Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-02-19 | CVE-2015-0626 | Improper Input Validation vulnerability in Cisco Hosted Collaboration Solution The SOAP interface in Cisco Hosted Collaboration Solution (HCS) allows remote attackers to obtain access to system-management tools via crafted Challenge SOAP calls, aka Bug ID CSCuc38114. | 4.3 |
| 2015-02-19 | CVE-2015-0623 | Cross-site Scripting vulnerability in Cisco web Security Appliance Cross-site scripting (XSS) vulnerability in the Administrator report page on Cisco Web Security Appliance (WSA) devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCus40627. | 4.3 |
| 2015-02-19 | CVE-2015-0622 | Improper Input Validation vulnerability in Cisco Wireless LAN Controller The Wireless Intrusion Detection (aka WIDS) functionality on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service (device outage) via crafted packets that are improperly handled during rendering of the Signature Events Summary page, aka Bug ID CSCus46861. | 7.1 |
| 2015-02-18 | CVE-2015-0621 | Data Processing Errors vulnerability in Cisco Telepresence MCU 4500 Series Software 4.5(1.45) Cisco TelePresence MCU devices with software 4.5(1.45) allow remote attackers to cause a denial of service (device reload) via an unspecified series of TCP packets, aka Bug ID CSCur50347. | 7.8 |
| 2015-02-18 | CVE-2015-0620 | Improper Input Validation vulnerability in Cisco Telepresence Management Suite The XML parser in Cisco TelePresence Management Suite (TMS) 14.3(.2) and earlier does not properly handle external entities, which allows remote authenticated users to cause a denial of service via POST requests, aka Bug ID CSCus51494. | 4.0 |
| 2015-02-18 | CVE-2015-0617 | Resource Management Errors vulnerability in Cisco ASR 5000 Series Software Cisco ASR 5500 System Architecture Evolution (SAE) Gateway devices allow remote attackers to cause a denial of service (CPU consumption and SNMP outage) via malformed SNMP packets, aka Bug ID CSCur13393. | 5.0 |
| 2015-02-17 | CVE-2014-8023 | Permissions, Privileges, and Access Controls vulnerability in Cisco Adaptive Security Appliance Software Cisco Adaptive Security Appliance (ASA) Software 9.2(.3) and earlier, when challenge-response authentication is used, does not properly select tunnel groups, which allows remote authenticated users to bypass intended resource-access restrictions via a crafted tunnel-group parameter, aka Bug ID CSCtz48533. | 4.0 |
| 2015-02-16 | CVE-2015-0609 | Race Condition vulnerability in Cisco IOS Race condition in the Common Classification Engine (CCE) in the Measurement, Aggregation, and Correlation Engine (MACE) implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via crafted network traffic that triggers improper handling of the timing of process switching and Cisco Express Forwarding (CEF) switching, aka Bug ID CSCuj96752. | 7.1 |
| 2015-02-13 | CVE-2015-0593 | Resource Management Errors vulnerability in Cisco IOS 15.4(1.12)T/15.4(1.19)T The Zone-Based Firewall implementation in Cisco IOS 12.4(122)T and earlier does not properly manage session-object structures, which allows remote attackers to cause a denial of service (device reload) via crafted network traffic, aka Bug ID CSCul65003. | 7.1 |
| 2015-02-12 | CVE-2015-0611 | Permissions, Privileges, and Access Controls vulnerability in Cisco Telepresence System Software IX 8.0.0/8.0.1 The administrative web-management portal in Cisco IX 8 (.0.1) and earlier on Cisco TelePresence IX5000 devices does not properly restrict the device-recovery account's access, which allows remote authenticated users to obtain HelpDesk-equivalent privileges by leveraging device-recovery authentication, aka Bug ID CSCus74174. | 6.5 |