Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-06-29 | CVE-2009-4912 | Permissions, Privileges, and Access Controls vulnerability in Cisco ASA 5580 Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) complete an SSL handshake with an HTTPS client even if this client is unauthorized, which might allow remote attackers to bypass intended access restrictions via an HTTPS session, aka Bug ID CSCso10876. | 10.0 |
| 2010-06-29 | CVE-2009-4911 | Unspecified vulnerability in Cisco ASA 5580 8.1(1) Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (device crash) via vectors involving SSL VPN and PPPoE transactions, aka Bug ID CSCsm77958. | 7.8 |
| 2010-06-29 | CVE-2009-4910 | Cross-Site Scripting vulnerability in Cisco ASA 5580 Cross-site scripting (XSS) vulnerability in the WebVPN portal on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCsq78418. | 4.3 |
| 2010-06-29 | CVE-2008-7257 | Improper Input Validation vulnerability in Cisco ASA 5580 8.1(1) CRLF injection vulnerability in +webvpn+/index.html in WebVPN on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to inject arbitrary HTTP headers as demonstrated by a redirect attack involving a %0d%0aLocation%3a sequence in a URI, or conduct HTTP response splitting attacks via unspecified vectors, aka Bug ID CSCsr09163. | 4.3 |
| 2010-06-28 | CVE-2010-2506 | Cross-Site Scripting vulnerability in Cisco Linksys Firmware and Linksys Wap54G Cross-site scripting (XSS) vulnerability in debug.cgi in Linksys WAP54Gv3 firmware 3.05.03 and 3.04.03 allows remote attackers to inject arbitrary web script or HTML via the data1 parameter. | 2.9 |
| 2010-06-10 | CVE-2010-1572 | Remote Privilege Escalation vulnerability in Cisco Application Extension Framework 1.1/1.1.5 Unspecified vulnerability in the tech support diagnostic shell in Cisco Application Extension Platform (AXP) 1.1 and 1.1.5 allows local users to obtain sensitive configuration information and gain administrator privileges via unspecified API calls. | 9.0 |
| 2010-06-10 | CVE-2010-1571 | Path Traversal vulnerability in Cisco products Directory traversal vulnerability in the bootstrap service in Cisco Unified Contact Center Express (UCCX) 7.0 before 7.0(1)SR4 and 7.0(2), unspecified 6.0 versions, and 5.0 before 5.0(2)SR3 allows remote attackers to read arbitrary files via a crafted bootstrap message to TCP port 6295. | 7.8 |
| 2010-06-10 | CVE-2010-1570 | Denial of Service vulnerability in Cisco products The computer telephony integration (CTI) server component in Cisco Unified Contact Center Express (UCCX) 7.0 before 7.0(1)SR4 and 7.0(2), 6.0 before 6.0(1)SR1, and 5.0 before 5.0(2)SR3 allows remote attackers to cause a denial of service (CTI server and Node Manager failure) via a malformed CTI message. | 7.8 |
| 2010-05-27 | CVE-2010-0600 | Permissions, Privileges, and Access Controls vulnerability in Cisco Mediator Framework 1.5.1/2.2/3.0.8 Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 does not properly restrict network access to an unspecified configuration file, which allows remote attackers to read passwords and unspecified other account details via a (1) XML RPC or (2) XML RPC over HTTPS session, aka Bug ID CSCtb83512. | 10.0 |
| 2010-05-27 | CVE-2010-0599 | Credentials Management vulnerability in Cisco Mediator Framework 1.5.1/2.2/3.0.8 Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 does not encrypt XML RPC sessions from operator workstations, which allows remote attackers to discover Administrator credentials by sniffing the network, aka Bug ID CSCtb83505. | 9.3 |