Vulnerabilities > Cisco > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-03-09 | CVE-2016-1327 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products Buffer overflow in the web server on Cisco DPC2203 and EPC2203 devices with firmware r1_customer_image allows remote attackers to execute arbitrary code via a crafted HTTP request, aka Bug ID CSCuv05935. | 9.8 |
| 2016-02-24 | CVE-2016-1341 | Permissions, Privileges, and Access Controls vulnerability in Cisco Nx-Os 7.0(1)N1(1)/7.0(1)N1(3)/7.0(4)N1(1) Cisco NX-OS 7.0(1)N1(1), 7.0(1)N1(3), and 7.0(4)N1(1) on Nexus 2000 Fabric Extender devices has a blank root password, which allows local users to gain privileges via unspecified vectors, aka Bug ID CSCur22079. | 9.8 |
| 2016-02-11 | CVE-2016-1287 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Adaptive Security Appliance Software Buffer overflow in the IKEv1 and IKEv2 implementations in Cisco ASA Software before 8.4(7.30), 8.7 before 8.7(1.18), 9.0 before 9.0(4.38), 9.1 before 9.1(7), 9.2 before 9.2(4.5), 9.3 before 9.3(3.7), 9.4 before 9.4(2.4), and 9.5 before 9.5(2.2) on ASA 5500 devices, ASA 5500-X devices, ASA Services Module for Cisco Catalyst 6500 and Cisco 7600 devices, ASA 1000V devices, Adaptive Security Virtual Appliance (aka ASAv), Firepower 9300 ASA Security Module, and ISA 3000 devices allows remote attackers to execute arbitrary code or cause a denial of service (device reload) via crafted UDP packets, aka Bug IDs CSCux29978 and CSCux42019. | 9.8 |
| 2016-01-27 | CVE-2015-6319 | SQL Injection vulnerability in multiple products SQL injection vulnerability in the web-based management interface on Cisco RV220W devices allows remote attackers to execute arbitrary SQL commands via a crafted header in an HTTP request, aka Bug ID CSCuv29574. | 9.8 |
| 2016-01-22 | CVE-2015-6435 | OS Command Injection vulnerability in Cisco products An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS) Manager before 2.2(4b), 2.2(5) before 2.2(5a), and 3.0 before 3.0(2e) allows remote attackers to execute arbitrary shell commands via a crafted HTTP request, aka Bug ID CSCur90888. | 9.8 |
| 2016-01-22 | CVE-2015-6412 | Credentials Management vulnerability in Cisco Modular Encoding Platform D9036 Software Cisco Modular Encoding Platform D9036 Software before 02.04.70 has hardcoded (1) root and (2) guest passwords, which makes it easier for remote attackers to obtain access via an SSH session, aka Bug ID CSCut88070. | 9.8 |
| 2016-01-15 | CVE-2015-6323 | Unspecified vulnerability in Cisco Identity Services Engine Software The Admin portal in Cisco Identity Services Engine (ISE) 1.1.x, 1.2.0 before patch 17, 1.2.1 before patch 8, 1.3 before patch 5, and 1.4 before patch 4 allows remote attackers to obtain administrative access via unspecified vectors, aka Bug ID CSCuw34253. | 9.8 |
| 2016-01-15 | CVE-2015-6314 | Improper Authentication vulnerability in Cisco Wireless LAN Controller Software Cisco Wireless LAN Controller (WLC) devices with software 7.6.x, 8.0 before 8.0.121.0, and 8.1 before 8.1.131.0 allow remote attackers to change configuration settings via unspecified vectors, aka Bug ID CSCuw06153. | 9.8 |