7.0.3 does not properly process certain search rules, which allows remote attackers to create conferences via an unspecified Conductor request, aka Bug ID CSCub67989. |
|
25 |
CVE-2012-5424 |
20 |
|
Bypass |
2012-11-07 |
2013-03-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Cisco Secure Access Control System (ACS) 5.x before 5.2 Patch 11 and 5.3 before 5.3 Patch 7, when a certain configuration involving TACACS+ and LDAP is used, does not properly validate passwords, which allows remote attackers to bypass authentication by sending a valid username and a crafted password string, aka Bug ID CSCuc65634. |
|
26 |
CVE-2012-5415 |
362 |
|
DoS |
2013-04-16 |
2013-04-16 |
5.4 |
None |
Remote |
High |
Not required |
None |
None |
Complete |
|
Race condition on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (CPU consumption or device reload) by establishing multiple connections, leading to improper handling of hash lookups for secondary flows, aka Bug IDs CSCue31622 and CSCuc71272. |
|
27 |
CVE-2012-3919 |
399 |
|
DoS |
2012-09-16 |
2013-03-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Cisco Application Control Engine (ACE) module 3.0 for Cisco Catalyst switches and Cisco routers does not properly monitor Load Balancer (LB) queues, which allows remote attackers to cause a denial of service (incorrect memory access and module reboot) via application traffic, aka Bug ID CSCtw70879. |
|
28 |
CVE-2012-3915 |
119 |
|
DoS Overflow |
2012-09-16 |
2013-03-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The DMVPN tunnel implementation in Cisco IOS 15.2 allows remote attackers to cause a denial of service (persistent IKE state) via a large volume of hub-to-spoke traffic, aka Bug ID CSCtq39602. |
|
29 |
CVE-2012-3901 |
119 |
|
DoS Overflow |
2012-09-16 |
2013-01-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The updateTime function in sensorApp on Cisco IPS 4200 series sensors 7.0 and 7.1 allows remote attackers to cause a denial of service (process crash and traffic-inspection outage) via network traffic, aka Bug ID CSCta96144. |
|
30 |
CVE-2012-3899 |
399 |
|
DoS Mem. Corr. |
2012-09-16 |
2012-09-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
sensorApp on Cisco IPS 4200 series sensors 6.0, 6.2, and 7.0 does not properly allocate memory, which allows remote attackers to cause a denial of service (memory corruption and process crash, and traffic-inspection outage) via network traffic, aka Bug ID CSCtn23051. |
|
31 |
CVE-2012-3094 |
200 |
|
+Info |
2012-09-16 |
2013-01-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The VPN downloader in the download_install component in Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495 on Linux accepts arbitrary X.509 server certificates without user interaction, which allows remote attackers to obtain sensitive information via vectors involving an invalid certificate, aka Bug ID CSCua11967. |
|
32 |
CVE-2012-2499 |
310 |
|
|
2012-08-06 |
2012-08-07 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The IPsec implementation in Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz26985. |
|
33 |
CVE-2012-2490 |
20 |
|
|
2012-08-06 |
2012-08-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Cisco IP Communicator 8.6 allows man-in-the-middle attackers to modify the Certificate Trust List via unspecified vectors, aka Bug ID CSCtz01471. |
|
34 |
CVE-2012-1367 |
20 |
|
DoS |
2012-08-06 |
2012-08-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The MallocLite implementation in Cisco IOS 12.0, 12.2, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (Route Processor crash) via a BGP UPDATE message with a modified local-preference (aka LOCAL_PREF) attribute length, aka Bug ID CSCtq06538. |
|
35 |
CVE-2012-1357 |
119 |
|
DoS Overflow |
2012-08-06 |
2012-08-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The igmp_snoop_orib_fill_source_update function in the IGMP process in NX-OS 5.0 and 5.1 on Cisco Nexus 5000 series switches allows remote attackers to cause a denial of service (device reload) via IGMP packets, aka Bug ID CSCts46521. |
|
36 |
CVE-2012-1348 |
200 |
|
+Info |
2012-08-06 |
2012-08-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Cisco Wide Area Application Services (WAAS) appliances with software 4.4, 5.0, and 5.1 include a one-way hash of a password within output text, which might allow remote attackers to obtain sensitive information via a brute-force attack on the hash string, aka Bug ID CSCty17279. |
|
37 |
CVE-2012-1346 |
399 |
|
DoS |
2012-08-06 |
2012-08-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Cisco Emergency Responder 8.6 and 9.2 allows remote attackers to cause a denial of service (CPU consumption) by sending malformed UDP packets to the CERPT port, aka Bug ID CSCtx38369. |
|
38 |
CVE-2012-1342 |
264 |
|
Bypass |
2012-08-06 |
2012-08-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Cisco Carrier Routing System (CRS) 3.9, 4.0, and 4.1 allows remote attackers to bypass ACL entries via fragmented packets, aka Bug ID CSCtj10975. |
|
39 |
CVE-2012-1340 |
119 |
|
DoS Overflow |
2012-08-06 |
2013-04-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Fibre Channel over IP (FCIP) implementation in Cisco MDS NX-OS 4.2 and 5.2 on MDS 9000 series switches allows remote attackers to cause a denial of service (module reload) via a crafted FCIP header, aka Bug ID CSCtn93151. |
|
40 |
CVE-2012-1339 |
119 |
|
DoS Overflow |
2012-08-06 |
2013-04-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Fabric Interconnect component in Cisco Unified Computing System (UCS) 2.0 allows remote attackers to cause a denial of service (process crash) via an attempted SSH session, aka Bug ID CSCtt94543. |
|
41 |
CVE-2012-0376 |
|
|
DoS |
2012-05-03 |
2012-05-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The voice-sipstack component in Cisco Unified Communications Manager (CUCM) 8.5 allows remote attackers to cause a denial of service (core dump) via vectors involving SIP messages that arrive after an upgrade, aka Bug ID CSCtj87367. |
|
42 |
CVE-2012-0361 |
264 |
|
DoS |
2012-05-02 |
2012-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The sccp-protocol component in Cisco IP Communicator (CIPC) 7.0 through 8.6 does not limit the rate of SCCP messages to Cisco Unified Communications Manager (CUCM), which allows remote attackers to cause a denial of service via vectors that trigger (1) on hook and (2) off hook messages, as demonstrated by a Plantronics headset, aka Bug ID CSCti40315. |
|
43 |
CVE-2012-0339 |
20 |
|
|
2012-05-02 |
2012-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Cisco IOS 12.2 through 12.4 and 15.0 does not recognize the vrf-also keyword during enforcement of access-class commands, which allows remote attackers to establish TELNET connections from arbitrary source IP addresses via a standard TELNET client, aka Bug ID CSCsi77774. |
|
44 |
CVE-2012-0338 |
20 |
|
|
2012-05-02 |
2012-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Cisco IOS 12.2 through 12.4 and 15.0 does not recognize the vrf-also keyword during enforcement of access-class commands, which allows remote attackers to establish SSH connections from arbitrary source IP addresses via a standard SSH client, aka Bug ID CSCsv86113. |
|
45 |
CVE-2012-0335 |
287 |
|
+Info |
2012-05-02 |
2012-11-06 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 through 8.4 do not properly perform proxy authentication during attempts to cut through a firewall, which allows remote attackers to obtain sensitive information via a connection attempt, aka Bug ID CSCtx42746. |
|
46 |
CVE-2012-0333 |
287 |
|
|
2012-05-02 |
2012-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and earlier do not require authentication for Push XML requests, which allows remote attackers to make telephone calls via an XML document, aka Bug ID CSCts08768. |
|
47 |
CVE-2011-4232 |
200 |
|
+Info |
2012-05-03 |
2012-05-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The web server in Cisco Unified MeetingPlace 6.1 and 8.5 produces different responses for directory queries depending on whether the directory exists, which allows remote attackers to enumerate directory names via a series of queries, aka Bug ID CSCtt94070. |
|
48 |
CVE-2011-4022 |
287 |
|
DoS |
2012-05-03 |
2012-05-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The sensor in Cisco Intrusion Prevention System (IPS) 7.0 and 7.1 allows remote attackers to cause a denial of service (file-handle exhaustion and mainApp hang) by making authentication attempts that exceed the configured limit, aka Bug ID CSCto51204. |
|
49 |
CVE-2011-4019 |
399 |
|
DoS |
2012-05-03 |
2012-05-30 |
5.4 |
None |
Remote |
High |
Not required |
None |
None |
Complete |
|
Memory leak in Cisco IOS 12.4 and 15.0 through 15.2, and Cisco Unified Communications Manager (CUCM) 7.x, allows remote attackers to cause a denial of service (memory consumption) via a crafted response to a SIP SUBSCRIBE message, aka Bug IDs CSCto93837 and CSCtj61883. |
|
50 |
CVE-2011-4016 |
16 |
|
DoS |
2012-05-02 |
2012-10-29 |
5.4 |
None |
Remote |
High |
Not required |
None |
None |
Complete |
|
The PPP implementation in Cisco IOS 12.2 and 15.0 through 15.2, when Point-to-Point Termination and Aggregation (PTA) and L2TP are used, allows remote attackers to cause a denial of service (device crash) via crafted network traffic, aka Bug ID CSCtf71673. |
