Vulnerabilities > Cisco

DATE CVE VULNERABILITY TITLE RISK
2016-12-14 CVE-2016-6467 Resource Management Errors vulnerability in Cisco ASR 5000 Series Software 20.0.0/21.0.0/21.0.M0.64702
A vulnerability in IPv6 packet fragment reassembly of StarOS for Cisco Aggregation Services Router (ASR) 5000 Series Switch could allow an unauthenticated, remote attacker to cause an unexpected reload of the Network Processing Unit (NPU) process.
network
low complexity
cisco CWE-399
7.5
2016-12-14 CVE-2016-6465 Improper Input Validation vulnerability in Cisco Email Security Appliance
A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances and Cisco Web Security Appliances could allow an unauthenticated, remote attacker to bypass user filters that are configured for an affected device.
network
low complexity
cisco CWE-20
4.3
2016-12-14 CVE-2016-6464 Information Exposure vulnerability in Cisco Unified Communications Manager IM and Presence Service
A vulnerability in the web management interface of the Cisco Unified Communications Manager IM and Presence Service could allow an unauthenticated, remote attacker to view information on web pages that should be restricted.
network
low complexity
cisco CWE-200
7.5
2016-12-14 CVE-2016-6449 Permissions, Privileges, and Access Controls vulnerability in Cisco Fireamp Connector Endpoint Software 4.4.0/4.4.2.10200
A vulnerability in the system management of certain FireAMP system processes in Cisco FireAMP Connector Endpoint software could allow an authenticated, local attacker to stop certain protected FireAMP processes without requiring a password.
local
low complexity
cisco CWE-264
7.8
2016-12-14 CVE-2016-1411 Cryptographic Issues vulnerability in Cisco products
A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Management Security Appliance (SMA) could allow an unauthenticated, remote attacker to impersonate the update server.
network
high complexity
cisco CWE-310
5.9
2016-11-19 CVE-2016-6472 Cross-site Scripting vulnerability in Cisco Unified Communications Manager 11.5(1.2)
A vulnerability in several parameters of the ccmivr page of Cisco Unified Communication Manager (CallManager) could allow an unauthenticated, remote attacker to launch a cross-site scripting (XSS) attack against a user of the web interface on the affected system.
network
low complexity
cisco CWE-79
6.1
2016-11-19 CVE-2016-6466 Resource Management Errors vulnerability in Cisco ASR 5000 Series Software and Virtualized Packet Core
A vulnerability in the IPsec component of StarOS for Cisco ASR 5000 Series routers could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from establishing, resulting in a denial of service (DoS) condition.
network
low complexity
cisco CWE-399
7.5
2016-11-19 CVE-2016-6463 Improper Input Validation vulnerability in Cisco Email Security Appliance Firmware 10.0.0082/9.7.0125/9.7.106
A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protection (AMP) filters that are configured for an affected device.
network
low complexity
cisco CWE-20
5.3
2016-11-19 CVE-2016-6462 Improper Input Validation vulnerability in Cisco Email Security Appliance Firmware 10.0.0082/10.0.0125/9.7.106
A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protection (AMP) filters that are configured for an affected device.
network
low complexity
cisco CWE-20
5.3
2016-11-19 CVE-2016-6461 Improper Input Validation vulnerability in Cisco Adaptive Security Appliance Software
A vulnerability in the HTTP web-based management interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to inject arbitrary XML commands on the affected system.
network
high complexity
cisco CWE-20
5.9