Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-06-20 | CVE-2015-4202 | Information Exposure vulnerability in Cisco IOS 12.2(33)Sch/12.2Sch Cisco IOS 12.2SCH on uBR10000 router Cable Modem Termination Systems (CMTS) does not properly restrict access to the IP Detail Record (IPDR) service, which allows remote attackers to obtain potentially sensitive MAC address and network-utilization information via crafted IPDR packets, aka Bug ID CSCua39203. | 5.0 |
| 2015-06-20 | CVE-2015-4198 | Cross-site Scripting vulnerability in Cisco web Security Appliance 8.5.0497 Cross-site scripting (XSS) vulnerability in the web framework on Cisco Web Security Appliance (WSA) devices with software 8.5.0-497 allows remote attackers to inject arbitrary web script or HTML via an unspecified HTTP header, aka Bug ID CSCuu24409. | 4.3 |
| 2015-06-20 | CVE-2015-4197 | Improper Input Validation vulnerability in Cisco Nx-Os 5.2(5) Cisco NX-OS 5.2(5) on Nexus 7000 devices allows remote attackers to cause a denial of service (device crash) by sending a malformed LLDP packet on the local network, aka Bug ID CSCud89415. | 6.1 |
| 2015-06-20 | CVE-2015-4201 | Improper Input Validation vulnerability in Cisco ASR 5000 Series Software 17.2.0.59184/18.0.L059219 The Gateway General Packet Radio Service Support Node (GGSN) component on Cisco ASR 5000 devices with software 17.2.0.59184 and 18.0.L0.59219 allows remote attackers to cause a denial of service (Session Manager restart) via an invalid TCP/IP header, aka Bug ID CSCut68058. | 5.0 |
| 2015-06-19 | CVE-2015-4195 | Resource Management Errors vulnerability in Cisco IOS XR 5.1.1.K9Sec Cisco IOS XR 5.1.1.K9SEC allows remote authenticated users to cause a denial of service (vty error, and SSH and TELNET outage) via a crafted disconnect action within an SSH session, aka Bug ID CSCul63127. | 4.0 |
| 2015-06-19 | CVE-2015-4194 | Information Exposure vulnerability in Cisco Webex Meeting Center The web-based administrative interface in Cisco WebEx Meeting Center provides different error messages for failed login attempts depending on whether the username exists or corresponds to a privileged account, which allows remote attackers to enumerate account names and obtain sensitive information via a series of requests, aka Bug ID CSCuf28861. | 5.0 |
| 2015-06-19 | CVE-2015-4191 | Resource Management Errors vulnerability in Cisco IOS XR 5.2.1 Cisco IOS XR 5.2.1 allows remote attackers to cause a denial of service (ipv6_io service reload) via a malformed IPv6 packet, aka Bug ID CSCuq95565. | 5.0 |
| 2015-06-17 | CVE-2015-4190 | Man in the Middle Security Bypass vulnerability in Cisco Prime Service Catalog 9.4.1Vortex Cisco Cloud Portal in Cisco Prime Service Catalog 9.4.1_vortex on Cloud Portal appliances allows man-in-the-middle attackers to modify data via unspecified vectors, aka Bug ID CSCuh19683. network cisco | 4.3 |
| 2015-06-17 | CVE-2015-4188 | SQL Injection vulnerability in Cisco Prime Collaboration 10.5(1) SQL injection vulnerability in the Manager interface in Cisco Prime Collaboration 10.5(1) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug IDs CSCuu29910, CSCuu29928, and CSCuu59104. | 5.0 |
| 2015-06-17 | CVE-2015-4186 | OS Command Injection vulnerability in Cisco Virtualization Experience Client 6000 Series Firmware 11.2(27.4) The diagnostics subsystem in the administrative web interface on Cisco Virtualization Experience (aka VXC) Client 6215 devices with firmware 11.2(27.4) allows local users to gain privileges for OS command execution via a crafted option value, aka Bug ID CSCug54412. | 7.2 |