Vulnerabilities > Cisco > High

DATE CVE VULNERABILITY TITLE RISK
2016-07-02 CVE-2016-1408 Improper Input Validation vulnerability in Cisco products
Cisco Prime Infrastructure 1.2 through 3.1 and Evolved Programmable Network Manager (EPNM) 1.2 and 2.0 allow remote authenticated users to execute arbitrary commands or upload files via a crafted HTTP request, aka Bug ID CSCuz01488.
network
low complexity
cisco CWE-20
8.8
2016-06-23 CVE-2016-1438 7PK - Security Features vulnerability in Cisco Asyncos 9.7.0125
Cisco AsyncOS 9.7.0-125 on Email Security Appliance (ESA) devices allows remote attackers to bypass intended spam filtering via crafted executable content in a ZIP archive, aka Bug ID CSCuy39210.
network
low complexity
cisco CWE-254
7.5
2016-06-23 CVE-2016-1436 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco ASR 5000 Software
The General Packet Radio Switching Tunneling Protocol 1 (aka GTPv1) implementation on Cisco ASR 5000 Packet Data Network Gateway devices before 19.4 allows remote attackers to cause a denial of service (Session Manager process restart) via a crafted GTPv1 packet, aka Bug ID CSCuz46198.
network
low complexity
cisco CWE-119
7.5
2016-06-23 CVE-2016-1435 Permissions, Privileges, and Access Controls vulnerability in Cisco IP Phone 8800 Series Firmware 11.0(1)
Cisco 8800 phones with software 11.0(1) do not properly enforce mounted-filesystem permissions, which allows local users to write to arbitrary files by leveraging shell access, aka Bug ID CSCuz03014.
local
high complexity
cisco CWE-264
7.0
2016-06-23 CVE-2015-6289 Resource Management Errors vulnerability in Cisco IOS 15.5(3)M
Cisco IOS 15.5(3)M on Integrated Services Router (ISR) 800, 819, and 829 devices allows remote attackers to cause a denial of service (memory consumption) via crafted TCP packets on the SSH port, aka Bug ID CSCuu13476.
network
low complexity
cisco CWE-399
7.5
2016-06-18 CVE-2016-1427 Information Exposure vulnerability in Cisco Prime Network Registrar
The System Configuration Protocol (SCP) core messaging interface in Cisco Prime Network Registrar 8.2 before 8.2.3.1 and 8.3 before 8.3.2 allows remote attackers to obtain sensitive information via crafted SCP messages, aka Bug ID CSCuv35694.
network
low complexity
cisco CWE-200
7.5
2016-06-10 CVE-2016-1421 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco IP Phone 8800 Series Firmware 11.0(1)
A vulnerability in the web application for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition.
network
low complexity
cisco CWE-119
7.5
2016-06-10 CVE-2016-1420 Unspecified vulnerability in Cisco products
The installation component on Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.3(2f) mishandles binary files, which allows local users to obtain root access via unspecified vectors, aka Bug ID CSCuz72347.
local
low complexity
cisco
7.8
2016-06-10 CVE-2016-1419 Improper Input Validation vulnerability in Cisco Aironet Access Point Software 8.2(102.43)
Cisco Access Point devices with software 8.2(102.43) allow remote attackers to cause a denial of service (device reload) via crafted ARP packets, aka Bug ID CSCuy55803.
low complexity
cisco CWE-20
8.1
2016-06-08 CVE-2016-1418 Improper Input Validation vulnerability in Cisco Aironet Access Point Software 8.2(100.0)
Cisco Aironet Access Point Software 8.2(100.0) on 1830e, 1830i, 1850e, 1850i, 2800, and 3800 access points allows local users to obtain Linux root access via crafted CLI command parameters, aka Bug ID CSCuy64037.
local
low complexity
cisco CWE-20
7.8