Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-09-28 | CVE-2015-6307 | Resource Management Errors vulnerability in Cisco Firepower 5.4.0.1 Cisco FirePOWER (formerly Sourcefire) 7000 and 8000 devices with software 5.4.0.1 allow remote attackers to cause a denial of service (inspection-engine outage) via crafted packets, aka Bug ID CSCuu10871. | 6.1 |
| 2015-09-26 | CVE-2015-6302 | Resource Management Errors vulnerability in Cisco Wireless LAN Controller Software 7.0.250.0/7.0.252.0 The RADIUS functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.0(250.0) and 7.0(252.0) allows remote attackers to disconnect arbitrary sessions via crafted Disconnect-Request UDP packets, aka Bug ID CSCuw29419. | 5.0 |
| 2015-09-24 | CVE-2015-6304 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Telepresence Server Software 3.0(2.24) Cross-site request forgery (CSRF) vulnerability in Cisco TelePresence Server software 3.0(2.24) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCut63718, CSCut63724, and CSCut63760. | 6.8 |
| 2015-09-24 | CVE-2015-6303 | Information Exposure vulnerability in Cisco Spark 20150704Base The Cisco Spark application 2015-07-04 for mobile operating systems does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate, aka Bug IDs CSCut36742 and CSCut36844. | 4.3 |
| 2015-09-20 | CVE-2015-6301 | Resource Management Errors vulnerability in Cisco products The DHCPv6 server in Cisco IOS on ASR 9000 devices with software 5.2.0 Base allows remote attackers to cause a denial of service (process reset) via crafted packets, aka Bug ID CSCun72171. | 5.0 |
| 2015-09-20 | CVE-2015-6300 | Improper Input Validation vulnerability in Cisco Secure Access Control Server 5.7.0.15 Cisco Secure Access Control Server (ACS) Solution Engine 5.7(0.15) allows remote authenticated users to cause a denial of service (SSH screen process crash) via crafted (1) CLI or (2) GUI commands, aka Bug ID CSCuw24694. | 4.0 |
| 2015-09-20 | CVE-2015-6299 | SQL Injection vulnerability in Cisco Unity Connection 9.1(1)/9.1(2) SQL injection vulnerability in the web interface in Cisco Unity Connection 9.1(1.2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted POST request, aka Bug ID CSCuv63824. | 6.5 |
| 2015-09-20 | CVE-2015-6295 | Resource Management Errors vulnerability in Cisco Nx-Os 6.1(2)I3(4)/7.0(3)I1(1) Cisco NX-OS 6.1(2)I3(4) and 7.0(3)I1(1) on Nexus 9000 (N9K) devices allows remote attackers to cause a denial of service (CPU consumption or control-plane instability) or trigger unintended traffic forwarding via a Layer 2 packet with a reserved VLAN number, aka Bug ID CSCuw13560. | 4.8 |
| 2015-09-20 | CVE-2015-4305 | Permissions, Privileges, and Access Controls vulnerability in Cisco Prime Collaboration Assurance The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended system-database read restrictions, and discover credentials or SNMP communities for arbitrary tenant domains, via a crafted URL, aka Bug ID CSCus62656. | 4.0 |
| 2015-09-18 | CVE-2015-6297 | Resource Management Errors vulnerability in Cisco IOS XR 5.2.0Base The DHCPv6 server in Cisco IOS on ASR 9000 devices with software 5.2.0 Base allows remote attackers to cause a denial of service (process reset) via crafted packets, aka Bug ID CSCun36525. | 5.0 |