Vulnerabilities > Cisco > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-09-18 CVE-2016-6405 Improper Input Validation vulnerability in Cisco FOG Director 1.0(0)
Cisco Fog Director 1.0(0) for IOx allows remote authenticated users to bypass intended access restrictions and write to arbitrary files via the Cartridge interface, aka Bug ID CSCuz89368.
network
low complexity
cisco CWE-20
6.5
2016-09-18 CVE-2016-6404 Cross-site Scripting vulnerability in Cisco IOS 15.5(2)T
Cross-site scripting (XSS) vulnerability in the web framework in Cisco IOx Local Manager in IOS 15.5(2)T and IOS XE allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy19854.
network
low complexity
cisco CWE-79
6.1
2016-09-18 CVE-2016-6403 Resource Management Errors vulnerability in Cisco IOS
The Data in Motion (DMo) application in Cisco IOS 15.6(1)T and IOS XE, when the IOx feature set is enabled, allows remote attackers to cause a denial of service via a crafted packet, aka Bug IDs CSCuy82904, CSCuy82909, and CSCuy82912.
network
high complexity
cisco CWE-399
5.9
2016-09-18 CVE-2016-1433 Resource Management Errors vulnerability in Cisco IOS XR 6.0.0/6.0.1/6.0Base
Cisco IOS XR 6.0 and 6.0.1 on NCS 6000 devices allows remote attackers to cause a denial of service (OSPFv3 process reload) via crafted OSPFv3 packets, aka Bug ID CSCuz66289.
network
low complexity
cisco CWE-399
5.3
2016-09-17 CVE-2016-6401 Resource Management Errors vulnerability in Cisco Carrier Routing System 5.1.4/5.1Base
Cisco Carrier Routing System (CRS) 5.1 and 5.1.4, as used in CRS Carrier Grade Services for CRS-1 and CRS-3 devices, allows remote attackers to cause a denial of service (line-card reload) via crafted IPv6-over-MPLS packets, aka Bug ID CSCva32494.
high complexity
cisco CWE-399
5.3
2016-09-12 CVE-2016-6398 Information Exposure vulnerability in Cisco IOS 15.5(3)M
The PPTP server in Cisco IOS 15.5(3)M does not properly initialize packet buffers, which allows remote attackers to obtain sensitive information from earlier network communication by reading packet data, aka Bug ID CSCvb16274.
network
low complexity
cisco CWE-200
5.3
2016-09-12 CVE-2016-6396 Improper Input Validation vulnerability in Cisco Firesight System Software
Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1, when certain malware blocking options are enabled, allow remote attackers to bypass malware detection via crafted fields in HTTP headers, aka Bug ID CSCuz44482.
network
low complexity
cisco CWE-20
5.3
2016-09-12 CVE-2016-6395 Cross-site Scripting vulnerability in Cisco Firesight System Software
Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuz58658.
network
low complexity
cisco CWE-79
5.4
2016-09-12 CVE-2016-6370 Path Traversal vulnerability in Cisco Hosted Collaboration Mediation Fulfillment 10.6(1)Base/10.6(2)Base/10.6(3)Base
Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10.6(3) and earlier allows remote authenticated users to read arbitrary files via a crafted pathname in an HTTP request, aka Bug ID CSCuz27255.
network
low complexity
cisco CWE-22
4.3
2016-09-12 CVE-2016-6375 Resource Management Errors vulnerability in Cisco products
Cisco Wireless LAN Controller (WLC) devices before 8.0.140.0, 8.1.x and 8.2.x before 8.2.121.0, and 8.3.x before 8.3.102.0 allow remote attackers to cause a denial of service (device reload) by sending crafted Inter-Access Point Protocol (IAPP) packets and then sending a traffic stream metrics (TSM) information request over SNMP, aka Bug ID CSCuz40221.
high complexity
cisco CWE-399
5.3