Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-09-20 | CVE-2012-4073 | Cryptographic Issues vulnerability in Cisco Unified Computing System The KVM subsystem in the client in Cisco Unified Computing System (UCS) does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers, and read or modify KVM data, via a crafted certificate, aka Bug ID CSCte90332. | 5.8 |
| 2013-09-20 | CVE-2012-4072 | Improper Input Validation vulnerability in Cisco Unified Computing System The KVM subsystem in Cisco Unified Computing System (UCS) relies on a hardcoded X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers, and read keyboard and mouse events, by leveraging knowledge of this certificate's private key, aka Bug ID CSCte90327. | 4.3 |
| 2013-09-19 | CVE-2013-5497 | Improper Authentication vulnerability in Cisco Intrusion Prevention System The authentication manager process in the web framework in Cisco Intrusion Prevention System (IPS) does not properly handle user tokens, which allows remote attackers to cause a denial of service (intermittent MainApp hang) via a crafted management-interface connection request, aka Bug ID CSCuf20148. | 4.3 |
| 2013-09-19 | CVE-2013-1121 | Resource Management Errors vulnerability in Cisco Nx-Os The regex engine in the BGP implementation in Cisco NX-OS, when a complex regular expression is configured for inbound routes, allows remote attackers to cause a denial of service (device reload) via a crafted AS path set, aka Bug ID CSCuf49554. | 5.4 |
| 2013-09-16 | CVE-2013-5496 | Improper Input Validation vulnerability in Cisco Nx-Os Open Network Environment Platform (ONEP) in Cisco NX-OS allows remote authenticated users to cause a denial of service (network-element reload) via a crafted packet, aka Bug ID CSCui51551. | 6.3 |
| 2013-09-16 | CVE-2013-5495 | Cross-Site Scripting vulnerability in Cisco Unified Meetingplace Cross-site scripting (XSS) vulnerability in the web framework in the Application Server in Cisco Unified MeetingPlace allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui44681. | 4.3 |
| 2013-09-16 | CVE-2013-5494 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco products Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Unified MeetingPlace Solution, as used in Unified MeetingPlace Web Conferencing and Unified MeetingPlace, allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCui45209 and CSCui44674. | 6.8 |
| 2013-09-13 | CVE-2013-5493 | Improper Input Validation vulnerability in Cisco products The diagnostic module in the firmware on Cisco Virtualization Experience Client 6000 devices allows local users to bypass intended access restrictions and execute arbitrary commands via unspecified vectors, aka Bug ID CSCug68407. | 6.8 |
| 2013-09-13 | CVE-2013-5492 | Cryptographic Issues vulnerability in Cisco Socialminer administration.jsp in Cisco SocialMiner allows remote attackers to obtain sensitive information by sniffing the network for HTTP client-server traffic, aka Bug ID CSCuh76780. | 5.0 |
| 2013-09-13 | CVE-2013-5489 | Permissions, Privileges, and Access Controls vulnerability in Cisco Socialminer The gadget implementation in Cisco SocialMiner does not properly restrict the content of GET requests, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, aka Bug ID CSCuh74125. | 5.0 |