Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-09-24 | CVE-2016-6408 | XXE vulnerability in Cisco Prime Home 5.2.0 Cisco Prime Home 5.2.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCvb17814. | 4.3 |
| 2016-09-22 | CVE-2016-6414 | OS Command Injection vulnerability in Cisco IOS 15.6(1)T1 iox in Cisco IOS, possibly 15.6 and earlier, and IOS XE, possibly 3.18 and earlier, allows local users to execute arbitrary IOx Linux commands on the guest OS via crafted iox command-line options, aka Bug ID CSCuz59223. | 7.2 |
| 2016-09-22 | CVE-2016-6406 | Permissions, Privileges, and Access Controls vulnerability in Cisco Email Security Appliance Firmware Cisco IronPort AsyncOS 9.1.2-023, 9.1.2-028, 9.1.2-036, 9.7.2-046, 9.7.2-047, 9.7.2-054, 10.0.0-124, and 10.0.0-125 on Email Security Appliance (ESA) devices, when Enrollment Client before 1.0.2-065 is installed, allows remote attackers to obtain root access via a connection to the testing/debugging interface, aka Bug ID CSCvb26017. | 10.0 |
| 2016-09-22 | CVE-2016-6374 | Improper Input Validation vulnerability in Cisco Cloud Services Platform 2100 2.0.0 Cisco Cloud Services Platform (CSP) 2100 2.0 allows remote attackers to execute arbitrary code via a crafted dnslookup command in an HTTP request, aka Bug ID CSCuz89093. | 7.5 |
| 2016-09-22 | CVE-2016-6373 | OS Command Injection vulnerability in Cisco Cloud Services Platform 2100 2.0.0Base The web-based GUI in Cisco Cloud Services Platform (CSP) 2100 2.0 allows remote authenticated administrators to execute arbitrary OS commands as root via crafted platform commands, aka Bug ID CSCva00541. | 9.0 |
| 2016-09-22 | CVE-2014-2146 | Improper Input Validation vulnerability in Cisco IOS XE The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access restrictions via spoofed traffic that matches one of these sessions, aka Bug IDs CSCun94946 and CSCun96847. | 4.3 |
| 2016-09-19 | CVE-2016-6415 | Information Exposure vulnerability in Cisco IOS XE The server IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.6, IOS XE through 3.18S, IOS XR 4.3.x and 5.0.x through 5.2.x, and PIX before 7.0 allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request, aka Bug IDs CSCvb29204 and CSCvb36055 or BENIGNCERTAIN. | 5.0 |
| 2016-09-19 | CVE-2016-1483 | Improper Input Validation vulnerability in Cisco Webex Meetings Server 2.6.0 Cisco WebEx Meetings Server 2.6 allows remote attackers to cause a denial of service (CPU consumption) by repeatedly accessing the account-validation component of an unspecified service, aka Bug ID CSCuy92704. | 7.8 |
| 2016-09-18 | CVE-2016-6405 | Improper Input Validation vulnerability in Cisco FOG Director 1.0(0) Cisco Fog Director 1.0(0) for IOx allows remote authenticated users to bypass intended access restrictions and write to arbitrary files via the Cartridge interface, aka Bug ID CSCuz89368. | 6.8 |
| 2016-09-18 | CVE-2016-6404 | Cross-site Scripting vulnerability in Cisco IOS 15.5(2)T Cross-site scripting (XSS) vulnerability in the web framework in Cisco IOx Local Manager in IOS 15.5(2)T and IOS XE allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy19854. | 4.3 |