Vulnerabilities > Cisco

DATE CVE VULNERABILITY TITLE RISK
2016-04-16 CVE-2016-1339 OS Command Injection vulnerability in Cisco Unified Computing System Platform Emulator 2.5(2)Ts4/3.0(2C)A/3.0(2C)Ts9
Cisco Unified Computing System (UCS) Platform Emulator 2.5(2)TS4, 3.0(2c)A, and 3.0(2c)TS9 allows local users to gain privileges via crafted arguments on a ucspe-copy command line, aka Bug ID CSCux68832.
local
low complexity
cisco CWE-78
7.2
7.2
2016-04-14 CVE-2016-1378 Information Exposure vulnerability in Cisco IOS
Cisco IOS before 15.2(2)E1 on Catalyst switches allows remote attackers to obtain potentially sensitive software-version information via a request to the Network Mobility Services Protocol (NMSP) port, aka Bug ID CSCum62591.
network
low complexity
cisco CWE-200
5.0
5.0
2016-04-14 CVE-2016-1352 OS Command Injection vulnerability in Cisco Unified Computing System Central Software 1.3(0.1)
Cisco Unified Computing System (UCS) Central Software 1.3(1b) and earlier allows remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuv33856.
network
low complexity
cisco CWE-78
7.5
7.5
2016-04-12 CVE-2016-1377 Cross-site Scripting vulnerability in Cisco Unity Connection
Cross-site scripting (XSS) vulnerability in Cisco Unity Connection through 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCus21776.
network
cisco CWE-79
4.3
4.3
2016-04-12 CVE-2016-1376 Improper Input Validation vulnerability in Cisco IOS XR
Cisco IOS XR 4.2.3, 4.3.0, 4.3.4, and 5.3.1 on ASR 9000 devices allows remote attackers to cause a denial of service (CRC and symbol errors, and interface flap) via crafted bit patterns in packets, aka Bug ID CSCuv78548.
network
low complexity
cisco CWE-20
5.0
5.0
2016-04-08 CVE-2016-1375 Cross-site Scripting vulnerability in Cisco IP Interoperability and Collaboration System 4.10
Cross-site scripting (XSS) vulnerability in Cisco IP Interoperability and Collaboration System 4.10(1) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy12339.
network
cisco CWE-79
4.3
4.3
2016-04-06 CVE-2016-1346 Resource Management Errors vulnerability in Cisco Telepresence Server Software
The kernel in Cisco TelePresence Server 3.0 through 4.2(4.18) on Mobility Services Engine (MSE) 8710 devices allows remote attackers to cause a denial of service (panic and reboot) via a crafted sequence of IPv6 packets, aka Bug ID CSCuu46673.
network
cisco CWE-399
7.1
7.1
2016-04-06 CVE-2016-1313 Permissions, Privileges, and Access Controls vulnerability in Cisco UCS Invicta C3124Sa Appliance 4.3.1/4.5.0/5.0.1
Cisco UCS Invicta C3124SA Appliance 4.3.1 through 5.0.1, UCS Invicta Scaling System and Appliance, and Whiptail Racerunner improperly store a default SSH private key, which allows remote attackers to obtain root access via unspecified vectors, aka Bug ID CSCun71294.
network
low complexity
cisco CWE-264
critical
 10.0
10
2016-04-06 CVE-2016-1291 Improper Input Validation vulnerability in Cisco products
Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allow remote attackers to execute arbitrary code via crafted deserialized data in an HTTP POST request, aka Bug ID CSCuw03192.
network
cisco CWE-20
critical
 9.3
9.3
2016-04-06 CVE-2016-1290 Permissions, Privileges, and Access Controls vulnerability in Cisco products
The web API in Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allows remote authenticated users to bypass intended RBAC restrictions and gain privileges via an HTTP request that is inconsistent with a pattern filter, aka Bug ID CSCuy10227.
network
low complexity
cisco CWE-264
5.5
5.5