Vulnerabilities > Cisco > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-02-17 CVE-2016-1334 Improper Input Validation vulnerability in Cisco Small Business Wireless Access Points Firmware 1.0.4.4
Cisco Small Business 500 Wireless Access Point devices with firmware 1.0.4.4 allow remote attackers to set the system time via a crafted POST request, aka Bug ID CSCuy01457.
network
low complexity
cisco CWE-20
5.3
2016-02-17 CVE-2016-1333 Resource Management Errors vulnerability in Cisco IOS 15.5(3)M/15.6(1)T0A
Cisco IOS 15.5(3)M and 15.6(1)T0a on Cisco 1000 Connected Grid routers allows remote authenticated users to cause a denial of service (device reload) via an SNMP request for unspecified BRIDGE MIB OIDs, aka Bug ID CSCux89878.
network
low complexity
cisco CWE-399
6.5
2016-02-15 CVE-2016-1321 Information Exposure vulnerability in Cisco Universal Small Cell Firmware
Cisco Universal Small Cell devices with firmware R2.12 through R3.5 contain an image-decryption key in flash memory, which allows remote attackers to bypass a certain certificate-validation feature and obtain sensitive firmware-image and IP address data via a request to an unspecified Cisco server, aka Bug ID CSCut98082.
network
low complexity
cisco CWE-200
5.8
2016-02-12 CVE-2016-1324 Permissions, Privileges, and Access Controls vulnerability in Cisco Spark 201506Base
The REST interface in Cisco Spark 2015-06 allows remote attackers to cause a denial of service (resource outage) by accessing an administrative page, aka Bug ID CSCuv84125.
network
low complexity
cisco CWE-264
5.3
2016-02-12 CVE-2016-1323 Information Exposure vulnerability in Cisco Spark 201506Base
The REST interface in Cisco Spark 2015-06 allows remote authenticated users to obtain sensitive information via a request for an unspecified file, aka Bug ID CSCuv84048.
network
low complexity
cisco CWE-200
4.3
2016-02-12 CVE-2016-1320 OS Command Injection vulnerability in Cisco Prime Collaboration 11.0.0/9.0.0/9.0.5
The CLI in Cisco Prime Collaboration 9.0 and 11.0 allows local users to execute arbitrary OS commands as root by leveraging administrator privileges, aka Bug ID CSCux69286.
local
low complexity
cisco CWE-78
6.7
2016-02-09 CVE-2016-1318 Cross-site Scripting vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module 1.1Base
Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 allows remote attackers to inject arbitrary web script or HTML via crafted markup data, aka Bug ID CSCux15489.
network
low complexity
cisco CWE-79
6.1
2016-02-09 CVE-2016-1316 Information Exposure vulnerability in Cisco Telepresence Video Communication Server Software
Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7, as used in conjunction with Jabber Guest, allows remote attackers to obtain sensitive call-statistics information via a direct request to an unspecified URL, aka Bug ID CSCux73362.
network
low complexity
cisco CWE-200
5.3
2016-02-07 CVE-2016-1309 Cross-site Scripting vulnerability in Cisco Webex Meetings Server 2.5.1.5
Multiple cross-site scripting (XSS) vulnerabilities in Cisco WebEx Meetings Server 2.5.1.5 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuy01843.
network
low complexity
cisco CWE-79
6.1
2016-02-07 CVE-2016-1305 Cross-site Scripting vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module 1.1Base
Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML entities, aka Bug ID CSCux15511.
network
low complexity
cisco CWE-79
6.1