Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-01-16 | CVE-2014-0650 | Improper Input Validation vulnerability in Cisco Secure Access Control System The web interface in Cisco Secure Access Control System (ACS) 5.x before 5.4 Patch 3 allows remote attackers to execute arbitrary operating-system commands via a request to this interface, aka Bug ID CSCue65962. | 10.0 |
| 2014-01-16 | CVE-2014-0649 | Permissions, Privileges, and Access Controls vulnerability in Cisco Secure Access Control System The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authorization requirements, which allows remote authenticated users to obtain superadmin access via a request to this interface, aka Bug ID CSCud75180. | 9.0 |
| 2014-01-16 | CVE-2014-0648 | Permissions, Privileges, and Access Controls vulnerability in Cisco Secure Access Control System The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authentication and authorization requirements, which allows remote attackers to obtain administrative access via a request to this interface, aka Bug ID CSCud75187. | 10.0 |
| 2014-01-16 | CVE-2013-6687 | Credentials Management vulnerability in Cisco Webex Meetings Server The web portal in the Enterprise License Manager component in Cisco WebEx Meetings Server allows remote authenticated users to discover the cleartext administrative password by reading HTML source code, aka Bug ID CSCul33876. | 4.0 |
| 2014-01-16 | CVE-2013-2139 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Buffer overflow in srtp.c in libsrtp in srtp 1.4.5 and earlier allows remote attackers to cause a denial of service (crash) via vectors related to a length inconsistency in the crypto_policy_set_from_profile_for_rtp and srtp_protect functions. | 2.6 |
| 2014-01-15 | CVE-2014-0665 | Permissions, Privileges, and Access Controls vulnerability in Cisco Identity Services Engine Software The RBAC implementation in Cisco Identity Services Engine (ISE) Software does not properly verify privileges for support-bundle downloads, which allows remote authenticated users to obtain sensitive information via a download action, as demonstrated by obtaining read access to the user database, aka Bug ID CSCul83904. | 4.0 |
| 2014-01-12 | CVE-2014-0659 | OS Command Injection vulnerability in Cisco products The Cisco WAP4410N access point with firmware through 2.0.6.1, WRVS4400N router with firmware 1.x through 1.1.13 and 2.x through 2.0.2.1, and RVS4000 router with firmware through 2.0.3.2 allow remote attackers to read credential and configuration data, and execute arbitrary commands, via requests to the test interface on TCP port 32764, aka Bug IDs CSCum37566, CSCum43693, CSCum43700, and CSCum43685. | 10.0 |
| 2014-01-10 | CVE-2014-0664 | Resource Management Errors vulnerability in Cisco Unity Connection The server in Cisco Unity Connection allows remote authenticated users to cause a denial of service (CPU consumption) via unspecified IMAP commands, aka Bug ID CSCul49976. | 6.8 |
| 2014-01-10 | CVE-2014-0663 | Cross-Site Scripting vulnerability in Cisco Secure Access Control System Cross-site scripting (XSS) vulnerability in the web framework in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCum03625. | 4.3 |
| 2014-01-10 | CVE-2014-0658 | Improper Input Validation vulnerability in Cisco products Cisco 9900 Unified IP phones allow remote attackers to cause a denial of service (unregistration) via a crafted SIP header, aka Bug ID CSCul24898. | 5.4 |