Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-08-31 | CVE-2015-6269 | Resource Management Errors vulnerability in Cisco IOS XE 2.2.1/2.2.2 Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted (1) IPv4 or (2) IPv6 packet, aka Bug ID CSCsw69990. | 7.8 |
| 2015-08-29 | CVE-2015-6273 | Resource Management Errors vulnerability in Cisco IOS XE Cisco IOS XE before 3.1.2S on ASR 1000 devices mishandles the automatic setup of Virtual Fragment Reassembly (VFR) by certain firewall and NAT components, which allows remote attackers to cause a denial of service (Embedded Services Processor crash) via crafted IP packets, aka Bug IDs CSCtf87624, CSCte93229, CSCtd19103, and CSCti63623. | 7.8 |
| 2015-08-29 | CVE-2015-6268 | Resource Management Errors vulnerability in Cisco IOS XE 2.2.1/2.2.2 Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted IPv4 UDP packet, aka Bug ID CSCsw95482. | 7.8 |
| 2015-08-29 | CVE-2015-6267 | Resource Management Errors vulnerability in Cisco IOS XE 2.2.1/2.2.2 Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted L2TP packet, aka Bug IDs CSCsw95722 and CSCsw95496. | 7.8 |
| 2015-08-28 | CVE-2015-6266 | Improper Authentication vulnerability in Cisco Identity Services Engine Software 1.2(0.899) The guest portal in Cisco Identity Services Engine (ISE) 3300 1.2(0.899) does not restrict access to uploaded HTML documents, which allows remote attackers to obtain sensitive information from customized documents via a direct request, aka Bug ID CSCuo78045. | 5.0 |
| 2015-08-27 | CVE-2015-6265 | Permissions, Privileges, and Access Controls vulnerability in Cisco Application Control Engine 4700 The CLI in Cisco Application Control Engine (ACE) 4700 A5 3.0 and earlier allows local users to bypass intended access restrictions, and read or write to files, by entering an unspecified CLI command with a crafted file as this command's input, aka Bug ID CSCur23662. | 4.3 |
| 2015-08-26 | CVE-2015-6261 | Information Exposure vulnerability in Cisco Telepresence Video Communication Server Software X8.5.2 Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote authenticated users to bypass intended access restrictions and read configuration files by leveraging the Mobile and Remote Access (MRA) role and establishing a TFTP session, aka Bug ID CSCuv78531. | 4.0 |
| 2015-08-25 | CVE-2015-6262 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Prime Infrastructure 1.2.0.103/2.0 Cross-site request forgery (CSRF) vulnerability in Cisco Prime Infrastructure 1.2(0.103) and 2.0(0.0) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCum49054 and CSCum49059. | 6.8 |
| 2015-08-22 | CVE-2015-6258 | Improper Input Validation vulnerability in Cisco Wireless LAN Controller Software 8.1.104.37 The Internet Access Point Protocol (IAPP) module on Cisco Wireless LAN Controller (WLC) devices with software 8.1(104.37) allows remote attackers to trigger incorrect traffic forwarding via crafted IPv6 packets, aka Bug ID CSCuv40033. | 5.0 |
| 2015-08-22 | CVE-2015-6256 | Improper Input Validation vulnerability in Cisco ASR 5000 Series Software 19.0.M0.60828 Cisco ASR 5000 devices with software 19.0.M0.60828 allow remote attackers to cause a denial of service (OSPF process restart) via crafted length fields in headers of OSPF packets, aka Bug ID CSCuv62820. | 5.0 |