Vulnerabilities > Cisco
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-09-20 | CVE-2015-4307 | Permissions, Privileges, and Access Controls vulnerability in Cisco Prime Collaboration Provisioning The web framework in Cisco Prime Collaboration Provisioning before 11.0 allows remote authenticated users to bypass intended access restrictions and create administrative accounts via a crafted URL, aka Bug ID CSCut64111. | 9.0 |
2015-09-20 | CVE-2015-4306 | Permissions, Privileges, and Access Controls vulnerability in Cisco Prime Collaboration Assurance The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended login-session read restrictions, and impersonate administrators of arbitrary tenant domains, by discovering a session identifier and constructing a crafted URL, aka Bug IDs CSCus88343 and CSCus88334. | 8.5 |
2015-09-20 | CVE-2015-4305 | Permissions, Privileges, and Access Controls vulnerability in Cisco Prime Collaboration Assurance The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended system-database read restrictions, and discover credentials or SNMP communities for arbitrary tenant domains, via a crafted URL, aka Bug ID CSCus62656. | 4.0 |
2015-09-20 | CVE-2015-4304 | Permissions, Privileges, and Access Controls vulnerability in Cisco Prime Collaboration Assurance The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended access restrictions, and create administrative accounts or read data from arbitrary tenant domains, via a crafted URL, aka Bug IDs CSCus62671 and CSCus62652. | 9.0 |
2015-09-18 | CVE-2015-6297 | Resource Management Errors vulnerability in Cisco IOS XR 5.2.0Base The DHCPv6 server in Cisco IOS on ASR 9000 devices with software 5.2.0 Base allows remote attackers to cause a denial of service (process reset) via crafted packets, aka Bug ID CSCun36525. | 5.0 |
2015-09-18 | CVE-2015-6296 | Permissions, Privileges, and Access Controls vulnerability in Cisco Prime Network Registrar 8.1.3.3/8.2.3/8.3.2 Cisco Prime Network Registrar (CPNR) 8.1(3.3), 8.2(3), and 8.3(2) has a default account, which allows local users to obtain root access by leveraging knowledge of the credentials, aka Bug ID CSCuw21825. | 7.2 |
2015-09-18 | CVE-2015-6294 | Resource Management Errors vulnerability in Cisco IOS and IOS XE Cisco IOS 15.2(3)E and earlier and IOS XE 3.6(2)E and earlier allow remote attackers to cause a denial of service (functionality loss) via crafted Cisco Discovery Protocol (CDP) packets, aka Bug ID CSCuu25770. | 6.1 |
2015-09-14 | CVE-2015-6290 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco web Security Virtual Appliance Cisco Web Security Appliance (WSA) 8.0.7 allows remote HTTP servers to cause a denial of service (memory consumption from stale TCP connections) via crafted responses, aka Bug ID CSCuw10426. | 4.3 |
2015-09-14 | CVE-2015-6288 | Resource Management Errors vulnerability in Cisco Content Security Management Appliance 7.8Base Cisco Content Security Management Appliance (SMA) 7.8.0-000 does not properly validate credentials, which allows remote attackers to cause a denial of service (rapid log-file rollover and application fault) via crafted HTTP requests, aka Bug ID CSCuw09620. | 5.0 |
2015-09-14 | CVE-2015-6287 | Resource Management Errors vulnerability in Cisco web Security Virtual Appliance 8.0.5/8.0.6/8.0Base Cisco Web Security Appliance (WSA) 8.0.6-078 and 8.0.6-115 allows remote attackers to cause a denial of service (service outage) via a flood of TCP traffic that leads to DNS resolution delays, aka Bug IDs CSCur32005 and CSCur07907. | 5.0 |