Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-10-05 | CVE-2016-6420 | Information Exposure vulnerability in Cisco Firesight System Software Cisco FireSIGHT System Software 4.10.3 through 5.4.0 in Firepower Management Center allows remote authenticated users to bypass authorization checks and gain privileges via a crafted HTTP request, aka Bug ID CSCur25467. | 6.5 |
| 2016-10-05 | CVE-2016-6419 | SQL Injection vulnerability in Cisco Secure Firewall Management Center SQL injection vulnerability in Cisco Firepower Management Center 4.10.3 through 5.4.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCur25485. | 7.5 |
| 2016-09-24 | CVE-2016-6413 | Permissions, Privileges, and Access Controls vulnerability in Cisco Application Policy Infrastructure Controller 1.3(2F) The installation procedure on Cisco Application Policy Infrastructure Controller (APIC) devices 1.3(2f) mishandles binary files, which allows local users to obtain root access via unspecified vectors, aka Bug ID CSCva50496. | 7.8 |
| 2016-09-24 | CVE-2016-6412 | Improper Input Validation vulnerability in Cisco IOS 15.6(1)T1 The Cisco Application-hosting Framework (CAF) component in Cisco IOS 15.6(1)T1 and IOS XE, when the IOx feature set is enabled, allows man-in-the-middle attackers to trigger arbitrary downloads via crafted HTTP headers, aka Bug ID CSCuz84773. | 6.5 |
| 2016-09-24 | CVE-2016-6411 | Improper Input Validation vulnerability in Cisco Firesight System Software 6.0.1 Cisco Firepower Management Center and FireSIGHT System Software 6.0.1 mishandle comparisons between URLs and X.509 certificates, which allows remote attackers to bypass intended do-not-decrypt settings via a crafted URL, aka Bug ID CSCva50585. | 7.5 |
| 2016-09-24 | CVE-2016-6410 | Improper Input Validation vulnerability in Cisco IOS 15.5(2)T The Cisco Application-hosting Framework (CAF) component in Cisco IOS 15.6(1)T1 and IOS XE, when the IOx feature set is enabled, allows remote authenticated users to read arbitrary files via unspecified vectors, aka Bug ID CSCuy19856. | 6.5 |
| 2016-09-24 | CVE-2016-6409 | Resource Management Errors vulnerability in Cisco IOS 15.6(1)T The Data in Motion (DMo) component in Cisco IOS 15.6(1)T and IOS XE, when the IOx feature set is enabled, allows remote attackers to cause a denial of service (out-of-bounds access) via crafted traffic, aka Bug ID CSCuy54015. | 7.5 |
| 2016-09-24 | CVE-2016-6408 | XXE vulnerability in Cisco Prime Home 5.2.0 Cisco Prime Home 5.2.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCvb17814. | 7.5 |
| 2016-09-22 | CVE-2016-6414 | OS Command Injection vulnerability in Cisco IOS 15.6(1)T1 iox in Cisco IOS, possibly 15.6 and earlier, and IOS XE, possibly 3.18 and earlier, allows local users to execute arbitrary IOx Linux commands on the guest OS via crafted iox command-line options, aka Bug ID CSCuz59223. | 7.8 |
| 2016-09-22 | CVE-2016-6406 | Permissions, Privileges, and Access Controls vulnerability in Cisco Email Security Appliance Firmware Cisco IronPort AsyncOS 9.1.2-023, 9.1.2-028, 9.1.2-036, 9.7.2-046, 9.7.2-047, 9.7.2-054, 10.0.0-124, and 10.0.0-125 on Email Security Appliance (ESA) devices, when Enrollment Client before 1.0.2-065 is installed, allows remote attackers to obtain root access via a connection to the testing/debugging interface, aka Bug ID CSCvb26017. | 9.8 |