Vulnerabilities > Cisco

DATE CVE VULNERABILITY TITLE RISK
2015-05-07 CVE-2015-0701 Improper Input Validation vulnerability in Cisco Unified Computing System Central Software
Cisco UCS Central Software before 1.3(1a) allows remote attackers to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCut46961.
network
low complexity
cisco CWE-20
critical
 10.0
10
2015-05-02 CVE-2015-0714 Cross-site Scripting vulnerability in Cisco Finesse
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Finesse Server 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCut53595.
network
cisco CWE-79
4.3
4.3
2015-05-01 CVE-2015-0712 Resource Management Errors vulnerability in Cisco Staros
The session-manager service in Cisco StarOS 12.0, 12.2(300), 14.0, and 14.0(600) on ASR 5000 devices allows remote attackers to cause a denial of service (service reload and packet loss) via malformed HTTP packets, aka Bug ID CSCud14217.
network
low complexity
cisco CWE-399
5.0
5.0
2015-04-29 CVE-2015-0711 Resource Management Errors vulnerability in Cisco Staros 18.1.0.59776
The hamgr service in the IPv6 Proxy Mobile (PM) implementation in Cisco StarOS 18.1.0.59776 on ASR 5000 devices allows remote attackers to cause a denial of service (service reload and call-processing outage) via malformed PM packets, aka Bug ID CSCut94711.
network
low complexity
cisco CWE-399
5.0
5.0
2015-04-29 CVE-2015-0710 Resource Management Errors vulnerability in Cisco IOS XE 3.10.0S/3.10S.01
The Overlay Transport Virtualization (OTV) implementation in Cisco IOS XE 3.10S allows remote attackers to cause a denial of service (device reload) via a series of packets that are considered oversized and trigger improper fragmentation handling, aka Bug IDs CSCup37676 and CSCup30335.
low complexity
cisco CWE-399
6.1
6.1
2015-04-29 CVE-2015-0709 Resource Management Errors vulnerability in Cisco IOS and IOS XE
Cisco IOS 15.5S and IOS XE allow remote authenticated users to cause a denial of service (device crash) by leveraging knowledge of the RADIUS secret and sending crafted RADIUS packets, aka Bug ID CSCur21348.
network
low complexity
cisco CWE-399
6.8
6.8
2015-04-29 CVE-2015-0708 Resource Management Errors vulnerability in Cisco IOS and IOS XE
Cisco IOS 15.4S, 15.4SN, and 15.5S and IOS XE 3.13S and 3.14S allow remote attackers to cause a denial of service (device crash) by including an IA_NA option in a DHCPv6 Solicit message on the local network, aka Bug ID CSCur29956.
low complexity
cisco CWE-399
6.1
6.1
2015-04-23 CVE-2015-0707 Cross-site Scripting vulnerability in Cisco Firesight System Software 5.3.1.1/6.0.0
Cross-site scripting (XSS) vulnerability in Cisco FireSIGHT System Software 5.3.1.1 and 6.0.0 in FireSIGHT Management Center allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCus85425.
network
cisco CWE-79
3.5
3.5
2015-04-23 CVE-2015-0706 HTTP Open Redirection vulnerability in Cisco Firesight System Software 5.3.1.1/5.3.1.2/6.0.0
Open redirect vulnerability in Cisco FireSIGHT System Software 5.3.1.1, 5.3.1.2, and 6.0.0 in FireSIGHT Management Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted HTTP header, aka Bug IDs CSCut06060, CSCut06056, and CSCus98966.
network
cisco
5.8
5.8
2015-04-22 CVE-2015-0705 Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unified Meetingplace 8.6(1.9)
Cross-site request forgery (CSRF) vulnerability in the SOAP API endpoints of the web-services directory in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts, aka Bug ID CSCus97494.
network
cisco CWE-352
6.8
6.8