Vulnerabilities > Cisco

DATE CVE VULNERABILITY TITLE RISK
2015-02-07 CVE-2015-0600 Improper Input Validation vulnerability in Cisco Unified IP Phones 9900 Series Firmware 9.3(2)
The mobility extension on Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allows remote attackers to cause a denial of service (logoff) via crafted packets, aka Bug ID CSCuq12139.
network
low complexity
cisco CWE-20
5.0
5.0
2015-02-07 CVE-2015-0589 Improper Input Validation vulnerability in Cisco Webex Meetings Server 1.0/1.1/1.5
The administrative web interface in Cisco WebEx Meetings Server 1.0 through 1.5 allows remote authenticated users to execute arbitrary OS commands with root privileges via unspecified fields, aka Bug ID CSCuj40460.
network
low complexity
cisco CWE-20
critical
 9.0
9.0
2015-02-07 CVE-2015-0605 Permissions, Privileges, and Access Controls vulnerability in Cisco Asyncos
The uuencode inspection engine in Cisco AsyncOS on Cisco Email Security Appliance (ESA) devices 8.5 and earlier allows remote attackers to bypass intended content restrictions via a crafted e-mail attachment with uuencode encoding, aka Bug ID CSCzv54343.
network
cisco CWE-264
4.3
4.3
2015-02-07 CVE-2015-0604 Improper Input Validation vulnerability in Cisco products
The web framework on Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allows remote attackers to upload files to arbitrary locations on a phone's filesystem via crafted HTTP requests, aka Bug ID CSCup90424.
network
low complexity
cisco CWE-20
5.0
5.0
2015-02-07 CVE-2015-0603 Permissions, Privileges, and Access Controls vulnerability in Cisco Unified IP Phones 9900 Series Firmware 9.3(2)
Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier use weak permissions for unspecified files, which allows local users to cause a denial of service (persistent hang or reboot) by writing to a phone's filesystem, aka Bug ID CSCup90474.
local
low complexity
cisco CWE-264
4.6
4.6
2015-02-07 CVE-2015-0601 Improper Input Validation vulnerability in Cisco products
Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allow local users to cause a denial of service (device reload) via crafted commands, aka Bug ID CSCup92790.
local
low complexity
cisco CWE-20
4.6
4.6
2015-02-07 CVE-2013-5557 Unspecified vulnerability in Cisco Adaptive Security Appliance Software
The Proxy Bypass Content Rewriter feature in the WebVPN subsystem in Cisco Adaptive Security Appliance (ASA) Software 9.1(.2) and earlier allows remote authenticated users to cause a denial of service (device crash or error-recovery event) via an HTTP request that triggers a rewrite, aka Bug ID CSCug91577.
network
cisco
6.3
6.3
2015-02-03 CVE-2015-0599 7PK - Security Features vulnerability in Cisco Unified Computing System
The web interface in Cisco Integrated Management Controller in Cisco Unified Computing System (UCS) on C-Series Rack Servers does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCuf50138.
network
cisco CWE-254
4.3
4.3
2015-02-03 CVE-2014-8021 Cross-site Scripting vulnerability in Cisco Anyconnect Secure Mobility Client and Hostscan Engine
Cross-site scripting (XSS) vulnerability in Cisco AnyConnect Secure Mobility Client 3.1(.02043) and earlier and Cisco HostScan Engine 3.1(.05183) and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving an applet-path URL, aka Bug IDs CSCup82990 and CSCuq80149.
network
cisco CWE-79
4.3
4.3
2015-02-03 CVE-2014-8013 Improper Input Validation vulnerability in Cisco Nx-Os
The TACACS+ command-authorization implementation in Cisco NX-OS allows local users to cause a denial of service (device reload) via a long CLI command, aka Bug ID CSCur54182.
local
low complexity
cisco CWE-20
4.9
4.9