Vulnerabilities > Cisco > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-06-19 CVE-2016-1397 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products
Buffer overflow in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote authenticated users to cause a denial of service (device reload) via crafted configuration commands in an HTTP request, aka Bug ID CSCux82523.
network
low complexity
cisco CWE-119
6.5
6.5
2016-06-19 CVE-2016-1396 Cross-site Scripting vulnerability in Cisco products
Cross-site scripting (XSS) vulnerability in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCux82583.
network
low complexity
cisco CWE-79
6.1
6.1
2016-06-18 CVE-2016-1432 Resource Management Errors vulnerability in Cisco IOS XE 3.15.0S/3.15.1S/3.16.0S
Cisco IOS XE 3.15S and 3.16S on cBR-8 Converged Broadband Router devices allows remote authenticated users to cause a denial of service (NULL pointer dereference and card restart) via a crafted SNMP request, aka Bug ID CSCuu68862.
network
low complexity
cisco CWE-399
6.5
6.5
2016-06-18 CVE-2016-1431 Cross-site Scripting vulnerability in Cisco Secure Firewall Management Center
Cross-site scripting (XSS) vulnerability in Cisco Firepower Management Center 4.10.3, 5.2.0, 5.3.0, 5.3.1, and 5.4.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCur25516.
network
low complexity
cisco CWE-79
6.1
6.1
2016-06-03 CVE-2016-1370 Improper Input Validation vulnerability in Cisco Network Analysis Module Software 4.0.0/4.1.0
Cisco Prime Network Analysis Module (NAM) before 6.2(1-b) miscalculates IPv6 payload lengths, which allows remote attackers to cause a denial of service (mond process crash and monitoring outage) via crafted IPv6 packets, aka Bug ID CSCuy37324.
network
low complexity
cisco CWE-20
5.3
5.3
2016-05-28 CVE-2016-1413 Code Injection vulnerability in Cisco Secure Firewall Management Center
The web interface in Cisco Firepower Management Center 5.4.0 through 6.0.0.1 allows remote authenticated users to modify pages by placing crafted code in a parameter value, aka Bug ID CSCuy76517.
network
low complexity
cisco CWE-94
6.5
6.5
2016-05-28 CVE-2016-1379 Resource Management Errors vulnerability in Cisco Adaptive Security Appliance Software
Cisco Adaptive Security Appliance (ASA) Software 9.0 through 9.5.1 mishandles IPsec error processing, which allows remote authenticated users to cause a denial of service (memory consumption) via crafted (1) LAN-to-LAN or (2) Remote Access VPN tunnel packets, aka Bug ID CSCuv70576.
network
low complexity
cisco CWE-399
6.5
6.5
2016-05-26 CVE-2016-1385 Resource Management Errors vulnerability in Cisco Adaptive Security Appliance Software
The XML parser in Cisco Adaptive Security Appliance (ASA) Software through 9.5.2 allows remote authenticated users to cause a denial of service (instability, memory consumption, or device reload) by leveraging (1) administrative access or (2) Clientless SSL VPN access to provide a crafted XML document, aka Bug ID CSCut14209.
network
low complexity
cisco CWE-399
6.5
6.5
2016-05-21 CVE-2016-1401 Cross-site Scripting vulnerability in Cisco Unified Computing System Central Software 1.4(1A)
Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Computing System (UCS) Central Software 1.4(1a) allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuy91250.
network
low complexity
cisco CWE-79
6.1
6.1
2016-04-14 CVE-2016-1378 Information Exposure vulnerability in Cisco IOS
Cisco IOS before 15.2(2)E1 on Catalyst switches allows remote attackers to obtain potentially sensitive software-version information via a request to the Network Mobility Services Protocol (NMSP) port, aka Bug ID CSCum62591.
network
low complexity
cisco CWE-200
5.3
5.3