Vulnerabilities > Cisco

DATE CVE VULNERABILITY TITLE RISK
2015-11-19 CVE-2015-6371 Information Exposure vulnerability in Cisco Firepower Extensible Operating System 1.1(1.160)
Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote authenticated users to read arbitrary files via crafted parameters to unspecified scripts, aka Bug ID CSCux10621.
network
low complexity
cisco CWE-200
4.0
4.0
2015-11-19 CVE-2015-6370 OS Command Injection vulnerability in Cisco Firepower Extensible Operating System 1.1(1.160)
The Management I/O (MIO) component in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows local users to execute arbitrary OS commands as root via crafted CLI input, aka Bug ID CSCux10578.
local
low complexity
cisco CWE-78
7.2
7.2
2015-11-19 CVE-2015-6369 Improper Input Validation vulnerability in Cisco Firepower Extensible Operating System 1.1(1.160)
The USB driver in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows physically proximate attackers to cause a denial of service via a crafted USB device that triggers invalid USB commands, aka Bug ID CSCux10531.
local
low complexity
cisco CWE-20
4.9
4.9
2015-11-19 CVE-2015-6368 Information Exposure vulnerability in Cisco Firepower Extensible Operating System 1.1(1.160)
Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote attackers to read files via a crafted HTTP request, aka Bug ID CSCux10608.
network
low complexity
cisco CWE-200
5.0
5.0
2015-11-18 CVE-2015-6373 Cross-Site Request Forgery (CSRF) vulnerability in Cisco Firepower Extensible Operating System 1.1(1.160)
Cross-site request forgery (CSRF) vulnerability in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCux10611.
network
cisco CWE-352
6.8
6.8
2015-11-18 CVE-2015-6372 Cross-site Scripting vulnerability in Cisco Firepower Extensible Operating System 1.1(1.160)
Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCux10614.
network
cisco CWE-79
4.3
4.3
2015-11-18 CVE-2015-6357 Improper Input Validation vulnerability in Cisco Firesight System Software
The rule-update feature in Cisco FireSIGHT Management Center (MC) 5.2 through 5.4.0.1 does not verify the X.509 certificate of the support.sourcefire.com SSL server, which allows man-in-the-middle attackers to spoof this server and provide an invalid package, and consequently execute arbitrary code, via a crafted certificate, aka Bug ID CSCuw06444.
network
cisco CWE-20
6.8
6.8
2015-11-18 CVE-2015-6330 Cross-Site Request Forgery (CSRF) vulnerability in Cisco Prime Collaboration Assurance 10.5.1/10.6.0
Cross-site request forgery (CSRF) vulnerability in Cisco Prime Collaboration Assurance 10.5(1) and 10.6 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus62712.
network
cisco CWE-352
6.8
6.8
2015-11-14 CVE-2015-6367 Resource Management Errors vulnerability in Cisco Aironet Access Point Software 8.1(131.0)
Cisco Aironet 1800 devices with software 8.1(131.0) allow remote attackers to cause a denial of service (CPU consumption) by improperly establishing many SSHv2 connections, aka Bug ID CSCux13374.
network
low complexity
cisco CWE-399
7.8
7.8
2015-11-14 CVE-2015-6365 Improper Input Validation vulnerability in Cisco IOS 15.2(4)M/15.4(3)M
Cisco IOS 15.2(04)M and 15.4(03)M lets physical-interface ACLs supersede virtual PPP interface ACLs, which allows remote authenticated users to bypass intended network-traffic restrictions in opportunistic circumstances by using PPP, aka Bug ID CSCur61303.
network
low complexity
cisco CWE-20
4.0
4.0