Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-07-09 | CVE-2014-3312 | Improper Authentication vulnerability in Cisco products The debug console interface on Cisco Small Business SPA300 and SPA500 phones does not properly perform authentication, which allows local users to execute arbitrary debug-shell commands, or read or modify data in memory or a filesystem, via direct access to this interface, aka Bug ID CSCun77435. | 6.9 |
| 2014-07-09 | CVE-2014-3309 | Permissions, Privileges, and Access Controls vulnerability in Cisco IOS and IOS XE The NTP implementation in Cisco IOS and IOS XE does not properly support use of the access-group command for a "deny all" configuration, which allows remote attackers to bypass intended restrictions on time synchronization via a standard query, aka Bug ID CSCuj66318. | 5.0 |
| 2014-07-07 | CVE-2014-3308 | Improper Input Validation vulnerability in Cisco products Cisco IOS XR on Trident line cards in ASR 9000 devices lacks a static punt policer, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted packets, aka Bug ID CSCun83985. | 6.4 |
| 2014-07-07 | CVE-2014-3300 | Permissions, Privileges, and Access Controls vulnerability in Cisco products The BVSMWeb portal in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 10 does not properly implement access control, which allows remote attackers to modify user information via a crafted URL, aka Bug ID CSCum77041. | 7.5 |
| 2014-07-07 | CVE-2014-2198 | Credentials Management vulnerability in Cisco products Cisco Unified Communications Domain Manager (CDM) in Unified CDM Platform Software before 4.4.2 has a hardcoded SSH private key, which makes it easier for remote attackers to obtain access to the support and root accounts by extracting this key from a binary file found in a different installation of the product, aka Bug ID CSCud41130. | 10.0 |
| 2014-07-07 | CVE-2014-2197 | Permissions, Privileges, and Access Controls vulnerability in Cisco products The Administration GUI in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 8.1.4 does not properly implement access control, which allows remote authenticated users to modify administrative credentials via a crafted URL, aka Bug ID CSCun49862. | 9.0 |
| 2014-07-02 | CVE-2014-3307 | Remote Arbitrary Command Execution vulnerability in Cisco Small Cell DHCP Message Processing The DHCP client implementation in Universal Small Cell firmware on Cisco Small Cell products allows remote attackers to execute arbitrary commands via crafted DHCP messages, aka Bug ID CSCup47513. high complexity cisco | 6.8 |
| 2014-07-02 | CVE-2014-3298 | Credentials Management vulnerability in Cisco Cloud Portal Form Data Viewer in Cisco Intelligent Automation for Cloud in Cisco Cloud Portal places passwords in form data, which allows remote authenticated users to obtain sensitive information by reading HTML source code, aka Bug ID CSCui36976. | 4.0 |
| 2014-07-02 | CVE-2014-3297 | Permissions, Privileges, and Access Controls vulnerability in Cisco Cloud Portal Cisco Intelligent Automation for Cloud in Cisco Cloud Portal does not properly restrict the content of MyServices action URLs, which allows remote authenticated users to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, aka Bug IDs CSCui36937, CSCui37004, and CSCui36927. | 4.0 |
| 2014-06-25 | CVE-2014-3299 | Improper Input Validation vulnerability in Cisco IOS Cisco IOS allows remote authenticated users to cause a denial of service (device reload) via malformed IPsec packets, aka Bug ID CSCui79745. | 6.8 |