Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-12-14 | CVE-2016-9201 | Improper Input Validation vulnerability in Cisco IOS 15.3(3)M3 A vulnerability in the Zone-Based Firewall feature of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to pass traffic that should otherwise have been dropped based on the configuration. | 7.5 |
| 2016-12-14 | CVE-2016-9200 | Cross-site Scripting vulnerability in Cisco Prime Collaboration Assurance 10.5.1/10.6.0 A vulnerability in the web framework code of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface. | 6.1 |
| 2016-12-14 | CVE-2016-9199 | Path Traversal vulnerability in Cisco IOX 1.1.0 A vulnerability in the Cisco application-hosting framework (CAF) of Cisco IOx could allow an authenticated, remote attacker to read arbitrary files on a targeted system. | 6.5 |
| 2016-12-14 | CVE-2016-9198 | Resource Management Errors vulnerability in Cisco Identity Services Engine 1.2(1.199) A vulnerability in the Active Directory integration component of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform a denial of service (DoS) attack. | 7.5 |
| 2016-12-14 | CVE-2016-9193 | Improper Input Validation vulnerability in Cisco products A vulnerability in the malicious file detection and blocking features of Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system. | 7.5 |
| 2016-12-14 | CVE-2016-9192 | Permissions, Privileges, and Access Controls vulnerability in Cisco Anyconnect Secure Mobility Client A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and execute an arbitrary executable file with privileges equivalent to the Microsoft Windows operating system SYSTEM account. | 7.8 |
| 2016-12-14 | CVE-2016-6474 | Improper Authentication vulnerability in Cisco IOS 15.5(2.25)T A vulnerability in the implementation of X.509 Version 3 for SSH authentication functionality in Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication on an affected system. | 7.3 |
| 2016-12-14 | CVE-2016-6473 | Injection vulnerability in Cisco IOS A vulnerability in Cisco IOS on Catalyst Switches and Nexus 9300 Series Switches could allow an unauthenticated, adjacent attacker to cause a Layer 2 network storm. | 6.5 |
| 2016-12-14 | CVE-2016-6471 | Information Exposure vulnerability in Cisco Firesight System Software 5.4.1.6 A vulnerability in the web-based management interface of Cisco Firepower Management Center running FireSIGHT System software could allow an authenticated, remote attacker to view the Remote Storage Password. | 6.5 |
| 2016-12-14 | CVE-2016-6470 | Permissions, Privileges, and Access Controls vulnerability in Cisco Hybrid Media Service 1.0Base A vulnerability in the installation procedure of the Cisco Hybrid Media Service could allow an authenticated, local attacker to elevate privileges to the root level. | 7.8 |