Vulnerabilities > Cisco

DATE CVE VULNERABILITY TITLE RISK
2016-06-18 CVE-2016-1431 Cross-site Scripting vulnerability in Cisco Secure Firewall Management Center
Cross-site scripting (XSS) vulnerability in Cisco Firepower Management Center 4.10.3, 5.2.0, 5.3.0, 5.3.1, and 5.4.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCur25516.
network
low complexity
cisco CWE-79
6.1
2016-06-18 CVE-2016-1427 Information Exposure vulnerability in Cisco Prime Network Registrar
The System Configuration Protocol (SCP) core messaging interface in Cisco Prime Network Registrar 8.2 before 8.2.3.1 and 8.3 before 8.3.2 allows remote attackers to obtain sensitive information via crafted SCP messages, aka Bug ID CSCuv35694.
network
low complexity
cisco CWE-200
7.5
2016-06-10 CVE-2016-1421 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco IP Phone 8800 Series Firmware 11.0(1)
A vulnerability in the web application for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition.
network
low complexity
cisco CWE-119
7.5
2016-06-10 CVE-2016-1420 Unspecified vulnerability in Cisco products
The installation component on Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.3(2f) mishandles binary files, which allows local users to obtain root access via unspecified vectors, aka Bug ID CSCuz72347.
local
low complexity
cisco
7.8
2016-06-10 CVE-2016-1419 Improper Input Validation vulnerability in Cisco Aironet Access Point Software 8.2(102.43)
Cisco Access Point devices with software 8.2(102.43) allow remote attackers to cause a denial of service (device reload) via crafted ARP packets, aka Bug ID CSCuy55803.
low complexity
cisco CWE-20
8.1
2016-06-08 CVE-2016-1418 Improper Input Validation vulnerability in Cisco Aironet Access Point Software 8.2(100.0)
Cisco Aironet Access Point Software 8.2(100.0) on 1830e, 1830i, 1850e, 1850i, 2800, and 3800 access points allows local users to obtain Linux root access via crafted CLI command parameters, aka Bug ID CSCuy64037.
local
low complexity
cisco CWE-20
7.8
2016-06-08 CVE-2016-1405 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
libclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware Protection (AMP) on Cisco Email Security Appliance (ESA) devices before 9.7.0-125 and Web Security Appliance (WSA) devices before 9.0.1-135 and 9.1.x before 9.1.1-041, allows remote attackers to cause a denial of service (AMP process restart) via a crafted document, aka Bug IDs CSCuv78533 and CSCuw60503.
network
low complexity
clamav cisco CWE-119
7.5
2016-06-04 CVE-2016-1403 Improper Input Validation vulnerability in Cisco IP Phone 8800 Series Firmware
CISCO IP 8800 phones with software 11.0.1 and earlier allow local users to gain privileges for OS command execution via crafted CLI commands, aka Bug ID CSCuz03005.
local
low complexity
cisco CWE-20
7.8
2016-06-04 CVE-2016-1391 Improper Input Validation vulnerability in Cisco products
Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(2) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(2) allow remote authenticated users to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuy21889.
network
low complexity
cisco CWE-20
8.8
2016-06-04 CVE-2016-1390 Improper Input Validation vulnerability in Cisco products
Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) allow local users to obtain root access via crafted CLI input, aka Bug ID CSCuy21892.
local
low complexity
cisco CWE-20
7.8