Vulnerabilities > Cisco

DATE CVE VULNERABILITY TITLE RISK
2013-09-23 CVE-2013-5486 OS Command Injection vulnerability in Cisco Prime Data Center Network Manager
Directory traversal vulnerability in processImageSave.jsp in DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to write arbitrary files via the chartid parameter, aka Bug IDs CSCue77035 and CSCue77036.
network
low complexity
cisco CWE-78
critical
 10.0
10
2013-09-20 CVE-2013-3473 Improper Authentication vulnerability in Cisco Prime Central FOR Hosted Collaboration Solution Assurance
The web framework in Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance before 9.1.1 does not properly determine the existence of an authenticated session, which allows remote attackers to discover usernames and passwords via an HTTP request, aka Bug ID CSCud32600.
network
low complexity
cisco CWE-287
7.8
7.8
2013-09-20 CVE-2012-4082 Improper Input Validation vulnerability in Cisco Unified Computing System
MCTools in the Cisco Management Controller in Cisco Unified Computing System (UCS) allows local users to gain privileges by entering crafted command-line parameters on a Fabric Interconnect device, aka Bug ID CSCtg20749.
local
low complexity
cisco CWE-20
6.8
6.8
2013-09-20 CVE-2012-4081 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Unified Computing System
MCServer in the Cisco Management Controller in Cisco Unified Computing System (UCS) allows local users to cause a denial of service (application crash) via invalid MCTools parameters, aka Bug ID CSCtg20734.
local
low complexity
cisco CWE-119
4.6
4.6
2013-09-20 CVE-2013-5501 Cross-Site Scripting vulnerability in Cisco Mediasense
Cross-site scripting (XSS) vulnerability in the oraservice page in Cisco MediaSense allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuj23328.
network
cisco CWE-79
4.3
4.3
2013-09-20 CVE-2013-5500 Cross-Site Scripting vulnerability in Cisco Mediasense
Multiple cross-site scripting (XSS) vulnerabilities in the oraadmin service page in Cisco MediaSense allow remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs CSCuj23320, CSCuj23324, CSCuj23333, and CSCuj23338.
network
cisco CWE-79
4.3
4.3
2013-09-20 CVE-2013-1130 Permissions, Privileges, and Access Controls vulnerability in Cisco Anyconnect Secure Mobility Client
Cisco AnyConnect Secure Mobility Client on Mac OS X uses weak permissions for a library directory, which allows local users to gain privileges via a crafted library file, aka Bug ID CSCue33619.
local
low complexity
cisco apple CWE-264
6.8
6.8
2013-09-20 CVE-2012-4093 Improper Input Validation vulnerability in Cisco Unified Computing System
The Manager component in Cisco Unified Computing System (UCS) allows local users to cause a denial of service via an invalid Smart Call Home contact address, aka Bug ID CSCtl00186.
local
low complexity
cisco CWE-20
4.6
4.6
2013-09-20 CVE-2012-4083 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Unified Computing System
Multiple buffer overflows in the administrative web interface in Cisco Unified Computing System (UCS) allow remote authenticated users to cause a denial of service (memory corruption and session termination) via long string values for unspecified parameters, aka Bug ID CSCtg20751.
network
low complexity
cisco CWE-119
4.0
4.0
2013-09-20 CVE-2012-4074 Credentials Management vulnerability in Cisco Unified Computing System
The Board Management Controller (BMC) in the Serial over LAN (SoL) subsystem in Cisco Unified Computing System (UCS) relies on a hardcoded private key, which allows man-in-the-middle attackers to obtain sensitive information or modify the data stream by leveraging knowledge of this key, aka Bug ID CSCte90338.
network
cisco CWE-255
5.8
5.8