Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-12-26 | CVE-2016-9217 | Improper Authorization vulnerability in Cisco Intercloud Fabric 2.2.1Base/2.3.1Base/3.1.1Base A vulnerability in Cisco Intercloud Fabric for Business and Cisco Intercloud Fabric for Providers could allow an unauthenticated, remote attacker to connect to the database used by these products. | 6.5 |
| 2016-12-14 | CVE-2016-9214 | Cross-site Scripting vulnerability in Cisco Identity Services Engine Software 2.0(1.130) Cisco Identity Services Engine (ISE) contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. | 4.3 |
| 2016-12-14 | CVE-2016-9212 | Improper Input Validation vulnerability in Cisco web Security Appliance 9.0.1162/9.1.1074 A vulnerability in the Decrypt for End-User Notification configuration parameter of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to connect to a secure website over Secure Sockets Layer (SSL) or Transport Layer Security (TLS), even if the WSA is configured to block connections to the website. | 5.0 |
| 2016-12-14 | CVE-2016-9211 | Improper Input Validation vulnerability in Cisco ONS 15454 SDH Multiservice Platform Software 10.51.0 A vulnerability in TCP port management in Cisco ONS 15454 Series Multiservice Provisioning Platforms could allow an unauthenticated, remote attacker to cause the controller card to unexpectedly reload. | 5.0 |
| 2016-12-14 | CVE-2016-9210 | Path Traversal vulnerability in Cisco Unified Communications Manager 11.5(1.11007.2) A vulnerability in the Cisco Unified Reporting upload tool accessed via the Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to modify arbitrary files on the file system. | 5.0 |
| 2016-12-14 | CVE-2016-9209 | 7PK - Security Features vulnerability in Cisco Firepower Services for Adaptive Security Appliance A vulnerability in TCP processing in Cisco FirePOWER system software could allow an unauthenticated, remote attacker to download files that would normally be blocked. | 4.3 |
| 2016-12-14 | CVE-2016-9208 | Path Traversal vulnerability in Cisco Emergency Responder 11.5(2.10000.5) A vulnerability in the File Management Utility, the Download File form, and the Serviceability application of Cisco Emergency Responder could allow an authenticated, remote attacker to access files in arbitrary locations on the file system of an affected device. | 4.0 |
| 2016-12-14 | CVE-2016-9207 | Improper Input Validation vulnerability in Cisco Expressway X8.7.2/X8.8.3 A vulnerability in the HTTP traffic server component of Cisco Expressway could allow an unauthenticated, remote attacker to initiate TCP connections to arbitrary hosts. | 6.4 |
| 2016-12-14 | CVE-2016-9206 | Cross-site Scripting vulnerability in Cisco Unified Communications Manager 11.5(1.10000.6) A vulnerability in the ccmadmin page of Cisco Unified Communications Manager (CUCM) could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks. | 4.3 |
| 2016-12-14 | CVE-2016-9205 | Resource Management Errors vulnerability in Cisco IOS XR 6.1.1 A vulnerability in the HTTP 2.0 request handling code of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon (emsd) to crash, resulting in a denial of service (DoS) condition. | 5.0 |