Vulnerabilities > Cisco > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-02-15 CVE-2016-1321 Information Exposure vulnerability in Cisco Universal Small Cell Firmware
Cisco Universal Small Cell devices with firmware R2.12 through R3.5 contain an image-decryption key in flash memory, which allows remote attackers to bypass a certain certificate-validation feature and obtain sensitive firmware-image and IP address data via a request to an unspecified Cisco server, aka Bug ID CSCut98082.
network
low complexity
cisco CWE-200
5.0
5.0
2016-02-12 CVE-2016-1324 Permissions, Privileges, and Access Controls vulnerability in Cisco Spark 201506Base
The REST interface in Cisco Spark 2015-06 allows remote attackers to cause a denial of service (resource outage) by accessing an administrative page, aka Bug ID CSCuv84125.
network
low complexity
cisco CWE-264
5.0
5.0
2016-02-12 CVE-2016-1323 Information Exposure vulnerability in Cisco Spark 201506Base
The REST interface in Cisco Spark 2015-06 allows remote authenticated users to obtain sensitive information via a request for an unspecified file, aka Bug ID CSCuv84048.
network
low complexity
cisco CWE-200
4.0
4.0
2016-02-12 CVE-2016-1322 Permissions, Privileges, and Access Controls vulnerability in Cisco Spark 20150704Base
The REST interface in Cisco Spark 2015-07-04 allows remote attackers to bypass intended access restrictions and create arbitrary user accounts via unspecified web requests, aka Bug ID CSCuv72584.
network
low complexity
cisco CWE-264
5.0
5.0
2016-02-12 CVE-2016-1320 Permissions, Privileges, and Access Controls vulnerability in Cisco Prime Collaboration 11.0.0/9.0.0/9.0.5
The CLI in Cisco Prime Collaboration 9.0 and 11.0 allows local users to execute arbitrary OS commands as root by leveraging administrator privileges, aka Bug ID CSCux69286.
local
low complexity
cisco CWE-264
6.8
6.8
2016-02-12 CVE-2016-1315 Improper Access Control vulnerability in Cisco Email Security Appliance Firmeware
The proxy engine in Cisco Advanced Malware Protection (AMP), when used with Email Security Appliance (ESA) 9.5.0-201, 9.6.0-051, and 9.7.0-125, allows remote attackers to bypass intended content restrictions via a malformed e-mail message containing an encoded file, aka Bug ID CSCux45338.
network
low complexity
cisco CWE-284
5.0
5.0
2016-02-09 CVE-2016-1319 Information Exposure vulnerability in Cisco products
Cisco Unified Communications Manager (aka CallManager) 9.1(2.10000.28), 10.5(2.10000.5), 10.5(2.12901.1), and 11.0(1.10000.10); Unified Communications Manager IM & Presence Service 10.5(2); Unified Contact Center Express 11.0(1); and Unity Connection 10.5(2) store a cleartext encryption key, which allows local users to obtain sensitive information via unspecified vectors, aka Bug ID CSCuv85958.
network
low complexity
cisco CWE-200
5.0
5.0
2016-02-09 CVE-2016-1318 Cross-site Scripting vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module 1.1Base
Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 allows remote attackers to inject arbitrary web script or HTML via crafted markup data, aka Bug ID CSCux15489.
network
cisco CWE-79
4.3
4.3
2016-02-09 CVE-2016-1317 Information Exposure vulnerability in Cisco Unified Communications Manager 11.5(0.98000.480)
Cisco Unified Communications Manager 11.5(0.98000.480) allows remote authenticated users to obtain sensitive database table-name and entity-name information via a direct request to an unspecified URL, aka Bug ID CSCuy11098.
network
low complexity
cisco CWE-200
4.0
4.0
2016-02-09 CVE-2016-1316 Information Exposure vulnerability in Cisco Telepresence Video Communication Server Software
Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7, as used in conjunction with Jabber Guest, allows remote attackers to obtain sensitive call-statistics information via a direct request to an unspecified URL, aka Bug ID CSCux73362.
network
low complexity
cisco CWE-200
5.0
5.0