Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-10-10 | CVE-2013-5526 | Improper Input Validation vulnerability in Cisco Unified IP Phone 9951 and Unified IP Phone 9971 Cisco 9900 fourth-generation IP phones do not properly perform SDP negotiation, which allows remote attackers to cause a denial of service (device reboot) via crafted SDP packets, aka Bug ID CSCuf06698. | 7.1 |
| 2013-10-10 | CVE-2013-5525 | SQL Injection vulnerability in Cisco Identity Services Engine Software SQL injection vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCug90502. | 6.5 |
| 2013-10-10 | CVE-2013-5524 | Cross-Site Scripting vulnerability in Cisco Identity Services Engine Software Cross-site scripting (XSS) vulnerability in the troubleshooting page in Cisco Identity Services Engine (ISE) 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCug77655. | 4.3 |
| 2013-10-10 | CVE-2013-5523 | Improper Input Validation vulnerability in Cisco Identity Services Engine Software The Sponsor Portal in Cisco Identity Services Engine (ISE) 1.2 and earlier does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCui82666. | 4.3 |
| 2013-10-10 | CVE-2013-5499 | Remote Denial of Service vulnerability in Cisco IOS The remember feature in the DHCP server in Cisco IOS allows remote attackers to cause a denial of service (device reload) by acquiring a lease and then sending a DHCPRELEASE message, aka Bug ID CSCuh46822. | 5.7 |
| 2013-10-10 | CVE-2013-3409 | Credentials Management vulnerability in Cisco Prime Central for Hosted Collaboration Solution The portal in Cisco Prime Central for Hosted Collaboration Solution (HCS) places cleartext credentials in temporary files, which allows local users to obtain sensitive information by leveraging weak file permissions to read these files, aka Bug IDs CSCuh33735 and CSCuh34230. | 4.3 |
| 2013-10-05 | CVE-2012-4141 | Permissions, Privileges, and Access Controls vulnerability in Cisco Nx-Os Directory traversal vulnerability in the CLI parser in Cisco NX-OS allows local users to create arbitrary script files via a relative pathname in the "file name" parameter, aka Bug IDs CSCua71557 and CSCua71551. | 6.2 |
| 2013-10-05 | CVE-2012-4122 | Improper Input Validation vulnerability in Cisco Nx-Os The CLI parser in Cisco NX-OS allows local users to bypass intended access restrictions, and overwrite or create arbitrary files, via shell output redirection, aka Bug IDs CSCts56672 and CSCts56669. | 6.2 |
| 2013-10-05 | CVE-2012-4098 | Improper Input Validation vulnerability in Cisco Nx-Os The BGP implementation in Cisco NX-OS does not properly filter AS paths, which allows remote attackers to cause a denial of service (BGP service reset and resync) via a malformed UPDATE message, aka Bug ID CSCtn13055. | 5.0 |
| 2013-10-05 | CVE-2012-4091 | Improper Input Validation vulnerability in Cisco Nx-Os The RIP service engine in Cisco NX-OS allows remote attackers to cause a denial of service (engine restart) via a malformed (1) RIPv4 or (2) RIPv6 message, aka Bug ID CSCtj73415. | 5.0 |