Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-08-20 | CVE-2015-4303 | Permissions, Privileges, and Access Controls vulnerability in Cisco Telepresence Video Communication Server Software X8.5.2 Cisco TelePresence Video Communication Server (VCS) X8.5.2 allows remote authenticated users to execute arbitrary commands in the context of the nobody user account via an unspecified web-page parameter, aka Bug ID CSCuv12333. | 6.5 |
| 2015-08-20 | CVE-2015-4328 | Improper Input Validation vulnerability in Cisco Telepresence Video Communication Server Software X8.5.2 Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 improperly checks for a user account's read-only attribute, which allows remote authenticated users to execute arbitrary OS commands via crafted HTTP requests, as demonstrated by read or write operations on the Unified Communications lookup page, aka Bug ID CSCuv12552. | 4.0 |
| 2015-08-20 | CVE-2015-4320 | Information Exposure vulnerability in Cisco Telepresence Video Communication Server Software X8.5.2 The Configuration Log File component in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote authenticated users to obtain sensitive information by reading a log file, aka Bug ID CSCuv12340. | 4.0 |
| 2015-08-20 | CVE-2015-4317 | Resource Management Errors vulnerability in Cisco Telepresence Video Communication Server Software X8.5.2 Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote attackers to cause a denial of service via invalid variables in an authentication packet, aka Bug ID CSCuv40469. | 5.0 |
| 2015-08-20 | CVE-2015-4315 | Improper Input Validation vulnerability in Cisco Telepresence Video Communication Server Software X8.5.3 The Call Policy Configuration page in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.3 improperly validates external DTDs, which allows remote authenticated users to read arbitrary files or cause a denial of service via a crafted XML document, aka Bug ID CSCuv31853. | 5.5 |
| 2015-08-20 | CVE-2015-4314 | Information Exposure vulnerability in Cisco Telepresence Video Communication Server Software X8.5.1 The System Snapshot feature in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 allows remote authenticated users to obtain sensitive password-hash information by reading the snapshot file, aka Bug ID CSCuv40422. | 4.0 |
| 2015-08-19 | CVE-2015-4323 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco MDS 9000 Nx-Os and Nx-Os Buffer overflow in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 7.3(0)ZN(0.9); Nexus 3000 devices 6.0(2)U5(1.41), 7.0(3)I2(0.373), and 7.3(0)ZN(0.83); Nexus 4000 devices 4.1(2)E1(1b); Nexus 7000 devices 6.2(14)S1; Nexus 9000 devices 7.3(0)ZN(0.9); and MDS 9000 devices 6.2 (13) and 7.1(0)ZN(91.99) and MDS SAN-OS 7.1(0)ZN(91.99) allows remote attackers to cause a denial of service (device outage) via a crafted ARP packet, related to incorrect MTU validation, aka Bug IDs CSCuv71933, CSCuv61341, CSCuv61321, CSCuu78074, CSCut37060, CSCuv61266, CSCuv61351, CSCuv61358, and CSCuv61366. | 6.1 |
| 2015-08-19 | CVE-2015-4310 | Cross-site Scripting vulnerability in Cisco Finesse 10.5(1)Base Multiple cross-site scripting (XSS) vulnerabilities in Cisco Finesse 10.5(1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in a (1) GET or (2) POST request, aka Bug IDs CSCuq82322, CSCut95853, and CSCuq73975. | 4.3 |
| 2015-08-19 | CVE-2015-4296 | Resource Management Errors vulnerability in Cisco Nx-Os 6.0(2)A6(1) Nexus Data Broker (NDB) on Cisco Nexus 3000 devices with software 6.0(2)A6(1) allows remote attackers to cause a denial of service (Java process restart) via crafted connections to the Java application, aka Bug ID CSCut87006. | 5.0 |
| 2015-08-19 | CVE-2015-4277 | Resource Management Errors vulnerability in Cisco Nx-Os 5.1.3/5.3.0 The global-configuration implementation on Cisco ASR 9000 devices with software 5.1.3 and 5.3.0 improperly closes vty sessions after a commit/end operation, which allows local users to cause a denial of service (tmp/*config file creation, memory consumption, and device hang) via unspecified vectors, aka Bug ID CSCut93842. | 4.9 |