Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-10-25 | CVE-2013-5531 | Improper Authentication vulnerability in Cisco Identity Services Engine Software 1.0/1.1 Cisco Identity Services Engine (ISE) 1.x before 1.1.1 allows remote attackers to bypass authentication, and read support-bundle configuration and credentials data, via a crafted session on TCP port 443, aka Bug ID CSCty20405. | 5.0 |
| 2013-10-25 | CVE-2013-5530 | OS Command Injection vulnerability in Cisco Identity Services Engine Software The web framework in Cisco Identity Services Engine (ISE) 1.0 and 1.1.0 before 1.1.0.665-5, 1.1.1 before 1.1.1.268-7, 1.1.2 before 1.1.2.145-10, 1.1.3 before 1.1.3.124-7, 1.1.4 before 1.1.4.218-7, and 1.2 before 1.2.0.899-2 allows remote authenticated users to execute arbitrary commands via a crafted session on TCP port 443, aka Bug ID CSCuh81511. | 9.0 |
| 2013-10-25 | CVE-2013-5522 | Permissions, Privileges, and Access Controls vulnerability in Cisco Catalyst 3750-X and IOS Cisco IOS on Catalyst 3750X switches has default Service Module credentials, which makes it easier for local users to gain privileges via a Service Module login, aka Bug ID CSCue92286. | 6.8 |
| 2013-10-25 | CVE-2013-5521 | Permissions, Privileges, and Access Controls vulnerability in Cisco Identity Services Engine Software Cisco Identity Services Engine does not properly restrict the creation of guest accounts, which allows remote attackers to cause a denial of service (exhaustion of the account supply) via a series of requests within one session, aka Bug ID CSCue94287. | 5.0 |
| 2013-10-24 | CVE-2013-5537 | Improper Input Validation vulnerability in Cisco products The web framework on Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA) devices does not properly manage the state of HTTP and HTTPS sessions, which allows remote attackers to cause a denial of service (management GUI outage) via multiple TCP connections, aka Bug IDs CSCuj59411, CSCuf89818, and CSCuh05635. | 7.8 |
| 2013-10-24 | CVE-2013-5536 | Improper Input Validation vulnerability in Cisco Secure Access Control System Cisco Secure Access Control System (ACS) does not properly implement an incoming-packet firewall rule, which allows remote attackers to cause a denial of service (process crash) via a flood of crafted packets, aka Bug ID CSCui51521. | 5.0 |
| 2013-10-22 | CVE-2013-5550 | Improper Input Validation vulnerability in Cisco Unified Computing System The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to cause a denial of service via crafted command parameters that trigger hardware-component write operations, aka Bug ID CSCtq86549. | 4.6 |
| 2013-10-21 | CVE-2012-4115 | Cryptographic Issues vulnerability in Cisco Unified Computing System The fabric-interconnect component in Cisco Unified Computing System (UCS) does not encrypt KVM virtual-media data, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or modify this traffic by inserting packets into the client-server data stream, aka Bug ID CSCtr72964. | 5.8 |
| 2013-10-19 | CVE-2013-5534 | Path Traversal vulnerability in Cisco Unity Connection Directory traversal vulnerability in the attachment service in the Voice Message Web Service (aka VMWS or Cisco Unity Web Service) in Cisco Unity Connection allows remote authenticated users to create files, and consequently execute arbitrary JSP code, via a crafted pathname for a file that is not a valid audio file, aka Bug ID CSCuj22948. | 4.0 |
| 2013-10-19 | CVE-2012-4117 | Improper Input Validation vulnerability in Cisco Unified Computing System The fabric-interconnect component in Cisco Unified Computing System (UCS) does not properly verify X.509 certificates, which allows man-in-the-middle attackers to watch SSL KVM video-channel traffic or modify this traffic via a crafted certificate, aka Bug ID CSCtr73033. | 5.8 |