CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Cisco : Security Vulnerabilities (Gain Information)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2015-0680 200 +Info 2015-03-27 2015-03-30
4.0
None Remote Low Single system Partial None None
Cisco Unified Call Manager (CM) 9.1(2.1000.28) does not properly restrict resource requests, which allows remote authenticated users to read arbitrary files via unspecified vectors, aka Bug ID CSCuq44439.
2 CVE-2015-0673 200 +Info 2015-03-26 2015-03-30
4.0
None Remote Low Single system Partial None None
Cisco Mobility Services Engine (MSE) 8.0(110.0) allows remote authenticated users to discover the passwords of arbitrary users by (1) reading log files or (2) using an unspecified GUI feature, aka Bug ID CSCut24792.
3 CVE-2015-0628 200 Bypass +Info 2015-02-19 2015-02-20
5.0
None Remote Low Not required Partial None None
The proxy engine on Cisco Web Security Appliance (WSA) devices allows remote attackers to bypass intended proxying restrictions via a malformed HTTP method, aka Bug ID CSCus79174.
4 CVE-2015-0602 200 +Info 2015-02-07 2015-02-13
5.0
None Remote Low Not required Partial None None
The mobility extension on Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allows remote attackers to obtain sensitive information by sniffing the network, aka Bug ID CSCuq12117.
5 CVE-2015-0597 200 +Info 2015-02-01 2015-02-11
5.0
None Remote Low Not required Partial None None
The Forgot Password feature in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to enumerate administrative accounts via crafted packets, aka Bug IDs CSCuj67166 and CSCuj67159.
6 CVE-2015-0595 200 +Info 2015-02-01 2015-02-11
5.0
None Remote Low Not required Partial None None
The XMLAPI in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to obtain sensitive information by reading return messages from crafted GET requests, aka Bug ID CSCuj67079.
7 CVE-2015-0590 200 +Info 2015-01-17 2015-02-11
5.0
None Remote Low Not required Partial None None
Cisco WebEx Meeting Center allows remote attackers to activate disabled meeting attributes, and consequently obtain sensitive information, by providing crafted parameters during a meeting-join action, aka Bug ID CSCuo34165.
8 CVE-2015-0583 200 +Info 2015-01-14 2015-02-05
5.0
None Remote Low Not required Partial None None
Cisco WebEx Meeting Center does not properly restrict the content of URLs, which allows remote attackers to obtain sensitive information via vectors related to file: URIs, aka Bug ID CSCus18281.
9 CVE-2014-8035 200 +Info 2015-01-09 2015-01-12
5.0
None Remote Low Not required Partial None None
The web framework in Cisco WebEx Meetings Server produces different returned messages for URL requests depending on whether a username exists, which allows remote attackers to enumerate user accounts via a series of requests, aka Bug ID CSCuj40247.
10 CVE-2014-8032 200 +Info 2015-01-08 2015-02-10
4.0
None Remote Low Single system Partial None None
The OutlookAction LI in Cisco WebEx Meetings Server allows remote authenticated users to obtain sensitive encrypted-password information via unspecified vectors, aka Bug IDs CSCuj40453 and CSCuj40449.
11 CVE-2014-8025 200 +Info 2014-12-22 2014-12-23
4.3
None Remote Medium Not required Partial None None
The API in the Guest Server in Cisco Jabber, when HTML5 is used, allows remote attackers to obtain sensitive information by sniffing the network during an HTTP (1) GET or (2) POST response, aka Bug ID CSCus19801.
12 CVE-2014-8024 200 +Info 2014-12-22 2014-12-23
4.3
None Remote Medium Not required Partial None None
The API in the Guest Server in Cisco Jabber, when the HTML5 CORS feature is used, allows remote attackers to obtain sensitive information by sniffing the network during an HTTP (1) GET or (2) POST request, aka Bug ID CSCus19789.
13 CVE-2014-8017 200 +Info 2014-12-22 2014-12-23
5.0
None Remote Low Not required Partial None None
The periodic-backup feature in Cisco Identity Services Engine (ISE) allows remote attackers to discover backup-encryption passwords via a crafted request that triggers inclusion of a password in a reply, aka Bug ID CSCur41673.
14 CVE-2014-8009 200 +Info 2014-12-10 2015-01-23
5.0
None Remote Low Not required Partial None None
The Management subsystem in Cisco Unified Computing System 2.1(3f) and earlier allows remote attackers to obtain sensitive information by reading log files, aka Bug ID CSCur99239.
15 CVE-2014-8008 200 +Info 2015-01-22 2015-02-10
6.8
None Remote Low Single system Complete None None
Absolute path traversal vulnerability in the Real-Time Monitoring Tool (RTMT) API in Cisco Unified Communications Manager (CUCM) allows remote authenticated users to read arbitrary files via a full pathname in an API command, aka Bug ID CSCur49414.
16 CVE-2014-8007 200 +Info 2014-12-19 2014-12-22
4.0
None Remote Low Single system Partial None None
Cisco Prime Infrastructure allows remote authenticated users to read device-discovery passwords by examining the HTML source code of the Quick Discovery options page, aka Bug ID CSCum00019.
17 CVE-2014-7993 200 +Info 2014-12-23 2014-12-24
3.3
None Local Network Low Not required Partial None None
Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote attackers to obtain sensitive credential information by leveraging unspecified HTTP handler access on the local network, aka Cisco-Meraki defect ID 00302012.
18 CVE-2014-7992 200 +Info 2014-11-17 2014-12-30
5.0
None Remote Low Not required Partial None None
The DLSw implementation in Cisco IOS does not initialize packet buffers, which allows remote attackers to obtain sensitive credential information from process memory via a session on TCP port 2067, aka Bug ID CSCur14014.
19 CVE-2014-7988 200 +Info 2014-11-07 2014-12-02
4.0
None Remote Low Single system Partial None None
The Unified Messaging Service (UMS) in Cisco Unity Connection 10.5 and earlier allows remote authenticated users to obtain sensitive information by reading log files, aka Bug ID CSCur06493.
20 CVE-2014-5868 310 +Info 2014-09-11 2014-09-21
5.4
None Local Network Medium Not required Partial Partial Partial
The Cisco Technical Support (aka com.cisco.swtg_android) application 3.7.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
21 CVE-2014-3410 200 +Info 2014-12-19 2014-12-22
4.3
None Remote Medium Not required Partial None None
The syslog-management subsystem in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to obtain an administrator password by waiting for an administrator to copy a file, and then (1) sniffing the network for a syslog message or (2) reading a syslog message in a file on a syslog server, aka Bug IDs CSCuq22357 and CSCur41860.
22 CVE-2014-3400 200 +Info 2014-10-04 2014-10-06
4.0
None Remote Low Single system Partial None None
Cisco WebEx Meetings Server allows remote authenticated users to obtain sensitive information by reading logs, aka Bug IDs CSCuq36417 and CSCuq40344.
23 CVE-2014-3398 200 +Info 2014-10-04 2014-10-06
5.0
None Remote Low Not required Partial None None
The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to obtain potentially sensitive software-version information by reading the verbose response data that is provided for a request to an unspecified URL, aka Bug ID CSCuq65542.
24 CVE-2014-3392 20 +Info 2014-10-10 2014-10-13
8.3
None Remote Medium Not required Partial Partial Complete
The Clientless SSL VPN portal in Cisco ASA Software 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.15), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), 9.2 before 9.2(2.8), and 9.3 before 9.3(1.1) allows remote attackers to obtain sensitive information from process memory or modify memory contents via crafted parameters, aka Bug ID CSCuq29136.
25 CVE-2014-3352 20 +Info 2014-08-30 2014-09-02
4.3
None Remote Medium Not required Partial None None
Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) 2008.3_SP9 and earlier does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obtain sensitive information via crafted packets, related to an "iFrame vulnerability," aka Bug ID CSCuh84801.
26 CVE-2014-3351 200 +Info 2014-08-29 2014-08-29
5.0
None Remote Low Not required Partial None None
Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obtain sensitive information via crafted packets, aka Bug IDs CSCuh87398 and CSCuh87380.
27 CVE-2014-3350 264 +Info 2014-08-29 2014-08-29
4.0
None Remote Low Single system Partial None None
Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not properly implement URL redirection, which allows remote authenticated users to obtain sensitive information via a crafted URL, aka Bug ID CSCuh84870.
28 CVE-2014-3342 +Info 2014-09-11 2014-09-12
4.0
None Remote Low Single system Partial None None
The CLI in Cisco IOS XR allows remote authenticated users to obtain sensitive information via unspecified commands, aka Bug IDs CSCuq42336, CSCuq76853, CSCuq76873, and CSCuq45383.
29 CVE-2014-3341 200 +Info 2014-08-19 2014-08-19
5.0
None Remote Low Not required Partial None None
The SNMP module in Cisco NX-OS 7.0(3)N1(1) and earlier on Nexus 5000 and 6000 devices provides different error messages for invalid requests depending on whether the VLAN ID exists, which allows remote attackers to enumerate VLANs via a series of requests, aka Bug ID CSCup85616.
30 CVE-2014-3304 200 +Info 2014-07-28 2014-07-29
5.0
None Remote Low Not required Partial None None
The OutlookAction Class in Cisco WebEx Meetings Server allows remote attackers to enumerate user accounts by entering crafted URLs and examining the returned messages, aka Bug ID CSCuj81722.
31 CVE-2014-3303 200 +Info 2014-07-28 2014-07-29
4.0
None Remote Low Single system Partial None None
The web framework in Cisco WebEx Meetings Server does not properly restrict the content of query strings, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, aka Bug ID CSCuj81713.
32 CVE-2014-3302 310 +Info 2014-08-01 2014-08-01
5.8
None Remote Medium Not required Partial Partial None
user.php in Cisco WebEx Meetings Server 1.5(.1.131) and earlier does not properly implement the token timer for authenticated encryption, which allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCuj81708.
33 CVE-2014-3301 200 +Info 2014-07-26 2014-07-28
5.0
None Remote Low Not required Partial None None
The ProfileAction controller in Cisco WebEx Meetings Server (CWMS) 1.5(.1.131) and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned messages, aka Bug ID CSCuj81700.
34 CVE-2014-3298 255 +Info 2014-07-02 2014-07-24
4.0
None Remote Low Single system Partial None None
Form Data Viewer in Cisco Intelligent Automation for Cloud in Cisco Cloud Portal places passwords in form data, which allows remote authenticated users to obtain sensitive information by reading HTML source code, aka Bug ID CSCui36976.
35 CVE-2014-3297 264 +Info 2014-07-02 2014-07-24
4.0
None Remote Low Single system Partial None None
Cisco Intelligent Automation for Cloud in Cisco Cloud Portal does not properly restrict the content of MyServices action URLs, which allows remote authenticated users to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, aka Bug IDs CSCui36937, CSCui37004, and CSCui36927.
36 CVE-2014-3296 200 +Info 2014-06-21 2014-06-23
4.0
None Remote Low Single system Partial None None
The XML programmatic interface (XML PI) in Cisco WebEx Meeting Server 1.5(.1.131) and earlier allows remote authenticated users to obtain sensitive meeting information via a crafted URL, aka Bug ID CSCum03527.
37 CVE-2014-3294 264 +Info 2014-06-10 2014-06-18
4.0
None Remote Low Single system Partial None None
Cisco WebEx Meeting Server does not properly restrict the content of URLs, which allows remote authenticated users to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, aka Bug ID CSCuj81691.
38 CVE-2014-3290 264 +Info 2014-06-14 2014-06-26
4.8
None Local Network Low Not required Partial Partial None
The mDNS implementation in Cisco IOS XE 3.12S does not properly interact with autonomic networking, which allows remote attackers to obtain sensitive networking-services information by sniffing the network or overwrite networking-services data via a crafted mDNS response, aka Bug ID CSCun64867.
39 CVE-2014-3286 264 +Info 2014-06-08 2014-06-18
5.0
None Remote Low Not required Partial None None
The web framework in Cisco WebEx Meeting Server does not properly restrict the content of reply messages, which allows remote attackers to obtain sensitive information via a crafted URL, aka Bug IDs CSCuj81685, CSCuj81688, CSCuj81665, CSCuj81744, and CSCuj81661.
40 CVE-2014-3282 264 +Info 2014-05-29 2014-06-13
4.0
None Remote Low Single system Partial None None
The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain sensitive number-translation information by leveraging Location Administrator privileges and entering a crafted URL, aka Bug ID CSCum76930.
41 CVE-2014-3281 264 +Info 2014-06-08 2014-07-17
5.0
None Remote Low Not required Partial None None
The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) does not properly implement access control, which allows remote attackers to obtain potentially sensitive user information by visiting an unspecified BVSMWeb web page, aka Bug IDs CSCun46071 and CSCun46101.
42 CVE-2014-3280 264 +Info 2014-06-03 2014-06-13
4.0
None Remote Low Single system Partial None None
The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain potentially sensitive user information by visiting an unspecified Administration GUI web page, aka Bug IDs CSCun46045 and CSCun46116.
43 CVE-2014-3277 287 +Info 2014-05-29 2014-06-13
4.0
None Remote Low Single system Partial None None
The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain sensitive user and group information by leveraging Location Administrator privileges and entering a crafted URL, aka Bug ID CSCum77005.
44 CVE-2014-3274 310 +Info 2014-05-25 2014-06-13
4.3
None Remote Medium Not required Partial None None
Cisco TelePresence System (CTS) 6.0(.5)(5) and earlier falls back to HTTP when certain HTTPS sessions cannot be established, which allows man-in-the-middle attackers to obtain sensitive directory information by leveraging a network position between CTS and Cisco Unified Communications Manager (UCM) to block HTTPS traffic, aka Bug ID CSCuj26326.
45 CVE-2014-2199 200 +Info 2014-05-20 2014-06-18
5.0
None Remote Low Not required Partial None None
meetinginfo.do in Cisco WebEx Event Center, WebEx Meeting Center, WebEx Sales Center, WebEx Training Center, WebEx Meetings Server 1.5(.1.131) and earlier, and WebEx Business Suite (WBS) 27 before 27.32.31.16, 28 before 28.12.13.18, and 29 before 29.5.1.12 allows remote attackers to obtain sensitive meeting information by leveraging knowledge of a meeting identifier, aka Bug IDs CSCuo68624 and CSCue46738.
46 CVE-2014-2185 200 +Info 2014-04-29 2014-04-29
4.0
None Remote Low Single system Partial None None
The Call Detail Records (CDR) Management component in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCun74374.
47 CVE-2014-2184 20 +Info 2014-04-29 2014-04-29
5.0
None Remote Low Not required Partial None None
The IP Manager Assistant (IPMA) component in Cisco Unified Communications Manager (Unified CM) allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCun74352.
48 CVE-2014-2151 20 +Info 2014-06-18 2014-06-21
4.0
None Remote Low Single system Partial None None
The WebVPN portal in Cisco Adaptive Security Appliance (ASA) Software 8.4(.7.15) and earlier allows remote authenticated users to obtain sensitive information via a crafted JavaScript file, aka Bug ID CSCui04520.
49 CVE-2014-2102 264 +Info 2014-02-26 2014-02-27
4.0
None Remote Low Single system Partial None None
Cisco Unified Contact Center Express (Unified CCX) does not properly restrict the content of the CCMConfig page, which allows remote authenticated users to obtain sensitive information by examining this content, aka Bug ID CSCum95575.
50 CVE-2014-0746 200 +Info 2014-02-26 2014-03-10
4.0
None Remote Low Single system Partial None None
The disaster recovery system (DRS) in Cisco Unified Contact Center Express (Unified CCX) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCum95536.
Total number of vulnerabilities : 156   Page : 1 (This Page)2 3 4
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.