Vulnerabilities > Cisco > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-12-14 | CVE-2016-6468 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Emergency Responder 11.5(1.10000.4) A vulnerability in the web-based management interface of Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. | 8.8 |
| 2016-12-14 | CVE-2016-6467 | Resource Management Errors vulnerability in Cisco ASR 5000 Series Software 20.0.0/21.0.0/21.0.M0.64702 A vulnerability in IPv6 packet fragment reassembly of StarOS for Cisco Aggregation Services Router (ASR) 5000 Series Switch could allow an unauthenticated, remote attacker to cause an unexpected reload of the Network Processing Unit (NPU) process. | 7.5 |
| 2016-12-14 | CVE-2016-6464 | Information Exposure vulnerability in Cisco Unified Communications Manager IM and Presence Service A vulnerability in the web management interface of the Cisco Unified Communications Manager IM and Presence Service could allow an unauthenticated, remote attacker to view information on web pages that should be restricted. | 7.5 |
| 2016-12-14 | CVE-2016-6449 | Permissions, Privileges, and Access Controls vulnerability in Cisco Fireamp Connector Endpoint Software 4.4.0/4.4.2.10200 A vulnerability in the system management of certain FireAMP system processes in Cisco FireAMP Connector Endpoint software could allow an authenticated, local attacker to stop certain protected FireAMP processes without requiring a password. | 7.8 |
| 2016-11-19 | CVE-2016-6466 | Resource Management Errors vulnerability in Cisco ASR 5000 Series Software and Virtualized Packet Core A vulnerability in the IPsec component of StarOS for Cisco ASR 5000 Series routers could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from establishing, resulting in a denial of service (DoS) condition. | 7.5 |
| 2016-11-19 | CVE-2016-6460 | 7PK - Security Features vulnerability in Cisco Firesight System Software A vulnerability in the FTP Representational State Transfer Application Programming Interface (REST API) for Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass FTP malware detection rules and download malware over an FTP connection. | 7.5 |
| 2016-11-19 | CVE-2016-6458 | Improper Input Validation vulnerability in Cisco Email Security Appliance Firmware A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass content filters configured on an affected device. | 7.5 |
| 2016-11-03 | CVE-2016-6455 | Resource Management Errors vulnerability in Cisco ASR 5000 Software A vulnerability in the Slowpath of StarOS for Cisco ASR 5500 Series routers with Data Processing Card 2 (DPC2) could allow an unauthenticated, remote attacker to cause a subset of the subscriber sessions to be disconnected, resulting in a partial denial of service (DoS) condition. | 7.5 |
| 2016-11-03 | CVE-2016-6453 | SQL Injection vulnerability in Cisco Identity Services Engine 1.3(0.876) A vulnerability in the web framework code of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary SQL commands on the database. | 7.3 |
| 2016-11-03 | CVE-2016-6430 | Permissions, Privileges, and Access Controls vulnerability in Cisco IP Interoperability and Collaboration System A vulnerability in the command-line interface of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an authenticated, local attacker to elevate the privilege level associated with their session. | 7.8 |