Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-12-14 | CVE-2016-9210 | Path Traversal vulnerability in Cisco Unified Communications Manager 11.5(1.11007.2) A vulnerability in the Cisco Unified Reporting upload tool accessed via the Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to modify arbitrary files on the file system. | 5.0 |
| 2016-12-14 | CVE-2016-9209 | 7PK - Security Features vulnerability in Cisco Firepower Services for Adaptive Security Appliance A vulnerability in TCP processing in Cisco FirePOWER system software could allow an unauthenticated, remote attacker to download files that would normally be blocked. | 4.3 |
| 2016-12-14 | CVE-2016-9208 | Path Traversal vulnerability in Cisco Emergency Responder 11.5(2.10000.5) A vulnerability in the File Management Utility, the Download File form, and the Serviceability application of Cisco Emergency Responder could allow an authenticated, remote attacker to access files in arbitrary locations on the file system of an affected device. | 4.0 |
| 2016-12-14 | CVE-2016-9207 | Improper Input Validation vulnerability in Cisco Expressway X8.7.2/X8.8.3 A vulnerability in the HTTP traffic server component of Cisco Expressway could allow an unauthenticated, remote attacker to initiate TCP connections to arbitrary hosts. | 6.4 |
| 2016-12-14 | CVE-2016-9206 | Cross-site Scripting vulnerability in Cisco Unified Communications Manager 11.5(1.10000.6) A vulnerability in the ccmadmin page of Cisco Unified Communications Manager (CUCM) could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks. | 4.3 |
| 2016-12-14 | CVE-2016-9205 | Resource Management Errors vulnerability in Cisco IOS XR 6.1.1 A vulnerability in the HTTP 2.0 request handling code of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon (emsd) to crash, resulting in a denial of service (DoS) condition. | 5.0 |
| 2016-12-14 | CVE-2016-9204 | Credentials Management vulnerability in Cisco Nexus 1000V Intercloud Firmware 2.2(1) A vulnerability in the Cisco Intercloud Fabric (ICF) Director could allow an unauthenticated, remote attacker to connect to internal services with an internal account. | 6.4 |
| 2016-12-14 | CVE-2016-9203 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco ASR 5000 Series Software 20.0.2.3.65026 A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco ASR 5000 Series Software could allow an unauthenticated, remote attacker to cause a reload of the ipsecmgr process. | 5.0 |
| 2016-12-14 | CVE-2016-9202 | Cross-site Scripting vulnerability in Cisco Email Security Appliance A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) Switches could allow an unauthenticated, remote attacker to conduct a persistent cross-site scripting (XSS) attack against a user of the affected interface on an affected device. | 4.3 |
| 2016-12-14 | CVE-2016-9201 | Improper Input Validation vulnerability in Cisco IOS 15.3(3)M3 A vulnerability in the Zone-Based Firewall feature of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to pass traffic that should otherwise have been dropped based on the configuration. | 5.0 |