Vulnerabilities > Cisco

DATE CVE VULNERABILITY TITLE RISK
2016-08-22 CVE-2016-6359 Cross-site Scripting vulnerability in Cisco Transport Gateway Installation Software 4.1(4.0)
Cross-site scripting (XSS) vulnerability in Cisco Transport Gateway Installation Software 4.1(4.0) on Smart Call Home Transport Gateway devices allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug IDs CSCva40650 and CSCva40817.
network
low complexity
cisco CWE-79
6.1
6.1
2016-08-22 CVE-2016-1485 Cross-site Scripting vulnerability in Cisco Identity Services Engine Software 1.3(0.876)
Cross-site scripting (XSS) vulnerability in Cisco Identity Services Engine 1.3(0.876) allows remote attackers to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCva46497.
network
low complexity
cisco CWE-79
6.1
6.1
2016-08-22 CVE-2016-1479 Improper Input Validation vulnerability in Cisco IP Phone 8800 Series Firmware 11.0(1)
Cisco IP Phone 8800 devices with software 11.0(1) allow remote attackers to cause a denial of service (memory corruption) via a crafted HTTP request, aka Bug ID CSCuz03038.
network
low complexity
cisco CWE-20
7.5
7.5
2016-08-22 CVE-2016-1476 Cross-site Scripting vulnerability in Cisco IP Phone 8800 Series Firmware 11.0Base
Cross-site scripting (XSS) vulnerability on Cisco IP Phone 8800 devices with software 11.0 allows remote authenticated users to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCuz03024.
network
low complexity
cisco CWE-79
5.4
5.4
2016-08-18 CVE-2016-1458 Permissions, Privileges, and Access Controls vulnerability in Cisco Secure Firewall Management Center
The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.0.3, 5.3.1.x before 5.3.1.2, and 5.4.x before 5.4.0.1 and Cisco Adaptive Security Appliance (ASA) Software on 5500-X devices with FirePOWER Services 4.x and 5.x before 5.3.0.3, 5.3.1.x before 5.3.1.2, and 5.4.x before 5.4.0.1 allows remote authenticated users to increase user-account privileges via crafted HTTP requests, aka Bug ID CSCur25483.
network
low complexity
cisco CWE-264
8.8
8.8
2016-08-18 CVE-2016-1457 Permissions, Privileges, and Access Controls vulnerability in Cisco Secure Firewall Management Center
The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 and Cisco Adaptive Security Appliance (ASA) Software on 5500-X devices with FirePOWER Services 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 allows remote authenticated users to execute arbitrary commands as root via crafted HTTP requests, aka Bug ID CSCur25513.
network
low complexity
cisco CWE-264
8.8
8.8
2016-08-18 CVE-2016-1365 Improper Input Validation vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module 1.0.10
The Grapevine update process in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0 allows remote authenticated users to execute arbitrary commands as root via a crafted upgrade parameter, aka Bug ID CSCux15507.
network
low complexity
cisco CWE-20
8.8
8.8
2016-08-18 CVE-2016-6367 Command Injection vulnerability in Cisco Adaptive Security Appliance Software
Cisco Adaptive Security Appliance (ASA) Software before 8.4(1) on ASA 5500, ASA 5500-X, PIX, and FWSM devices allows local users to gain privileges via invalid CLI commands, aka Bug ID CSCtu74257 or EPICBANANA.
local
low complexity
cisco CWE-77
7.8
7.8
2016-08-18 CVE-2016-6366 Classic Buffer Overflow vulnerability in Cisco products
Buffer overflow in Cisco Adaptive Security Appliance (ASA) Software through 9.4.2.3 on ASA 5500, ASA 5500-X, ASA Services Module, ASA 1000V, ASAv, Firepower 9300 ASA Security Module, PIX, and FWSM devices allows remote authenticated users to execute arbitrary code via crafted IPv4 SNMP packets, aka Bug ID CSCva92151 or EXTRABACON.
network
low complexity
cisco CWE-120
8.8
8.8
2016-08-08 CVE-2016-1478 Improper Input Validation vulnerability in Cisco IOS
Cisco IOS 15.5(3)S3, 15.6(1)S2, 15.6(2)S1, and 15.6(2)T1 does not properly dequeue invalid NTP packets, which allows remote attackers to cause a denial of service (interface wedge) by sending many crafted NTP packets, aka Bug ID CSCva35619.
network
low complexity
cisco CWE-20
7.5
7.5