Vulnerabilities > Cisco

DATE CVE VULNERABILITY TITLE RISK
2016-03-03 CVE-2016-1358 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Prime Infrastructure 2.2/3.0/3.1
Cisco Prime Infrastructure 2.2, 3.0, and 3.1(0.0) allows remote authenticated users to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCuw81497.
network
high complexity
cisco CWE-119
6.4
2016-03-03 CVE-2016-1357 Information Exposure vulnerability in Cisco Policy Suite
The password-management administration component in Cisco Policy Suite (CPS) 7.0.1.3, 7.0.2, 7.0.2-att, 7.0.3-att, 7.0.4-att, and 7.5.0 allows remote attackers to bypass intended RBAC restrictions and read unspecified data via unknown vectors, aka Bug ID CSCut85211.
network
low complexity
cisco CWE-200
5.3
2016-03-03 CVE-2016-1356 Credentials Management vulnerability in Cisco Firesight System Software 6.1.0
Cisco FireSIGHT System Software 6.1.0 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to enumerate valid usernames by measuring timing differences, aka Bug ID CSCuy41615.
network
high complexity
cisco CWE-255
3.7
2016-03-03 CVE-2016-1288 Improper Input Validation vulnerability in Cisco web Security Appliance 8.5.0497/9.0.0193
The HTTPS Proxy feature in Cisco AsyncOS before 8.5.3-051 and 9.x before 9.0.0-485 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (service outage) by leveraging certain intranet connectivity and sending a malformed HTTPS request, aka Bug ID CSCuu24840.
network
low complexity
cisco CWE-20
5.3
2016-03-03 CVE-2015-0718 Resource Management Errors vulnerability in multiple products
Cisco NX-OS 4.0 through 6.1 on Nexus 1000V 3000, 4000, 5000, 6000, and 7000 devices and Unified Computing System (UCS) platforms allows remote attackers to cause a denial of service (TCP stack reload) by sending crafted TCP packets to a device that has a TIME_WAIT TCP session, aka Bug ID CSCub70579.
network
low complexity
cisco samsung sun zyxel netgear zzinc CWE-399
7.5
2016-03-03 CVE-2016-1355 Cross-site Scripting vulnerability in Cisco Firesight System Software 6.1.0
Cross-site scripting (XSS) vulnerability in the Device Management UI in the management interface in Cisco FireSIGHT System Software 6.1.0 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuy41687.
network
low complexity
cisco CWE-79
6.1
2016-03-03 CVE-2016-1354 Cross-site Scripting vulnerability in Cisco Unified Communications Domain Manager 8.0/8.0.1/8.0.2
Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager (UCDM) 8.x before 8.1.1 allows remote attackers to inject arbitrary web script or HTML via crafted markup data, aka Bug ID CSCud41176.
network
low complexity
cisco CWE-79
6.1
2016-03-01 CVE-2016-1353 Resource Management Errors vulnerability in Cisco Videoscape Distribution Suite for Internet Streaming
The TCP implementation in Cisco Videoscape Distribution Suite for Internet Streaming (VDS-IS) 3.3(0), 3.3(1), 4.0(0), and 4.1(0) does not properly initiate new TCP sessions when a previous session is in a FIN wait state, which allows remote attackers to cause a denial of service (TCP outage) via vectors involving FIN packets, aka Bug ID CSCuy45136.
network
low complexity
cisco CWE-399
5.3
2016-02-26 CVE-2016-1342 Information Exposure vulnerability in Cisco Secure Firewall Management Center
The device login page in Cisco FirePOWER Management Center 5.3 through 6.0.0.1 allows remote attackers to obtain potentially sensitive software-version information by reading help files, aka Bug ID CSCuy36654.
network
low complexity
cisco CWE-200
5.3
2016-02-26 CVE-2016-1297 OS Command Injection vulnerability in Cisco Application Control Engine Software
The Device Manager GUI in Cisco Application Control Engine (ACE) 4710 A5 before A5(3.1) allows remote authenticated users to bypass intended RBAC restrictions and execute arbitrary CLI commands with admin privileges via an unspecified parameter in a POST request, aka Bug ID CSCul84801.
network
low complexity
cisco CWE-78
8.8