CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Cisco : Security Vulnerabilities (Gain Information)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-1295 200 +Info 2016-01-16 2016-01-21
5.0
None Remote Low Not required Partial None None
Cisco Adaptive Security Appliance (ASA) Software 8.4 allows remote attackers to obtain sensitive information via an AnyConnect authentication attempt, aka Bug ID CSCuo65775.
2 CVE-2015-6428 200 +Info 2015-12-18 2015-12-18
5.0
None Remote Low Not required Partial None None
Cisco DPQ3925 devices with EDVA r1 Base allow remote attackers to obtain sensitive information via a crafted HTTP request, aka Bug ID CSCuv03958.
3 CVE-2015-6419 200 +Info 2015-12-12 2015-12-14
6.8
None Remote Low Single system Complete None None
Cisco FireSIGHT Management Center with software 4.10.3, 5.2.0, 5.3.0, 5.3.1, and 5.4.0 allows remote authenticated users to read arbitrary files via a crafted GET request, aka Bug ID CSCur25410.
4 CVE-2015-6418 200 +Info 2015-12-12 2015-12-14
4.3
None Remote Medium Not required Partial None None
The random-number generator on Cisco Small Business RV routers 4.x and SA500 security appliances 2.2.07 does not have sufficient entropy, which makes it easier for remote attackers to determine a TLS key pair via unspecified computations upon handshake key-exchange data, aka Bug ID CSCus15224.
5 CVE-2015-6414 200 +Info 2015-12-12 2015-12-14
2.1
None Local Low Not required Partial None None
Cisco TelePresence Video Communication Server (VCS) X8.6 uses the same encryption key across different customers' installations, which makes it easier for local users to defeat cryptographic protection mechanisms by leveraging knowledge of a key from another installation, aka Bug ID CSCuw64516.
6 CVE-2015-6411 200 +Info 2015-12-15 2015-12-15
5.0
None Remote Low Not required Partial None None
Cisco FirePOWER Management Center 5.4.1.3, 6.0.0, and 6.0.1 provides verbose responses to requests for help files, which allows remote attackers to obtain potentially sensitive version information by reading an unspecified field, aka Bug ID CSCux37061.
7 CVE-2015-6409 200 +Info 2015-12-26 2015-12-28
4.3
None Remote Medium Not required Partial None None
Cisco Jabber 10.6.x, 11.0.x, and 11.1.x on Windows allows man-in-the-middle attackers to conduct STARTTLS downgrade attacks and trigger cleartext XMPP sessions via unspecified vectors, aka Bug ID CSCuw87419.
8 CVE-2015-6404 200 +Info 2015-12-15 2015-12-15
4.0
None Remote Low Single system Partial None None
Cisco Hosted Collaboration Mediation Fulfillment 10.6(3) does not use RBAC, which allows remote authenticated users to obtain sensitive credential information by leveraging admin access and making SOAP API requests, aka Bug ID CSCuw84374.
9 CVE-2015-6375 200 +Info 2015-11-21 2015-11-23
2.1
None Local Low Not required Partial None None
The debug-logging (aka debug cns) feature in Cisco Networking Services (CNS) for IOS 15.2(2)E3 allows local users to obtain sensitive information by reading an unspecified file, aka Bug ID CSCux18010.
10 CVE-2015-6371 200 +Info 2015-11-18 2015-11-19
4.0
None Remote Low Single system Partial None None
Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote authenticated users to read arbitrary files via crafted parameters to unspecified scripts, aka Bug ID CSCux10621.
11 CVE-2015-6368 200 +Info 2015-11-18 2015-11-19
5.0
None Remote Low Not required Partial None None
Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote attackers to read files via a crafted HTTP request, aka Bug ID CSCux10608.
12 CVE-2015-6364 200 +Info 2015-11-13 2015-11-16
5.0
None Remote Low Not required Partial None None
Cisco Content Delivery System Manager Software 3.2 on Videoscape Distribution Suite Service Manager allows remote attackers to obtain sensitive information via crafted URLs in REST API requests, aka Bug ID CSCuv86960.
13 CVE-2015-6355 200 +Info 2015-11-03 2015-11-12
5.0
None Remote Low Not required Partial None None
The web interface in Cisco Unified Computing System (UCS) 2.2(5b)A on blade servers allows remote attackers to obtain potentially sensitive version information by visiting an unspecified URL, aka Bug ID CSCuw87226.
14 CVE-2015-6352 200 +Info 2015-10-30 2015-10-30
4.3
None Remote Medium Not required Partial None None
Cisco Unified Communications Domain Manager before 10.6(1) provides different error messages for pathname access attempts depending on whether the pathname exists, which allows remote attackers to map a filesystem via a series of requests, aka Bug ID CSCut67891.
15 CVE-2015-6344 200 Bypass +Info 2015-10-30 2015-10-30
4.0
None Remote Low Single system Partial None None
The web-based GUI in Cisco Adaptive Security Appliance (ASA) CX Context-Aware Security 9.3(4.1.11) allows remote authenticated users to bypass intended access restrictions and obtain sensitive user information via an unspecified HTTP request, aka Bug ID CSCuv74105.
16 CVE-2015-6328 200 Bypass +Info 2015-10-12 2015-10-13
6.8
None Remote Low Single system Complete None None
The web framework in Cisco Prime Collaboration Assurance (PCA) 10.5(1) allows remote authenticated users to bypass intended access restrictions and read arbitrary files via a crafted URL, aka Bug ID CSCus88380.
17 CVE-2015-6303 200 +Info 2015-09-24 2015-09-24
4.3
None Remote Medium Not required Partial None None
The Cisco Spark application 2015-07-04 for mobile operating systems does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate, aka Bug IDs CSCut36742 and CSCut36844.
18 CVE-2015-6276 200 +Info 2015-09-04 2015-09-08
5.0
None Remote Low Not required Partial None None
Cisco TelePresence IX5000 8.0.3 stores a private key associated with an X.509 certificate under the web root with insufficient access control, which allows remote attackers to obtain cleartext versions of HTTPS traffic or spoof devices via a direct request to the certificate directory, aka Bug ID CSCuu63501.
19 CVE-2015-6266 287 +Info 2015-08-28 2015-08-31
5.0
None Remote Low Not required Partial None None
The guest portal in Cisco Identity Services Engine (ISE) 3300 1.2(0.899) does not restrict access to uploaded HTML documents, which allows remote attackers to obtain sensitive information from customized documents via a direct request, aka Bug ID CSCuo78045.
20 CVE-2015-6261 200 Bypass +Info 2015-08-26 2015-08-26
4.0
None Remote Low Single system Partial None None
Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote authenticated users to bypass intended access restrictions and read configuration files by leveraging the Mobile and Remote Access (MRA) role and establishing a TFTP session, aka Bug ID CSCuv78531.
21 CVE-2015-4320 200 +Info 2015-08-19 2015-08-20
4.0
None Remote Low Single system Partial None None
The Configuration Log File component in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote authenticated users to obtain sensitive information by reading a log file, aka Bug ID CSCuv12340.
22 CVE-2015-4314 200 +Info 2015-08-19 2015-08-20
4.0
None Remote Low Single system Partial None None
The System Snapshot feature in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 allows remote authenticated users to obtain sensitive password-hash information by reading the snapshot file, aka Bug ID CSCuv40422.
23 CVE-2015-4308 200 +Info 2015-08-19 2015-08-20
6.8
None Remote Low Single system Complete None None
The webGUI configuration-export feature in Cisco Edge Bluebird Operating System 1.2 on Edge 340 devices allows remote authenticated users to obtain sensitive information via unspecified vectors, aka Bug ID CSCuu43968.
24 CVE-2015-4295 200 +Info 2015-07-31 2015-08-21
4.0
None Remote Low Single system Partial None None
The Prime Collaboration Deployment component in Cisco Unified Communications Manager 10.5(3.10000.9) allows remote authenticated users to discover root credentials via a direct request to an unspecified URL, aka Bug ID CSCuv21819.
25 CVE-2015-4288 310 +Info 2015-07-28 2015-07-29
4.3
None Remote Medium Not required None Partial None
The LDAP implementation on the Cisco Web Security Appliance (WSA) 8.5.0-000, Email Security Appliance (ESA) 8.5.7-042, and Content Security Management Appliance (SMA) 8.3.6-048 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate, aka Bug IDs CSCuo29561, CSCuv40466, and CSCuv40470.
26 CVE-2015-4287 264 Bypass +Info 2015-07-28 2015-07-29
5.0
None Remote Low Not required Partial None None
Cisco Firepower Extensible Operating System 1.1(1.86) on Firepower 9000 devices allows remote attackers to bypass intended access restrictions and obtain sensitive device information by visiting an unspecified web page, aka Bug ID CSCuu82230.
27 CVE-2015-4263 200 +Info 2015-07-10 2015-07-13
4.0
None Remote Low Single system Partial None None
The Control and Provisioning functionality in Cisco Mobility Services Engine (MSE) 10.0(0.1) allows remote authenticated users to obtain sensitive information by reading log files, aka Bug ID CSCut36851.
28 CVE-2015-4229 200 +Info 2015-06-30 2015-06-30
5.0
None Remote Low Not required Partial None None
The web framework in Cisco Unified Communications Domain Manager 8.1(4)ER1 allows remote attackers to obtain sensitive information by visiting a bvsmweb URL, aka Bug ID CSCuq22589.
29 CVE-2015-4225 264 +Info 2015-06-27 2015-06-29
4.0
None Remote Low Single system Partial None None
Cisco Application Policy Infrastructure Controller (APIC) 1.0(1.110a) and 1.0(1e) on Nexus 9000 devices does not properly implement RBAC health scoring, which allows remote authenticated users to obtain sensitive information via unspecified vectors, aka Bug ID CSCuq77485.
30 CVE-2015-4219 200 +Info 2015-06-24 2015-06-24
4.0
None Remote Low Single system Partial None None
Cisco Secure Access Control System before 5.4(0.46.2) and 5.5 before 5.5(0.46) and Cisco Identity Services Engine 1.0(4.573) do not properly implement access control for support bundles, which allows remote authenticated users to obtain sensitive information via brute-force attempts to send valid credentials, aka Bug IDs CSCue00833 and CSCub40331.
31 CVE-2015-4218 200 +Info 2015-06-24 2015-06-24
5.0
None Remote Low Not required Partial None None
The web-based user interface in Cisco Jabber through 9.6(3) and 9.7 through 9.7(5) on Windows allows remote attackers to obtain sensitive information via a crafted value in a GET request, aka Bug IDs CSCuu65622 and CSCuu70858.
32 CVE-2015-4216 200 Bypass +Info 2015-06-26 2015-06-26
5.0
None Remote Low Not required Partial None None
The remote-support feature on Cisco Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Appliance (SMAv) devices before 2015-06-25 uses the same default SSH root authorized key across different customers' installations, which makes it easier for remote attackers to bypass authentication by leveraging knowledge of a private key from another installation, aka Bug IDs CSCuu95988, CSCuu95994, and CSCuu96630.
33 CVE-2015-4214 200 +Info 2015-06-24 2015-06-24
4.0
None Remote Low Single system Partial None None
Cisco Unified MeetingPlace 8.6(1.2) and 8.6(1.9) allows remote authenticated users to discover cleartext passwords by reading HTML source code, aka Bug ID CSCuu33050.
34 CVE-2015-4213 200 +Info 2015-06-24 2015-06-24
4.0
None Remote Low Single system Partial None None
Cisco NX-OS 1.1(1g) on Nexus 9000 devices allows remote authenticated users to discover cleartext passwords by leveraging the existence of a decryption mechanism, aka Bug ID CSCuu84391.
35 CVE-2015-4212 200 +Info 2015-06-24 2015-06-24
5.0
None Remote Low Not required Partial None None
Cisco WebEx Meeting Center allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by discovering credentials, aka Bug ID CSCut17466.
36 CVE-2015-4209 200 +Info 2015-06-23 2015-06-23
6.4
None Remote Low Not required Partial None Partial
Cisco WebEx Meeting Center does not properly determine authorization for reading a host calendar, which allows remote attackers to obtain sensitive information by obtaining a list of all meetings and then sending a calendar request for each one, aka Bug ID CSCur23913.
37 CVE-2015-4208 89 Sql +Info 2015-06-24 2015-06-24
7.5
None Remote Low Not required Partial Partial Partial
Cisco WebEx Meeting Center does not properly restrict the content of URLs in GET requests, which allows remote attackers to obtain sensitive information or conduct SQL injection attacks via vectors involving read access to a request, aka Bug ID CSCup88398.
38 CVE-2015-4207 200 Bypass +Info 2015-06-23 2015-06-23
5.0
None Remote Low Not required Partial None None
Cisco WebEx Meeting Center places a meeting's access number in a URL, which allows remote attackers to obtain sensitive information and bypass intended attendance restrictions by visiting a meeting-registration page, aka Bug ID CSCus62147.
39 CVE-2015-4202 200 +Info 2015-06-20 2015-06-22
5.0
None Remote Low Not required Partial None None
Cisco IOS 12.2SCH on uBR10000 router Cable Modem Termination Systems (CMTS) does not properly restrict access to the IP Detail Record (IPDR) service, which allows remote attackers to obtain potentially sensitive MAC address and network-utilization information via crafted IPDR packets, aka Bug ID CSCua39203.
40 CVE-2015-4194 200 +Info 2015-06-18 2015-06-19
5.0
None Remote Low Not required Partial None None
The web-based administrative interface in Cisco WebEx Meeting Center provides different error messages for failed login attempts depending on whether the username exists or corresponds to a privileged account, which allows remote attackers to enumerate account names and obtain sensitive information via a series of requests, aka Bug ID CSCuf28861.
41 CVE-2015-4182 264 Bypass +Info 2015-06-12 2015-06-15
5.5
None Remote Low Single system Partial Partial None
The administrative web interface in Cisco Identity Services Engine (ISE) before 1.3 allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or change settings, via unspecified vectors, aka Bug ID CSCui72087.
42 CVE-2015-0764 200 +Info 2015-06-04 2015-06-04
5.0
None Remote Low Not required Partial None None
Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to read arbitrary files via a crafted resource request, aka Bug ID CSCus95603.
43 CVE-2015-0763 200 +Info 2015-06-04 2015-06-04
5.0
None Remote Low Not required Partial None None
Cisco Unified MeetingPlace 8.6(1.2) does not properly validate session IDs in http URLs, which allows remote attackers to obtain sensitive session information via a crafted URL, aka Bug ID CSCuu60338.
44 CVE-2015-0758 200 +Info 2015-05-30 2015-06-02
4.0
None Remote Low Single system Partial None None
The web-based user interface in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCus97452.
45 CVE-2015-0757 200 +Info 2015-05-29 2015-06-02
5.0
None Remote Low Not required Partial None None
The web framework in Cisco Identity Services Engine (ISE) 1.2(1.901) and 1.3(0.722) does not properly implement session handlers, which allows remote attackers to obtain sensitive information by reading web pages, as demonstrated by MnT reports, aka Bug ID CSCuq23140.
46 CVE-2015-0754 20 DoS +Info 2015-05-29 2015-06-02
7.5
None Remote Low Single system Partial None Complete
Cisco Finesse 10.5(1) allows remote authenticated users to obtain sensitive information or cause a denial of service (CPU and memory consumption) via a crafted XML document, aka Bug ID CSCut95810.
47 CVE-2015-0745 200 +Info 2015-05-30 2015-06-02
5.0
None Remote Low Not required Partial None None
Cisco Headend System Release allows remote attackers to read temporary script files or archive files, and consequently obtain sensitive information, via a crafted header in an HTTP request, aka Bug ID CSCus44909.
48 CVE-2015-0683 200 +Info File Inclusion 2015-04-03 2015-09-29
4.0
None Remote Low Single system Partial None None
Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to obtain sensitive information via a file-inclusion attack, aka Bug ID CSCup94744.
49 CVE-2015-0680 200 +Info 2015-03-27 2015-11-30
4.0
None Remote Low Single system Partial None None
Cisco Unified Call Manager (CM) 9.1(2.1000.28) does not properly restrict resource requests, which allows remote authenticated users to read arbitrary files via unspecified vectors, aka Bug ID CSCuq44439.
50 CVE-2015-0673 200 +Info 2015-03-26 2015-09-04
4.0
None Remote Low Single system Partial None None
Cisco Mobility Services Engine (MSE) 8.0(110.0) allows remote authenticated users to discover the passwords of arbitrary users by (1) reading log files or (2) using an unspecified GUI feature, aka Bug ID CSCut24792.
Total number of vulnerabilities : 204   Page : 1 (This Page)2 3 4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.