Vulnerabilities > Cisco > Medium

DATE CVE VULNERABILITY TITLE RISK
2015-10-30 CVE-2015-6346 Cross-site Scripting vulnerability in Cisco Secure Access Control Server 5.7.0.15
Cross-site scripting (XSS) vulnerability in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
network
cisco CWE-79
4.3
4.3
2015-10-30 CVE-2015-6345 SQL Injection vulnerability in Cisco Secure Access Control Server 5.7.0.15
SQL injection vulnerability in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuw24700.
network
low complexity
cisco CWE-89
6.5
6.5
2015-10-30 CVE-2015-6344 Information Exposure vulnerability in Cisco ASA CX Context-Aware Security Software 9.3.4.1.11
The web-based GUI in Cisco Adaptive Security Appliance (ASA) CX Context-Aware Security 9.3(4.1.11) allows remote authenticated users to bypass intended access restrictions and obtain sensitive user information via an unspecified HTTP request, aka Bug ID CSCuv74105.
network
low complexity
cisco CWE-200
4.0
4.0
2015-10-27 CVE-2015-6340 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco ASR 5000 Software 19.0.M0.60737
The Proxy Mobile IPv6 (PMIPv6) component in the CDMA implementation on Cisco ASR 5000 devices with software 19.0.M0.60737 allows remote attackers to cause a denial of service (hamgr process restart) via a crafted header in a PMIPv6 packet, aka Bug ID CSCuv63280.
network
low complexity
cisco CWE-119
5.0
5.0
2015-10-25 CVE-2015-6341 Permissions, Privileges, and Access Controls vulnerability in Cisco Wireless LAN Controller Software 7.4.140.0/8.0.120.0
The Web Management GUI on Cisco Wireless LAN Controller (WLC) devices with software 7.4(140.0) and 8.0(120.0) allows remote attackers to cause a denial of service (client disconnection) via unspecified vectors, aka Bug ID CSCuw10610.
network
low complexity
cisco CWE-264
5.0
5.0
2015-10-16 CVE-2015-6334 Improper Input Validation vulnerability in Cisco ASR 5000 Software 18.0.0.57828/19.0.M0.61045
Cisco ASR 5000 and 5500 devices with software 18.0.0.57828 and 19.0.M0.61045 allow remote attackers to cause a denial of service (vpnmgr process restart) via a crafted header in a TACACS packet, aka Bug ID CSCuw01984.
network
low complexity
cisco CWE-20
5.0
5.0
2015-10-16 CVE-2015-6333 Permissions, Privileges, and Access Controls vulnerability in Cisco Application Policy Infrastructure Controller 1.1(1J)
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.
local
low complexity
cisco CWE-264
4.6
4.6
2015-10-13 CVE-2015-6332 Resource Management Errors vulnerability in Cisco Prime Infrastructure 2.2
Cisco Prime Infrastructure 2.2 allows remote attackers to cause a denial of service (daemon hang) by sending many SSL renegotiation requests, aka Bug ID CSCuv56830.
network
low complexity
cisco CWE-399
5.0
5.0
2015-10-13 CVE-2015-6328 Information Exposure vulnerability in Cisco Prime Collaboration Assurance 10.5.1
The web framework in Cisco Prime Collaboration Assurance (PCA) 10.5(1) allows remote authenticated users to bypass intended access restrictions and read arbitrary files via a crafted URL, aka Bug ID CSCus88380.
network
low complexity
cisco CWE-200
6.8
6.8
2015-10-12 CVE-2015-6331 SQL Injection vulnerability in Cisco Prime Collaboration Assurance 10.5.1
SQL injection vulnerability in the web framework in Cisco Prime Collaboration Assurance 10.5(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCus39887.
network
low complexity
cisco CWE-89
6.5
6.5