Vulnerabilities > Cisco

DATE CVE VULNERABILITY TITLE RISK
2013-07-11 CVE-2013-3418 Resource Management Errors vulnerability in Cisco Unified Communications Domain Manager
Cisco Unified Communications Domain Manager does not properly allocate memory for GET and POST requests, which allows remote authenticated users to cause a denial of service (memory consumption and process crash) via crafted requests to the management interface, aka Bug ID CSCud22922.
network
low complexity
cisco CWE-399
6.8
6.8
2013-07-10 CVE-2013-3416 Cross-Site Scripting vulnerability in Cisco products
Cross-site scripting (XSS) vulnerability in the web framework in the unified-communications management implementation in Cisco Unified Operations Manager and Unified Service Monitor allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs CSCuh47574 and CSCuh95997.
network
cisco CWE-79
4.3
4.3
2013-07-10 CVE-2013-3408 Permissions, Privileges, and Access Controls vulnerability in Cisco products
The firmware on Cisco Virtualization Experience Client 6000 devices sets incorrect operating-system permissions, which allows local users to gain privileges via an unspecified sequence of commands, aka Bug ID CSCuc31764.
local
low complexity
cisco CWE-264
6.8
6.8
2013-07-10 CVE-2013-1132 Cross-Site Scripting vulnerability in Cisco Unified Communications Domain Manager
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Communications Domain Manager allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) IptAccountMgmt, (2) IptFeatureConfigTemplateMgmt, (3) IptFeatureDisplayPolicyMgmt, or (4) IptProviderMgmt page, aka Bug IDs CSCud69972, CSCud70193, and CSCud70261.
network
cisco CWE-79
4.3
4.3
2013-07-10 CVE-2013-3405 Permissions, Privileges, and Access Controls vulnerability in Cisco Telepresence TC Software
The web portal in TC software on Cisco TelePresence endpoints does not require an exact password match during a login attempt by a user who has not configured a password, which allows remote attackers to bypass authentication by sending an arbitrary password, aka Bug ID CSCud96071.
network
cisco CWE-264
4.3
4.3
2013-07-10 CVE-2013-3400 Improper Input Validation vulnerability in Cisco Nexus 1000V and Nx-Os
The license-installation module in Cisco NX-OS on Nexus 1000V devices allows local users to execute arbitrary commands via crafted "install license" arguments, aka Bug ID CSCuh30824.
local
low complexity
cisco CWE-20
6.8
6.8
2013-07-04 CVE-2013-3413 Cross-Site Scripting vulnerability in Cisco Identity Services Engine Software
Cross-site scripting (XSS) vulnerability in the search form in the administration/monitoring panel on the Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuh87036.
network
cisco CWE-79
4.3
4.3
2013-07-02 CVE-2013-3401 Security Bypass vulnerability in Cisco TelePresence TC Software
The SIP implementation in Cisco TelePresence TC Software allows remote attackers to trigger unintended use of NOTIFY messages via unspecified vectors, aka Bug ID CSCud96080.
network
cisco
4.3
4.3
2013-07-02 CVE-2013-3399 Buffer Errors vulnerability in Cisco Desktop Collaboration Experience Dx650
Buffer overflow in an unspecified Android API on the Cisco Desktop Collaboration Experience DX650 allows attackers to execute arbitrary code via vectors that leverage incorrect memory allocation, aka Bug IDs CSCuf93957, CSCug22352, and CSCug22462.
local
cisco CWE-119
6.6
6.6
2013-07-02 CVE-2013-3395 Cross-Site Request Forgery (CSRF) vulnerability in Cisco products
Cross-site request forgery (CSRF) vulnerability in the web framework on Cisco IronPort Web Security Appliance (WSA) devices, Email Security Appliance (ESA) devices, and Content Security Management Appliance (SMA) devices allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuh70263, CSCuh70323, and CSCuh26634.
network
cisco CWE-352
6.8
6.8