CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Cisco : Security Vulnerabilities (Execute Code)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2015-6435 78 Exec Code 2016-01-22 2016-01-25
10.0
None Remote Low Not required Complete Complete Complete
An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS) Manager before 2.2(4b), 2.2(5) before 2.2(5a), and 3.0 before 3.0(2e) allows remote attackers to execute arbitrary shell commands via a crafted HTTP request, aka Bug ID CSCur90888.
2 CVE-2015-6433 89 Exec Code Sql 2016-01-07 2016-01-08
4.0
None Remote Low Single system None Partial None
SQL injection vulnerability in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCut66767.
3 CVE-2015-6426 20 Exec Code Bypass 2015-12-18 2015-12-18
7.2
None Local Low Not required Complete Complete Complete
Cisco Prime Network Services Controller 3.0 allows local users to bypass intended access restrictions and execute arbitrary commands via additional parameters to an unspecified command, aka Bug ID CSCus99427.
4 CVE-2015-6385 20 Exec Code 2015-12-01 2015-12-01
7.2
None Local Low Not required Complete Complete Complete
The publish-event event-manager feature in Cisco IOS 15.5(2)S and 15.5(3)S on Cloud Services Router 1000V devices allows local users to execute arbitrary commands with root privileges by leveraging administrative access to enter crafted environment variables, aka Bug ID CSCux14943.
5 CVE-2015-6380 78 Exec Code 2015-11-23 2015-11-24
6.5
None Remote Low Single system Partial Partial Partial
An unspecified script in the web interface in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote authenticated users to execute arbitrary OS commands via crafted parameters, aka Bug ID CSCux10622.
6 CVE-2015-6370 78 Exec Code 2015-11-18 2015-11-19
7.2
None Local Low Not required Complete Complete Complete
The Management I/O (MIO) component in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows local users to execute arbitrary OS commands as root via crafted CLI input, aka Bug ID CSCux10578.
7 CVE-2015-6361 20 Exec Code 2015-12-12 2015-12-14
6.5
None Remote Low Single system Partial Partial Partial
The administrative web interface on Cisco DPC3939 (XB3) devices with firmware 121109aCMCST allows remote authenticated users to execute arbitrary commands via unspecified fields, aka Bug ID CSCuw86170.
8 CVE-2015-6357 20 Exec Code 2015-11-18 2015-11-18
6.8
None Remote Medium Not required Partial Partial Partial
The rule-update feature in Cisco FireSIGHT Management Center (MC) 5.2 through 5.4.0.1 does not verify the X.509 certificate of the support.sourcefire.com SSL server, which allows man-in-the-middle attackers to spoof this server and provide an invalid package, and consequently execute arbitrary code, via a crafted certificate, aka Bug ID CSCuw06444.
9 CVE-2015-6350 89 Exec Code Sql 2015-10-30 2015-10-30
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the web framework in Cisco Prime Service Catalog 11.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuw50843.
10 CVE-2015-6345 89 Exec Code Sql 2015-10-30 2015-10-30
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuw24700.
11 CVE-2015-6335 264 Exec Code Bypass 2015-10-24 2015-10-26
9.0
Admin Remote Low Single system Complete Complete Complete
The policy implementation in Cisco FireSIGHT Management Center 5.3.1.7, 5.4.0.4, and 6.0.0 for VMware allows remote authenticated administrators to bypass intended policy restrictions and execute Linux commands as root via unspecified vectors, aka Bug ID CSCuw12839.
12 CVE-2015-6331 89 Exec Code Sql 2015-10-12 2015-10-13
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the web framework in Cisco Prime Collaboration Assurance 10.5(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCus39887.
13 CVE-2015-6329 89 Exec Code Sql 2015-10-12 2015-10-13
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in Cisco Prime Collaboration Provisioning 10.6 and 11.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCut64074.
14 CVE-2015-6299 89 Exec Code Sql 2015-09-20 2015-09-24
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the web interface in Cisco Unity Connection 9.1(1.2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted POST request, aka Bug ID CSCuv63824.
15 CVE-2015-4330 78 Exec Code +Priv 2015-09-02 2015-09-03
6.9
None Local Medium Not required Complete Complete Complete
A local file script in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to gain privileges for OS command execution via invalid parameters, aka Bug ID CSCuv10556.
16 CVE-2015-4329 20 Exec Code 2015-08-20 2015-08-20
6.5
None Remote Low Single system Partial Partial Partial
The administrator web interface in Cisco TelePresence Video Communication Server (VCS) X8.5.2 allows remote authenticated users to execute arbitrary OS commands via crafted HTTP requests, aka Bug ID CSCuv11796.
17 CVE-2015-4328 20 Exec Code 2015-08-19 2015-08-20
4.0
None Remote Low Single system None Partial None
Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 improperly checks for a user account's read-only attribute, which allows remote authenticated users to execute arbitrary OS commands via crafted HTTP requests, as demonstrated by read or write operations on the Unified Communications lookup page, aka Bug ID CSCuv12552.
18 CVE-2015-4303 264 Exec Code 2015-08-20 2015-08-20
6.5
None Remote Low Single system Partial Partial Partial
Cisco TelePresence Video Communication Server (VCS) X8.5.2 allows remote authenticated users to execute arbitrary commands in the context of the nobody user account via an unspecified web-page parameter, aka Bug ID CSCuv12333.
19 CVE-2015-4276 20 Exec Code 2015-07-16 2015-07-17
6.5
None Remote Low Single system Partial Partial Partial
Cisco WebEx Meetings Server 2.5MR1 allows remote authenticated users to execute arbitrary code via a crafted command parameter, aka Bug ID CSCus56138.
20 CVE-2015-4244 78 Exec Code 2015-07-10 2015-07-10
7.2
None Local Low Not required Complete Complete Complete
The boot implementation on Cisco ASR 5000 and 5500 devices with software 14.0 allows local users to execute arbitrary Linux commands by leveraging administrative privileges for storage of these commands in a Compact Flash (CF) file, aka Bug ID CSCuu75278.
21 CVE-2015-4237 78 Exec Code 2015-07-03 2015-07-10
4.6
None Local Low Not required Partial Partial Partial
The CLI parser in Cisco NX-OS 4.1(2)E1(1), 6.2(11b), 6.2(12), 7.2(0)ZZ(99.1), 7.2(0)ZZ(99.3), and 9.1(1)SV1(3.1.8) on Nexus devices allows local users to execute arbitrary OS commands via crafted characters in a filename, aka Bug IDs CSCuv08491, CSCuv08443, CSCuv08480, CSCuv08448, CSCuu99291, CSCuv08434, and CSCuv08436.
22 CVE-2015-4233 89 Exec Code Sql 2015-07-02 2015-07-02
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in Cisco Unified MeetingPlace 8.6(1.2) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuu54037.
23 CVE-2015-4232 264 Exec Code 2015-07-03 2015-07-08
4.6
User Local Low Not required Partial Partial Partial
Cisco NX-OS 6.2(10) on Nexus and MDS 9000 devices allows local users to execute arbitrary OS commands by entering crafted tar parameters in the CLI, aka Bug ID CSCus44856.
24 CVE-2015-4224 78 Exec Code 2015-06-26 2015-06-26
7.2
None Local Low Not required Complete Complete Complete
Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0) allow local users to execute arbitrary OS commands in a privileged context via crafted CLI commands, aka Bug ID CSCuj39474.
25 CVE-2015-4222 89 Exec Code Sql 2015-06-26 2015-06-26
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in Cisco Unified Communications Manager IM and Presence Service 9.1(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuq46325.
26 CVE-2015-4221 264 Exec Code 2015-06-26 2015-06-26
4.0
None Remote Low Single system Partial None None
Cisco Unified Communications Manager IM and Presence Service 9.1(1) does not properly restrict access to encrypted passwords, which allows remote attackers to determine cleartext passwords, and consequently execute arbitrary commands, by visiting an unspecified web page and then conducting a decryption attack, aka Bug ID CSCuq46194.
27 CVE-2015-4188 89 Exec Code Sql 2015-06-17 2015-06-17
5.0
None Remote Low Not required Partial None None
SQL injection vulnerability in the Manager interface in Cisco Prime Collaboration 10.5(1) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug IDs CSCuu29910, CSCuu29928, and CSCuu59104.
28 CVE-2015-4186 78 Exec Code +Priv 2015-06-17 2015-06-17
7.2
Admin Local Low Not required Complete Complete Complete
The diagnostics subsystem in the administrative web interface on Cisco Virtualization Experience (aka VXC) Client 6215 devices with firmware 11.2(27.4) allows local users to gain privileges for OS command execution via a crafted option value, aka Bug ID CSCug54412.
29 CVE-2015-4183 78 Exec Code +Priv 2015-06-17 2015-06-17
7.2
None Local Low Not required Complete Complete Complete
Cisco UCS Central Software 1.2(1a) allows local users to gain privileges for OS command execution via a crafted CLI parameter, aka Bug ID CSCut32795.
30 CVE-2015-0768 264 Exec Code Bypass 2015-06-12 2015-06-15
6.5
None Remote Low Single system Partial Partial Partial
The Device Work Center (DWC) component in Cisco Prime Network Control System (NCS) 2.1(0.0.85), 2.2(0.0.58), and 2.2(0.0.69) does not properly implement AAA roles, which allows remote authenticated users to bypass intended access restrictions and execute commands via a login session, aka Bug ID CSCur27371.
31 CVE-2015-0753 20 Exec Code Sql 2015-05-29 2015-06-01
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in Cisco Unified Email Interaction Manager (EIM) and Unified Web Interaction Manager (WIM) 9.0(2) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuu30028.
32 CVE-2015-0750 264 Exec Code 2015-05-22 2015-05-26
6.5
None Remote Low Single system Partial Partial Partial
The administrative web interface in Cisco Hosted Collaboration Solution (HCS) 10.6(1) and earlier allows remote authenticated users to execute arbitrary commands via crafted input to unspecified fields, aka Bug ID CSCut02786.
33 CVE-2015-0715 89 Exec Code Sql 2015-05-06 2015-09-10
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug IDs CSCut33447 and CSCut33608.
34 CVE-2015-0713 264 Exec Code 2015-05-24 2015-05-26
9.0
Admin Remote Low Single system Complete Complete Complete
The web framework in Cisco TelePresence Advanced Media Gateway Series Software before 1.1(1.40), Cisco TelePresence IP Gateway Series Software, Cisco TelePresence IP VCR Series Software before 3.0(1.27), Cisco TelePresence ISDN Gateway Software before 2.2(1.94), Cisco TelePresence MCU Software before 4.4(3.54) and 4.5 before 4.5(1.45), Cisco TelePresence MSE Supervisor Software before 2.3(1.38), Cisco TelePresence Serial Gateway Series Software before 1.0(1.42), Cisco TelePresence Server Software for Hardware before 3.1(1.98), and Cisco TelePresence Server Software for Virtual Machine before 4.1(1.79) allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors, aka Bug IDs CSCul55968, CSCur08993, CSCur15803, CSCur15807, CSCur15825, CSCur15832, CSCur15842, CSCur15850, and CSCur15855.
35 CVE-2015-0702 Exec Code 2015-04-20 2015-04-21
9.0
None Remote Low Single system Complete Complete Complete
Unrestricted file upload vulnerability in the Custom Prompts upload implementation in Cisco Unified MeetingPlace 8.6(1.9) allows remote authenticated users to execute arbitrary code by using the languageShortName parameter to upload a file that provides shell access, aka Bug ID CSCus95712.
36 CVE-2015-0701 20 Exec Code 2015-05-06 2015-09-10
10.0
None Remote Low Not required Complete Complete Complete
Cisco UCS Central Software before 1.3(1a) allows remote attackers to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCut46961.
37 CVE-2015-0699 89 Exec Code Sql 2015-04-15 2015-04-15
5.0
None Remote Low Not required Partial None None
SQL injection vulnerability in the Interactive Voice Response (IVR) component in Cisco Unified Communications Manager (UCM) 10.5(1.98991.13) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCut21563.
38 CVE-2015-0693 20 Exec Code +Priv 2015-04-15 2015-04-15
7.2
None Local Low Not required Complete Complete Complete
Cisco Web Security Appliance (WSA) devices with software 8.5.0-ise-147 do not properly restrict use of the pickle Python module during certain tunnel-status checks, which allows local users to execute arbitrary Python code and gain privileges via a crafted pickle file, aka Bug ID CSCut39259.
39 CVE-2015-0692 264 Exec Code +Priv 2015-04-10 2015-04-13
7.2
None Local Low Not required Complete Complete Complete
Cisco Web Security Appliance (WSA) devices with software 8.5.0-ise-147 do not properly restrict use of the pickle Python module during certain tunnel-status checks, which allows local users to execute arbitrary Python code and gain privileges via crafted serialized objects, aka Bug ID CSCut39230.
40 CVE-2015-0691 264 Exec Code 2015-04-16 2015-04-17
9.3
None Remote Medium Not required Complete Complete Complete
A certain Cisco JAR file, as distributed in Cache Cleaner in Cisco Secure Desktop (CSD), allows remote attackers to execute arbitrary commands via a crafted web site, aka Bug ID CSCup83001.
41 CVE-2015-0684 89 Exec Code Sql 2015-04-03 2015-09-29
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the Image Management component in Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuq52515.
42 CVE-2015-0682 264 Exec Code 2015-04-03 2015-10-27
6.5
None Remote Low Single system Partial Partial Partial
Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary code by visiting a "deprecated page," aka Bug ID CSCup90168.
43 CVE-2015-0660 284 Exec Code 2015-03-13 2015-10-27
7.2
None Local Low Not required Complete Complete Complete
Cisco Virtual TelePresence Server Software does not properly restrict use of the serial port, which allows local users to execute arbitrary OS commands as root by leveraging vSphere controller administrative privileges, aka Bug ID CSCus61123.
44 CVE-2015-0658 20 Exec Code 2015-03-27 2015-10-22
7.9
None Local Network Medium Not required Complete Complete Complete
The DHCP implementation in the PowerOn Auto Provisioning (POAP) feature in Cisco NX-OS does not properly restrict the initialization process, which allows remote attackers to execute arbitrary commands as root by sending crafted response packets on the local network, aka Bug ID CSCur14589.
45 CVE-2015-0644 20 DoS Exec Code 2015-03-26 2015-09-04
7.8
None Remote Low Not required None None Complete
AppNav in Cisco IOS XE 3.8 through 3.10 before 3.10.3S, 3.11 before 3.11.3S, 3.12 before 3.12.1S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to execute arbitrary code or cause a denial of service (device reload) via a crafted TCP packet, aka Bug ID CSCuo53622.
46 CVE-2015-0589 20 Exec Code 2015-02-07 2015-11-02
9.0
None Remote Low Single system Complete Complete Complete
The administrative web interface in Cisco WebEx Meetings Server 1.0 through 1.5 allows remote authenticated users to execute arbitrary OS commands with root privileges via unspecified fields, aka Bug ID CSCuj40460.
47 CVE-2015-0584 20 Exec Code 2015-02-19 2015-11-27
7.2
None Local Low Not required Complete Complete Complete
The image-upgrade implementation on Cisco Desktop Collaboration Experience (aka Collaboration Desk Experience or DX) DX650 endpoints allows local users to execute arbitrary OS commands via an unspecified parameter, aka Bug ID CSCus38947.
48 CVE-2015-0580 89 Exec Code Sql 2015-02-11 2015-10-30
6.5
None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in the ACS View reporting interface pages in Cisco Secure Access Control System (ACS) before 5.5 patch 7 allow remote authenticated administrators to execute arbitrary SQL commands via crafted HTTPS requests, aka Bug ID CSCuq79027.
49 CVE-2014-8010 20 Exec Code 2014-12-10 2014-12-18
6.5
None Remote Low Single system Partial Partial Partial
The web framework in Cisco Unified Communications Domain Manager 8 allows remote authenticated administrators to execute arbitrary OS commands via crafted values, aka Bug ID CSCuq50205.
50 CVE-2014-8002 119 Exec Code Overflow 2014-11-25 2014-11-26
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in decode_slice.cpp in Cisco OpenH264 1.2.0 and earlier allows remote attackers to execute arbitrary code via an encoded media file.
Total number of vulnerabilities : 290   Page : 1 (This Page)2 3 4 5 6
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.