Vulnerabilities > Cisco > High

DATE CVE VULNERABILITY TITLE RISK
2011-05-03 CVE-2011-1604 Resource Management Errors vulnerability in Cisco Unified Communications Manager
Memory leak in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (memory consumption and process failure) via a malformed SIP message, aka Bug ID CSCti42904.
network
cisco CWE-399
7.1
2011-02-25 CVE-2011-0392 Improper Authentication vulnerability in Cisco products
Cisco TelePresence Recording Server devices with software 1.6.x do not require authentication for an XML-RPC interface, which allows remote attackers to perform unspecified actions via a session on TCP port 8080, aka Bug ID CSCtg35833.
network
low complexity
cisco CWE-287
7.5
2011-02-25 CVE-2011-0391 Resource Management Errors vulnerability in Cisco products
Cisco TelePresence Recording Server devices with software 1.6.x allow remote attackers to cause a denial of service (thread consumption and device outage) via a malformed request, related to an "ad hoc recording" issue, aka Bug ID CSCtf97205.
network
low complexity
cisco CWE-399
7.8
2011-02-25 CVE-2011-0390 Resource Management Errors vulnerability in Cisco products
The XML-RPC implementation on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, 1.6.x, and 1.7.0 allows remote attackers to cause a denial of service (process crash) via a crafted request, aka Bug ID CSCtj44534.
network
low complexity
cisco CWE-399
7.8
2011-02-25 CVE-2011-0389 Resource Management Errors vulnerability in Cisco products
Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x allow remote attackers to cause a denial of service (process crash) via a crafted Real-Time Transport Control Protocol (RTCP) UDP packet, aka Bug ID CSCth60993.
network
low complexity
cisco CWE-399
7.8
2011-02-25 CVE-2011-0388 Resource Management Errors vulnerability in Cisco products
Cisco TelePresence Recording Server devices with software 1.6.x and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x do not properly restrict remote access to the Java servlet RMI interface, which allows remote attackers to cause a denial of service (memory consumption and web outage) via multiple crafted requests, aka Bug IDs CSCtg35830 and CSCtg35825.
network
low complexity
cisco CWE-399
7.8
2011-02-25 CVE-2011-0387 Permissions, Privileges, and Access Controls vulnerability in Cisco products
The administrative web interface on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x allows remote authenticated users to cause a denial of service or have unspecified other impact via vectors involving access to a servlet, aka Bug ID CSCtf97164.
network
low complexity
cisco CWE-264
8.0
2011-02-25 CVE-2011-0380 Improper Authentication vulnerability in Cisco Telepresence Manager
Cisco TelePresence Manager 1.2.x through 1.6.x allows remote attackers to bypass authentication and invoke arbitrary methods via a malformed SOAP request, aka Bug ID CSCtc59562.
network
low complexity
cisco CWE-287
7.5
2011-02-25 CVE-2011-0379 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco products
Buffer overflow on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 1.6.x; Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x; Cisco TelePresence endpoint devices with software 1.2.x through 1.6.x; and Cisco TelePresence Manager 1.2.x, 1.3.x, 1.4.x, 1.5.x, and 1.6.2 allows remote attackers to execute arbitrary code via a crafted Cisco Discovery Protocol packet, aka Bug IDs CSCtd75769, CSCtd75766, CSCtd75754, and CSCtd75761.
7.9
2011-02-25 CVE-2011-0378 OS Command Injection vulnerability in Cisco products
The XML-RPC implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote attackers to execute arbitrary commands via a TCP request, related to a "command injection vulnerability," aka Bug ID CSCtb52587.
low complexity
cisco CWE-78
8.3