Vulnerabilities > Cisco > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-02-26 | CVE-2016-1297 | OS Command Injection vulnerability in Cisco Application Control Engine Software The Device Manager GUI in Cisco Application Control Engine (ACE) 4710 A5 before A5(3.1) allows remote authenticated users to bypass intended RBAC restrictions and execute arbitrary CLI commands with admin privileges via an unspecified parameter in a POST request, aka Bug ID CSCul84801. | 8.8 |
| 2016-02-19 | CVE-2016-1335 | Permissions, Privileges, and Access Controls vulnerability in Cisco ASR 5000 Series Software The SSH implementation in Cisco StarOS before 19.3.M0.62771 and 20.x before 20.0.M0.62768 on ASR 5000 devices mishandles a multi-user public-key authentication configuration, which allows remote authenticated users to gain privileges by establishing a connection from an endpoint that was previously used for an administrator's connection, aka Bug ID CSCux22492. | 7.5 |
| 2016-02-12 | CVE-2016-1322 | Permissions, Privileges, and Access Controls vulnerability in Cisco Spark 20150704Base The REST interface in Cisco Spark 2015-07-04 allows remote attackers to bypass intended access restrictions and create arbitrary user accounts via unspecified web requests, aka Bug ID CSCuv72584. | 7.5 |
| 2016-02-12 | CVE-2016-1315 | Improper Access Control vulnerability in Cisco Email Security Appliance Firmeware The proxy engine in Cisco Advanced Malware Protection (AMP), when used with Email Security Appliance (ESA) 9.5.0-201, 9.6.0-051, and 9.7.0-125, allows remote attackers to bypass intended content restrictions via a malformed e-mail message containing an encoded file, aka Bug ID CSCux45338. | 7.5 |
| 2016-02-07 | CVE-2016-1302 | Improper Access Control vulnerability in multiple products Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3h) and 1.1 before 1.1(1j) and Nexus 9000 ACI Mode switches with software before 11.0(3h) and 11.1 before 11.1(1j) allow remote authenticated users to bypass intended RBAC restrictions via crafted REST requests, aka Bug ID CSCut12998. | 8.8 |
| 2016-02-07 | CVE-2016-1301 | Improper Access Control vulnerability in Cisco products The RBAC implementation in Cisco ASA-CX Content-Aware Security software before 9.3.1.1(112) and Cisco Prime Security Manager (PRSM) software before 9.3.1.1(112) allows remote authenticated users to change arbitrary passwords via a crafted HTTP request, aka Bug ID CSCuo94842. | 8.8 |
| 2016-01-30 | CVE-2016-1303 | Improper Input Validation vulnerability in Cisco 500 Series Switch Firmware 1.2.0.92 The web GUI on Cisco Small Business 500 devices 1.2.0.92 allows remote attackers to cause a denial of service via a crafted HTTP request, aka Bug ID CSCul65330. | 7.5 |
| 2016-01-27 | CVE-2015-6421 | Resource Management Errors vulnerability in Cisco Wide Area Application Services cifs-ao in the CIFS optimization functionality on Cisco Wide Area Application Service (WAAS) and Virtual WAAS (vWAAS) devices 5.x before 5.3.5d and 5.4 and 5.5 before 5.5.3 allows remote attackers to cause a denial of service (resource consumption and device reload) via crafted network traffic, aka Bug ID CSCus85330. | 7.5 |
| 2016-01-20 | CVE-2016-1296 | 7PK - Security Features vulnerability in Cisco web Security Appliance 8.5.3055/9.1.0000/9.5.0235 The proxy engine on Cisco Web Security Appliance (WSA) devices with software 8.5.3-055, 9.1.0-000, and 9.5.0-235 allows remote attackers to bypass intended proxy restrictions via a malformed HTTP method, aka Bug ID CSCux00848. | 7.5 |
| 2016-01-15 | CVE-2015-6336 | Credentials Management vulnerability in Cisco Aironet Access Point Software Cisco Aironet 1800 devices with software 7.2, 7.3, 7.4, 8.1(112.3), 8.1(112.4), and 8.1(15.14) have a default account, which makes it easier for remote attackers to obtain access via unspecified vectors, aka Bug ID CSCuw58062. | 7.3 |