Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-10-10 | CVE-2013-5523 | Improper Input Validation vulnerability in Cisco Identity Services Engine Software The Sponsor Portal in Cisco Identity Services Engine (ISE) 1.2 and earlier does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCui82666. | 4.3 |
| 2013-10-10 | CVE-2013-5499 | Remote Denial of Service vulnerability in Cisco IOS The remember feature in the DHCP server in Cisco IOS allows remote attackers to cause a denial of service (device reload) by acquiring a lease and then sending a DHCPRELEASE message, aka Bug ID CSCuh46822. | 5.7 |
| 2013-10-10 | CVE-2013-3409 | Credentials Management vulnerability in Cisco Prime Central for Hosted Collaboration Solution The portal in Cisco Prime Central for Hosted Collaboration Solution (HCS) places cleartext credentials in temporary files, which allows local users to obtain sensitive information by leveraging weak file permissions to read these files, aka Bug IDs CSCuh33735 and CSCuh34230. | 4.3 |
| 2013-10-05 | CVE-2012-4141 | Permissions, Privileges, and Access Controls vulnerability in Cisco Nx-Os Directory traversal vulnerability in the CLI parser in Cisco NX-OS allows local users to create arbitrary script files via a relative pathname in the "file name" parameter, aka Bug IDs CSCua71557 and CSCua71551. | 6.2 |
| 2013-10-05 | CVE-2012-4122 | Improper Input Validation vulnerability in Cisco Nx-Os The CLI parser in Cisco NX-OS allows local users to bypass intended access restrictions, and overwrite or create arbitrary files, via shell output redirection, aka Bug IDs CSCts56672 and CSCts56669. | 6.2 |
| 2013-10-05 | CVE-2012-4098 | Improper Input Validation vulnerability in Cisco Nx-Os The BGP implementation in Cisco NX-OS does not properly filter AS paths, which allows remote attackers to cause a denial of service (BGP service reset and resync) via a malformed UPDATE message, aka Bug ID CSCtn13055. | 5.0 |
| 2013-10-05 | CVE-2012-4091 | Improper Input Validation vulnerability in Cisco Nx-Os The RIP service engine in Cisco NX-OS allows remote attackers to cause a denial of service (engine restart) via a malformed (1) RIPv4 or (2) RIPv6 message, aka Bug ID CSCtj73415. | 5.0 |
| 2013-10-05 | CVE-2012-4090 | Permissions, Privileges, and Access Controls vulnerability in Cisco products The management interface in Cisco NX-OS on Nexus 7000 devices allows remote authenticated users to obtain sensitive configuration-file information by leveraging the network-operator role, aka Bug ID CSCti09089. | 4.0 |
| 2013-10-05 | CVE-2012-4084 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unified Computing System Cross-site request forgery (CSRF) vulnerability in the web-management interface in the fabric interconnect (FI) component in Cisco Unified Computing System (UCS) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCtg20755. | 6.8 |
| 2013-10-05 | CVE-2012-4075 | OS Command Injection vulnerability in Cisco Nx-Os Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in unspecified command parameters, aka Bug IDs CSCtf19827 and CSCtf27788. | 7.2 |