Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-11-19 | CVE-2015-6368 | Information Exposure vulnerability in Cisco Firepower Extensible Operating System 1.1(1.160) Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote attackers to read files via a crafted HTTP request, aka Bug ID CSCux10608. | 5.0 |
| 2015-11-18 | CVE-2015-6373 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Firepower Extensible Operating System 1.1(1.160) Cross-site request forgery (CSRF) vulnerability in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCux10611. | 6.8 |
| 2015-11-18 | CVE-2015-6372 | Cross-site Scripting vulnerability in Cisco Firepower Extensible Operating System 1.1(1.160) Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCux10614. | 4.3 |
| 2015-11-18 | CVE-2015-6357 | Improper Input Validation vulnerability in Cisco Firesight System Software The rule-update feature in Cisco FireSIGHT Management Center (MC) 5.2 through 5.4.0.1 does not verify the X.509 certificate of the support.sourcefire.com SSL server, which allows man-in-the-middle attackers to spoof this server and provide an invalid package, and consequently execute arbitrary code, via a crafted certificate, aka Bug ID CSCuw06444. | 6.8 |
| 2015-11-18 | CVE-2015-6330 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Prime Collaboration Assurance 10.5.1/10.6.0 Cross-site request forgery (CSRF) vulnerability in Cisco Prime Collaboration Assurance 10.5(1) and 10.6 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus62712. | 6.8 |
| 2015-11-14 | CVE-2015-6365 | Improper Input Validation vulnerability in Cisco IOS 15.2(4)M/15.4(3)M Cisco IOS 15.2(04)M and 15.4(03)M lets physical-interface ACLs supersede virtual PPP interface ACLs, which allows remote authenticated users to bypass intended network-traffic restrictions in opportunistic circumstances by using PPP, aka Bug ID CSCur61303. | 4.0 |
| 2015-11-14 | CVE-2015-6364 | Information Exposure vulnerability in Cisco Videoscape Distribution Suite Service Manager 3.0.0/3.1.0/3.2.0 Cisco Content Delivery System Manager Software 3.2 on Videoscape Distribution Suite Service Manager allows remote attackers to obtain sensitive information via crafted URLs in REST API requests, aka Bug ID CSCuv86960. | 5.0 |
| 2015-11-13 | CVE-2015-6366 | Improper Access Control vulnerability in Cisco IOS 15.2(4)M6/15.4(3)S Cisco IOS 15.2(04)M6 and 15.4(03)S lets physical-interface ACLs supersede tunnel-interface ACLs, which allows remote attackers to bypass intended network-traffic restrictions in opportunistic circumstances by using a tunnel, aka Bug ID CSCur01042. | 5.0 |
| 2015-11-10 | CVE-2015-6362 | Permissions, Privileges, and Access Controls vulnerability in Cisco Connected Grid Network Management System 3.0(0.35)/3.0(0.54) The web GUI in Cisco Connected Grid Network Management System (CG-NMS) 3.0(0.35) and 3.0(0.54) allows remote authenticated users to bypass intended access restrictions and modify the configuration by leveraging the Monitor-Only role, aka Bug ID CSCuw42640. | 4.0 |
| 2015-11-06 | CVE-2015-6316 | Credentials Management vulnerability in Cisco Mobility Services Engine The default configuration of sshd_config in Cisco Mobility Services Engine (MSE) through 8.0.120.7 allows logins by the oracle account, which makes it easier for remote attackers to obtain access by entering this account's hardcoded password in an SSH session, aka Bug ID CSCuv40501. | 6.5 |