Vulnerabilities > Cisco > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-10-06 CVE-2016-6424 Resource Management Errors vulnerability in Cisco Adaptive Security Appliance Software 8.4.7.29/9.1(7)4
The DHCP Relay implementation in Cisco Adaptive Security Appliance (ASA) Software 8.4.7.29 and 9.1.7.4 allows remote attackers to cause a denial of service (interface wedge) via a crafted rate of DHCP packet transmission, aka Bug ID CSCuy66942.
low complexity
cisco CWE-399
6.5
2016-10-06 CVE-2016-1454 Improper Input Validation vulnerability in Cisco Nx-Os
Cisco NX-OS 4.0 through 7.3 and 11.0 through 11.2 on 1000v, 2000, 3000, 3500, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device reload) by leveraging a peer relationship to send a crafted BGP UPDATE message, aka Bug IDs CSCuq77105 and CSCux11417.
network
low complexity
cisco CWE-20
6.5
2016-10-05 CVE-2016-6423 Resource Management Errors vulnerability in Cisco IOS 15.5(3)M
The IKEv2 client and initiator implementations in Cisco IOS 15.5(3)M and IOS XE allow remote IKEv2 servers to cause a denial of service (device reload) via crafted IKEv2 packets, aka Bug ID CSCux97540.
network
low complexity
cisco CWE-399
6.5
2016-10-05 CVE-2016-6421 Resource Management Errors vulnerability in Cisco IOS XR 5.2.2
Cisco IOS XR 5.2.2 allows remote attackers to cause a denial of service (process restart) via a crafted OSPF Link State Advertisement (LSA) update, aka Bug ID CSCvb05643.
network
low complexity
cisco CWE-399
5.3
2016-10-05 CVE-2016-6418 Cross-site Scripting vulnerability in Cisco Videoscape Distribution Suite Service Manager
Cross-site scripting (XSS) vulnerability in Cisco Videoscape Distribution Suite Service Manager (VDS-SM) 3.0 through 3.4.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCva14552.
network
low complexity
cisco CWE-79
6.1
2016-10-05 CVE-2016-6416 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products
The FTP service in Cisco AsyncOS on Email Security Appliance (ESA) devices 9.6.0-000 through 9.9.6-026, Web Security Appliance (WSA) devices 9.0.0-162 through 9.5.0-444, and Content Security Management Appliance (SMA) devices allows remote attackers to cause a denial of service via a flood of FTP traffic, aka Bug IDs CSCuz82907, CSCuz84330, and CSCuz86065.
network
high complexity
cisco CWE-119
5.9
2016-10-05 CVE-2016-6420 Information Exposure vulnerability in Cisco Firesight System Software
Cisco FireSIGHT System Software 4.10.3 through 5.4.0 in Firepower Management Center allows remote authenticated users to bypass authorization checks and gain privileges via a crafted HTTP request, aka Bug ID CSCur25467.
network
low complexity
cisco CWE-200
6.5
2016-09-24 CVE-2016-6412 Improper Input Validation vulnerability in Cisco IOS 15.6(1)T1
The Cisco Application-hosting Framework (CAF) component in Cisco IOS 15.6(1)T1 and IOS XE, when the IOx feature set is enabled, allows man-in-the-middle attackers to trigger arbitrary downloads via crafted HTTP headers, aka Bug ID CSCuz84773.
network
low complexity
cisco CWE-20
6.5
2016-09-24 CVE-2016-6410 Improper Input Validation vulnerability in Cisco IOS 15.5(2)T
The Cisco Application-hosting Framework (CAF) component in Cisco IOS 15.6(1)T1 and IOS XE, when the IOx feature set is enabled, allows remote authenticated users to read arbitrary files via unspecified vectors, aka Bug ID CSCuy19856.
network
low complexity
cisco CWE-20
6.5
2016-09-22 CVE-2014-2146 Improper Input Validation vulnerability in Cisco IOS XE
The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access restrictions via spoofed traffic that matches one of these sessions, aka Bug IDs CSCun94946 and CSCun96847.
network
low complexity
cisco CWE-20
6.5