Vulnerabilities > Cisco

DATE CVE VULNERABILITY TITLE RISK
2016-02-12 CVE-2016-1323 Information Exposure vulnerability in Cisco Spark 201506Base
The REST interface in Cisco Spark 2015-06 allows remote authenticated users to obtain sensitive information via a request for an unspecified file, aka Bug ID CSCuv84048.
network
low complexity
cisco CWE-200
4.3
2016-02-12 CVE-2016-1322 Permissions, Privileges, and Access Controls vulnerability in Cisco Spark 20150704Base
The REST interface in Cisco Spark 2015-07-04 allows remote attackers to bypass intended access restrictions and create arbitrary user accounts via unspecified web requests, aka Bug ID CSCuv72584.
network
low complexity
cisco CWE-264
7.5
2016-02-12 CVE-2016-1320 OS Command Injection vulnerability in Cisco Prime Collaboration 11.0.0/9.0.0/9.0.5
The CLI in Cisco Prime Collaboration 9.0 and 11.0 allows local users to execute arbitrary OS commands as root by leveraging administrator privileges, aka Bug ID CSCux69286.
local
low complexity
cisco CWE-78
6.7
2016-02-12 CVE-2016-1315 Improper Access Control vulnerability in Cisco Email Security Appliance Firmeware
The proxy engine in Cisco Advanced Malware Protection (AMP), when used with Email Security Appliance (ESA) 9.5.0-201, 9.6.0-051, and 9.7.0-125, allows remote attackers to bypass intended content restrictions via a malformed e-mail message containing an encoded file, aka Bug ID CSCux45338.
network
low complexity
cisco CWE-284
7.5
2016-02-11 CVE-2016-1287 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Adaptive Security Appliance Software
Buffer overflow in the IKEv1 and IKEv2 implementations in Cisco ASA Software before 8.4(7.30), 8.7 before 8.7(1.18), 9.0 before 9.0(4.38), 9.1 before 9.1(7), 9.2 before 9.2(4.5), 9.3 before 9.3(3.7), 9.4 before 9.4(2.4), and 9.5 before 9.5(2.2) on ASA 5500 devices, ASA 5500-X devices, ASA Services Module for Cisco Catalyst 6500 and Cisco 7600 devices, ASA 1000V devices, Adaptive Security Virtual Appliance (aka ASAv), Firepower 9300 ASA Security Module, and ISA 3000 devices allows remote attackers to execute arbitrary code or cause a denial of service (device reload) via crafted UDP packets, aka Bug IDs CSCux29978 and CSCux42019.
network
low complexity
cisco CWE-119
critical
9.8
2016-02-09 CVE-2016-1318 Cross-site Scripting vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module 1.1Base
Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 allows remote attackers to inject arbitrary web script or HTML via crafted markup data, aka Bug ID CSCux15489.
network
low complexity
cisco CWE-79
6.1
2016-02-09 CVE-2016-1316 Information Exposure vulnerability in Cisco Telepresence Video Communication Server Software
Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7, as used in conjunction with Jabber Guest, allows remote attackers to obtain sensitive call-statistics information via a direct request to an unspecified URL, aka Bug ID CSCux73362.
network
low complexity
cisco CWE-200
5.3
2016-02-07 CVE-2016-1309 Cross-site Scripting vulnerability in Cisco Webex Meetings Server 2.5.1.5
Multiple cross-site scripting (XSS) vulnerabilities in Cisco WebEx Meetings Server 2.5.1.5 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuy01843.
network
low complexity
cisco CWE-79
6.1
2016-02-07 CVE-2016-1305 Cross-site Scripting vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module 1.1Base
Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML entities, aka Bug ID CSCux15511.
network
low complexity
cisco CWE-79
6.1
2016-02-07 CVE-2016-1302 Improper Access Control vulnerability in multiple products
Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3h) and 1.1 before 1.1(1j) and Nexus 9000 ACI Mode switches with software before 11.0(3h) and 11.1 before 11.1(1j) allow remote authenticated users to bypass intended RBAC restrictions via crafted REST requests, aka Bug ID CSCut12998.
network
low complexity
samsung sun zyxel zzinc cisco CWE-284
8.8