CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Cisco : Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-2143 DoS 2014-04-04 2014-04-04
5.0
None Remote Low Not required None None Partial
The IKE implementation in Cisco IOS 15.4(1)T and earlier and IOS XE allows remote attackers to cause a denial of service (security-association drop) via crafted Main Mode packets, aka Bug ID CSCun31021.
2 CVE-2014-2142 DoS 2014-04-12 2014-04-14
5.0
None Remote Low Not required None None Partial
Cisco ONS 15454 controller cards with software 10.0 and earlier allow remote attackers to cause a denial of service (card reload) via a crafted HTTP URI, aka Bug ID CSCun06870.
3 CVE-2014-2140 DoS 2014-04-12 2014-04-14
5.0
None Remote Low Not required None None Partial
Cisco ONS 15454 controller cards with software 9.6 and earlier allow remote attackers to cause a denial of service (card reset) via a TCP FIN attack that triggers file-descriptor exhaustion and a failure to open a CAL pipe, aka Bug ID CSCug97348.
4 CVE-2014-2139 DoS 2014-04-12 2014-04-14
5.0
None Remote Low Not required None None Partial
Cisco ONS 15454 controller cards with software 9.6 and earlier allow remote attackers to cause a denial of service (flash write outage) via a TCP FIN attack that triggers file-descriptor exhaustion, aka Bug ID CSCug97315.
5 CVE-2014-2128 287 Bypass 2014-04-10 2014-04-10
5.0
None Remote Low Not required Partial None None
The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.47, 8.3 before 8.3(2.40), 8.4 before 8.4(7.3), 8.6 before 8.6(1.13), 9.0 before 9.0(3.8), and 9.1 before 9.1(3.2) allows remote attackers to bypass authentication via (1) a crafted cookie value within modified HTTP POST data or (2) a crafted URL, aka Bug ID CSCua85555.
6 CVE-2014-2122 20 DoS 2014-03-18 2014-04-01
5.0
None Remote Low Not required None None Partial
Memory leak in the GUI in the Impact server in Cisco Hosted Collaboration Solution (HCS) allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, aka Bug ID CSCub58999.
7 CVE-2014-2121 20 DoS 2014-03-18 2014-04-01
5.0
None Remote Low Not required None None Partial
The Java-based software in Cisco Hosted Collaboration Solution (HCS) allows remote attackers to cause a denial of service (closing of TCP ports) via unspecified vectors, aka Bug IDs CSCug77633, CSCug77667, CSCug78266, CSCug82795, and CSCuh58643.
8 CVE-2014-0743 287 Bypass 2014-02-26 2014-03-10
5.0
None Remote Low Not required None Partial None
The Certificate Authority Proxy Function (CAPF) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and modify registered-device information via crafted data, aka Bug ID CSCum95468.
9 CVE-2014-0733 287 2014-02-20 2014-02-20
5.0
None Remote Low Not required Partial None None
The Enterprise License Manager (ELM) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read ELM files via a direct request to a URL, aka Bug ID CSCum46494.
10 CVE-2014-0732 287 2014-02-20 2014-02-20
5.0
None Remote Low Not required Partial None None
The Real Time Monitoring Tool (RTMT) web application in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read application files via a direct request to a URL, aka Bug ID CSCum46495.
11 CVE-2014-0731 264 Bypass 2014-02-22 2014-03-05
5.0
None Remote Low Not required Partial None None
The administration interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and read Java class files via a direct request, aka Bug ID CSCum46497.
12 CVE-2014-0725 287 +Info 2014-02-13 2014-02-13
5.0
None Remote Low Not required Partial None None
Cisco Unified Communications Manager (UCM) does not require authentication for reading WAR files, which allows remote attackers to obtain sensitive information via unspecified access to a "file storage location," aka Bug ID CSCum05337.
13 CVE-2014-0722 287 DoS 2014-02-13 2014-02-13
5.0
None Remote Low Not required None None Partial
The log4jinit web application in Cisco Unified Communications Manager (UCM) does not properly validate authentication, which allows remote attackers to cause a denial of service (performance degradation) via unspecified use of this application, aka Bug ID CSCum05347.
14 CVE-2014-0708 200 +Info 2014-03-20 2014-03-24
5.0
None Remote Low Not required Partial None None
WebEx Meeting Center in Cisco WebEx Business Suite does not properly compose URLs for HTTP GET requests, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) a browser's history, aka Bug ID CSCul98272.
15 CVE-2014-0694 255 2014-03-14 2014-03-14
5.0
None Remote Low Not required Partial None None
Intelligent Automation for Cloud (IAC) in Cisco Cloud Portal 9.4.1 and earlier includes a cryptographic key in binary files, which makes it easier for remote attackers to obtain cleartext data from an arbitrary IAC installation by leveraging knowledge of this key, aka Bug IDs CSCui34764, CSCui34772, CSCui34776, CSCui34798, CSCui34800, CSCui34805, CSCui34809, CSCui34810, CSCui34813, CSCui34814, and CSCui34818.
16 CVE-2014-0678 264 +Priv 2014-01-25 2014-02-06
5.5
None Remote Low Single system Partial Partial None
The portal interface in Cisco Secure Access Control System (ACS) does not properly manage sessions, which allows remote authenticated users to hijack sessions and gain privileges via unspecified vectors, aka Bug ID CSCue65951.
17 CVE-2014-0677 20 DoS 2014-01-22 2014-01-31
5.0
None Remote Low Not required None None Partial
The Label Distribution Protocol (LDP) functionality in Cisco NX-OS allows remote attackers to cause a denial of service (temporary LDP session outage) via LDP discovery traffic containing malformed Hello messages, aka Bug ID CSCul88851.
18 CVE-2014-0671 20 2014-01-22 2014-01-31
5.8
None Remote Medium Not required Partial Partial None
Open redirect vulnerability in Cisco MediaSense allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter, aka Bug ID CSCum16749.
19 CVE-2014-0669 264 Bypass 2014-01-22 2014-01-31
5.0
None Remote Low Not required None Partial None
The Wireless Session Protocol (WSP) feature in the Gateway GPRS Support Node (GGSN) component on Cisco ASR 5000 series devices allows remote attackers to bypass intended Top-Up payment restrictions via unspecified WSP packets, aka Bug ID CSCuh28371.
20 CVE-2014-0658 20 DoS 2014-01-10 2014-01-17
5.4
None Remote High Not required None None Complete
Cisco 9900 Unified IP phones allow remote attackers to cause a denial of service (unregistration) via a crafted SIP header, aka Bug ID CSCul24898.
21 CVE-2013-7030 310 1 +Info 2013-12-12 2013-12-19
5.0
None Remote Low Not required Partial None None
** DISPUTED ** The TFTP service in Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to obtain sensitive information from a phone via an RRQ operation, as demonstrated by discovering a cleartext UseUserCredential field in an SPDefault.cnf.xml file. NOTE: the vendor reportedly disputes the significance of this report, stating that this is an expected default behavior, and that the product's documentation describes use of the TFTP Encrypted Config option in addressing this issue.
22 CVE-2013-6981 20 DoS 2013-12-27 2014-01-03
5.4
None Remote High Not required None None Complete
Cisco IOS XE 3.7S(.1) and earlier allows remote attackers to cause a denial of service (Packet Processor crash) via fragmented MPLS IP packets, aka Bug ID CSCul00709.
23 CVE-2013-6979 287 Bypass 2013-12-23 2014-01-03
5.4
None Remote High Not required Complete None None
The VTY authentication implementation in Cisco IOS XE 03.02.xxSE and 03.03.xxSE incorrectly relies on the Linux-IOS internal-network configuration, which allows remote attackers to bypass authentication by leveraging access to a 192.168.x.2 source IP address, aka Bug ID CSCuj90227.
24 CVE-2013-6972 200 Bypass +Info 2013-12-14 2014-01-13
5.0
None Remote Low Not required Partial None None
Cisco WebEx Training Center allows remote attackers to discover session numbers, and bypass host approval for audio-conference attendance, by reading HTML source code, aka Bug ID CSCul57126.
25 CVE-2013-6971 20 2013-12-14 2014-01-13
5.8
None Remote Medium Not required Partial Partial None
Open redirect vulnerability in Cisco WebEx Training Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul57140.
26 CVE-2013-6970 200 +Info 2013-12-14 2013-12-16
5.0
None Remote Low Not required Partial None None
Cisco WebEx Meeting Center allows remote attackers to obtain sensitive information by reading verbose error messages within server responses, aka Bug ID CSCul35928.
27 CVE-2013-6968 200 +Info 2013-12-14 2014-01-13
5.0
None Remote Low Not required Partial None None
Cisco WebEx Training Center provides different error messages for registration attempts depending on whether the e-mail address exists, which allows remote attackers to enumerate attendees via a series of requests, aka Bug ID CSCul36003.
28 CVE-2013-6967 20 2013-12-14 2014-01-13
5.8
None Remote Medium Not required Partial Partial None
Open redirect vulnerability in the mobile-browser subsystem in Cisco WebEx Sales Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul36020.
29 CVE-2013-6966 20 2013-12-16 2014-01-13
5.8
None Remote Medium Not required Partial Partial None
Open redirect vulnerability in Cisco WebEx Training Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul36031.
30 CVE-2013-6965 264 Bypass 2013-12-14 2014-01-13
5.0
None Remote Low Not required Partial None None
The registration component in Cisco WebEx Training Center provides the training-session URL before e-mail confirmation is completed, which allows remote attackers to bypass intended access restrictions and join an audio conference by entering credential fields from this URL, aka Bug ID CSCul36183.
31 CVE-2013-6959 20 2013-12-14 2014-01-13
5.8
None Remote Medium Not required Partial Partial None
Open redirect vulnerability in Cisco WebEx Sales Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul25557.
32 CVE-2013-6709 200 Bypass +Info 2013-12-14 2014-01-13
5.0
None Remote Low Not required Partial None None
The registration component in Cisco WebEx Training Center provides the training-session URL before payment is completed, which allows remote attackers to bypass intended access restrictions and join an audio conference by entering credential fields from this URL, aka Bug ID CSCul57111.
33 CVE-2013-6708 264 2013-12-10 2013-12-13
5.0
None Remote Low Not required Partial None None
Cisco Cloud Portal 9.4 allows remote attackers to read files of unspecified types via a direct request, aka Bug IDs CSCuj08426 and CSCui60889.
34 CVE-2013-6706 20 DoS 2013-11-28 2013-12-13
5.4
None Remote High Not required None None Complete
The Cisco Express Forwarding processing module in Cisco IOS XE allows remote attackers to cause a denial of service (device reload) via crafted MPLS packets that are not properly handled during IP header validation, aka Bug ID CSCuj23992.
35 CVE-2013-6701 20 DoS 2013-12-18 2014-01-13
5.0
None Remote Low Not required None None Partial
The tNetTaskLimit process on the Transport Node Controller (TNC) on Cisco ONS 15454 devices with software 9.6 and earlier does not properly prioritize health pings, which allows remote attackers to cause a denial of service (watchdog timeout and TNC reset) via a flood of network traffic, aka Bug ID CSCud97155.
36 CVE-2013-6700 20 DoS 2013-11-28 2013-11-29
5.0
None Remote Low Not required None None Partial
The SNMP module in Cisco IOS XR allows remote attackers to cause a denial of service (process reload) via a request for an unspecified MIB, aka Bug ID CSCuh43144.
37 CVE-2013-6699 119 DoS Overflow 2013-11-22 2014-02-27
5.0
None Remote Low Not required None None Partial
The Control and Provisioning of Wireless Access Points (CAPWAP) protocol implementation on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service via a crafted CAPWAP packet that triggers a buffer over-read, aka Bug ID CSCuh81880.
38 CVE-2013-6693 119 DoS Overflow 2013-11-21 2013-11-22
5.4
None Remote High Not required None None Complete
The MLDP implementation in Cisco IOS 15.3(3)S and earlier on 7600 routers, when many VRFs are configured, allows remote attackers to cause a denial of service (chunk corruption and device reload) by establishing many multicast flows, aka Bug ID CSCue22345.
39 CVE-2013-5566 119 DoS Overflow 2013-11-07 2013-11-14
5.0
None Remote Low Not required None None Partial
Cisco NX-OS 5.0 and earlier on MDS 9000 devices allows remote attackers to cause a denial of service (supervisor CPU consumption) via Authentication Header (AH) authentication in a Virtual Router Redundancy Protocol (VRRP) frame, aka Bug ID CSCte27874.
40 CVE-2013-5564 119 DoS Overflow 2013-11-04 2013-11-06
5.0
None Remote Low Not required None None Partial
The Java process in the Impact server in Cisco Prime Central for Hosted Collaboration Solution (HCS) allows remote attackers to cause a denial of service (process crash) via a flood of TCP packets, aka Bug ID CSCug57345.
41 CVE-2013-5562 119 DoS Overflow 2013-11-06 2013-11-06
5.0
None Remote Low Not required None None Partial
The ITM web server in Cisco Prime Central for Hosted Collaboration Solution (HCS) allows remote attackers to cause a denial of service (temporary HTTP service outage) via a flood of TCP packets, aka Bug ID CSCuh36313.
42 CVE-2013-5561 20 Bypass 2013-11-04 2013-11-15
5.0
None Remote Low Not required Partial None None
The Safe Search enforcement feature in Cisco Adaptive Security Appliance (ASA) CX Context-Aware Security Software does not properly perform filtering, which allows remote attackers to bypass intended policy restrictions via unspecified vectors, aka Bug ID CSCui94622.
43 CVE-2013-5560 20 DoS 2013-11-13 2013-11-14
5.4
None Remote High Not required None None Complete
The IPv6 implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1.3 and earlier, when NAT64 or NAT66 is enabled, does not properly process NAT rules, which allows remote attackers to cause a denial of service (device reload) via crafted packets, aka Bug ID CSCue34342.
44 CVE-2013-5544 399 DoS 2013-10-22 2013-10-22
5.4
None Remote High Not required None None Complete
The VPN authentication functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to cause a denial of service (device reload) by sending many username-from-cert IKE requests, aka Bug ID CSCua91108.
45 CVE-2013-5538 264 2013-10-16 2013-10-16
5.0
None Remote Low Not required Partial None None
The Sponsor Portal in Cisco Identity Services Engine (ISE) uses weak permissions for uploaded files, which allows remote attackers to read arbitrary files via a direct request, aka Bug ID CSCui67506.
46 CVE-2013-5536 20 DoS 2013-10-24 2013-10-24
5.0
None Remote Low Not required None None Partial
Cisco Secure Access Control System (ACS) does not properly implement an incoming-packet firewall rule, which allows remote attackers to cause a denial of service (process crash) via a flood of crafted packets, aka Bug ID CSCui51521.
47 CVE-2013-5532 20 DoS Overflow 2013-10-10 2013-10-23
5.0
None Remote Low Not required None None Partial
Buffer overflow in the web-application interface on Cisco 9900 IP phones allows remote attackers to cause a denial of service (webapp interface outage) via long values in unspecified fields, aka Bug ID CSCuh10343.
48 CVE-2013-5531 287 Bypass 2013-10-24 2013-10-25
5.0
None Remote Low Not required Partial None None
Cisco Identity Services Engine (ISE) 1.x before 1.1.1 allows remote attackers to bypass authentication, and read support-bundle configuration and credentials data, via a crafted session on TCP port 443, aka Bug ID CSCty20405.
49 CVE-2013-5527 20 DoS 2013-10-10 2013-10-23
5.7
None Local Network Medium Not required None None Complete
The OSPF functionality in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (device reload) via crafted options in an LSA type 11 packet, aka Bug ID CSCui21030.
50 CVE-2013-5521 264 DoS 2013-10-24 2013-10-25
5.0
None Remote Low Not required None None Partial
Cisco Identity Services Engine does not properly restrict the creation of guest accounts, which allows remote attackers to cause a denial of service (exhaustion of the account supply) via a series of requests within one session, aka Bug ID CSCue94287.
Total number of vulnerabilities : 365   Page : 1 (This Page)2 3 4 5 6 7 8
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.