Vulnerabilities > Cisco
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-12-14 | CVE-2013-6709 | Information Exposure vulnerability in Cisco Webex Training Center The registration component in Cisco WebEx Training Center provides the training-session URL before payment is completed, which allows remote attackers to bypass intended access restrictions and join an audio conference by entering credential fields from this URL, aka Bug ID CSCul57111. | 5.0 |
2013-12-10 | CVE-2013-7043 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco products Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Scientific Atlanta DPR2320R2 routers with software 2.0.2r1262-090417 allow remote attackers to hijack the authentication of administrators for requests that (1) change a password via the Password parameter to goform/RgSecurity; (2) reboot the device via the Restart parameter to goform/restart; (3) modify Wi-Fi settings, as demonstrated by the WpaPreSharedKey parameter to goform/wlanSecurity; or (4) modify parental controls via the ParentalPassword parameter to goform/RgParentalBasic. | 8.3 |
2013-12-10 | CVE-2012-3047 | Cross-Site Scripting vulnerability in Cisco products Cross-site scripting (XSS) vulnerability in the web-wizard setup page on Cisco Scientific Atlanta D20 and D30 cable modems allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2013-12-10 | CVE-2013-6708 | Permissions, Privileges, and Access Controls vulnerability in Cisco Cloud Portal 9.4 Cisco Cloud Portal 9.4 allows remote attackers to read files of unspecified types via a direct request, aka Bug IDs CSCuj08426 and CSCui60889. | 5.0 |
2013-12-07 | CVE-2013-6707 | Missing Release of Resource after Effective Lifetime vulnerability in Cisco Adaptive Security Appliance Software Memory leak in the connection-manager implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1(.3) and earlier allows remote attackers to cause a denial of service (multi-protocol management outage) by making multiple management session requests, aka Bug ID CSCug33233. | 4.3 |
2013-12-04 | CVE-2013-6702 | Improper Input Validation vulnerability in Cisco ONS 15454 and ONS 15454 Firmware The management implementation on Cisco ONS 15454 controller cards with software 9.8 and earlier allows remote attackers to cause a denial of service (card reset) via crafted packets, aka Bug ID CSCtz50902. | 4.3 |
2013-12-03 | CVE-2013-6705 | Improper Input Validation vulnerability in Cisco IOS and IOS XE The IP Device Tracking (IPDT) feature in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (IPDT AVL corruption and device reload) via a crafted sequence of ARP packets, aka Bug ID CSCuh38133. | 6.1 |
2013-12-03 | CVE-2013-6704 | Resource Management Errors vulnerability in Cisco IOS XE Cisco IOS XE does not properly manage memory for TFTP UDP flows, which allows remote attackers to cause a denial of service (memory consumption) via TFTP (1) client or (2) server traffic, aka Bug IDs CSCuh09324 and CSCty42686. | 7.1 |
2013-12-03 | CVE-2013-6703 | Improper Input Validation vulnerability in Cisco ONS 15454 The TLS/SSLv3 module on Cisco ONS 15454 controller cards allows remote attackers to cause a denial of service (card reset) via crafted (1) TLS or (2) SSLv3 packets, aka Bug ID CSCuh34787. | 7.1 |
2013-12-03 | CVE-2013-6690 | Cross-Site Scripting vulnerability in Cisco Prime Collaboration Multiple cross-site scripting (XSS) vulnerabilities in the web interface in the Assurance component in Cisco Prime Collaboration allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs CSCui92643, CSCui94038, and CSCui94161. | 4.3 |