Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-12-14 | CVE-2016-6465 | Improper Input Validation vulnerability in Cisco Email Security Appliance A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances and Cisco Web Security Appliances could allow an unauthenticated, remote attacker to bypass user filters that are configured for an affected device. | 4.3 |
| 2016-12-14 | CVE-2016-6464 | Information Exposure vulnerability in Cisco Unified Communications Manager IM and Presence Service A vulnerability in the web management interface of the Cisco Unified Communications Manager IM and Presence Service could allow an unauthenticated, remote attacker to view information on web pages that should be restricted. | 5.0 |
| 2016-12-14 | CVE-2016-6449 | Permissions, Privileges, and Access Controls vulnerability in Cisco Fireamp Connector Endpoint Software 4.4.0/4.4.2.10200 A vulnerability in the system management of certain FireAMP system processes in Cisco FireAMP Connector Endpoint software could allow an authenticated, local attacker to stop certain protected FireAMP processes without requiring a password. | 4.6 |
| 2016-12-14 | CVE-2016-1411 | Cryptographic Issues vulnerability in Cisco products A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Management Security Appliance (SMA) could allow an unauthenticated, remote attacker to impersonate the update server. | 4.3 |
| 2016-11-19 | CVE-2016-6472 | Cross-site Scripting vulnerability in Cisco Unified Communications Manager 11.5(1.2) A vulnerability in several parameters of the ccmivr page of Cisco Unified Communication Manager (CallManager) could allow an unauthenticated, remote attacker to launch a cross-site scripting (XSS) attack against a user of the web interface on the affected system. | 4.3 |
| 2016-11-19 | CVE-2016-6466 | Resource Management Errors vulnerability in Cisco ASR 5000 Series Software and Virtualized Packet Core A vulnerability in the IPsec component of StarOS for Cisco ASR 5000 Series routers could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from establishing, resulting in a denial of service (DoS) condition. | 5.0 |
| 2016-11-19 | CVE-2016-6463 | Improper Input Validation vulnerability in Cisco Email Security Appliance Firmware 10.0.0082/9.7.0125/9.7.106 A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protection (AMP) filters that are configured for an affected device. | 5.0 |
| 2016-11-19 | CVE-2016-6462 | Improper Input Validation vulnerability in Cisco Email Security Appliance Firmware 10.0.0082/10.0.0125/9.7.106 A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protection (AMP) filters that are configured for an affected device. | 5.0 |
| 2016-11-19 | CVE-2016-6461 | Improper Input Validation vulnerability in Cisco Adaptive Security Appliance Software A vulnerability in the HTTP web-based management interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to inject arbitrary XML commands on the affected system. | 5.9 |
| 2016-11-19 | CVE-2016-6460 | 7PK - Security Features vulnerability in Cisco Firesight System Software A vulnerability in the FTP Representational State Transfer Application Programming Interface (REST API) for Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass FTP malware detection rules and download malware over an FTP connection. | 5.0 |