Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-10-27 | CVE-2016-6445 | Improper Input Validation vulnerability in Cisco Meeting Server A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of the Cisco Meeting Server (CMS) before 2.0.6 and Acano Server before 1.8.18 and 1.9.x before 1.9.6 could allow an unauthenticated, remote attacker to masquerade as a legitimate user. | 6.4 |
| 2016-10-27 | CVE-2016-6444 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Meeting Server A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a Web Bridge user. | 6.8 |
| 2016-10-27 | CVE-2016-6443 | SQL Injection vulnerability in Cisco products A vulnerability in the Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL database interface could allow an authenticated, remote attacker to impact system confidentiality by executing a subset of arbitrary SQL queries that can cause product instability. | 6.5 |
| 2016-10-27 | CVE-2016-6442 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Finesse 11.0(1)Base A vulnerability in Cisco Finesse Agent and Supervisor Desktop Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against the user of the web interface. | 6.8 |
| 2016-10-27 | CVE-2016-6440 | Improper Input Validation vulnerability in Cisco Unified Communications Manager 11.5(0.99838.4) The Cisco Unified Communications Manager (CUCM) may be vulnerable to data that can be displayed inside an iframe within a web page, which in turn could lead to a clickjacking attack. | 4.3 |
| 2016-10-27 | CVE-2016-6439 | Resource Management Errors vulnerability in Cisco Firepower Management Center A vulnerability in the detection engine reassembly of HTTP packets for Cisco Firepower System Software before 6.0.1 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the Snort process unexpectedly restarting. | 4.3 |
| 2016-10-27 | CVE-2016-6438 | Permissions, Privileges, and Access Controls vulnerability in Cisco IOS XE A vulnerability in Cisco IOS XE Software running on Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause a configuration integrity change to the vty line configuration on an affected device. | 4.3 |
| 2016-10-06 | CVE-2016-6436 | Cross-site Scripting vulnerability in Cisco Hostscan Engine Cross-site scripting (XSS) vulnerability in HostScan Engine 3.0.08062 through 3.1.14018 in the Cisco Host Scan package, as used in ASA Web VPN, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuz14682. | 4.3 |
| 2016-10-06 | CVE-2016-6435 | Information Exposure vulnerability in Cisco Firepower Management Center 6.0.1 The web console in Cisco Firepower Management Center 6.0.1 allows remote authenticated users to read arbitrary files via crafted parameters, aka Bug ID CSCva30376. | 4.0 |
| 2016-10-06 | CVE-2016-6434 | Improper Authentication vulnerability in Cisco Firepower Management Center 6.0.1 Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users to obtain sensitive information by leveraging CLI access, aka Bug ID CSCva30370. | 4.6 |