Vulnerabilities > Cisco > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-09-18 | CVE-2016-6402 | Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Computing System UCS Manager and UCS 6200 Fabric Interconnects in Cisco Unified Computing System (UCS) through 3.0(2d) allow local users to obtain OS root access via crafted CLI input, aka Bug ID CSCuz91263. | 7.8 |
| 2016-09-17 | CVE-2016-1482 | OS Command Injection vulnerability in Cisco Webex Meetings Server 2.6.0 Cisco WebEx Meetings Server 2.6 allows remote attackers to execute arbitrary commands by injecting these commands into an application script, aka Bug ID CSCuy83130. | 8.1 |
| 2016-09-17 | CVE-2016-6407 | Resource Management Errors vulnerability in Cisco web Security Appliance Cisco AsyncOS through 9.5.0-444 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (link saturation) by making many HTTP requests for overlapping byte ranges simultaneously, aka Bug ID CSCuz27219. | 7.5 |
| 2016-09-12 | CVE-2016-6399 | Improper Input Validation vulnerability in Cisco products Cisco ACE30 Application Control Engine Module through A5 3.3 and ACE 4700 Application Control Engine appliances through A5 3.3 allow remote attackers to cause a denial of service (device reload) via crafted (1) SSL or (2) TLS packets, aka Bug ID CSCvb16317. | 7.5 |
| 2016-09-12 | CVE-2016-6371 | Path Traversal vulnerability in Cisco Hosted Collaboration Mediation Fulfillment 10.6(1)Base/10.6(2)Base/10.6(3)Base Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10.6(3) and earlier allows remote attackers to write to arbitrary files via a crafted URL, aka Bug ID CSCuz64717. | 7.5 |
| 2016-09-12 | CVE-2016-1469 | Resource Management Errors vulnerability in Cisco Spa300 Firmware and Spa500 Firmware The HTTP framework on Cisco SPA300, SPA500, and SPA51x devices allows remote attackers to cause a denial of service (device outage) via a series of malformed HTTP requests, aka Bug ID CSCut67385. | 7.5 |
| 2016-09-03 | CVE-2016-6377 | Improper Authentication vulnerability in Cisco Media Origination System Suite Media Origination System Suite Software 2.6 and earlier in Cisco Virtual Media Packager (VMP) allows remote attackers to bypass authentication and make arbitrary Platform and Applications Manager (PAM) API calls via unspecified vectors, aka Bug ID CSCuz52110. | 8.1 |
| 2016-09-03 | CVE-2016-1464 | Improper Input Validation vulnerability in Cisco Webex WRF Player T29 Sp10Base Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to execute arbitrary code via a crafted file, aka Bug ID CSCva09375. | 7.8 |
| 2016-09-02 | CVE-2016-1472 | Improper Input Validation vulnerability in Cisco Small Business 220 Series Smart Plus Switches 1.0.0.17/1.0.0.18/1.0.0.19 The web-based management interface on Cisco Small Business 220 devices with firmware before 1.0.1.1 allows remote attackers to cause a denial of service (interface outage) via a crafted HTTP request, aka Bug ID CSCuz76238. | 7.5 |
| 2016-09-02 | CVE-2016-1470 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Small Business 220 Series Smart Plus Switches 1.0.0.17/1.0.0.18/1.0.0.19 Cross-site request forgery (CSRF) vulnerability in the web-based management interface on Cisco Small Business 220 devices with firmware before 1.0.1.1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuz76230. | 8.8 |