Vulnerabilities > Cisco
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-11-19 | CVE-2015-6371 | Information Exposure vulnerability in Cisco Firepower Extensible Operating System 1.1(1.160) Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote authenticated users to read arbitrary files via crafted parameters to unspecified scripts, aka Bug ID CSCux10621. | 4.0 |
2015-11-19 | CVE-2015-6370 | OS Command Injection vulnerability in Cisco Firepower Extensible Operating System 1.1(1.160) The Management I/O (MIO) component in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows local users to execute arbitrary OS commands as root via crafted CLI input, aka Bug ID CSCux10578. | 7.2 |
2015-11-19 | CVE-2015-6369 | Improper Input Validation vulnerability in Cisco Firepower Extensible Operating System 1.1(1.160) The USB driver in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows physically proximate attackers to cause a denial of service via a crafted USB device that triggers invalid USB commands, aka Bug ID CSCux10531. | 4.9 |
2015-11-19 | CVE-2015-6368 | Information Exposure vulnerability in Cisco Firepower Extensible Operating System 1.1(1.160) Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote attackers to read files via a crafted HTTP request, aka Bug ID CSCux10608. | 5.0 |
2015-11-18 | CVE-2015-6373 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Firepower Extensible Operating System 1.1(1.160) Cross-site request forgery (CSRF) vulnerability in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCux10611. | 6.8 |
2015-11-18 | CVE-2015-6372 | Cross-site Scripting vulnerability in Cisco Firepower Extensible Operating System 1.1(1.160) Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCux10614. | 4.3 |
2015-11-18 | CVE-2015-6357 | Improper Input Validation vulnerability in Cisco Firesight System Software The rule-update feature in Cisco FireSIGHT Management Center (MC) 5.2 through 5.4.0.1 does not verify the X.509 certificate of the support.sourcefire.com SSL server, which allows man-in-the-middle attackers to spoof this server and provide an invalid package, and consequently execute arbitrary code, via a crafted certificate, aka Bug ID CSCuw06444. | 6.8 |
2015-11-18 | CVE-2015-6330 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Prime Collaboration Assurance 10.5.1/10.6.0 Cross-site request forgery (CSRF) vulnerability in Cisco Prime Collaboration Assurance 10.5(1) and 10.6 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus62712. | 6.8 |
2015-11-14 | CVE-2015-6367 | Resource Management Errors vulnerability in Cisco Aironet Access Point Software 8.1(131.0) Cisco Aironet 1800 devices with software 8.1(131.0) allow remote attackers to cause a denial of service (CPU consumption) by improperly establishing many SSHv2 connections, aka Bug ID CSCux13374. | 7.8 |
2015-11-14 | CVE-2015-6365 | Improper Input Validation vulnerability in Cisco IOS 15.2(4)M/15.4(3)M Cisco IOS 15.2(04)M and 15.4(03)M lets physical-interface ACLs supersede virtual PPP interface ACLs, which allows remote authenticated users to bypass intended network-traffic restrictions in opportunistic circumstances by using PPP, aka Bug ID CSCur61303. | 4.0 |