| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in the Management Center component in Cisco FireSIGHT System Software 6.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified fields, aka Bug IDs CSCus93566, CSCut31557, and CSCut47196. |
| Cisco Edge 300 software 1.0 and 1.1 on Edge 340 devices allows local users to obtain root privileges via unspecified commands, aka Bug ID CSCur18132. |
| Cisco WebEx Meeting Center does not properly determine authorization for reading a host calendar, which allows remote attackers to obtain sensitive information by obtaining a list of all meetings and then sending a calendar request for each one, aka Bug ID CSCur23913. |
| Cisco IOS XR 4.0.1 through 4.2.0 for CRS-3 Carrier Routing System allows remote attackers to cause a denial of service (NPU ASIC scan and line-card reload) via crafted IPv6 extension headers, aka Bug ID CSCtx03546. |
| Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (device reload) via malformed Common Industrial Protocol (CIP) TCP packets, aka Bug ID CSCun63514. |
| The IKE implementation in the WS-IPSEC-3 service module in Cisco IOS 12.2 on Catalyst 6500 devices allows remote authenticated users to cause a denial of service (device reload) by sending a crafted message during IPsec tunnel setup, aka Bug ID CSCur70505. |
| Memory leak in Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (memory consumption) via crafted Common Industrial Protocol (CIP) TCP packets, aka Bug ID CSCun49658. |
| Cisco IOS XR 5.1.1.K9SEC allows remote authenticated users to cause a denial of service (vty error, and SSH and TELNET outage) via a crafted disconnect action within an SSH session, aka Bug ID CSCul63127. |
| Cross-site scripting (XSS) vulnerability in Cisco Application and Content Networking System (ACNS) 5.5(9) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuu70650. |
| The banner (aka MOTD) implementation in Cisco NX-OS 4.1(2)E1(1f) on Nexus 4000 devices, 5.2(1)SV3(2.1) on Nexus 1000V devices, 6.0(2)N2(2) on Nexus 5000 devices, 6.2(11) on MDS 9000 devices, 6.2(12) on Nexus 7000 devices, 7.0(3) on Nexus 9000 devices, and 7.2(0)ZN(99.67) on Nexus 3000 devices allows remote attackers to cause a denial of service (login process reset) via an unspecified terminal-session request during TELNET session setup, aka Bug IDs CSCuo10554, CSCuu75466, CSCuu75471, CSCuu75484, CSCuu75498, CSCuu77170, and CSCuu77182. |
| The Manager component in Cisco Unified Computing System (UCS) 2.2(3b) on B Blade Server devices allows local users to gain privileges for executing arbitrary CLI commands by leveraging access to the subordinate fabric interconnect, aka Bug ID CSCut32778. |
| Cross-site scripting (XSS) vulnerability in Cisco Unity Connection through 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCus21776. |
| Cisco WebEx Meetings Server 2.6 allows remote attackers to cause a denial of service (CPU consumption) by repeatedly accessing the account-validation component of an unspecified service, aka Bug ID CSCuy92704. |
| The administrative web interface in Cisco Identity Services Engine (ISE) before 1.3 allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or change settings, via unspecified vectors, aka Bug ID CSCui72087. |
| A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) could allow a low-privileged, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.
This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious data in a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. |
| A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a CSRF attack, which could allow the attacker to perform arbitrary actions on an affected device. This vulnerability is due to insufficient protections for the web UI of an affected system. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user, such as deleting users from the device. |
| A vulnerability in the tenant security implementation of Cisco Nexus Dashboard Orchestrator (NDO) could allow an authenticated, remote attacker to modify or delete tenant templates on an affected system.
This vulnerability is due to improper access controls within tenant security. An attacker who is using a valid user account with write privileges and either a Site Manager or Tenant Manager role could exploit this vulnerability. A successful exploit could allow the attacker to modify or delete tenant templates under non-associated tenants, which could disrupt network traffic. |
| A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface does not adequately validate user input. An attacker could exploit this vulnerability by authenticating to the application and sending crafted SQL queries to an affected system. A successful exploit could allow the attacker to obtain any data from the database, execute arbitrary commands on the underlying operating system, and elevate privileges to root. To exploit this vulnerability, an attacker would need at least Read Only user credentials. |
| The UDP inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.0 before 8.0(5.25), 8.1 before 8.1(2.50), 8.2 before 8.2(5.5), 8.3 before 8.3(2.22), 8.4 before 8.4(2.1), and 8.5 before 8.5(1.2) does not properly handle flows, which allows remote attackers to cause a denial of service (device reload) via a crafted series of (1) IPv4 or (2) IPv6 UDP packets, aka Bug ID CSCtq10441. |
| The Cisco Cius with software before 9.2(1) SR2 allows remote attackers to cause a denial of service (device crash or hang) via malformed network traffic, aka Bug ID CSCto71445. |
