Vulnerabilities > Cisco

DATE CVE VULNERABILITY TITLE RISK
2016-07-03 CVE-2016-1328 Improper Input Validation vulnerability in Cisco Epc3928 Firmware
goform/WClientMACList on Cisco EPC3928 devices allows remote attackers to cause a denial of service (device crash) via a long h_sortWireless parameter, related to a "Gateway Client List Denial of Service" issue, aka Bug ID CSCux24948.
network
low complexity
cisco CWE-20
7.5
7.5
2016-07-03 CVE-2016-1441 Improper Input Validation vulnerability in Cisco Cloud Network Automation Provisioner 1.0(0)
Cisco Cloud Network Automation Provisioner (CNAP) 1.0(0) in Cisco Configuration Assistant (CCA) allows remote attackers to bypass intended filesystem and administrative-endpoint restrictions via GET API calls, aka Bug ID CSCuy77145.
network
low complexity
cisco CWE-20
8.2
8.2
2016-07-03 CVE-2016-1394 Permissions, Privileges, and Access Controls vulnerability in Cisco Firesight System Software
Cisco Firepower System Software 6.0.0 through 6.1.0 has a hardcoded account, which allows remote attackers to obtain CLI access by leveraging knowledge of the password, aka Bug ID CSCuz56238.
network
low complexity
cisco CWE-264
8.6
8.6
2016-07-02 CVE-2016-1440 Resource Management Errors vulnerability in Cisco web Security Appliance
The proxy process on Cisco Web Security Appliance (WSA) devices through 9.1.0-070 allows remote attackers to cause a denial of service (CPU consumption) by establishing an FTP session and then improperly terminating the control connection after a file transfer, aka Bug ID CSCuy43468.
network
low complexity
cisco CWE-399
5.3
5.3
2016-07-02 CVE-2016-1416 Permissions, Privileges, and Access Controls vulnerability in Cisco Prime Collaboration Provisioning 10.6.2
Cisco Prime Collaboration Provisioning 10.6 SP2 (aka 10.6.0.10602) mishandles LDAP authentication, which allows remote attackers to obtain administrator privileges via a crafted login attempt, aka Bug ID CSCuv37513.
network
low complexity
cisco CWE-264
critical
 9.8
9.8
2016-07-02 CVE-2016-1408 Improper Input Validation vulnerability in Cisco products
Cisco Prime Infrastructure 1.2 through 3.1 and Evolved Programmable Network Manager (EPNM) 1.2 and 2.0 allow remote authenticated users to execute arbitrary commands or upload files via a crafted HTTP request, aka Bug ID CSCuz01488.
network
low complexity
cisco CWE-20
8.8
8.8
2016-07-02 CVE-2016-1289 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products
The API in Cisco Prime Infrastructure 1.2 through 3.0 and Evolved Programmable Network Manager (EPNM) 1.2 allows remote attackers to execute arbitrary code or obtain sensitive management information via a crafted HTTP request, as demonstrated by discovering managed-device credentials, aka Bug ID CSCuy10231.
network
low complexity
cisco CWE-119
critical
 9.8
9.8
2016-06-23 CVE-2016-1439 Cross-site Scripting vulnerability in Cisco Unified Contact Center Enterprise
Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Contact Center Enterprise through 10.5(2) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux59650.
network
low complexity
cisco CWE-79
6.1
6.1
2016-06-23 CVE-2016-1438 7PK - Security Features vulnerability in Cisco Asyncos 9.7.0125
Cisco AsyncOS 9.7.0-125 on Email Security Appliance (ESA) devices allows remote attackers to bypass intended spam filtering via crafted executable content in a ZIP archive, aka Bug ID CSCuy39210.
network
low complexity
cisco CWE-254
7.5
7.5
2016-06-23 CVE-2016-1437 SQL Injection vulnerability in Cisco Prime Collaboration Deployment
SQL injection vulnerability in the SQL database in Cisco Prime Collaboration Deployment before 11.5.1 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuy92549.
network
low complexity
cisco CWE-89
6.5
6.5