CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Cisco : Security Vulnerabilities Published In 2014

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-3325 79 XSS 2014-07-19 2014-07-23
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Customer Voice Portal (CVP) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug IDs CSCuh61711, CSCuh61720, CSCuh61723, CSCuh61726, CSCuh61727, CSCuh61731, and CSCuh61733.
2 CVE-2014-3323 22 Dir. Trav. 2014-07-17 2014-07-18
4.0
None Remote Low Single system Partial None None
Directory traversal vulnerability in Cisco Unified Contact Center Enterprise allows remote authenticated users to read arbitrary web-root files via a crafted URL, aka Bug ID CSCun25262.
3 CVE-2014-3322 20 DoS 2014-07-24 2014-07-24
6.1
None Local Network Low Not required None None Complete
Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly perform NetFlow sampling of IP packets, which allows remote attackers to cause a denial of service (chip and card hangs) via malformed (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCuo68417.
4 CVE-2014-3321 20 DoS 2014-07-17 2014-07-18
5.7
None Local Network Medium Not required None None Complete
Cisco IOS XR 4.3.4 and earlier on ASR 9000 devices, when bridge-group virtual interface (BVI) routing is enabled, allows remote attackers to cause a denial of service (chip and card hangs) via a series of crafted MPLS packets, aka Bug ID CSCuo91149.
5 CVE-2014-3320 2014-07-17 2014-07-18
5.8
None Remote Medium Not required Partial Partial None
Multiple open redirect vulnerabilities in the admin web interface in the web framework in Cisco Unified Communications Domain Manager (CDM) 8.1(.4) and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted URLs for unspecified scripts, aka Bug ID CSCuo48835.
6 CVE-2014-3319 22 Dir. Trav. 2014-07-14 2014-07-18
6.8
None Remote Low Single system Complete None None
Directory traversal vulnerability in the Real-Time Monitoring Tool (RTMT) in Cisco Unified Communications Manager (CM) 10.0(1) allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup57676.
7 CVE-2014-3318 20 Dir. Trav. 2014-07-10 2014-07-18
4.0
None Remote Low Single system Partial None None
Directory traversal vulnerability in dna/viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup76318.
8 CVE-2014-3317 22 Dir. Trav. 2014-07-14 2014-07-18
5.5
None Remote Low Single system None Partial Partial
Directory traversal vulnerability in the Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager 10.0(1) allows remote authenticated users to delete arbitrary files via a crafted URL, aka Bug ID CSCup76314.
9 CVE-2014-3316 20 Bypass 2014-07-10 2014-07-18
4.0
None Remote Low Single system None Partial None
The Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to bypass intended upload restrictions via a crafted parameter, aka Bug ID CSCup76297.
10 CVE-2014-3315 79 XSS 2014-07-10 2014-07-18
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCup76308.
11 CVE-2014-3313 79 XSS 2014-07-09 2014-07-18
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the web user interface on Cisco Small Business SPA300 and SPA500 phones allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuo52582.
12 CVE-2014-3312 287 Exec Code 2014-07-09 2014-07-18
6.9
None Local Medium Not required Complete Complete Complete
The debug console interface on Cisco Small Business SPA300 and SPA500 phones does not properly perform authentication, which allows local users to execute arbitrary debug-shell commands, or read or modify data in memory or a filesystem, via direct access to this interface, aka Bug ID CSCun77435.
13 CVE-2014-3311 119 Exec Code Overflow 2014-07-10 2014-07-18
5.1
None Remote High Not required Partial Partial Partial
Heap-based buffer overflow in the file-sharing feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center allows remote attackers to execute arbitrary code via crafted data, aka Bug IDs CSCup62463 and CSCup58467.
14 CVE-2014-3310 20 2014-07-10 2014-07-18
4.3
None Remote Medium Not required Partial None None
The File Transfer feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center does not verify that a requested file was an offered file, which allows remote attackers to read arbitrary files via a modified request, aka Bug IDs CSCup62442 and CSCup58463.
15 CVE-2014-3309 264 Bypass 2014-07-09 2014-07-18
5.0
None Remote Low Not required Partial None None
The NTP implementation in Cisco IOS and IOS XE does not properly support use of the access-group command for a "deny all" configuration, which allows remote attackers to bypass intended restrictions on time synchronization via a standard query, aka Bug ID CSCuj66318.
16 CVE-2014-3308 20 DoS 2014-07-07 2014-07-17
6.4
None Remote Low Not required None Partial Partial
Cisco IOS XR on Trident line cards in ASR 9000 devices lacks a static punt policer, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted packets, aka Bug ID CSCun83985.
17 CVE-2014-3307 Exec Code 2014-07-02 2014-07-24
6.8
None Local Network High Not required Complete Complete Complete
The DHCP client implementation in Universal Small Cell firmware on Cisco Small Cell products allows remote attackers to execute arbitrary commands via crafted DHCP messages, aka Bug ID CSCup47513.
18 CVE-2014-3306 20 Exec Code 2014-07-17 2014-07-18
10.0
None Remote Low Not required Complete Complete Complete
The web server on Cisco DPC3010, DPC3212, DPC3825, DPC3925, DPQ3925, EPC3010, EPC3212, EPC3825, and EPC3925 Wireless Residential Gateway products allows remote attackers to execute arbitrary code via a crafted HTTP request, aka Bug ID CSCup40808.
19 CVE-2014-3300 264 2014-07-07 2014-07-07
7.5
None Remote Low Not required Partial Partial Partial
The BVSMWeb portal in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 10 does not properly implement access control, which allows remote attackers to modify user information via a crafted URL, aka Bug ID CSCum77041.
20 CVE-2014-3299 20 DoS 2014-06-25 2014-06-25
6.8
None Remote Low Single system None None Complete
Cisco IOS allows remote authenticated users to cause a denial of service (device reload) via malformed IPsec packets, aka Bug ID CSCui79745.
21 CVE-2014-3298 255 +Info 2014-07-02 2014-07-24
4.0
None Remote Low Single system Partial None None
Form Data Viewer in Cisco Intelligent Automation for Cloud in Cisco Cloud Portal places passwords in form data, which allows remote authenticated users to obtain sensitive information by reading HTML source code, aka Bug ID CSCui36976.
22 CVE-2014-3297 264 +Info 2014-07-02 2014-07-24
4.0
None Remote Low Single system Partial None None
Cisco Intelligent Automation for Cloud in Cisco Cloud Portal does not properly restrict the content of MyServices action URLs, which allows remote authenticated users to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, aka Bug IDs CSCui36937, CSCui37004, and CSCui36927.
23 CVE-2014-3296 200 +Info 2014-06-21 2014-06-23
4.0
None Remote Low Single system Partial None None
The XML programmatic interface (XML PI) in Cisco WebEx Meeting Server 1.5(.1.131) and earlier allows remote authenticated users to obtain sensitive meeting information via a crafted URL, aka Bug ID CSCum03527.
24 CVE-2014-3295 287 DoS Bypass 2014-06-14 2014-06-21
4.8
None Local Network Low Not required None Partial Partial
The HSRP implementation in Cisco NX-OS 6.2(2a) and earlier allows remote attackers to bypass authentication and cause a denial of service (group-member state modification and traffic blackholing) via malformed HSRP packets, aka Bug ID CSCup11309.
25 CVE-2014-3294 264 +Info 2014-06-10 2014-06-18
4.0
None Remote Low Single system Partial None None
Cisco WebEx Meeting Server does not properly restrict the content of URLs, which allows remote authenticated users to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, aka Bug ID CSCuj81691.
26 CVE-2014-3292 20 2014-06-10 2014-06-18
5.5
None Remote Low Single system Partial None Partial
The Real Time Monitoring Tool (RTMT) implementation in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to (1) read or (2) delete arbitrary files via a crafted URL, aka Bug IDs CSCuo17302 and CSCuo17199.
27 CVE-2014-3291 DoS 2014-06-08 2014-06-18
5.7
None Local Network Medium Not required None None Complete
Cisco Wireless LAN Controller (WLC) devices allow remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a zero value in Cisco Discovery Protocol packet data that is not properly handled during SNMP polling, aka Bug ID CSCuo12321.
28 CVE-2014-3290 264 +Info 2014-06-14 2014-06-26
4.8
None Local Network Low Not required Partial Partial None
The mDNS implementation in Cisco IOS XE 3.12S does not properly interact with autonomic networking, which allows remote attackers to obtain sensitive networking-services information by sniffing the network or overwrite networking-services data via a crafted mDNS response, aka Bug ID CSCun64867.
29 CVE-2014-3289 79 XSS 2014-06-10 2014-06-18
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the web management interface in Cisco AsyncOS on the Email Security Appliance (ESA) 8.0, Web Security Appliance (WSA) 8.0 (.5 Hot Patch 1) and earlier, and Content Security Management Appliance (SMA) 8.3 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, as demonstrated by the date_range parameter to monitor/reports/overview on the IronPort ESA, aka Bug IDs CSCun07998, CSCun07844, and CSCun07888.
30 CVE-2014-3287 89 Exec Code Sql 2014-06-10 2014-06-18
4.0
None Remote Low Single system Partial None None
SQL injection vulnerability in BulkViewFileContentsAction.java in the Java interface in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to execute arbitrary SQL commands via crafted filename parameters in a URL, aka Bug ID CSCuo17337.
31 CVE-2014-3286 264 +Info 2014-06-08 2014-06-18
5.0
None Remote Low Not required Partial None None
The web framework in Cisco WebEx Meeting Server does not properly restrict the content of reply messages, which allows remote attackers to obtain sensitive information via a crafted URL, aka Bug IDs CSCuj81685, CSCuj81688, CSCuj81665, CSCuj81744, and CSCuj81661.
32 CVE-2014-3285 20 DoS 2014-05-29 2014-06-13
5.0
None Remote Low Not required None None Partial
Cisco Wide Area Application Services (WAAS) 5.3(.5a) and earlier, when SharePoint acceleration is enabled, does not properly parse SharePoint responses, which allows remote attackers to cause a denial of service (application-optimization handler reload) via a crafted SharePoint application, aka Bug ID CSCue47674.
33 CVE-2014-3284 20 DoS 2014-05-25 2014-06-13
6.1
None Local Network Low Not required None None Complete
Cisco IOS XE on ASR1000 devices, when PPPoE termination is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed PPPoE packet, aka Bug ID CSCuo55180.
34 CVE-2014-3283 2014-05-29 2014-06-13
5.8
None Remote Medium Not required Partial Partial None
Open redirect vulnerability in Self-Care Client Portal applications in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka Bug ID CSCun79731.
35 CVE-2014-3282 264 +Info 2014-05-29 2014-06-13
4.0
None Remote Low Single system Partial None None
The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain sensitive number-translation information by leveraging Location Administrator privileges and entering a crafted URL, aka Bug ID CSCum76930.
36 CVE-2014-3281 264 +Info 2014-06-08 2014-07-17
5.0
None Remote Low Not required Partial None None
The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) does not properly implement access control, which allows remote attackers to obtain potentially sensitive user information by visiting an unspecified BVSMWeb web page, aka Bug IDs CSCun46071 and CSCun46101.
37 CVE-2014-3280 264 +Info 2014-06-03 2014-06-13
4.0
None Remote Low Single system Partial None None
The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain potentially sensitive user information by visiting an unspecified Administration GUI web page, aka Bug IDs CSCun46045 and CSCun46116.
38 CVE-2014-3279 264 2014-05-29 2014-07-17
5.0
None Remote Low Not required Partial None None
The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote attackers to enumerate account names via a crafted URL, aka Bug IDs CSCun39631 and CSCun39643.
39 CVE-2014-3278 264 2014-06-08 2014-07-17
5.0
None Remote Low Not required Partial None None
The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) does not properly implement access control, which allows remote attackers to enumerate accounts by visiting an unspecified BVSMWeb web page, aka Bug IDs CSCun39619 and CSCun45572.
40 CVE-2014-3277 287 +Info 2014-05-29 2014-06-13
4.0
None Remote Low Single system Partial None None
The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain sensitive user and group information by leveraging Location Administrator privileges and entering a crafted URL, aka Bug ID CSCum77005.
41 CVE-2014-3276 DoS 2014-05-25 2014-06-13
4.0
None Remote Low Single system None None Partial
Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier does not properly handle deadlock conditions during reception of crafted RADIUS accounting packets from multiple NAS devices, which allows remote authenticated users to cause a denial of service (RADIUS outage) by sourcing these packets from two origins, aka Bug ID CSCuo56780.
42 CVE-2014-3275 89 Exec Code Sql 2014-05-25 2014-06-13
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCul21337.
43 CVE-2014-3274 310 +Info 2014-05-25 2014-06-13
4.3
None Remote Medium Not required Partial None None
Cisco TelePresence System (CTS) 6.0(.5)(5) and earlier falls back to HTTP when certain HTTPS sessions cannot be established, which allows man-in-the-middle attackers to obtain sensitive directory information by leveraging a network position between CTS and Cisco Unified Communications Manager (UCM) to block HTTPS traffic, aka Bug ID CSCuj26326.
44 CVE-2014-3273 20 DoS 2014-05-20 2014-06-13
6.1
None Local Network Low Not required None None Complete
The LLDP implementation in Cisco IOS allows remote attackers to cause a denial of service (device reload) via a malformed packet, aka Bug ID CSCum96282.
45 CVE-2014-3272 20 +Priv 2014-05-25 2014-06-13
6.0
None Local High Single system Complete Complete Complete
The Agent in Cisco Tidal Enterprise Scheduler (TES) 6.1 and earlier allows local users to gain privileges via crafted Tidal Job Buffers (TJB) parameters, aka Bug ID CSCuo33074.
46 CVE-2014-3271 20 DoS 2014-05-20 2014-06-13
5.0
None Remote Low Not required None None Partial
The DHCPv6 implementation in Cisco IOS XR allows remote attackers to cause a denial of service (device crash) via a malformed packet, aka Bug IDs CSCum85558, CSCum20949, CSCul61849, and CSCul71149.
47 CVE-2014-3270 20 DoS 2014-05-20 2014-06-13
5.0
None Remote Low Not required None None Partial
The DHCPv6 implementation in Cisco IOS XR allows remote attackers to cause a denial of service (process hang) via a malformed packet, aka Bug ID CSCul80924.
48 CVE-2014-3269 20 DoS 2014-05-20 2014-05-20
6.8
None Remote Low Single system None None Complete
The SNMP module in Cisco IOS XE 3.5E allows remote authenticated users to cause a denial of service (device reload) by polling frequently, aka Bug ID CSCug65204.
49 CVE-2014-3268 20 DoS 2014-05-20 2014-05-20
5.0
None Remote Low Not required None None Partial
Cisco IOS 15.2(4)M4 on Cisco Unified Border Element (CUBE) devices allows remote attackers to cause a denial of service (input-queue consumption and traffic-processing outage) via crafted RTCP packets, aka Bug ID CSCuj72215.
50 CVE-2014-3267 352 CSRF 2014-05-25 2014-06-13
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Security Manager 4.6 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make unspecified changes, aka Bug ID CSCuo46427.
Total number of vulnerabilities : 243   Page : 1 (This Page)2 3 4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.