Vulnerabilities > Cisco > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-03-09 | CVE-2016-1312 | Resource Management Errors vulnerability in Cisco ASA 5500 Csc-Ssm Firmware 6.6.1125.0 The HTTPS inspection engine in the Content Security and Control Security Services Module (CSC-SSM) 6.6 before 6.6.1164.0 for Cisco ASA 5500 devices allows remote attackers to cause a denial of service (memory consumption or device reload) via a flood of HTTPS packets, aka Bug ID CSCue76147. | 7.5 |
| 2016-03-03 | CVE-2016-1359 | Improper Input Validation vulnerability in Cisco Prime Infrastructure 3.0 Cisco Prime Infrastructure 3.0 allows remote authenticated users to execute arbitrary code via a crafted HTTP request that is mishandled during viewing of a log file, aka Bug ID CSCuw81494. | 8.8 |
| 2016-03-03 | CVE-2015-0718 | Resource Management Errors vulnerability in multiple products Cisco NX-OS 4.0 through 6.1 on Nexus 1000V 3000, 4000, 5000, 6000, and 7000 devices and Unified Computing System (UCS) platforms allows remote attackers to cause a denial of service (TCP stack reload) by sending crafted TCP packets to a device that has a TIME_WAIT TCP session, aka Bug ID CSCub70579. | 7.5 |
| 2016-02-26 | CVE-2016-1297 | OS Command Injection vulnerability in Cisco Application Control Engine Software The Device Manager GUI in Cisco Application Control Engine (ACE) 4710 A5 before A5(3.1) allows remote authenticated users to bypass intended RBAC restrictions and execute arbitrary CLI commands with admin privileges via an unspecified parameter in a POST request, aka Bug ID CSCul84801. | 8.8 |
| 2016-02-19 | CVE-2016-1335 | Permissions, Privileges, and Access Controls vulnerability in Cisco ASR 5000 Series Software The SSH implementation in Cisco StarOS before 19.3.M0.62771 and 20.x before 20.0.M0.62768 on ASR 5000 devices mishandles a multi-user public-key authentication configuration, which allows remote authenticated users to gain privileges by establishing a connection from an endpoint that was previously used for an administrator's connection, aka Bug ID CSCux22492. | 7.5 |
| 2016-02-12 | CVE-2016-1322 | Permissions, Privileges, and Access Controls vulnerability in Cisco Spark 20150704Base The REST interface in Cisco Spark 2015-07-04 allows remote attackers to bypass intended access restrictions and create arbitrary user accounts via unspecified web requests, aka Bug ID CSCuv72584. | 7.5 |
| 2016-02-12 | CVE-2016-1315 | Improper Access Control vulnerability in Cisco Email Security Appliance Firmeware The proxy engine in Cisco Advanced Malware Protection (AMP), when used with Email Security Appliance (ESA) 9.5.0-201, 9.6.0-051, and 9.7.0-125, allows remote attackers to bypass intended content restrictions via a malformed e-mail message containing an encoded file, aka Bug ID CSCux45338. | 7.5 |
| 2016-02-07 | CVE-2016-1302 | Improper Access Control vulnerability in multiple products Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3h) and 1.1 before 1.1(1j) and Nexus 9000 ACI Mode switches with software before 11.0(3h) and 11.1 before 11.1(1j) allow remote authenticated users to bypass intended RBAC restrictions via crafted REST requests, aka Bug ID CSCut12998. | 8.8 |
| 2016-02-07 | CVE-2016-1301 | Improper Access Control vulnerability in Cisco products The RBAC implementation in Cisco ASA-CX Content-Aware Security software before 9.3.1.1(112) and Cisco Prime Security Manager (PRSM) software before 9.3.1.1(112) allows remote authenticated users to change arbitrary passwords via a crafted HTTP request, aka Bug ID CSCuo94842. | 8.8 |
| 2016-01-30 | CVE-2016-1303 | Improper Input Validation vulnerability in Cisco 500 Series Switch Firmware 1.2.0.92 The web GUI on Cisco Small Business 500 devices 1.2.0.92 allows remote attackers to cause a denial of service via a crafted HTTP request, aka Bug ID CSCul65330. | 7.5 |