Vulnerabilities > Cisco > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-10-06 CVE-2016-6427 Cross-Site Request Forgery (CSRF) vulnerability in Cisco products
Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuy75036 and CSCuy81654.
network
cisco CWE-352
6.8
6.8
2016-10-06 CVE-2016-6425 Cross-site Scripting vulnerability in Cisco products
Cross-site scripting (XSS) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCuy75020 and CSCuy81652.
network
cisco CWE-79
4.3
4.3
2016-10-06 CVE-2016-6424 Resource Management Errors vulnerability in Cisco Adaptive Security Appliance Software 8.4.7.29/9.1(7)4
The DHCP Relay implementation in Cisco Adaptive Security Appliance (ASA) Software 8.4.7.29 and 9.1.7.4 allows remote attackers to cause a denial of service (interface wedge) via a crafted rate of DHCP packet transmission, aka Bug ID CSCuy66942.
low complexity
cisco CWE-399
6.5
6.5
2016-10-06 CVE-2016-6422 Improper Input Validation vulnerability in Cisco IOS 12.2(33)Sxj9
Cisco IOS 12.2(33)SXJ9 on Supervisor Engine 32 and 720 modules for 6500 and 7600 devices mishandles certain operators, flags, and keywords in TCAM share ACLs, which allows remote attackers to bypass intended access restrictions by sending packets that should have been recognized by a filter, aka Bug ID CSCuy64806.
network
cisco CWE-20
4.3
4.3
2016-10-05 CVE-2016-6426 Improper Input Validation vulnerability in Cisco products
The j_spring_security_switch_user function in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to create user accounts by visiting an unspecified web page, aka Bug IDs CSCuy75027 and CSCuy81653.
network
cisco CWE-20
4.3
4.3
2016-10-05 CVE-2016-6423 Resource Management Errors vulnerability in Cisco IOS 15.5(3)M
The IKEv2 client and initiator implementations in Cisco IOS 15.5(3)M and IOS XE allow remote IKEv2 servers to cause a denial of service (device reload) via crafted IKEv2 packets, aka Bug ID CSCux97540.
network
cisco CWE-399
6.3
6.3
2016-10-05 CVE-2016-6421 Resource Management Errors vulnerability in Cisco IOS XR 5.2.2
Cisco IOS XR 5.2.2 allows remote attackers to cause a denial of service (process restart) via a crafted OSPF Link State Advertisement (LSA) update, aka Bug ID CSCvb05643.
network
low complexity
cisco CWE-399
5.0
5.0
2016-10-05 CVE-2016-1455 Information Exposure vulnerability in Cisco Nx-Os
Cisco NX-OS before 7.0(3)I2(2e) and 7.0(3)I4 before 7.0(3)I4(1) has an incorrect iptables local-interface configuration, which allows remote attackers to obtain sensitive information via TCP or UDP traffic, aka Bug ID CSCuz05365.
network
low complexity
cisco CWE-200
5.0
5.0
2016-10-05 CVE-2016-6418 Cross-site Scripting vulnerability in Cisco Videoscape Distribution Suite Service Manager
Cross-site scripting (XSS) vulnerability in Cisco Videoscape Distribution Suite Service Manager (VDS-SM) 3.0 through 3.4.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCva14552.
network
cisco CWE-79
4.3
4.3
2016-10-05 CVE-2016-6417 Cross-Site Request Forgery (CSRF) vulnerability in Cisco Firesight System Software
Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT System Software 4.10.2 through 6.1.0 and Firepower Management Center allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCva21636.
network
cisco CWE-352
6.8
6.8