Vulnerabilities > Cisco > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-12-14 CVE-2016-6473 Injection vulnerability in Cisco IOS
A vulnerability in Cisco IOS on Catalyst Switches and Nexus 9300 Series Switches could allow an unauthenticated, adjacent attacker to cause a Layer 2 network storm.
low complexity
cisco CWE-74
6.5
2016-12-14 CVE-2016-6471 Information Exposure vulnerability in Cisco Firesight System Software 5.4.1.6
A vulnerability in the web-based management interface of Cisco Firepower Management Center running FireSIGHT System software could allow an authenticated, remote attacker to view the Remote Storage Password.
network
low complexity
cisco CWE-200
6.5
2016-12-14 CVE-2016-6465 Improper Input Validation vulnerability in Cisco Email Security Appliance
A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances and Cisco Web Security Appliances could allow an unauthenticated, remote attacker to bypass user filters that are configured for an affected device.
network
low complexity
cisco CWE-20
4.3
2016-12-14 CVE-2016-1411 Cryptographic Issues vulnerability in Cisco products
A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Management Security Appliance (SMA) could allow an unauthenticated, remote attacker to impersonate the update server.
network
high complexity
cisco CWE-310
5.9
2016-11-19 CVE-2016-6472 Cross-site Scripting vulnerability in Cisco Unified Communications Manager 11.5(1.2)
A vulnerability in several parameters of the ccmivr page of Cisco Unified Communication Manager (CallManager) could allow an unauthenticated, remote attacker to launch a cross-site scripting (XSS) attack against a user of the web interface on the affected system.
network
low complexity
cisco CWE-79
6.1
2016-11-19 CVE-2016-6463 Improper Input Validation vulnerability in Cisco Email Security Appliance Firmware 10.0.0082/9.7.0125/9.7.106
A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protection (AMP) filters that are configured for an affected device.
network
low complexity
cisco CWE-20
5.3
2016-11-19 CVE-2016-6462 Improper Input Validation vulnerability in Cisco Email Security Appliance Firmware 10.0.0082/10.0.0125/9.7.106
A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protection (AMP) filters that are configured for an affected device.
network
low complexity
cisco CWE-20
5.3
2016-11-19 CVE-2016-6461 Improper Input Validation vulnerability in Cisco Adaptive Security Appliance Software
A vulnerability in the HTTP web-based management interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to inject arbitrary XML commands on the affected system.
network
high complexity
cisco CWE-20
5.9
2016-11-19 CVE-2016-6459 OS Command Injection vulnerability in Cisco Telepresence TC Software
Cisco TelePresence endpoints running either CE or TC software contain a vulnerability that could allow an authenticated, local attacker to execute a local shell command injection.
local
low complexity
cisco CWE-78
5.5
2016-11-19 CVE-2016-6457 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products
A vulnerability in the Cisco Nexus 9000 Series Platform Leaf Switches for Application Centric Infrastructure (ACI) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the affected device.
low complexity
cisco CWE-119
6.5