Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-02-22 | CVE-2014-0720 | Improper Input Validation vulnerability in Cisco IPS Sensor Software Cisco IPS Software 7.1 before 7.1(8)E4 and 7.2 before 7.2(2)E4 allows remote attackers to cause a denial of service (Analysis Engine process outage) via a flood of jumbo frames, aka Bug ID CSCuh94944. | 7.1 |
| 2014-02-22 | CVE-2014-0719 | Permissions, Privileges, and Access Controls vulnerability in Cisco IPS Sensor Software The control-plane access-list implementation in Cisco IPS Software before 7.1(8p2)E4 and 7.2 before 7.2(2)E4 allows remote attackers to cause a denial of service (MainApp process outage) via crafted packets to TCP port 7000, aka Bug ID CSCui67394. | 7.8 |
| 2014-02-22 | CVE-2014-0718 | Improper Input Validation vulnerability in Cisco IPS Sensor Software The produce-verbose-alert feature in Cisco IPS Software 7.1 before 7.1(8)E4 and 7.2 before 7.2(2)E4 allows remote attackers to cause a denial of service (Analysis Engine process outage) via fragmented packets, aka Bug ID CSCui91266. | 7.1 |
| 2014-02-22 | CVE-2014-0710 | Race Condition vulnerability in Cisco Firewall Services Module Software Race condition in the cut-through proxy feature in Cisco Firewall Services Module (FWSM) Software 3.x before 3.2(28) and 4.x before 4.1(15) allows remote attackers to cause a denial of service (device reload) via certain matching traffic, aka Bug ID CSCuj16824. | 7.1 |
| 2014-02-22 | CVE-2014-0709 | Credentials Management vulnerability in Cisco UCS Director Cisco UCS Director (formerly Cloupia) before 4.0.0.3 has a hardcoded password for the root account, which makes it easier for remote attackers to obtain administrative access via an SSH session to the CLI interface, aka Bug ID CSCui73930. | 9.3 |
| 2014-02-20 | CVE-2014-0733 | Improper Authentication vulnerability in Cisco Unified Communications Manager The Enterprise License Manager (ELM) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read ELM files via a direct request to a URL, aka Bug ID CSCum46494. | 5.0 |
| 2014-02-20 | CVE-2014-0736 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unified Communications Manager Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) page in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make CAR modifications, aka Bug ID CSCum46468. | 6.8 |
| 2014-02-20 | CVE-2014-0735 | Cross-Site Scripting vulnerability in Cisco Unified Communications Manager Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum46470. | 4.3 |
| 2014-02-20 | CVE-2014-0734 | SQL Injection vulnerability in Cisco Unified Communications Manager SQL injection vulnerability in the Certificate Authority Proxy Function (CAPF) implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum46483. | 7.5 |
| 2014-02-20 | CVE-2014-0732 | Improper Authentication vulnerability in Cisco Unified Communications Manager The Real Time Monitoring Tool (RTMT) web application in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read application files via a direct request to a URL, aka Bug ID CSCum46495. | 5.0 |