CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Cisco : Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-1296 254 Bypass 2016-01-20 2016-01-22
5.0
None Remote Low Not required None Partial None
The proxy engine on Cisco Web Security Appliance (WSA) devices with software 8.5.3-055, 9.1.0-000, and 9.5.0-235 allows remote attackers to bypass intended proxy restrictions via a malformed HTTP method, aka Bug ID CSCux00848.
2 CVE-2016-1295 200 +Info 2016-01-16 2016-01-21
5.0
None Remote Low Not required Partial None None
Cisco Adaptive Security Appliance (ASA) Software 8.4 allows remote attackers to obtain sensitive information via an AnyConnect authentication attempt, aka Bug ID CSCuo65775.
3 CVE-2015-6432 399 DoS 2016-01-04 2016-01-05
5.0
None Remote Low Not required None None Partial
Cisco IOS XR 4.2.0, 4.3.0, 5.0.0, 5.1.0, 5.2.0, 5.2.2, 5.2.4, 5.3.0, and 5.3.2 does not properly restrict the number of Path Computation Elements (PCEs) for OSPF LSA opaque area updates, which allows remote attackers to cause a denial of service (device reload) via a crafted update, aka Bug ID CSCuw83486.
4 CVE-2015-6429 19 DoS 2015-12-19 2015-12-21
5.0
None Remote Low Not required None None Partial
The IKEv1 state machine in Cisco IOS 15.4 through 15.6 and IOS XE 3.15 through 3.17 allows remote attackers to cause a denial of service (IPsec connection termination) via a crafted IKEv1 packet to a tunnel endpoint, aka Bug ID CSCuw08236.
5 CVE-2015-6428 200 +Info 2015-12-18 2015-12-18
5.0
None Remote Low Not required Partial None None
Cisco DPQ3925 devices with EDVA r1 Base allow remote attackers to obtain sensitive information via a crafted HTTP request, aka Bug ID CSCuv03958.
6 CVE-2015-6427 254 Bypass 2015-12-18 2015-12-18
5.0
None Remote Low Not required None Partial None
Cisco FireSIGHT Management Center allows remote attackers to bypass the HTTP attack detection feature and avoid triggering Snort IDS rules via an SSL session that is mishandled after decryption, aka Bug ID CSCux53437.
7 CVE-2015-6425 399 DoS 2015-12-16 2015-12-17
5.0
None Remote Low Not required None None Partial
The WebApplications Identity Management subsystem in Cisco Unified Communications Manager 10.5(0.98000.88) allows remote attackers to cause a denial of service (subsystem outage) via invalid session tokens, aka Bug ID CSCul83786.
8 CVE-2015-6411 200 +Info 2015-12-15 2015-12-15
5.0
None Remote Low Not required Partial None None
Cisco FirePOWER Management Center 5.4.1.3, 6.0.0, and 6.0.1 provides verbose responses to requests for help files, which allows remote attackers to obtain potentially sensitive version information by reading an unspecified field, aka Bug ID CSCux37061.
9 CVE-2015-6388 2015-12-04 2015-12-07
5.0
None Remote Low Not required None Partial None
Cisco Unified Computing System (UCS) Central software 1.3(0.1) allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted request, aka Bug ID CSCux33575.
10 CVE-2015-6386 399 DoS 2015-12-01 2015-12-01
5.0
None Remote Low Not required None None Partial
The passthrough FTP feature on Cisco Web Security Appliance (WSA) devices with software 8.0.7-142 and 8.5.1-021 allows remote attackers to cause a denial of service (CPU consumption) via FTP sessions in which the control connection is ended after data transfer, aka Bug ID CSCut94150.
11 CVE-2015-6382 399 DoS 2015-11-25 2015-11-27
5.0
None Remote Low Not required None None Partial
Cisco ASR 5000 devices with software 16.0(900) allow remote attackers to cause a denial of service (telnetd process restart) via a TELNET connection, aka Bug ID CSCuv25815.
12 CVE-2015-6368 200 +Info 2015-11-18 2015-11-19
5.0
None Remote Low Not required Partial None None
Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote attackers to read files via a crafted HTTP request, aka Bug ID CSCux10608.
13 CVE-2015-6366 284 Bypass 2015-11-12 2015-11-13
5.0
None Remote Low Not required None Partial None
Cisco IOS 15.2(04)M6 and 15.4(03)S lets physical-interface ACLs supersede tunnel-interface ACLs, which allows remote attackers to bypass intended network-traffic restrictions in opportunistic circumstances by using a tunnel, aka Bug ID CSCur01042.
14 CVE-2015-6364 200 +Info 2015-11-13 2015-11-16
5.0
None Remote Low Not required Partial None None
Cisco Content Delivery System Manager Software 3.2 on Videoscape Distribution Suite Service Manager allows remote attackers to obtain sensitive information via crafted URLs in REST API requests, aka Bug ID CSCuv86960.
15 CVE-2015-6355 200 +Info 2015-11-03 2015-11-12
5.0
None Remote Low Not required Partial None None
The web interface in Cisco Unified Computing System (UCS) 2.2(5b)A on blade servers allows remote attackers to obtain potentially sensitive version information by visiting an unspecified URL, aka Bug ID CSCuw87226.
16 CVE-2015-6351 20 DoS 2015-10-30 2015-10-30
5.0
None Remote Low Not required None None Partial
Cisco ASR 5500 System Architecture Evolution (SAE) Gateway devices with software 19.1.0.61559 and 19.2.0 allow remote attackers to cause a denial of service (BGP process restart) via a crafted header in a BGP packet, aka Bug ID CSCuw65781.
17 CVE-2015-6343 399 DoS 2015-10-31 2015-11-02
5.0
None Remote Low Not required None None Partial
The SIP implementation in Cisco IOS 15.5(3)M on Cisco Unified Border Element (CUBE) devices allows remote attackers to cause a denial of service via crafted SIP messages, aka Bug ID CSCuv79202.
18 CVE-2015-6341 264 DoS 2015-10-24 2015-10-26
5.0
None Remote Low Not required None None Partial
The Web Management GUI on Cisco Wireless LAN Controller (WLC) devices with software 7.4(140.0) and 8.0(120.0) allows remote attackers to cause a denial of service (client disconnection) via unspecified vectors, aka Bug ID CSCuw10610.
19 CVE-2015-6340 119 DoS Overflow 2015-10-26 2015-10-27
5.0
None Remote Low Not required None None Partial
The Proxy Mobile IPv6 (PMIPv6) component in the CDMA implementation on Cisco ASR 5000 devices with software 19.0.M0.60737 allows remote attackers to cause a denial of service (hamgr process restart) via a crafted header in a PMIPv6 packet, aka Bug ID CSCuv63280.
20 CVE-2015-6332 399 DoS 2015-10-12 2015-10-13
5.0
None Remote Low Not required None None Partial
Cisco Prime Infrastructure 2.2 allows remote attackers to cause a denial of service (daemon hang) by sending many SSL renegotiation requests, aka Bug ID CSCuv56830.
21 CVE-2015-6310 399 DoS 2015-10-08 2015-10-09
5.0
None Remote Low Not required None None Partial
The REST interface in Cisco Unified Communications Manager IM and Presence Service 11.5(1) allows remote attackers to cause a denial of service (SIP proxy service restart) via a crafted HTTP request, aka Bug ID CSCuw31632.
22 CVE-2015-6302 399 2015-09-25 2015-09-28
5.0
None Remote Low Not required None None Partial
The RADIUS functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.0(250.0) and 7.0(252.0) allows remote attackers to disconnect arbitrary sessions via crafted Disconnect-Request UDP packets, aka Bug ID CSCuw29419.
23 CVE-2015-6301 399 DoS 2015-09-20 2015-09-21
5.0
None Remote Low Not required None None Partial
The DHCPv6 server in Cisco IOS on ASR 9000 devices with software 5.2.0 Base allows remote attackers to cause a denial of service (process reset) via crafted packets, aka Bug ID CSCun72171.
24 CVE-2015-6297 399 DoS 2015-09-18 2015-09-21
5.0
None Remote Low Not required None None Partial
The DHCPv6 server in Cisco IOS on ASR 9000 devices with software 5.2.0 Base allows remote attackers to cause a denial of service (process reset) via crafted packets, aka Bug ID CSCun36525.
25 CVE-2015-6288 399 DoS 2015-09-13 2015-09-14
5.0
None Remote Low Not required None None Partial
Cisco Content Security Management Appliance (SMA) 7.8.0-000 does not properly validate credentials, which allows remote attackers to cause a denial of service (rapid log-file rollover and application fault) via crafted HTTP requests, aka Bug ID CSCuw09620.
26 CVE-2015-6287 399 DoS 2015-09-13 2015-09-14
5.0
None Remote Low Not required None None Partial
Cisco Web Security Appliance (WSA) 8.0.6-078 and 8.0.6-115 allows remote attackers to cause a denial of service (service outage) via a flood of TCP traffic that leads to DNS resolution delays, aka Bug IDs CSCur32005 and CSCur07907.
27 CVE-2015-6286 399 DoS 2015-09-13 2015-09-14
5.7
None Local Network Medium Not required None None Complete
Cisco Application Visibility and Control (AVC) 15.3(3)JA, when FlexConnect is enabled, allows remote attackers to cause a denial of service (access-point outage) via a crafted UDP packet, aka Bug ID CSCuu47016.
28 CVE-2015-6276 200 +Info 2015-09-04 2015-09-08
5.0
None Remote Low Not required Partial None None
Cisco TelePresence IX5000 8.0.3 stores a private key associated with an X.509 certificate under the web root with insufficient access control, which allows remote attackers to obtain cleartext versions of HTTPS traffic or spoof devices via a direct request to the certificate directory, aka Bug ID CSCuu63501.
29 CVE-2015-6274 119 DoS Overflow 2015-09-02 2015-09-03
5.0
None Remote Low Not required None None Partial
The IPv4 implementation on Cisco ASR 1000 devices with software 15.5(3)S allows remote attackers to cause a denial of service (ESP QFP CPU consumption) by triggering packet fragmentation and reassembly, aka Bug ID CSCuv71273.
30 CVE-2015-6266 287 +Info 2015-08-28 2015-08-31
5.0
None Remote Low Not required Partial None None
The guest portal in Cisco Identity Services Engine (ISE) 3300 1.2(0.899) does not restrict access to uploaded HTML documents, which allows remote attackers to obtain sensitive information from customized documents via a direct request, aka Bug ID CSCuo78045.
31 CVE-2015-6258 20 2015-08-22 2015-08-24
5.0
None Remote Low Not required Partial None None
The Internet Access Point Protocol (IAPP) module on Cisco Wireless LAN Controller (WLC) devices with software 8.1(104.37) allows remote attackers to trigger incorrect traffic forwarding via crafted IPv6 packets, aka Bug ID CSCuv40033.
32 CVE-2015-6256 20 DoS 2015-08-22 2015-08-24
5.0
None Remote Low Not required None None Partial
Cisco ASR 5000 devices with software 19.0.M0.60828 allow remote attackers to cause a denial of service (OSPF process restart) via crafted length fields in headers of OSPF packets, aka Bug ID CSCuv62820.
33 CVE-2015-4322 264 2015-08-19 2015-08-20
5.5
None Remote Low Single system Partial Partial None
Cisco Content Security Management Appliance (SMA) 8.3.6-039, 9.1.0-31, and 9.1.0-103 improperly restricts the privileges available after LDAP authentication, which allows remote authenticated users to read or write to an arbitrary user's Spam Quarantine folder by visiting a spam-notification URL, aka Bug ID CSCuv65894.
34 CVE-2015-4321 20 Bypass 2015-08-20 2015-08-21
5.0
None Remote Low Not required Partial None None
The Unicast Reverse Path Forwarding (uRPF) implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(1.50), 9.3(2.100), 9.3(3), and 9.4(1) mishandles cases where an IP address belongs to an internal interface but is also in the ASA routing table, which allows remote attackers to bypass uRPF validation via spoofed packets, aka Bug ID CSCuv60724.
35 CVE-2015-4319 255 2015-08-20 2015-08-20
5.5
None Remote Low Single system None Partial Partial
The password-change feature in the administrative web interface in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 improperly performs authorization, which allows remote authenticated users to reset arbitrary active-user passwords via unspecified vectors, aka Bug ID CSCuv12338.
36 CVE-2015-4318 399 DoS 2015-08-20 2015-08-20
5.0
None Remote Low Not required None None Partial
Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote attackers to cause a denial of service via invalid variables in a GET request, aka Bug ID CSCuv40528.
37 CVE-2015-4317 399 DoS 2015-08-19 2015-08-20
5.0
None Remote Low Not required None None Partial
Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote attackers to cause a denial of service via invalid variables in an authentication packet, aka Bug ID CSCuv40469.
38 CVE-2015-4316 20 2015-08-20 2015-08-20
5.5
None Remote Low Single system Partial None Partial
The Mobile and Remote Access (MRA) endpoint-validation feature in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 improperly validates the phone line used for registration, which allows remote authenticated users to conduct impersonation attacks via a crafted registration, aka Bug ID CSCuv40396.
39 CVE-2015-4315 20 DoS 2015-08-19 2015-08-20
5.5
None Remote Low Single system Partial None Partial
The Call Policy Configuration page in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.3 improperly validates external DTDs, which allows remote authenticated users to read arbitrary files or cause a denial of service via a crafted XML document, aka Bug ID CSCuv31853.
40 CVE-2015-4299 284 2015-08-19 2015-08-20
5.5
None Remote Low Single system None Partial Partial
Cisco Unified Web and E-Mail Interaction Manager 9.0(2) improperly performs authorization, which allows remote authenticated users to remove default messaging-queue system folders via unspecified vectors, aka Bug ID CSCuo89046.
41 CVE-2015-4297 2015-08-19 2015-08-20
5.8
None Remote Medium Not required Partial Partial None
Open redirect vulnerability in Cisco WebEx Node for Media Convergence Server (MCS) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted HTTP request parameters, aka Bug ID CSCuv32136.
42 CVE-2015-4296 399 DoS 2015-08-19 2015-08-20
5.0
None Remote Low Not required None None Partial
Nexus Data Broker (NDB) on Cisco Nexus 3000 devices with software 6.0(2)A6(1) allows remote attackers to cause a denial of service (Java process restart) via crafted connections to the Java application, aka Bug ID CSCut87006.
43 CVE-2015-4293 399 DoS 2015-07-30 2015-08-21
5.0
None Remote Low Not required None None Partial
The packet-reassembly implementation in Cisco IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (CPU consumption or packet loss) via fragmented (1) IPv4 or (2) IPv6 packets that trigger ATTN-3-SYNC_TIMEOUT errors after reassembly failures, aka Bug ID CSCuo37957.
44 CVE-2015-4287 264 Bypass +Info 2015-07-28 2015-07-29
5.0
None Remote Low Not required Partial None None
Cisco Firepower Extensible Operating System 1.1(1.86) on Firepower 9000 devices allows remote attackers to bypass intended access restrictions and obtain sensitive device information by visiting an unspecified web page, aka Bug ID CSCuu82230.
45 CVE-2015-4286 20 2015-07-29 2015-09-03
5.0
None Remote Low Not required Partial None None
The web framework in Cisco UCS Central Software 1.3(0.99) allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuu41377.
46 CVE-2015-4285 399 DoS 2015-07-23 2015-09-03
5.0
None Remote Low Not required None None Partial
The Local Packet Transport Services (LPTS) implementation in Cisco IOS XR 5.1.2, 5.1.3, 5.2.1, and 5.2.2 on ASR9k devices makes incorrect decisions about the opening of TCP and UDP ports during the processing of flow base entries, which allows remote attackers to cause a denial of service (resource consumption) by sending traffic to these ports continuously, aka Bug ID CSCur88273.
47 CVE-2015-4284 20 DoS 2015-07-22 2015-07-22
5.0
None Remote Low Not required None None Partial
The Concurrent Data Management Replication process in Cisco IOS XR 5.3.0 on ASR 9000 devices allows remote attackers to cause a denial of service (BGP process reload) via malformed BGPv4 packets, aka Bug ID CSCur70670.
48 CVE-2015-4280 399 DoS 2015-07-18 2015-07-21
5.0
None Remote Low Not required None None Partial
Cisco Prime Collaboration Assurance 10.0 allows remote attackers to cause a denial of service (HTTP service outage) via a crafted HTTP request, aka Bug ID CSCum38844.
49 CVE-2015-4275 399 DoS 2015-07-16 2015-07-17
5.0
None Remote Low Not required None None Partial
The Packet Data Network Gateway (aka PGW) component on Cisco ASR 5000 devices with software 18.0.0.59167 and 18.0.0.59211 allows remote attackers to cause a denial of service via a malformed header in a GTPv2 packet, aka Bug ID CSCut11534.
50 CVE-2015-4273 20 DoS 2015-07-15 2015-07-17
5.0
None Remote Low Not required None None Partial
The Packet Data Network Gateway (aka PGW) component on Cisco ASR 5000 devices with software 15.0(912), 15.0(935), and 15.0(938) allows remote attackers to cause a denial of service (Session Manager outage) via malformed fields in an IP packet, aka Bug ID CSCut38476.
Total number of vulnerabilities : 542   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.