Vulnerabilities > Cisco > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-12-14 CVE-2016-9204 Credentials Management vulnerability in Cisco Nexus 1000V Intercloud Firmware 2.2(1)
A vulnerability in the Cisco Intercloud Fabric (ICF) Director could allow an unauthenticated, remote attacker to connect to internal services with an internal account.
network
low complexity
cisco CWE-255
6.4
2016-12-14 CVE-2016-9203 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco ASR 5000 Series Software 20.0.2.3.65026
A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco ASR 5000 Series Software could allow an unauthenticated, remote attacker to cause a reload of the ipsecmgr process.
network
low complexity
cisco CWE-119
5.0
2016-12-14 CVE-2016-9202 Cross-site Scripting vulnerability in Cisco Email Security Appliance
A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) Switches could allow an unauthenticated, remote attacker to conduct a persistent cross-site scripting (XSS) attack against a user of the affected interface on an affected device.
network
cisco CWE-79
4.3
2016-12-14 CVE-2016-9201 Improper Input Validation vulnerability in Cisco IOS 15.3(3)M3
A vulnerability in the Zone-Based Firewall feature of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to pass traffic that should otherwise have been dropped based on the configuration.
network
low complexity
cisco CWE-20
5.0
2016-12-14 CVE-2016-9200 Cross-site Scripting vulnerability in Cisco Prime Collaboration Assurance 10.5.1/10.6.0
A vulnerability in the web framework code of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface.
network
cisco CWE-79
4.3
2016-12-14 CVE-2016-9199 Path Traversal vulnerability in Cisco IOX 1.1.0
A vulnerability in the Cisco application-hosting framework (CAF) of Cisco IOx could allow an authenticated, remote attacker to read arbitrary files on a targeted system.
network
low complexity
cisco CWE-22
6.8
2016-12-14 CVE-2016-9198 Resource Management Errors vulnerability in Cisco Identity Services Engine 1.2(1.199)
A vulnerability in the Active Directory integration component of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform a denial of service (DoS) attack.
network
low complexity
cisco CWE-399
5.0
2016-12-14 CVE-2016-9193 Improper Input Validation vulnerability in Cisco products
A vulnerability in the malicious file detection and blocking features of Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system.
network
low complexity
cisco CWE-20
5.0
2016-12-14 CVE-2016-6474 Improper Authentication vulnerability in Cisco IOS 15.5(2.25)T
A vulnerability in the implementation of X.509 Version 3 for SSH authentication functionality in Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication on an affected system.
network
cisco CWE-287
5.8
2016-12-14 CVE-2016-6473 Injection vulnerability in Cisco IOS
A vulnerability in Cisco IOS on Catalyst Switches and Nexus 9300 Series Switches could allow an unauthenticated, adjacent attacker to cause a Layer 2 network storm.
low complexity
cisco CWE-74
6.1