Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-12-14 | CVE-2016-9207 | 7PK - Security Features vulnerability in Cisco Expressway X8.7.2/X8.8.3 A vulnerability in the HTTP traffic server component of Cisco Expressway could allow an unauthenticated, remote attacker to initiate TCP connections to arbitrary hosts. | 6.5 |
| 2016-12-14 | CVE-2016-9206 | Cross-site Scripting vulnerability in Cisco Unified Communications Manager 11.5(1.10000.6) A vulnerability in the ccmadmin page of Cisco Unified Communications Manager (CUCM) could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks. | 6.1 |
| 2016-12-14 | CVE-2016-9205 | Resource Management Errors vulnerability in Cisco IOS XR 6.1.1 A vulnerability in the HTTP 2.0 request handling code of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon (emsd) to crash, resulting in a denial of service (DoS) condition. | 7.5 |
| 2016-12-14 | CVE-2016-9204 | Credentials Management vulnerability in Cisco Nexus 1000V Intercloud Firmware 2.2(1) A vulnerability in the Cisco Intercloud Fabric (ICF) Director could allow an unauthenticated, remote attacker to connect to internal services with an internal account. | 6.5 |
| 2016-12-14 | CVE-2016-9203 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco ASR 5000 Series Software 20.0.2.3.65026 A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco ASR 5000 Series Software could allow an unauthenticated, remote attacker to cause a reload of the ipsecmgr process. | 7.5 |
| 2016-12-14 | CVE-2016-9202 | Cross-site Scripting vulnerability in Cisco Email Security Appliance A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) Switches could allow an unauthenticated, remote attacker to conduct a persistent cross-site scripting (XSS) attack against a user of the affected interface on an affected device. | 6.1 |
| 2016-12-14 | CVE-2016-9201 | Improper Input Validation vulnerability in Cisco IOS 15.3(3)M3 A vulnerability in the Zone-Based Firewall feature of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to pass traffic that should otherwise have been dropped based on the configuration. | 7.5 |
| 2016-12-14 | CVE-2016-9200 | Cross-site Scripting vulnerability in Cisco Prime Collaboration Assurance 10.5.1/10.6.0 A vulnerability in the web framework code of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface. | 6.1 |
| 2016-12-14 | CVE-2016-9199 | Path Traversal vulnerability in Cisco IOX 1.1.0 A vulnerability in the Cisco application-hosting framework (CAF) of Cisco IOx could allow an authenticated, remote attacker to read arbitrary files on a targeted system. | 6.5 |
| 2016-12-14 | CVE-2016-9198 | Resource Management Errors vulnerability in Cisco Identity Services Engine 1.2(1.199) A vulnerability in the Active Directory integration component of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform a denial of service (DoS) attack. | 7.5 |