CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Cisco : Security Vulnerabilities (CVSS score between 7 and 7.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-6369 264 +Priv 2016-08-25 2016-08-26
7.2
None Local Low Not required Complete Complete Complete
Cisco AnyConnect Secure Mobility Client before 4.2.05015 and 4.3.x before 4.3.02039 mishandles pathnames, which allows local users to gain privileges via a crafted INF file, aka Bug ID CSCuz92464.
2 CVE-2016-6362 264 +Priv 2016-08-22 2016-08-22
7.2
None Local Low Not required Complete Complete Complete
Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.110.0, 8.2.12x before 8.2.121.0, and 8.3.x before 8.3.102.0 allow local users to gain privileges via crafted CLI parameters, aka Bug ID CSCuz24725.
3 CVE-2016-6355 399 DoS 2016-08-22 2016-08-23
7.8
None Remote Low Not required None None Complete
Memory leak in Cisco IOS XR 5.1.x through 5.1.3, 5.2.x through 5.2.5, and 5.3.x through 5.3.2 on ASR 9001 devices allows remote attackers to cause a denial of service (control-plane protocol outage) via crafted fragmented packets, aka Bug ID CSCux26791.
4 CVE-2016-4349 +Priv 2016-04-28 2016-05-03
7.2
None Local Low Not required Complete Complete Complete
Untrusted search path vulnerability in Cisco WebEx Productivity Tools 2.40.5001.10012 allows local users to gain privileges via a Trojan horse cryptsp.dll, dwmapi.dll, msimg32.dll, ntmarta.dll, propsys.dll, riched20.dll, rpcrtremote.dll, secur32.dll, sxs.dll, or uxtheme.dll file in the current working directory, aka Bug ID CSCuy56140.
5 CVE-2016-1479 20 DoS Mem. Corr. 2016-08-22 2016-08-22
7.8
None Remote Low Not required None None Complete
Cisco IP Phone 8800 devices with software 11.0(1) allow remote attackers to cause a denial of service (memory corruption) via a crafted HTTP request, aka Bug ID CSCuz03038.
6 CVE-2016-1478 20 DoS 2016-08-07 2016-08-11
7.8
None Remote Low Not required None None Complete
Cisco IOS 15.5(3)S3, 15.6(1)S2, 15.6(2)S1, and 15.6(2)T1 does not properly dequeue invalid NTP packets, which allows remote attackers to cause a denial of service (interface wedge) by sending many crafted NTP packets, aka Bug ID CSCva35619.
7 CVE-2016-1466 399 DoS 2016-08-07 2016-08-11
7.8
None Remote Low Not required None None Complete
Cisco Unified Communications Manager IM and Presence Service 9.1(1) SU6, 9.1(1) SU6a, 9.1(1) SU7, 10.5(2) SU2, 10.5(2) SU2a, 11.0(1) SU1, and 11.5(1) allows remote attackers to cause a denial of service (sipd process restart) via crafted headers in a SIP packet, aka Bug ID CSCva39072.
8 CVE-2016-1456 264 Exec Code 2016-07-15 2016-07-18
7.2
None Local Low Not required Complete Complete Complete
The CLI in Cisco IOS XR 6.x through 6.0.1 allows local users to execute arbitrary OS commands in a privileged context by leveraging unspecified container access, aka Bug ID CSCuz62721.
9 CVE-2016-1429 22 Dir. Trav. 2016-08-07 2016-08-11
7.8
None Remote Low Not required Complete None None
Directory traversal vulnerability in the web interface on Cisco RV180 and RV180W devices allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuz43023.
10 CVE-2016-1426 399 DoS 2016-07-15 2016-07-18
7.8
None Remote Low Not required None None Complete
Cisco IOS XR 5.x through 5.2.5 on NCS 6000 devices allows remote attackers to cause a denial of service (timer consumption and Route Processor reload) via crafted SSH traffic, aka Bug ID CSCux76819.
11 CVE-2016-1420 2016-06-09 2016-06-10
7.2
None Local Low Not required Complete Complete Complete
The installation component on Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.3(2f) mishandles binary files, which allows local users to obtain root access via unspecified vectors, aka Bug ID CSCuz72347.
12 CVE-2016-1418 20 2016-06-08 2016-06-15
7.2
None Local Low Not required Complete Complete Complete
Cisco Aironet Access Point Software 8.2(100.0) on 1830e, 1830i, 1850e, 1850i, 2800, and 3800 access points allows local users to obtain Linux root access via crafted CLI command parameters, aka Bug ID CSCuy64037.
13 CVE-2016-1403 20 Exec Code +Priv 2016-06-04 2016-06-07
7.2
None Local Low Not required Complete Complete Complete
CISCO IP 8800 phones with software 11.0.1 and earlier allow local users to gain privileges for OS command execution via crafted CLI commands, aka Bug ID CSCuz03005.
14 CVE-2016-1394 264 2016-07-02 2016-07-05
7.5
None Remote Low Not required Partial Partial Partial
Cisco Firepower System Software 6.0.0 through 6.1.0 has a hardcoded account, which allows remote attackers to obtain CLI access by leveraging knowledge of the password, aka Bug ID CSCuz56238.
15 CVE-2016-1390 20 2016-06-03 2016-08-03
7.2
None Local Low Not required Complete Complete Complete
Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) allow local users to obtain root access via crafted CLI input, aka Bug ID CSCuy21892.
16 CVE-2016-1388 77 Exec Code 2016-06-02 2016-06-16
7.5
None Remote Low Not required Partial Partial Partial
Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) allow remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuy21882.
17 CVE-2016-1383 399 DoS 2016-05-24 2016-05-25
7.8
None Remote Low Not required None None Complete
Memory leak in Cisco AsyncOS through 8.8 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via an unspecified HTTP status code, aka Bug ID CSCur28305.
18 CVE-2016-1382 20 DoS 2016-05-24 2016-05-25
7.8
None Remote Low Not required None None Complete
Cisco AsyncOS before 8.5.3-069 and 8.6 through 8.8 on Web Security Appliance (WSA) devices mishandles memory allocation for HTTP requests, which allows remote attackers to cause a denial of service (proxy-process reload) via a crafted request, aka Bug ID CSCuu02529.
19 CVE-2016-1381 399 DoS 2016-05-24 2016-05-25
7.8
None Remote Low Not required None None Complete
Memory leak in Cisco AsyncOS 8.5 through 9.0 before 9.0.1-162 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via an HTTP file-range request for cached content, aka Bug ID CSCuw97270.
20 CVE-2016-1380 20 DoS 2016-05-24 2016-05-25
7.8
None Remote Low Not required None None Complete
Cisco AsyncOS 8.0 before 8.0.6-119 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (proxy-process hang) via a crafted HTTP POST request, aka Bug ID CSCuo12171.
21 CVE-2016-1369 399 DoS 2016-05-05 2016-05-09
7.8
None Remote Low Not required None None Complete
The Adaptive Security Appliance (ASA) 5585-X FirePOWER Security Services Processor (SSP) module for Cisco ASA with FirePOWER Services 5.3.1 through 6.0.0 misconfigures kernel logging, which allows remote attackers to cause a denial of service (resource consumption, and inspection outage or module outage) via a flood of crafted IP traffic, aka Bug ID CSCux19922.
22 CVE-2016-1368 399 DoS 2016-05-05 2016-05-09
7.8
None Remote Low Not required None None Complete
Cisco FirePOWER System Software 5.3.x through 5.3.0.6 and 5.4.x through 5.4.0.3 on FirePOWER 7000 and 8000 appliances, and on the Advanced Malware Protection (AMP) for Networks component on these appliances, allows remote attackers to cause a denial of service (packet-processing outage) via crafted packets, aka Bug ID CSCuu86214.
23 CVE-2016-1367 399 DoS 2016-04-21 2016-04-26
7.8
None Remote Low Not required None None Complete
The DHCPv6 relay implementation in Cisco Adaptive Security Appliance (ASA) Software 9.4.1 allows remote attackers to cause a denial of service (device reload) via crafted DHCPv6 packets, aka Bug ID CSCus23248.
24 CVE-2016-1364 20 DoS 2016-04-21 2016-04-26
7.8
None Remote Low Not required None None Complete
Cisco Wireless LAN Controller (WLC) Software 7.4 before 7.4.130.0(MD) and 7.5, 7.6, and 8.0 before 8.0.110.0(ED) allows remote attackers to cause a denial of service (device reload) via crafted Bonjour traffic, aka Bug ID CSCur66908.
25 CVE-2016-1362 399 DoS 2016-04-21 2016-04-28
7.8
None Remote Low Not required None None Complete
Cisco AireOS 4.1 through 7.4.120.0, 7.5.x, and 7.6.100.0 on Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service (device reload) via a crafted HTTP request, aka Bug ID CSCun86747.
26 CVE-2016-1352 78 Exec Code 2016-04-13 2016-04-18
7.5
None Remote Low Not required Partial Partial Partial
Cisco Unified Computing System (UCS) Central Software 1.3(1b) and earlier allows remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuv33856.
27 CVE-2016-1351 20 DoS 2016-03-25 2016-03-28
7.8
None Remote Low Not required None None Complete
The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS 15.1 and 15.2 and NX-OS 4.1 through 6.2 allows remote attackers to cause a denial of service (device reload) via a crafted header in a packet, aka Bug ID CSCuu64279.
28 CVE-2016-1350 399 DoS 2016-03-25 2016-03-28
7.8
None Remote Low Not required None None Complete
Cisco IOS 15.3 and 15.4, Cisco IOS XE 3.8 through 3.11, and Cisco Unified Communications Manager allow remote attackers to cause a denial of service (device reload) via malformed SIP messages, aka Bug ID CSCuj23293.
29 CVE-2016-1349 399 DoS 2016-03-25 2016-03-28
7.8
None Remote Low Not required None None Complete
The Smart Install client implementation in Cisco IOS 12.2, 15.0, and 15.2 and IOS XE 3.2 through 3.7 allows remote attackers to cause a denial of service (device reload) via crafted image list parameters in a Smart Install packet, aka Bug ID CSCuv45410.
30 CVE-2016-1348 399 DoS 2016-03-25 2016-03-28
7.8
None Remote Low Not required None None Complete
Cisco IOS 15.0 through 15.5 and IOS XE 3.3 through 3.16 allow remote attackers to cause a denial of service (device reload) via a crafted DHCPv6 Relay message, aka Bug ID CSCus55821.
31 CVE-2016-1347 399 DoS 2016-03-24 2016-03-25
7.8
None Remote Low Not required None None Complete
The Wide Area Application Services (WAAS) Express implementation in Cisco IOS 15.1 through 15.5 allows remote attackers to cause a denial of service (device reload) via a crafted TCP segment, aka Bug ID CSCuq59708.
32 CVE-2016-1346 399 DoS 2016-04-06 2016-04-07
7.1
None Remote Medium Not required None None Complete
The kernel in Cisco TelePresence Server 3.0 through 4.2(4.18) on Mobility Services Engine (MSE) 8710 devices allows remote attackers to cause a denial of service (panic and reboot) via a crafted sequence of IPv6 packets, aka Bug ID CSCuu46673.
33 CVE-2016-1344 399 DoS 2016-03-25 2016-03-28
7.1
None Remote Medium Not required None None Complete
The IKEv2 implementation in Cisco IOS 15.0 through 15.6 and IOS XE 3.3 through 3.17 allows remote attackers to cause a denial of service (device reload) via fragmented packets, aka Bug ID CSCux38417.
34 CVE-2016-1340 119 Overflow +Priv 2016-04-15 2016-07-29
7.2
None Local Low Not required Complete Complete Complete
Heap-based buffer overflow in Cisco Unified Computing System (UCS) Platform Emulator 2.5(2)TS4, 3.0(2c)A, and 3.0(2c)TS9 allows local users to gain privileges via crafted libclimeta.so filename arguments, aka Bug ID CSCux68837.
35 CVE-2016-1339 78 +Priv 2016-04-15 2016-07-29
7.2
None Local Low Not required Complete Complete Complete
Cisco Unified Computing System (UCS) Platform Emulator 2.5(2)TS4, 3.0(2c)A, and 3.0(2c)TS9 allows local users to gain privileges via crafted arguments on a ucspe-copy command line, aka Bug ID CSCux68832.
36 CVE-2016-1336 20 DoS 2016-07-03 2016-07-05
7.8
None Remote Low Not required None None Complete
goform/Docsis_system on Cisco EPC3928 devices allows remote attackers to cause a denial of service (device crash) via a long LanguageSelect parameter, related to a "Gateway HTTP Corruption Denial of Service" issue, aka Bug ID CSCuy28100.
37 CVE-2016-1335 264 +Priv 2016-02-19 2016-08-04
7.1
None Remote High Single system Complete Complete Complete
The SSH implementation in Cisco StarOS before 19.3.M0.62771 and 20.x before 20.0.M0.62768 on ASR 5000 devices mishandles a multi-user public-key authentication configuration, which allows remote authenticated users to gain privileges by establishing a connection from an endpoint that was previously used for an administrator's connection, aka Bug ID CSCux22492.
38 CVE-2016-1328 20 DoS 2016-07-03 2016-07-05
7.8
None Remote Low Not required None None Complete
goform/WClientMACList on Cisco EPC3928 devices allows remote attackers to cause a denial of service (device crash) via a long h_sortWireless parameter, related to a "Gateway Client List Denial of Service" issue, aka Bug ID CSCux24948.
39 CVE-2016-1326 399 DoS 2016-03-09 2016-03-14
7.8
None Remote Low Not required None None Complete
The administration interface on Cisco DPQ3925 devices with firmware r1 allows remote attackers to cause a denial of service (device restart) via a crafted HTTP request, aka Bug ID CSCup48105.
40 CVE-2016-1325 200 +Info 2016-03-09 2016-03-14
7.8
None Remote Low Not required Complete None None
The administration interface on Cisco DPC3939B and DPC3941 devices allows remote attackers to obtain sensitive information via a crafted HTTP request, aka Bug ID CSCus49506.
41 CVE-2016-1312 119 DoS Overflow 2016-03-09 2016-03-16
7.8
None Remote Low Not required None None Complete
The HTTPS inspection engine in the Content Security and Control Security Services Module (CSC-SSM) 6.6 before 6.6.1164.0 for Cisco ASA 5500 devices allows remote attackers to cause a denial of service (memory consumption or device reload) via a flood of HTTPS packets, aka Bug ID CSCue76147.
42 CVE-2016-1303 20 DoS 2016-01-30 2016-02-24
7.8
None Remote Low Not required None None Complete
The web GUI on Cisco Small Business 500 devices 1.2.0.92 allows remote attackers to cause a denial of service via a crafted HTTP request, aka Bug ID CSCul65330.
43 CVE-2015-7600 264 +Priv 2015-10-06 2015-10-07
7.2
None Local Low Not required Complete Complete Complete
Cisco VPN Client 5.x through 5.0.07.0440 uses weak permissions for vpnclient.ini, which allows local users to gain privileges by entering an arbitrary program name in the Command field of the ApplicationLauncher section.
44 CVE-2015-6426 20 Exec Code Bypass 2015-12-18 2015-12-18
7.2
None Local Low Not required Complete Complete Complete
Cisco Prime Network Services Controller 3.0 allows local users to bypass intended access restrictions and execute arbitrary commands via additional parameters to an unspecified command, aka Bug ID CSCus99427.
45 CVE-2015-6424 255 Bypass 2015-12-18 2015-12-18
7.2
None Local Low Not required Complete Complete Complete
The boot manager in Cisco Application Policy Infrastructure Controller (APIC) 1.1(0.920a) allows local users to bypass intended access restrictions and obtain single-user-mode root access via unspecified vectors, aka Bug ID CSCuu83985.
46 CVE-2015-6421 399 DoS 2016-01-27 2016-02-08
7.8
None Remote Low Not required None None Complete
cifs-ao in the CIFS optimization functionality on Cisco Wide Area Application Service (WAAS) and Virtual WAAS (vWAAS) devices 5.x before 5.3.5d and 5.4 and 5.5 before 5.5.3 allows remote attackers to cause a denial of service (resource consumption and device reload) via crafted network traffic, aka Bug ID CSCus85330.
47 CVE-2015-6415 399 DoS 2015-12-12 2015-12-14
7.1
None Remote Medium Not required None None Complete
Cisco Unified Computing System (UCS) 2.2(3f)A on Fabric Interconnect 6200 devices allows remote attackers to cause a denial of service (CPU consumption or device outage) via a SYN flood on the SSH port during the booting process, aka Bug ID CSCuu81757.
48 CVE-2015-6403 20 2015-12-15 2015-12-15
7.2
None Local Low Not required Complete Complete Complete
The TFTP implementation on Cisco Small Business SPA30x, SPA50x, SPA51x phones 7.5.7 improperly validates firmware-image file integrity, which allows local users to load a Trojan horse image by leveraging shell access, aka Bug ID CSCut67400.
49 CVE-2015-6401 287 Bypass 2015-12-13 2015-12-14
7.5
None Remote Low Not required Partial Partial Partial
Cisco EPC3928 devices with EDVA 5.5.10, 5.5.11, and 5.7.1 allow remote attackers to bypass an intended authentication requirement and execute unspecified administrative functions via a crafted HTTP request, aka Bug ID CSCux24941.
50 CVE-2015-6398 399 DoS 2016-02-07 2016-03-10
7.8
None Remote Low Not required None None Complete
Cisco Nexus 9000 Application Centric Infrastructure (ACI) Mode switches with software before 11.0(1c) allow remote attackers to cause a denial of service (device reload) via an IPv4 ICMP packet with the IP Record Route option, aka Bug ID CSCuq57512.
Total number of vulnerabilities : 830   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.