Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-07-23 | CVE-2013-3435 | Resource Management Errors vulnerability in Cisco products The Cisco Unified IP Conference Station 7937G allows remote attackers to cause a denial of service (networking outage) via a flood of TCP packets, aka Bug ID CSCuh42052. | 5.0 |
| 2013-07-19 | CVE-2013-3436 | Permissions, Privileges, and Access Controls vulnerability in Cisco IOS The default configuration of the Group Encrypted Transport VPN (GET VPN) feature on Cisco IOS uses an improper mechanism for enabling Group Domain of Interpretation (GDOI) traffic flow, which allows remote attackers to bypass the encryption policy via certain uses of UDP port 848, aka Bug ID CSCui07698. | 5.0 |
| 2013-07-18 | CVE-2013-3426 | Permissions, Privileges, and Access Controls vulnerability in Cisco products The Serviceability servlet on Cisco 9900 IP phones does not properly restrict paths, which allows remote attackers to read arbitrary files by specifying a pathname in a file request, aka Bug ID CSCuh52810. | 5.0 |
| 2013-07-18 | CVE-2013-3420 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco products Cross-site request forgery (CSRF) vulnerability in the web framework on the Cisco Identity Services Engine (ISE) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuh25506. | 6.8 |
| 2013-07-18 | CVE-2013-3434 | Local Privilege Escalation vulnerability in Cisco Unified Communications Manager Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCui02242. | 6.8 |
| 2013-07-18 | CVE-2013-3433 | Local Privilege Escalation vulnerability in Cisco Unified Communications Manager Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCui02276. | 6.8 |
| 2013-07-18 | CVE-2013-3412 | SQL Injection vulnerability in Cisco Unified Communications Manager SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuh81766. | 6.5 |
| 2013-07-18 | CVE-2013-3411 | Denial of Service vulnerability in Cisco IPS Software The IDSM-2 drivers in Cisco Intrusion Prevention System (IPS) Software on Cisco Catalyst 6500 devices with an IDSM-2 module allow remote attackers to cause a denial of service (device hang) via malformed IPv4 TCP packets, aka Bug ID CSCuh27460. | 7.8 |
| 2013-07-18 | CVE-2013-3410 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Intrusion Prevention System and IPS NME Cisco Intrusion Prevention System (IPS) Software on IPS NME devices before 7.0(9)E4 allows remote attackers to cause a denial of service (device reload) via malformed IPv4 packets that trigger incorrect memory allocation, aka Bug ID CSCua61977. | 7.8 |
| 2013-07-18 | CVE-2013-3404 | SQL Injection vulnerability in Cisco Unified Communications Manager SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, leading to discovery of encrypted credentials by leveraging metadata, aka Bug ID CSCuh01051. | 7.5 |