Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-08-28 | CVE-2015-6266 | Improper Authentication vulnerability in Cisco Identity Services Engine Software 1.2(0.899) The guest portal in Cisco Identity Services Engine (ISE) 3300 1.2(0.899) does not restrict access to uploaded HTML documents, which allows remote attackers to obtain sensitive information from customized documents via a direct request, aka Bug ID CSCuo78045. | 5.0 |
| 2015-08-27 | CVE-2015-6265 | Permissions, Privileges, and Access Controls vulnerability in Cisco Application Control Engine 4700 The CLI in Cisco Application Control Engine (ACE) 4700 A5 3.0 and earlier allows local users to bypass intended access restrictions, and read or write to files, by entering an unspecified CLI command with a crafted file as this command's input, aka Bug ID CSCur23662. | 4.3 |
| 2015-08-26 | CVE-2015-6261 | Information Exposure vulnerability in Cisco Telepresence Video Communication Server Software X8.5.2 Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote authenticated users to bypass intended access restrictions and read configuration files by leveraging the Mobile and Remote Access (MRA) role and establishing a TFTP session, aka Bug ID CSCuv78531. | 4.0 |
| 2015-08-25 | CVE-2015-6262 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Prime Infrastructure 1.2.0.103/2.0 Cross-site request forgery (CSRF) vulnerability in Cisco Prime Infrastructure 1.2(0.103) and 2.0(0.0) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCum49054 and CSCum49059. | 6.8 |
| 2015-08-22 | CVE-2015-6258 | Improper Input Validation vulnerability in Cisco Wireless LAN Controller Software 8.1.104.37 The Internet Access Point Protocol (IAPP) module on Cisco Wireless LAN Controller (WLC) devices with software 8.1(104.37) allows remote attackers to trigger incorrect traffic forwarding via crafted IPv6 packets, aka Bug ID CSCuv40033. | 5.0 |
| 2015-08-22 | CVE-2015-6256 | Improper Input Validation vulnerability in Cisco ASR 5000 Series Software 19.0.M0.60828 Cisco ASR 5000 devices with software 19.0.M0.60828 allow remote attackers to cause a denial of service (OSPF process restart) via crafted length fields in headers of OSPF packets, aka Bug ID CSCuv62820. | 5.0 |
| 2015-08-20 | CVE-2015-4318 | Resource Management Errors vulnerability in Cisco Telepresence Video Communication Server Software X8.5.2 Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote attackers to cause a denial of service via invalid variables in a GET request, aka Bug ID CSCuv40528. | 5.0 |
| 2015-08-20 | CVE-2015-4329 | Improper Input Validation vulnerability in Cisco Telepresence Video Communication Server Software X8.5.2 The administrator web interface in Cisco TelePresence Video Communication Server (VCS) X8.5.2 allows remote authenticated users to execute arbitrary OS commands via crafted HTTP requests, aka Bug ID CSCuv11796. | 6.5 |
| 2015-08-20 | CVE-2015-4319 | Credentials Management vulnerability in Cisco Telepresence Video Communication Server Software X8.5.1 The password-change feature in the administrative web interface in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 improperly performs authorization, which allows remote authenticated users to reset arbitrary active-user passwords via unspecified vectors, aka Bug ID CSCuv12338. | 5.5 |
| 2015-08-20 | CVE-2015-4316 | Improper Input Validation vulnerability in Cisco Telepresence Video Communication Server Software X8.5.2 The Mobile and Remote Access (MRA) endpoint-validation feature in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 improperly validates the phone line used for registration, which allows remote authenticated users to conduct impersonation attacks via a crafted registration, aka Bug ID CSCuv40396. | 5.5 |