Vulnerabilities > Cisco > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-12-26 CVE-2016-9224 Improper Input Validation vulnerability in Cisco Jabber Guest
A vulnerability in the Cisco Jabber Guest Server could allow an unauthenticated, remote attacker to initiate connections to arbitrary hosts.
network
low complexity
cisco CWE-20
6.5
2016-12-14 CVE-2016-9214 Cross-site Scripting vulnerability in Cisco Identity Services Engine Software 2.0(1.130)
Cisco Identity Services Engine (ISE) contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system.
network
low complexity
cisco CWE-79
6.1
2016-12-14 CVE-2016-9209 7PK - Security Features vulnerability in Cisco Firepower Services for Adaptive Security Appliance
A vulnerability in TCP processing in Cisco FirePOWER system software could allow an unauthenticated, remote attacker to download files that would normally be blocked.
network
low complexity
cisco CWE-254
4.3
2016-12-14 CVE-2016-9208 Path Traversal vulnerability in Cisco Emergency Responder 11.5(2.10000.5)
A vulnerability in the File Management Utility, the Download File form, and the Serviceability application of Cisco Emergency Responder could allow an authenticated, remote attacker to access files in arbitrary locations on the file system of an affected device.
network
low complexity
cisco CWE-22
6.5
2016-12-14 CVE-2016-9207 7PK - Security Features vulnerability in Cisco Expressway X8.7.2/X8.8.3
A vulnerability in the HTTP traffic server component of Cisco Expressway could allow an unauthenticated, remote attacker to initiate TCP connections to arbitrary hosts.
network
low complexity
cisco CWE-254
6.5
2016-12-14 CVE-2016-9206 Cross-site Scripting vulnerability in Cisco Unified Communications Manager 11.5(1.10000.6)
A vulnerability in the ccmadmin page of Cisco Unified Communications Manager (CUCM) could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks.
network
low complexity
cisco CWE-79
6.1
2016-12-14 CVE-2016-9204 Credentials Management vulnerability in Cisco Nexus 1000V Intercloud Firmware 2.2(1)
A vulnerability in the Cisco Intercloud Fabric (ICF) Director could allow an unauthenticated, remote attacker to connect to internal services with an internal account.
network
low complexity
cisco CWE-255
6.5
2016-12-14 CVE-2016-9202 Cross-site Scripting vulnerability in Cisco Email Security Appliance
A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) Switches could allow an unauthenticated, remote attacker to conduct a persistent cross-site scripting (XSS) attack against a user of the affected interface on an affected device.
network
low complexity
cisco CWE-79
6.1
2016-12-14 CVE-2016-9200 Cross-site Scripting vulnerability in Cisco Prime Collaboration Assurance 10.5.1/10.6.0
A vulnerability in the web framework code of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface.
network
low complexity
cisco CWE-79
6.1
2016-12-14 CVE-2016-9199 Path Traversal vulnerability in Cisco IOX 1.1.0
A vulnerability in the Cisco application-hosting framework (CAF) of Cisco IOx could allow an authenticated, remote attacker to read arbitrary files on a targeted system.
network
low complexity
cisco CWE-22
6.5