Vulnerabilities > Cisco

DATE CVE VULNERABILITY TITLE RISK
2016-03-03 CVE-2016-1357 Information Exposure vulnerability in Cisco Policy Suite
The password-management administration component in Cisco Policy Suite (CPS) 7.0.1.3, 7.0.2, 7.0.2-att, 7.0.3-att, 7.0.4-att, and 7.5.0 allows remote attackers to bypass intended RBAC restrictions and read unspecified data via unknown vectors, aka Bug ID CSCut85211.
network
low complexity
cisco CWE-200
5.3
2016-03-03 CVE-2016-1356 Credentials Management vulnerability in Cisco Firesight System Software 6.1.0
Cisco FireSIGHT System Software 6.1.0 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to enumerate valid usernames by measuring timing differences, aka Bug ID CSCuy41615.
network
high complexity
cisco CWE-255
3.7
2016-03-03 CVE-2016-1288 Improper Input Validation vulnerability in Cisco web Security Appliance 8.5.0497/9.0.0193
The HTTPS Proxy feature in Cisco AsyncOS before 8.5.3-051 and 9.x before 9.0.0-485 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (service outage) by leveraging certain intranet connectivity and sending a malformed HTTPS request, aka Bug ID CSCuu24840.
network
low complexity
cisco CWE-20
5.3
2016-03-03 CVE-2015-0718 Resource Management Errors vulnerability in multiple products
Cisco NX-OS 4.0 through 6.1 on Nexus 1000V 3000, 4000, 5000, 6000, and 7000 devices and Unified Computing System (UCS) platforms allows remote attackers to cause a denial of service (TCP stack reload) by sending crafted TCP packets to a device that has a TIME_WAIT TCP session, aka Bug ID CSCub70579.
network
low complexity
cisco samsung sun zyxel netgear zzinc CWE-399
7.5
2016-03-03 CVE-2016-1355 Cross-site Scripting vulnerability in Cisco Firesight System Software 6.1.0
Cross-site scripting (XSS) vulnerability in the Device Management UI in the management interface in Cisco FireSIGHT System Software 6.1.0 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuy41687.
network
low complexity
cisco CWE-79
6.1
2016-03-03 CVE-2016-1354 Cross-site Scripting vulnerability in Cisco Unified Communications Domain Manager 8.0/8.0.1/8.0.2
Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager (UCDM) 8.x before 8.1.1 allows remote attackers to inject arbitrary web script or HTML via crafted markup data, aka Bug ID CSCud41176.
network
low complexity
cisco CWE-79
6.1
2016-03-01 CVE-2016-1353 Resource Management Errors vulnerability in Cisco Videoscape Distribution Suite for Internet Streaming
The TCP implementation in Cisco Videoscape Distribution Suite for Internet Streaming (VDS-IS) 3.3(0), 3.3(1), 4.0(0), and 4.1(0) does not properly initiate new TCP sessions when a previous session is in a FIN wait state, which allows remote attackers to cause a denial of service (TCP outage) via vectors involving FIN packets, aka Bug ID CSCuy45136.
network
low complexity
cisco CWE-399
5.3
2016-02-26 CVE-2016-1342 Information Exposure vulnerability in Cisco Secure Firewall Management Center
The device login page in Cisco FirePOWER Management Center 5.3 through 6.0.0.1 allows remote attackers to obtain potentially sensitive software-version information by reading help files, aka Bug ID CSCuy36654.
network
low complexity
cisco CWE-200
5.3
2016-02-26 CVE-2016-1297 OS Command Injection vulnerability in Cisco Application Control Engine Software
The Device Manager GUI in Cisco Application Control Engine (ACE) 4710 A5 before A5(3.1) allows remote authenticated users to bypass intended RBAC restrictions and execute arbitrary CLI commands with admin privileges via an unspecified parameter in a POST request, aka Bug ID CSCul84801.
network
low complexity
cisco CWE-78
8.8
2016-02-24 CVE-2016-1341 Permissions, Privileges, and Access Controls vulnerability in Cisco Nx-Os 7.0(1)N1(1)/7.0(1)N1(3)/7.0(4)N1(1)
Cisco NX-OS 7.0(1)N1(1), 7.0(1)N1(3), and 7.0(4)N1(1) on Nexus 2000 Fabric Extender devices has a blank root password, which allows local users to gain privileges via unspecified vectors, aka Bug ID CSCur22079.
network
low complexity
cisco CWE-264
critical
9.8