Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-09-14 | CVE-2015-6286 | Resource Management Errors vulnerability in Cisco Application Visibility and Control 15.3(3)Ja Cisco Application Visibility and Control (AVC) 15.3(3)JA, when FlexConnect is enabled, allows remote attackers to cause a denial of service (access-point outage) via a crafted UDP packet, aka Bug ID CSCuu47016. | 5.7 |
| 2015-09-14 | CVE-2015-6285 | Use of Externally-Controlled Format String vulnerability in Cisco Email Security Appliance 7.6.0/8.0.0 Format string vulnerability in Cisco Email Security Appliance (ESA) 7.6.0 and 8.0.0 allows remote attackers to cause a denial of service (memory overwrite or service outage) via format string specifiers in an HTTP request, aka Bug ID CSCug21497. | 6.4 |
| 2015-09-05 | CVE-2015-6276 | Information Exposure vulnerability in Cisco Telepresence System Software IX 8.0.3 Cisco TelePresence IX5000 8.0.3 stores a private key associated with an X.509 certificate under the web root with insufficient access control, which allows remote attackers to obtain cleartext versions of HTTPS traffic or spoof devices via a direct request to the certificate directory, aka Bug ID CSCuu63501. | 5.0 |
| 2015-09-02 | CVE-2015-6277 | Resource Management Errors vulnerability in Cisco products The ARP implementation in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 5.2(1)SV3(1.4), Nexus 3000 devices 7.3(0)ZD(0.47), Nexus 4000 devices 4.1(2)E1, Nexus 9000 devices 7.3(0)ZD(0.61), and MDS 9000 devices 7.0(0)HSK(0.353) and SAN-OS NX-OS on MDS 9000 devices 7.0(0)HSK(0.353) allows remote attackers to cause a denial of service (ARP process restart) via crafted packet-header fields, aka Bug ID CSCut25292. | 6.1 |
| 2015-09-02 | CVE-2015-6274 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco ASR 1000 Series Software 15.5(3)S The IPv4 implementation on Cisco ASR 1000 devices with software 15.5(3)S allows remote attackers to cause a denial of service (ESP QFP CPU consumption) by triggering packet fragmentation and reassembly, aka Bug ID CSCuv71273. | 5.0 |
| 2015-09-02 | CVE-2015-4330 | OS Command Injection vulnerability in Cisco Telepresence Video Communication Server Software X8.5.2 A local file script in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to gain privileges for OS command execution via invalid parameters, aka Bug ID CSCuv10556. | 6.9 |
| 2015-08-28 | CVE-2015-6266 | Improper Authentication vulnerability in Cisco Identity Services Engine Software 1.2(0.899) The guest portal in Cisco Identity Services Engine (ISE) 3300 1.2(0.899) does not restrict access to uploaded HTML documents, which allows remote attackers to obtain sensitive information from customized documents via a direct request, aka Bug ID CSCuo78045. | 5.0 |
| 2015-08-27 | CVE-2015-6265 | Permissions, Privileges, and Access Controls vulnerability in Cisco Application Control Engine 4700 The CLI in Cisco Application Control Engine (ACE) 4700 A5 3.0 and earlier allows local users to bypass intended access restrictions, and read or write to files, by entering an unspecified CLI command with a crafted file as this command's input, aka Bug ID CSCur23662. | 4.3 |
| 2015-08-26 | CVE-2015-6261 | Information Exposure vulnerability in Cisco Telepresence Video Communication Server Software X8.5.2 Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote authenticated users to bypass intended access restrictions and read configuration files by leveraging the Mobile and Remote Access (MRA) role and establishing a TFTP session, aka Bug ID CSCuv78531. | 4.0 |
| 2015-08-25 | CVE-2015-6262 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Prime Infrastructure 1.2.0.103/2.0 Cross-site request forgery (CSRF) vulnerability in Cisco Prime Infrastructure 1.2(0.103) and 2.0(0.0) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCum49054 and CSCum49059. | 6.8 |