Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-12-14 | CVE-2015-6410 | Improper Input Validation vulnerability in Cisco Telepresence Video Communication Server Software X8.5 The Mobile and Remote Access (MRA) services implementation in Cisco Unified Communications Manager mishandles edge-device identity validation, which allows remote attackers to bypass intended call-reception and call-setup restrictions by spoofing a user, aka Bug ID CSCuu97283. | 4.0 |
| 2015-12-14 | CVE-2015-6402 | Cross-site Scripting vulnerability in Cisco Epc3928 Docsis 3.0 8X4 Wireless Residential Gateway With Embedded Digital Voice Adapter 5.5.10/5.5.11/5.7.1 Cross-site scripting (XSS) vulnerability in the management interface on Cisco EPC3928 devices with EDVA 5.5.10, 5.5.11, and 5.7.1 allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCux24935. | 4.3 |
| 2015-12-14 | CVE-2015-6378 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Dpq3925 8X4 Docsis 3.0 Wireless Residential Gateway With Embedded Digital Voice Adapter 5.5.2 Cross-site request forgery (CSRF) vulnerability on Cisco DPQ3925 devices with EDVA 5.5.2 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv05943. | 6.8 |
| 2015-12-13 | CVE-2015-6418 | Information Exposure vulnerability in Cisco products The random-number generator on Cisco Small Business RV routers 4.x and SA500 security appliances 2.2.07 does not have sufficient entropy, which makes it easier for remote attackers to determine a TLS key pair via unspecified computations upon handshake key-exchange data, aka Bug ID CSCus15224. | 4.3 |
| 2015-12-13 | CVE-2015-6413 | Permissions, Privileges, and Access Controls vulnerability in Cisco Telepresence Video Communication Server Software X8.6 Cisco TelePresence Video Communication Server (VCS) Expressway X8.6 allows remote authenticated users to bypass intended read-only restrictions and upload Tandberg Linux Package (TLP) files by visiting an administrative page, aka Bug ID CSCuw55651. | 4.0 |
| 2015-12-13 | CVE-2015-6407 | Improper Input Validation vulnerability in Cisco Emergency Responder 10.5(3.10000.9) Cisco Emergency Responder 10.5(3.10000.9) allows remote attackers to upload files to arbitrary locations via a crafted parameter, aka Bug ID CSCuv25501. | 4.0 |
| 2015-12-13 | CVE-2015-6406 | Path Traversal vulnerability in Cisco Emergency Responder 10.5(1.10000.5) Directory traversal vulnerability in the Tools menu in Cisco Emergency Responder 10.5(1.10000.5) allows remote authenticated users to write to arbitrary files via a crafted filename, aka Bug ID CSCuv21781. | 4.0 |
| 2015-12-13 | CVE-2015-6405 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Emergency Responder 10.5(1A) Cross-site request forgery (CSRF) vulnerability in Cisco Emergency Responder 10.5(1) and 10.5(1a) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv26501. | 6.8 |
| 2015-12-13 | CVE-2015-6400 | Cross-site Scripting vulnerability in Cisco Emergency Responder 10.5(1A) Multiple cross-site scripting (XSS) vulnerabilities in Cisco Emergency Responder 10.5(1a) allow remote attackers to inject arbitrary web script or HTML via unspecified fields, aka Bug ID CSCuv25547. | 4.3 |
| 2015-12-13 | CVE-2015-6361 | Improper Input Validation vulnerability in Cisco Dpc3939 Wireless Residential Voice Gateway Firmware 121109Acmcstbase The administrative web interface on Cisco DPC3939 (XB3) devices with firmware 121109aCMCST allows remote authenticated users to execute arbitrary commands via unspecified fields, aka Bug ID CSCuw86170. | 6.5 |