Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-05-27 | CVE-2010-0597 | Remote Privilege Escalation vulnerability in Cisco Network Building Mediator Unspecified vulnerability in Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 allows remote authenticated users to read or modify the device configuration, and gain privileges or cause a denial of service (device reload), via a (1) XML RPC or (2) XML RPC over HTTPS request, aka Bug ID CSCtb83618. | 9.0 |
| 2010-05-27 | CVE-2010-0596 | Remote Privilege Escalation vulnerability in Cisco Network Building Mediator Unspecified vulnerability in Cisco Mediator Framework 2.2 before 2.2.1.dev.1 and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 allows remote authenticated users to read or modify the device configuration, and gain privileges, via a (1) HTTP or (2) HTTPS request, aka Bug ID CSCtb83607. | 9.0 |
| 2010-05-27 | CVE-2010-0595 | Credentials Management vulnerability in Cisco Mediator Framework 1.5.1/2.2/3.0.8 Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 has a default password for the administrative user account and unspecified other accounts, which makes it easier for remote attackers to obtain privileged access, aka Bug ID CSCtb83495. | 10.0 |
| 2010-05-26 | CVE-2010-2082 | Credentials Management vulnerability in Cisco Scientific Atlanta Webstar Dpc2100R2 2.0.2R1256060303 The web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem with firmware 2.0.2r1256-060303 has a default administrative password (aka SAPassword) of W2402, which makes it easier for remote attackers to obtain privileged access. | 5.0 |
| 2010-05-26 | CVE-2010-2026 | Improper Authentication vulnerability in Cisco Scientific Atlanta Webstar Dpc2100R2 2.0.2R1256060303 The web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem with firmware 2.0.2r1256-060303 allows remote attackers to bypass authentication, and reset the modem or replace the firmware, via a direct request to an unspecified page. | 6.4 |
| 2010-05-26 | CVE-2010-2025 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Scientific Atlanta Webstar Dpc2100R2 2.0.2R1256060303 Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem with firmware 2.0.2r1256-060303 allow remote attackers to hijack the authentication of administrators for requests that (1) reset the modem, (2) erase the firmware, (3) change the administrative password, (4) install modified firmware, or (5) change the access level, as demonstrated by a request to goform/_aslvl. | 6.8 |
| 2010-05-14 | CVE-2010-1568 | Cryptographic Issues vulnerability in Cisco Ironport Desktop Flag Plugin for Outlook 6.2.4.3 The Send Secure functionality in the Cisco IronPort Desktop Flag Plug-in for Outlook before 6.5.0-006 does not properly handle simultaneously composed messages, which might allow remote attackers to obtain cleartext contents of e-mail messages that were intended to be encrypted, aka bug 65623. | 5.0 |
| 2010-05-14 | CVE-2010-1567 | Improper Input Validation vulnerability in Cisco PGW 2200 Softswitch 9.6(1)/9.7(3) The SIP implementation on the Cisco PGW 2200 Softswitch with software before 9.8(1)S5 allows remote attackers to cause a denial of service (device crash) via a malformed header, aka Bug ID CSCsz13590. | 7.8 |
| 2010-05-14 | CVE-2010-1565 | Resource Management Errors vulnerability in Cisco PGW 2200 Softswitch 9.7(3)P/9.7(3)S Unspecified vulnerability in the SIP implementation on the Cisco PGW 2200 Softswitch with software 9.7(3)S before 9.7(3)S9 and 9.7(3)P before 9.7(3)P9 allows remote attackers to cause a denial of service (TCP socket exhaustion) via unknown vectors, aka Bug ID CSCsk13561. | 7.8 |
| 2010-05-14 | CVE-2010-1563 | Improper Input Validation vulnerability in Cisco PGW 2200 Softswitch 9.7(3)P/9.7(3)S The SIP implementation on the Cisco PGW 2200 Softswitch with software 9.7(3)S before 9.7(3)S9 and 9.7(3)P before 9.7(3)P9 allows remote attackers to cause a denial of service (device crash) via a malformed header, aka Bug ID CSCsk04588. | 7.8 |