Vulnerabilities > Cisco

DATE CVE VULNERABILITY TITLE RISK
2016-02-26 CVE-2016-1297 OS Command Injection vulnerability in Cisco Application Control Engine Software
The Device Manager GUI in Cisco Application Control Engine (ACE) 4710 A5 before A5(3.1) allows remote authenticated users to bypass intended RBAC restrictions and execute arbitrary CLI commands with admin privileges via an unspecified parameter in a POST request, aka Bug ID CSCul84801.
network
low complexity
cisco CWE-78
critical
 9.0
9.0
2016-02-24 CVE-2016-1341 Permissions, Privileges, and Access Controls vulnerability in Cisco Nx-Os 7.0(1)N1(1)/7.0(1)N1(3)/7.0(4)N1(1)
Cisco NX-OS 7.0(1)N1(1), 7.0(1)N1(3), and 7.0(4)N1(1) on Nexus 2000 Fabric Extender devices has a blank root password, which allows local users to gain privileges via unspecified vectors, aka Bug ID CSCur22079.
local
cisco CWE-264
6.9
6.9
2016-02-19 CVE-2016-1335 Permissions, Privileges, and Access Controls vulnerability in Cisco ASR 5000 Series Software
The SSH implementation in Cisco StarOS before 19.3.M0.62771 and 20.x before 20.0.M0.62768 on ASR 5000 devices mishandles a multi-user public-key authentication configuration, which allows remote authenticated users to gain privileges by establishing a connection from an endpoint that was previously used for an administrator's connection, aka Bug ID CSCux22492.
network
high complexity
cisco CWE-264
7.1
7.1
2016-02-17 CVE-2016-1334 Improper Input Validation vulnerability in Cisco Small Business Wireless Access Points Firmware 1.0.4.4
Cisco Small Business 500 Wireless Access Point devices with firmware 1.0.4.4 allow remote attackers to set the system time via a crafted POST request, aka Bug ID CSCuy01457.
network
low complexity
cisco CWE-20
5.0
5.0
2016-02-17 CVE-2016-1333 Resource Management Errors vulnerability in Cisco IOS 15.5(3)M/15.6(1)T0A
Cisco IOS 15.5(3)M and 15.6(1)T0a on Cisco 1000 Connected Grid routers allows remote authenticated users to cause a denial of service (device reload) via an SNMP request for unspecified BRIDGE MIB OIDs, aka Bug ID CSCux89878.
network
low complexity
cisco CWE-399
6.8
6.8
2016-02-15 CVE-2016-1331 Cross-site Scripting vulnerability in Cisco Emergency Responder 11.5(0.99833.5)
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Emergency Responder 11.5(0.99833.5) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuy10766.
network
cisco CWE-79
4.3
4.3
2016-02-15 CVE-2016-1330 Resource Management Errors vulnerability in Cisco IOS 15.2(4)E
Cisco IOS 15.2(4)E on Industrial Ethernet 2000 devices allows remote attackers to cause a denial of service (device reload) via crafted Cisco Discovery Protocol (CDP) packets, aka Bug ID CSCuy27746.
low complexity
cisco CWE-399
6.1
6.1
2016-02-15 CVE-2016-1321 Information Exposure vulnerability in Cisco Universal Small Cell Firmware
Cisco Universal Small Cell devices with firmware R2.12 through R3.5 contain an image-decryption key in flash memory, which allows remote attackers to bypass a certain certificate-validation feature and obtain sensitive firmware-image and IP address data via a request to an unspecified Cisco server, aka Bug ID CSCut98082.
network
low complexity
cisco CWE-200
5.0
5.0
2016-02-12 CVE-2016-1324 Permissions, Privileges, and Access Controls vulnerability in Cisco Spark 201506Base
The REST interface in Cisco Spark 2015-06 allows remote attackers to cause a denial of service (resource outage) by accessing an administrative page, aka Bug ID CSCuv84125.
network
low complexity
cisco CWE-264
5.0
5.0
2016-02-12 CVE-2016-1323 Information Exposure vulnerability in Cisco Spark 201506Base
The REST interface in Cisco Spark 2015-06 allows remote authenticated users to obtain sensitive information via a request for an unspecified file, aka Bug ID CSCuv84048.
network
low complexity
cisco CWE-200
4.0
4.0