Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-12-02 | CVE-2013-6695 | Permissions, Privileges, and Access Controls vulnerability in Cisco Secure Access Control System The RBAC implementation in Cisco Secure Access Control System (ACS) does not properly verify privileges for support-bundle downloads, which allows remote authenticated users to obtain sensitive information via a download action, as demonstrated by obtaining read access to the user database, aka Bug ID CSCuj39274. | 4.0 |
| 2013-11-29 | CVE-2013-6706 | Improper Input Validation vulnerability in Cisco IOS XE The Cisco Express Forwarding processing module in Cisco IOS XE allows remote attackers to cause a denial of service (device reload) via crafted MPLS packets that are not properly handled during IP header validation, aka Bug ID CSCuj23992. | 5.4 |
| 2013-11-29 | CVE-2013-6700 | Improper Input Validation vulnerability in Cisco IOS XR The SNMP module in Cisco IOS XR allows remote attackers to cause a denial of service (process reload) via a request for an unspecified MIB, aka Bug ID CSCuh43144. | 5.0 |
| 2013-11-27 | CVE-2013-3394 | Cross-Site Scripting vulnerability in Cisco Prime Network Registrar Cross-site scripting (XSS) vulnerability in the web interface in Cisco Prime Network Registrar 8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted field, aka Bug ID CSCuh41429. | 4.3 |
| 2013-11-22 | CVE-2013-6699 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Wireless LAN Controller The Control and Provisioning of Wireless Access Points (CAPWAP) protocol implementation on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service via a crafted CAPWAP packet that triggers a buffer over-read, aka Bug ID CSCuh81880. | 5.0 |
| 2013-11-22 | CVE-2013-6698 | Permissions, Privileges, and Access Controls vulnerability in Cisco Wireless LAN Controller The web interface on Cisco Wireless LAN Controller (WLC) devices does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCuf77821. | 4.3 |
| 2013-11-22 | CVE-2013-6694 | Improper Input Validation vulnerability in Cisco IOS The IPSec implementation in Cisco IOS allows remote attackers to cause a denial of service (MTU change and tunnel-session drop) via crafted ICMP packets, aka Bug ID CSCul29918. | 4.3 |
| 2013-11-22 | CVE-2013-6693 | Buffer Errors vulnerability in Cisco IOS The MLDP implementation in Cisco IOS 15.3(3)S and earlier on 7600 routers, when many VRFs are configured, allows remote attackers to cause a denial of service (chunk corruption and device reload) by establishing many multicast flows, aka Bug ID CSCue22345. | 5.4 |
| 2013-11-22 | CVE-2013-6692 | Resource Management Errors vulnerability in Cisco IOS XE Cisco IOS XE 3.8S(.2) and earlier does not properly use a DHCP pool during assignment of an IP address, which allows remote authenticated users to cause a denial of service (device reload) via an AAA packet that triggers an address requirement, aka Bug ID CSCuh04949. | 6.3 |
| 2013-11-18 | CVE-2013-6689 | Improper Input Validation vulnerability in Cisco Unified Communications Manager Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier allows local users to bypass file permissions, and read, modify, or create arbitrary files, via an "overload" of the command-line utility, aka Bug ID CSCui58229. | 6.9 |