CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Cisco : Security Vulnerabilities Published In 2013 (Gain Information)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2013-7030 310 1 +Info 2013-12-12 2013-12-19
5.0
None Remote Low Not required Partial None None
** DISPUTED ** The TFTP service in Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to obtain sensitive information from a phone via an RRQ operation, as demonstrated by discovering a cleartext UseUserCredential field in an SPDefault.cnf.xml file. NOTE: the vendor reportedly disputes the significance of this report, stating that this is an expected default behavior, and that the product's documentation describes use of the TFTP Encrypted Config option in addressing this issue.
2 CVE-2013-6978 200 +Info 2013-12-21 2014-01-03
4.0
None Remote Low Single system Partial None None
The disaster recovery system (DRS) component in Cisco Unified Communications Manager (UCM) 9.1(1) and earlier allows remote authenticated users to obtain sensitive device information by reading "extraneous information" in HTML source code, aka Bug ID CSCuj39249.
3 CVE-2013-6973 200 +Info 2013-12-14 2014-01-13
4.3
None Remote Medium Not required Partial None None
Cisco WebEx Training Center allows remote attackers to discover registration IDs via a crafted URL, aka Bug ID CSCul57121.
4 CVE-2013-6972 200 Bypass +Info 2013-12-14 2014-01-13
5.0
None Remote Low Not required Partial None None
Cisco WebEx Training Center allows remote attackers to discover session numbers, and bypass host approval for audio-conference attendance, by reading HTML source code, aka Bug ID CSCul57126.
5 CVE-2013-6970 200 +Info 2013-12-14 2013-12-16
5.0
None Remote Low Not required Partial None None
Cisco WebEx Meeting Center allows remote attackers to obtain sensitive information by reading verbose error messages within server responses, aka Bug ID CSCul35928.
6 CVE-2013-6968 200 +Info 2013-12-14 2014-01-13
5.0
None Remote Low Not required Partial None None
Cisco WebEx Training Center provides different error messages for registration attempts depending on whether the e-mail address exists, which allows remote attackers to enumerate attendees via a series of requests, aka Bug ID CSCul36003.
7 CVE-2013-6709 200 Bypass +Info 2013-12-14 2014-01-13
5.0
None Remote Low Not required Partial None None
The registration component in Cisco WebEx Training Center provides the training-session URL before payment is completed, which allows remote attackers to bypass intended access restrictions and join an audio conference by entering credential fields from this URL, aka Bug ID CSCul57111.
8 CVE-2013-6695 264 +Info 2013-12-02 2014-03-04
4.0
None Remote Low Single system Partial None None
The RBAC implementation in Cisco Secure Access Control System (ACS) does not properly verify privileges for support-bundle downloads, which allows remote authenticated users to obtain sensitive information via a download action, as demonstrated by obtaining read access to the user database, aka Bug ID CSCuj39274.
9 CVE-2013-5502 264 +Info 2013-09-23 2014-01-17
5.0
None Remote Low Not required Partial None None
The web interface in Cisco MediaSense does not properly protect the client-server communication channel, which allows remote attackers to obtain sensitive query string or cookie information via unspecified vectors, aka Bug ID CSCuj23344.
10 CVE-2013-5492 310 +Info 2013-09-13 2013-10-16
5.0
None Remote Low Not required Partial None None
administration.jsp in Cisco SocialMiner allows remote attackers to obtain sensitive information by sniffing the network for HTTP client-server traffic, aka Bug ID CSCuh76780.
11 CVE-2013-5490 200 +Info 2013-09-23 2013-10-17
7.8
None Remote Low Not required Complete None None
Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to read arbitrary text files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCud80148.
12 CVE-2013-5489 264 +Info 2013-09-13 2013-09-17
5.0
None Remote Low Not required Partial None None
The gadget implementation in Cisco SocialMiner does not properly restrict the content of GET requests, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, aka Bug ID CSCuh74125.
13 CVE-2013-5487 200 +Info 2013-09-23 2013-09-23
7.8
None Remote Low Not required Complete None None
DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to read arbitrary files via unspecified vectors, aka Bug ID CSCue77029.
14 CVE-2013-3469 200 +Info 2013-09-03 2013-09-10
5.0
None Remote Low Not required Partial None None
Cisco Mobility Services Engine does not properly set up the Oracle SSL service, which allows remote attackers to obtain an unauthenticated session to the database-replication port, and consequently obtain sensitive information, via an SSL connection, aka Bug ID CSCue50794.
15 CVE-2013-3455 255 +Info 2013-08-12 2013-09-10
5.0
None Remote Low Not required Partial None None
Cisco Finesse allows remote attackers to obtain sensitive information by sniffing the network for HTTP query data, aka Bug ID CSCug16732.
16 CVE-2013-3442 200 +Info 2013-08-05 2013-08-05
4.0
None Remote Low Single system Partial None None
The web portal in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive stack-trace information via unspecified vectors that trigger a stack exception, aka Bug ID CSCug34854.
17 CVE-2013-3431 287 +Info 2013-07-25 2013-08-19
7.8
None Remote Low Not required Complete None None
Cisco Video Surveillance Manager (VSM) before 7.0.0 does not require authentication for access to VSMC monitoring pages, which allows remote attackers to obtain sensitive configuration, archive, and log information via unspecified vectors, related to the Cisco_VSBWT (aka Broadware sample code) package, aka Bug ID CSCsv40169.
18 CVE-2013-3430 287 +Info 2013-07-25 2013-08-19
9.0
None Remote Low Not required Complete Partial Partial
Cisco Video Surveillance Manager (VSM) before 7.0.0 allows remote attackers to obtain sensitive configuration, archive, and log information via unspecified vectors, related to the Cisco_VSBWT (aka Broadware sample code) package, aka Bug ID CSCsv37288.
19 CVE-2013-3428 200 +Info 2013-07-15 2013-07-16
4.0
None Remote Low Single system Partial None None
The web interface in Cisco Secure Access Control System (ACS) does not properly suppress error-condition details, which allows remote authenticated users to obtain sensitive information via an unspecified request that triggers an error, aka Bug ID CSCue65957.
20 CVE-2013-3409 255 +Info 2013-10-10 2013-10-10
4.3
None Local Low Single system Partial Partial Partial
The portal in Cisco Prime Central for Hosted Collaboration Solution (HCS) places cleartext credentials in temporary files, which allows local users to obtain sensitive information by leveraging weak file permissions to read these files, aka Bug IDs CSCuh33735 and CSCuh34230.
21 CVE-2013-3407 264 +Info 2013-11-17 2013-11-19
5.0
None Remote Low Not required Partial None None
The web interface in Cisco Server Provisioner 6.4.0 Patch 5-1301292331 and earlier does not require authentication for unspecified pages, which allows remote attackers to obtain sensitive information via a direct request, aka Bug ID CSCug65664.
22 CVE-2013-3398 200 +Info 2013-06-26 2013-06-27
5.0
None Remote Low Not required Partial None None
The web framework in Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance provides different responses to requests for arbitrary pathnames depending on whether the pathname exists, which allows remote attackers to enumerate directories and files via a series of crafted requests, aka Bug ID CSCuh64574.
23 CVE-2013-3380 200 +Info 2013-06-11 2013-06-12
4.0
None Remote Low Single system Partial None None
The administrative web interface in the Access Control Server in Cisco Secure Access Control System (ACS) does not properly restrict the report view page, which allows remote authenticated users to obtain sensitive information via a direct request, aka Bug ID CSCue79279.
24 CVE-2013-1216 200 DoS +Info 2013-04-29 2013-05-01
4.0
None Remote Low Single system None None Partial
Memory leak in the SNMP module in Cisco IOS XR allows remote authenticated users to cause a denial of service (memory consumption and process restart) via crafted SNMP packets, aka Bug ID CSCue31546.
25 CVE-2013-1194 200 +Info 2013-04-18 2013-12-05
5.0
None Remote Low Not required Partial None None
The ISAKMP implementation on Cisco Adaptive Security Appliances (ASA) devices generates different responses for IKE aggressive-mode messages depending on whether invalid VPN groups are specified, which allows remote attackers to enumerate groups via a series of messages, aka Bug ID CSCue73708.
26 CVE-2013-1185 200 +Info 2013-04-25 2013-04-25
9.3
None Remote Medium Not required Complete Complete Complete
The web interface in the Manager component in Cisco Unified Computing System (UCS) 1.x and 2.x before 2.0(2m) allows remote attackers to obtain sensitive information by reading a (1) technical-support bundle file or (2) on-device configuration backup, aka Bug ID CSCtq86543.
27 CVE-2013-1140 200 +Info 2013-03-06 2013-03-06
4.3
None Remote Medium Not required Partial None None
The XML parser in Cisco Security Monitoring, Analysis, and Response System (MARS) allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCue55093.
28 CVE-2013-1139 264 +Info 2013-02-26 2013-02-27
4.0
None Remote Low Single system Partial None None
The nsAPI interface in Cisco Cloud Portal 9.1 SP1 and SP2, and 9.3 through 9.3.2, does not properly check privileges, which allows remote authenticated users to obtain sensitive information via a crafted URL, aka Bug ID CSCud81134.
29 CVE-2013-1107 200 +Info 2013-02-06 2013-02-07
4.0
None Remote Low Single system Partial None None
The search function in Cisco Webex Social (formerly Cisco Quad) allows remote authenticated users to read files via unspecified parameters, aka Bug ID CSCud40235.
30 CVE-2013-0149 DoS +Info 2013-08-05 2013-08-13
5.8
None Remote Medium Not required Partial None Partial
The OSPF implementation in Cisco IOS 12.0 through 12.4 and 15.0 through 15.3, IOS-XE 2.x through 3.9.xS, ASA and PIX 7.x through 9.1, FWSM, NX-OS, and StarOS before 14.0.50488 does not properly validate Link State Advertisement (LSA) type 1 packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a (1) unicast or (2) multicast packet, aka Bug IDs CSCug34485, CSCug34469, CSCug39762, CSCug63304, and CSCug39795.
31 CVE-2012-4136 264 DoS +Info 2013-10-03 2013-10-23
6.8
None Remote Medium Not required Partial Partial Partial
The high-availability service in the Fabric Interconnect component in Cisco Unified Computing System (UCS) does not properly bind the cluster service to the management interface, which allows remote attackers to obtain sensitive information or cause a denial of service (peer-syncing outage) via a TELNET connection, aka Bug ID CSCtz72910.
32 CVE-2012-4116 200 +Info 2013-10-19 2013-10-21
4.3
None Remote Medium Not required Partial None None
The fabric-interconnect component in Cisco Unified Computing System (UCS) does not encrypt KVM media traffic, which allows remote attackers to obtain sensitive information, and consequently complete the authentication process for a server connection, by sniffing the network, aka Bug ID CSCtr72970.
33 CVE-2012-4115 310 +Info 2013-10-21 2013-10-21
5.8
None Remote Medium Not required Partial Partial None
The fabric-interconnect component in Cisco Unified Computing System (UCS) does not encrypt KVM virtual-media data, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or modify this traffic by inserting packets into the client-server data stream, aka Bug ID CSCtr72964.
34 CVE-2012-4090 264 +Info 2013-10-05 2013-10-23
4.0
None Remote Low Single system Partial None None
The management interface in Cisco NX-OS on Nexus 7000 devices allows remote authenticated users to obtain sensitive configuration-file information by leveraging the network-operator role, aka Bug ID CSCti09089.
35 CVE-2012-4074 255 +Info 2013-09-20 2013-10-23
5.8
None Remote Medium Not required Partial Partial None
The Board Management Controller (BMC) in the Serial over LAN (SoL) subsystem in Cisco Unified Computing System (UCS) relies on a hardcoded private key, which allows man-in-the-middle attackers to obtain sensitive information or modify the data stream by leveraging knowledge of this key, aka Bug ID CSCte90338.
Total number of vulnerabilities : 35   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.