Vulnerabilities > Cisco

DATE CVE VULNERABILITY TITLE RISK
2013-07-18 CVE-2013-3403 Unspecified vulnerability in Cisco Unified Communications Manager
Multiple untrusted search path vulnerabilities in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allow local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCuh73454.
local
low complexity
cisco
6.8
6.8
2013-07-18 CVE-2013-3402 Code Injection vulnerability in Cisco Unified Communications Manager
An unspecified function in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary commands via unknown vectors, aka Bug ID CSCuh73440.
network
low complexity
cisco CWE-94
6.5
6.5
2013-07-18 CVE-2013-1243 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco products
The IP stack in Cisco Intrusion Prevention System (IPS) Software in ASA 5500-X IPS-SSP software and hardware modules before 7.1(5)E4, IPS 4500 sensors before 7.1(6)E4, and IPS 4300 sensors before 7.1(5)E4 allows remote attackers to cause a denial of service (MainApp process hang) via malformed IPv4 packets, aka Bug ID CSCtx18596.
network
low complexity
cisco CWE-119
7.8
7.8
2013-07-18 CVE-2013-1218 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco products
Cisco Intrusion Prevention System (IPS) Software in ASA 5500-X IPS-SSP software modules before 7.1(7)sp1E4 allows remote attackers to cause a denial of service (Analysis Engine process hang or device reload) via fragmented (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCue51272.
network
low complexity
cisco CWE-119
7.8
7.8
2013-07-15 CVE-2013-3428 Information Exposure vulnerability in Cisco Secure Access Control System
The web interface in Cisco Secure Access Control System (ACS) does not properly suppress error-condition details, which allows remote authenticated users to obtain sensitive information via an unspecified request that triggers an error, aka Bug ID CSCue65957.
network
low complexity
cisco CWE-200
4.0
4.0
2013-07-12 CVE-2013-3424 Cross-Site Request Forgery (CSRF) vulnerability in Cisco Secure Access Control System
Cross-site request forgery (CSRF) vulnerability in Administration and View pages in Cisco Secure Access Control System (ACS) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCud75177.
network
cisco CWE-352
6.8
6.8
2013-07-12 CVE-2013-3423 Cross-Site Scripting vulnerability in Cisco Secure Access Control System
Cross-site scripting (XSS) vulnerability in the web interface in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified field, aka Bug ID CSCud75174.
network
cisco CWE-79
4.3
4.3
2013-07-12 CVE-2013-3422 Cross-Site Scripting vulnerability in Cisco Secure Access Control System
Cross-site scripting (XSS) vulnerability in Administration pages in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud75165.
network
cisco CWE-79
4.3
4.3
2013-07-12 CVE-2013-3421 Cross-Site Scripting vulnerability in Cisco Secure Access Control System
Cross-site scripting (XSS) vulnerability in the Help index page in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud75170.
network
cisco CWE-79
4.3
4.3
2013-07-11 CVE-2013-3419 Cross-Site Scripting vulnerability in Cisco Unified Meetingplace web Conferencing
Cross-site scripting (XSS) vulnerability in Cisco Unified MeetingPlace Web Conferencing allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuh74981.
network
cisco CWE-79
4.3
4.3