Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-08-30 | CVE-2013-3474 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Wireless LAN Controller The Web Administrator Interface on Cisco Wireless LAN Controller (WLC) devices allows remote authenticated users to cause a denial of service (device crash) by leveraging membership in the Full Manager managers group, Read Only managers group, or Lobby Ambassador managers group, and sending a request that (1) lacks a parameter value or (2) contains a malformed parameter value, aka Bug IDs CSCuh14313, CSCuh14159, CSCuh14368, and CSCuh14436. | 6.3 |
| 2013-08-30 | CVE-2013-3470 | Improper Input Validation vulnerability in Cisco IOS XR The RIP process in Cisco IOS XR allows remote attackers to cause a denial of service (process crash) via a crafted version-2 RIP packet, aka Bug ID CSCue46731. | 5.0 |
| 2013-08-30 | CVE-2013-3467 | Resource Management Errors vulnerability in Cisco products Memory leak in the CLI component on Cisco Unified Computing System (UCS) 6100 Fabric Interconnect devices, in certain situations that lack a SPAN session, allows local users to cause a denial of service (memory consumption and device reset) via a (1) "show monitor session all" or (2) "show monitor session" command, aka Bug ID CSCug20103. | 4.6 |
| 2013-08-30 | CVE-2012-5744 | Cross-Site Scripting vulnerability in Cisco Identity Services Engine Software Multiple cross-site scripting (XSS) vulnerabilities in the guest portal in Cisco Identity Services Engine (ISE) Software allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs CSCud11139 and CSCug02904. | 4.3 |
| 2013-08-29 | CVE-2013-3472 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unified Communications Manager Cross-site request forgery (CSRF) vulnerability in the Enterprise License Manager (ELM) in Cisco Unified Communications Manager (CM) allows remote attackers to hijack the authentication of arbitrary users for requests that make ELM modifications, aka Bug ID CSCui58210. | 6.8 |
| 2013-08-29 | CVE-2013-3471 | Credentials Management vulnerability in Cisco Identity Services Engine Software The captive portal application in Cisco Identity Services Engine (ISE) allows remote attackers to discover cleartext usernames and passwords by leveraging unspecified use of hidden form fields in an HTML document, aka Bug ID CSCug02515. | 4.3 |
| 2013-08-29 | CVE-2013-3468 | Improper Input Validation vulnerability in Cisco Unified IP Phone 8945 and Unified IP Phone Firmware The Cisco Unified IP Phone 8945 with software 9.3(2) allows remote attackers to cause a denial of service (device hang) via a malformed PNG file, aka Bug ID CSCud04270. | 7.8 |
| 2013-08-29 | CVE-2013-3466 | Improper Authentication vulnerability in Cisco Secure Access Control Server The EAP-FAST authentication module in Cisco Secure Access Control Server (ACS) 4.x before 4.2.1.15.11, when a RADIUS server configuration is enabled, does not properly parse user identities, which allows remote attackers to execute arbitrary commands via crafted EAP-FAST packets, aka Bug ID CSCui57636. | 9.3 |
| 2013-08-25 | CVE-2013-3462 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Unified Communications Manager Buffer overflow in Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6, 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(2) allows remote authenticated users to execute arbitrary code via unspecified vectors, aka Bug ID CSCud54358. | 8.5 |
| 2013-08-25 | CVE-2013-3461 | Resource Management Errors vulnerability in Cisco Unified Communications Manager Cisco Unified Communications Manager (Unified CM) 8.5(x) and 8.6(x) before 8.6(2a)su3 and 9.x before 9.1(1) does not properly restrict the rate of SIP packets, which allows remote attackers to cause a denial of service (memory and CPU consumption, and service disruption) via a flood of UDP packets to port 5060, aka Bug ID CSCub35869. | 7.1 |