CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Cisco : Security Vulnerabilities (CVSS score between 7 and 7.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-3362 399 DoS 2014-09-11 2014-09-12
7.8
None Remote Low Not required None None Complete
Memory leak in Cisco TelePresence System Edge MXP Series Software F9.3.3 and earlier allows remote attackers to cause a denial of service (management outage) via multiple TELNET connections, aka Bug ID CSCuo63677.
2 CVE-2014-3353 399 DoS 2014-09-04 2014-09-13
7.1
None Remote Medium Not required None None Complete
Cisco IOS XR 4.3(.2) and earlier, as used in Cisco Carrier Routing System (CRS), allows remote attackers to cause a denial of service (CPU consumption and IPv6 packet drops) via a malformed IPv6 packet, aka Bug ID CSCuo95165.
3 CVE-2014-3327 20 DoS 2014-08-11 2014-08-12
7.8
None Remote Low Not required None None Complete
The EnergyWise module in Cisco IOS 12.2, 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.2.xXO, 3.3.xSG, 3.4.xSG, and 3.5.xE before 3.5.3E allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 packet, aka Bug ID CSCup52101.
4 CVE-2014-3300 264 2014-07-07 2014-07-07
7.5
None Remote Low Not required Partial Partial Partial
The BVSMWeb portal in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 10 does not properly implement access control, which allows remote attackers to modify user information via a crafted URL, aka Bug ID CSCum77041.
5 CVE-2014-3261 119 Exec Code Overflow 2014-05-25 2014-05-30
7.6
None Remote High Not required Complete Complete Complete
Buffer overflow in the Smart Call Home implementation in Cisco NX-OS on Fabric Interconnects in Cisco Unified Computing System 1.4 before 1.4(1i), NX-OS 5.0 before 5.0(3)U2(2) on Nexus 3000 devices, NX-OS 4.1 before 4.1(2)E1(1l) on Nexus 4000 devices, NX-OS 5.x before 5.1(3)N1(1) on Nexus 5000 devices, NX-OS 5.2 before 5.2(3a) on Nexus 7000 devices, and CG-OS CG4 before CG4(2) on Connected 1000 Connected Grid Routers allows remote SMTP servers to execute arbitrary code via a crafted reply, aka Bug IDs CSCtk00695, CSCts56633, CSCts56632, CSCts56628, CSCug14405, and CSCuf61322.
6 CVE-2014-2201 DoS 2014-05-25 2014-05-27
7.8
None Remote Low Not required None None Complete
The Message Transfer Service (MTS) in Cisco NX-OS before 6.2(7) on MDS 9000 devices and 6.0 before 6.0(2) on Nexus 7000 devices allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a large volume of crafted traffic, aka Bug ID CSCtw98915.
7 CVE-2014-2200 264 +Priv 2014-05-25 2014-05-27
7.1
None Remote High Single system Complete Complete Complete
Cisco NX-OS 5.0 before 5.0(5) on Nexus 7000 devices, when local authentication and multiple VDCs are enabled, allows remote authenticated users to gain privileges within an unintended VDC via an SSH session to a management interface, aka Bug ID CSCti11629.
8 CVE-2014-2176 DoS 2014-06-14 2014-06-26
7.1
None Remote Medium Not required None None Complete
Cisco IOS XR 4.1.2 through 5.1.1 on ASR 9000 devices, when a Trident-based line card is used, allows remote attackers to cause a denial of service (NP chip and line card reload) via malformed IPv6 packets, aka Bug ID CSCun71928.
9 CVE-2014-2175 20 DoS 2014-05-02 2014-05-02
7.8
None Remote Low Not required None None Complete
Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allow remote attackers to cause a denial of service (memory consumption) via crafted H.225 packets, aka Bug ID CSCtq78849.
10 CVE-2014-2173 264 +Priv 2014-05-02 2014-05-02
7.2
None Local Low Not required Complete Complete Complete
Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 do not properly restrict access to the serial port, which allows local users to gain privileges via unspecified commands, aka Bug ID CSCub67692.
11 CVE-2014-2168 119 Exec Code Overflow 2014-05-02 2014-05-02
7.6
None Remote High Not required Complete Complete Complete
Buffer overflow in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to execute arbitrary code via crafted DNS response packets, aka Bug ID CSCty44804.
12 CVE-2014-2167 20 DoS 2014-05-02 2014-05-02
7.8
None Remote Low Not required None None Complete
The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCua86589.
13 CVE-2014-2166 20 DoS 2014-05-02 2014-05-02
7.8
None Remote Low Not required None None Complete
The SIP implementation in Cisco TelePresence TC Software 4.x and TE Software 4.x allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCto70562.
14 CVE-2014-2165 20 DoS 2014-05-02 2014-05-02
7.8
None Remote Low Not required None None Complete
The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCtq72699.
15 CVE-2014-2164 20 DoS 2014-05-02 2014-05-02
7.8
None Remote Low Not required None None Complete
The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCuj94651.
16 CVE-2014-2163 20 DoS 2014-05-02 2014-05-02
7.8
None Remote Low Not required None None Complete
The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCua64961.
17 CVE-2014-2162 20 DoS 2014-05-02 2014-05-02
7.8
None Remote Low Not required None None Complete
The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCud29566.
18 CVE-2014-2161 20 DoS 2014-05-02 2014-05-02
7.8
None Remote Low Not required None None Complete
The H.225 subsystem in Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted packets, aka Bug ID CSCty45731.
19 CVE-2014-2160 20 DoS 2014-05-02 2014-05-02
7.8
None Remote Low Not required None None Complete
The H.225 subsystem in Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted packets, aka Bug ID CSCty45745.
20 CVE-2014-2159 20 DoS 2014-05-02 2014-05-02
7.8
None Remote Low Not required None None Complete
The H.225 subsystem in Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted packets, aka Bug ID CSCtq78722.
21 CVE-2014-2158 20 DoS 2014-05-02 2014-05-02
7.8
None Remote Low Not required None None Complete
Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCty45720.
22 CVE-2014-2157 20 DoS 2014-05-02 2014-05-02
7.1
None Remote Medium Not required None None Complete
Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCty45733.
23 CVE-2014-2156 20 DoS 2014-05-02 2014-05-02
7.1
None Remote Medium Not required None None Complete
Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCty45739.
24 CVE-2014-2132 119 DoS Overflow 2014-05-08 2014-05-08
7.8
None Remote Low Not required None None Complete
Cisco WebEx Recording Format (WRF) player and Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allow remote attackers to cause a denial of service (application crash) via a crafted (1) .wrf or (2) .arf file that triggers a buffer over-read, aka Bug ID CSCuh52768.
25 CVE-2014-2129 20 DoS 2014-04-10 2014-04-10
7.1
None Remote Medium Not required None None Complete
The SIP inspection engine in Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.48), 8.4 before 8.4(6.5), 9.0 before 9.0(3.1), and 9.1 before 9.1(2.5) allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted SIP packets, aka Bug ID CSCuh44052.
26 CVE-2014-2124 399 DoS 2014-03-20 2014-04-01
7.1
None Remote Medium Not required None None Complete
Cisco IOS 15.1(2)SY3 and earlier, when used with Supervisor Engine 2T (aka Sup2T) on Catalyst 6500 devices, allows remote attackers to cause a denial of service (device crash) via crafted multicast packets, aka Bug ID CSCuf60783.
27 CVE-2014-2113 20 DoS 2014-03-27 2014-03-28
7.8
None Remote Low Not required None None Complete
Cisco IOS 15.1 through 15.3 and IOS XE 3.3 and 3.5 before 3.5.2E; 3.7 before 3.7.5S; and 3.8, 3.9, and 3.10 before 3.10.2S allow remote attackers to cause a denial of service (I/O memory consumption and device reload) via a malformed IPv6 packet, aka Bug ID CSCui59540.
28 CVE-2014-2112 20 DoS 2014-03-27 2014-03-28
7.8
None Remote Low Not required None None Complete
The SSL VPN (aka WebVPN) feature in Cisco IOS 15.1 through 15.4 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP requests, aka Bug ID CSCuf51357.
29 CVE-2014-2111 20 DoS 2014-03-27 2014-03-28
7.1
None Remote Medium Not required None None Complete
The Application Layer Gateway (ALG) module in Cisco IOS 12.2 through 12.4 and 15.0 through 15.4, when NAT is used, allows remote attackers to cause a denial of service (device reload) via crafted DNS packets, aka Bug ID CSCue00996.
30 CVE-2014-2109 20 DoS 2014-03-27 2014-03-28
7.8
None Remote Low Not required None None Complete
The TCP Input module in Cisco IOS 12.2 through 12.4 and 15.0 through 15.4, when NAT is used, allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted TCP packets, aka Bug IDs CSCuh33843 and CSCuj41494.
31 CVE-2014-2108 20 DoS 2014-03-27 2014-03-28
7.8
None Remote Low Not required None None Complete
Cisco IOS 12.2 and 15.0 through 15.3 and IOS XE 3.2 through 3.7 before 3.7.5S and 3.8 through 3.10 before 3.10.1S allow remote attackers to cause a denial of service (device reload) via a malformed IKEv2 packet, aka Bug ID CSCui88426.
32 CVE-2014-2107 20 DoS 2014-03-27 2014-03-28
7.1
None Remote Medium Not required None None Complete
Cisco IOS 12.2 and 15.0 through 15.3, when used with the Kailash FPGA before 2.6 on RSP720-3C-10GE and RSP720-3CXL-10GE devices, allows remote attackers to cause a denial of service (route switch processor outage) via crafted IP packets, aka Bug ID CSCug84789.
33 CVE-2014-2106 20 DoS 2014-03-27 2014-03-28
7.8
None Remote Low Not required None None Complete
Cisco IOS 15.3M before 15.3(3)M2 and IOS XE 3.10.xS before 3.10.2S allow remote attackers to cause a denial of service (device reload) via crafted SIP messages, aka Bug ID CSCug45898.
34 CVE-2014-0734 89 Exec Code Sql 2014-02-20 2014-02-20
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Certificate Authority Proxy Function (CAPF) implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum46483.
35 CVE-2014-0729 89 Exec Code Sql 2014-02-13 2014-02-13
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Enterprise Mobility Application (EMApp) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05302.
36 CVE-2014-0728 89 Exec Code Sql 2014-02-13 2014-02-13
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Java database interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05313.
37 CVE-2014-0727 89 Exec Code Sql 2014-02-13 2014-02-13
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the CallManager Interactive Voice Response (CMIVR) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05318.
38 CVE-2014-0726 89 Exec Code Sql 2014-02-13 2014-02-13
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05326.
39 CVE-2014-0720 20 DoS 2014-02-22 2014-03-05
7.1
None Remote Medium Not required None None Complete
Cisco IPS Software 7.1 before 7.1(8)E4 and 7.2 before 7.2(2)E4 allows remote attackers to cause a denial of service (Analysis Engine process outage) via a flood of jumbo frames, aka Bug ID CSCuh94944.
40 CVE-2014-0719 264 DoS 2014-02-22 2014-03-05
7.8
None Remote Low Not required None None Complete
The control-plane access-list implementation in Cisco IPS Software before 7.1(8p2)E4 and 7.2 before 7.2(2)E4 allows remote attackers to cause a denial of service (MainApp process outage) via crafted packets to TCP port 7000, aka Bug ID CSCui67394.
41 CVE-2014-0718 20 DoS 2014-02-22 2014-03-05
7.1
None Remote Medium Not required None None Complete
The produce-verbose-alert feature in Cisco IPS Software 7.1 before 7.1(8)E4 and 7.2 before 7.2(2)E4 allows remote attackers to cause a denial of service (Analysis Engine process outage) via fragmented packets, aka Bug ID CSCui91266.
42 CVE-2014-0710 362 DoS 2014-02-22 2014-02-24
7.1
None Remote Medium Not required None None Complete
Race condition in the cut-through proxy feature in Cisco Firewall Services Module (FWSM) Software 3.x before 3.2(28) and 4.x before 4.1(15) allows remote attackers to cause a denial of service (device reload) via certain matching traffic, aka Bug ID CSCuj16824.
43 CVE-2014-0707 399 DoS 2014-03-06 2014-03-07
7.8
None Remote Low Not required None None Complete
Cisco Wireless LAN Controller (WLC) devices 7.2, 7.3, and 7.4 before 7.4.110.0 allow remote attackers to cause a denial of service (device restart) via a crafted 802.11 Ethernet frame, aka Bug ID CSCuf80681.
44 CVE-2014-0706 399 DoS 2014-03-06 2014-03-07
7.8
None Remote Low Not required None None Complete
Cisco Wireless LAN Controller (WLC) devices 7.2 before 7.2.115.2, 7.3, and 7.4 before 7.4.110.0 allow remote attackers to cause a denial of service (device restart) via a crafted 802.11 Ethernet frame, aka Bug ID CSCue87929.
45 CVE-2014-0705 399 DoS 2014-03-06 2014-03-07
7.1
None Remote Medium Not required None None Complete
The multicast listener discovery (MLD) service on Cisco Wireless LAN Controller (WLC) devices 7.2, 7.3, 7.4 before 7.4.121.0, and 7.5, when MLDv2 Snooping is enabled, allows remote attackers to cause a denial of service (device restart) via a malformed IPv6 MLDv2 packet, aka Bug ID CSCuh74233.
46 CVE-2014-0704 399 DoS 2014-03-06 2014-03-07
7.1
None Remote Medium Not required None None Complete
The IGMP implementation on Cisco Wireless LAN Controller (WLC) devices 4.x, 5.x, 6.x, 7.0 before 7.0.250.0, 7.1, 7.2, and 7.3, when IGMPv3 Snooping is enabled, allows remote attackers to cause a denial of service (memory over-read and device restart) via a crafted field in an IGMPv3 message, aka Bug ID CSCuh33240.
47 CVE-2014-0701 399 DoS 2014-03-06 2014-03-07
7.8
None Remote Low Not required None None Complete
Cisco Wireless LAN Controller (WLC) devices 7.0 before 7.0.250.0, 7.2, 7.3, and 7.4 before 7.4.110.0 do not properly deallocate memory, which allows remote attackers to cause a denial of service (reboot) by sending WebAuth login requests at a high rate, aka Bug ID CSCuf52361.
48 CVE-2014-0662 20 DoS 2014-01-22 2014-01-31
7.1
None Remote Medium Not required None None Complete
The SIP module in Cisco TelePresence Video Communication Server (VCS) before 8.1 allows remote attackers to cause a denial of service (process failure) via a crafted SDP message, aka Bug ID CSCue97632.
49 CVE-2014-0660 20 DoS 2014-01-22 2014-01-31
7.1
None Remote Medium Not required None None Complete
Cisco TelePresence ISDN Gateway with software before 2.2(1.92) allows remote attackers to cause a denial of service (D-channel call outage) via a crafted Q.931 STATUS message, aka Bug ID CSCui50360.
50 CVE-2013-6704 399 DoS 2013-12-03 2014-01-13
7.1
None Remote Medium Not required None None Complete
Cisco IOS XE does not properly manage memory for TFTP UDP flows, which allows remote attackers to cause a denial of service (memory consumption) via TFTP (1) client or (2) server traffic, aka Bug IDs CSCuh09324 and CSCty42686.
Total number of vulnerabilities : 645   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.