Vulnerabilities > Cisco

DATE CVE VULNERABILITY TITLE RISK
2016-01-22 CVE-2015-6412 Credentials Management vulnerability in Cisco Modular Encoding Platform D9036 Software
Cisco Modular Encoding Platform D9036 Software before 02.04.70 has hardcoded (1) root and (2) guest passwords, which makes it easier for remote attackers to obtain access via an SSH session, aka Bug ID CSCut88070.
network
low complexity
cisco CWE-255
critical
 9.8
9.8
2016-01-20 CVE-2016-1296 7PK - Security Features vulnerability in Cisco web Security Appliance 8.5.3055/9.1.0000/9.5.0235
The proxy engine on Cisco Web Security Appliance (WSA) devices with software 8.5.3-055, 9.1.0-000, and 9.5.0-235 allows remote attackers to bypass intended proxy restrictions via a malformed HTTP method, aka Bug ID CSCux00848.
network
low complexity
cisco CWE-254
7.5
7.5
2016-01-16 CVE-2016-1295 Information Exposure vulnerability in Cisco Adaptive Security Appliance Software
Cisco Adaptive Security Appliance (ASA) Software 8.4 allows remote attackers to obtain sensitive information via an AnyConnect authentication attempt, aka Bug ID CSCuo65775.
network
low complexity
cisco CWE-200
5.3
5.3
2016-01-16 CVE-2016-1294 Cross-site Scripting vulnerability in Cisco Firesight System Software 6.0.1
Cross-site scripting (XSS) vulnerability in the Management Center in Cisco FireSIGHT System Software 6.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted cookie, aka Bug ID CSCuw89094.
network
low complexity
cisco CWE-79
6.1
6.1
2016-01-16 CVE-2016-1293 Cross-site Scripting vulnerability in Cisco Firesight System Software 6.0.0/6.0.1
Multiple cross-site scripting (XSS) vulnerabilities in the Management Center in Cisco FireSIGHT System Software 6.0.0 and 6.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCux40414.
network
low complexity
cisco CWE-79
6.1
6.1
2016-01-15 CVE-2015-6423 Permissions, Privileges, and Access Controls vulnerability in Cisco Adaptive Security Appliance Software
The DCERPC Inspection implementation in Cisco Adaptive Security Appliance (ASA) Software 9.4.1 through 9.5.1 allows remote authenticated users to bypass an intended DCERPC-only ACL by sending arbitrary network traffic, aka Bug ID CSCuu67782.
network
low complexity
cisco CWE-264
4.3
4.3
2016-01-15 CVE-2015-6336 Credentials Management vulnerability in Cisco Aironet Access Point Software
Cisco Aironet 1800 devices with software 7.2, 7.3, 7.4, 8.1(112.3), 8.1(112.4), and 8.1(15.14) have a default account, which makes it easier for remote attackers to obtain access via unspecified vectors, aka Bug ID CSCuw58062.
network
low complexity
cisco CWE-255
7.3
7.3
2016-01-15 CVE-2015-6323 Unspecified vulnerability in Cisco Identity Services Engine Software
The Admin portal in Cisco Identity Services Engine (ISE) 1.1.x, 1.2.0 before patch 17, 1.2.1 before patch 8, 1.3 before patch 5, and 1.4 before patch 4 allows remote attackers to obtain administrative access via unspecified vectors, aka Bug ID CSCuw34253.
network
low complexity
cisco
critical
 9.8
9.8
2016-01-15 CVE-2015-6320 Resource Management Errors vulnerability in Cisco Aironet Access Point Software 8.1(112.3)/8.1(112.4)
The IP ingress packet handler on Cisco Aironet 1800 devices with software 8.1(112.3) and 8.1(112.4) allows remote attackers to cause a denial of service via a crafted header in an IP packet, aka Bug ID CSCuv63138.
network
low complexity
cisco CWE-399
7.5
7.5
2016-01-15 CVE-2015-6314 Improper Authentication vulnerability in Cisco Wireless LAN Controller Software
Cisco Wireless LAN Controller (WLC) devices with software 7.6.x, 8.0 before 8.0.121.0, and 8.1 before 8.1.131.0 allow remote attackers to change configuration settings via unspecified vectors, aka Bug ID CSCuw06153.
network
low complexity
cisco CWE-287
critical
 9.8
9.8