Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-04-06 | CVE-2016-1313 | Permissions, Privileges, and Access Controls vulnerability in Cisco UCS Invicta C3124Sa Appliance 4.3.1/4.5.0/5.0.1 Cisco UCS Invicta C3124SA Appliance 4.3.1 through 5.0.1, UCS Invicta Scaling System and Appliance, and Whiptail Racerunner improperly store a default SSH private key, which allows remote attackers to obtain root access via unspecified vectors, aka Bug ID CSCun71294. | 9.8 |
| 2016-04-06 | CVE-2016-1291 | Improper Input Validation vulnerability in multiple products Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allow remote attackers to execute arbitrary code via crafted deserialized data in an HTTP POST request, aka Bug ID CSCuw03192. | 9.8 |
| 2016-04-06 | CVE-2016-1290 | Permissions, Privileges, and Access Controls vulnerability in multiple products The web API in Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allows remote authenticated users to bypass intended RBAC restrictions and gain privileges via an HTTP request that is inconsistent with a pattern filter, aka Bug ID CSCuy10227. | 8.1 |
| 2016-04-01 | CVE-2016-1345 | Improper Input Validation vulnerability in Cisco products Cisco FireSIGHT System Software 5.4.0 through 6.0.1 and ASA with FirePOWER Services 5.4.0 through 6.0.0.1 allow remote attackers to bypass malware protection via crafted fields in HTTP headers, aka Bug ID CSCux22726. | 7.5 |
| 2016-03-26 | CVE-2016-1351 | Resource Management Errors vulnerability in Cisco IOS and Nx-Os The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS 15.1 and 15.2 and NX-OS 4.1 through 6.2 allows remote attackers to cause a denial of service (device reload) via a crafted header in a packet, aka Bug ID CSCuu64279. | 7.5 |
| 2016-03-26 | CVE-2016-1350 | Resource Management Errors vulnerability in multiple products Cisco IOS 15.3 and 15.4, Cisco IOS XE 3.8 through 3.11, and Cisco Unified Communications Manager allow remote attackers to cause a denial of service (device reload) via malformed SIP messages, aka Bug ID CSCuj23293. | 7.5 |
| 2016-03-26 | CVE-2016-1349 | Resource Management Errors vulnerability in multiple products The Smart Install client implementation in Cisco IOS 12.2, 15.0, and 15.2 and IOS XE 3.2 through 3.7 allows remote attackers to cause a denial of service (device reload) via crafted image list parameters in a Smart Install packet, aka Bug ID CSCuv45410. | 7.5 |
| 2016-03-26 | CVE-2016-1348 | Resource Management Errors vulnerability in multiple products Cisco IOS 15.0 through 15.5 and IOS XE 3.3 through 3.16 allow remote attackers to cause a denial of service (device reload) via a crafted DHCPv6 Relay message, aka Bug ID CSCus55821. | 7.5 |
| 2016-03-26 | CVE-2016-1344 | Resource Management Errors vulnerability in multiple products The IKEv2 implementation in Cisco IOS 15.0 through 15.6 and IOS XE 3.3 through 3.17 allows remote attackers to cause a denial of service (device reload) via fragmented packets, aka Bug ID CSCux38417. | 5.9 |
| 2016-03-24 | CVE-2016-1366 | Permissions, Privileges, and Access Controls vulnerability in Cisco IOS XR The SCP and SFTP modules in Cisco IOS XR 5.0.0 through 5.2.5 on Network Convergence System 6000 devices use weak permissions for system files, which allows remote authenticated users to cause a denial of service (overwrite) via unspecified vectors, aka Bug ID CSCuw75848. | 6.5 |