Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-07-16 | CVE-2015-4276 | Improper Input Validation vulnerability in Cisco Webex Meetings Server 2.5(1) Cisco WebEx Meetings Server 2.5MR1 allows remote authenticated users to execute arbitrary code via a crafted command parameter, aka Bug ID CSCus56138. | 6.5 |
| 2015-07-16 | CVE-2015-4275 | Resource Management Errors vulnerability in Cisco ASR 5000 Series Software 18.0.0.59167/18.0.0.59211 The Packet Data Network Gateway (aka PGW) component on Cisco ASR 5000 devices with software 18.0.0.59167 and 18.0.0.59211 allows remote attackers to cause a denial of service via a malformed header in a GTPv2 packet, aka Bug ID CSCut11534. | 5.0 |
| 2015-07-16 | CVE-2015-4274 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unified Intelligence Center 10.0(1)/10.6(1) Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Unified Intelligence Center 10.0(1) and 10.6(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuu94862 and CSCuu97936. | 6.8 |
| 2015-07-16 | CVE-2015-4266 | Improper Input Validation vulnerability in Cisco Identity Services Engine Software 1.1(4.1)/1.3(106.146)/1.3(120.135) The web interface in Cisco Identity Services Engine (ISE) 1.1(4.1), 1.3(106.146), and 1.3(120.135) does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCut04556. | 4.3 |
| 2015-07-15 | CVE-2015-4271 | Improper Access Control vulnerability in Cisco Telepresence TC Software Cisco TelePresence TC before 7.3.4 on Integrator C devices allows remote attackers to bypass authentication via vectors involving multiple request parameters, aka Bug ID CSCuv00604. | 6.4 |
| 2015-07-15 | CVE-2015-4267 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Identity Services Engine Software Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(0.793), 1.3(0.876), 1.4(0.109), 2.0(0.147), and 2.0(0.169) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus09940. | 6.8 |
| 2015-07-15 | CVE-2015-4273 | Improper Input Validation vulnerability in Cisco ASR 5000 Series Software 15.0(912)/15.0(935)/15.0(938) The Packet Data Network Gateway (aka PGW) component on Cisco ASR 5000 devices with software 15.0(912), 15.0(935), and 15.0(938) allows remote attackers to cause a denial of service (Session Manager outage) via malformed fields in an IP packet, aka Bug ID CSCut38476. | 5.0 |
| 2015-07-14 | CVE-2015-4270 | Cross-site Scripting vulnerability in Cisco Firesight System Software 5.3.1.5/6.0.0 Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSIGHT System Software 5.3.1.5 and 6.0.0 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCuv22557, CSCuv22583, CSCuv22632, CSCuv22641, CSCuv22650, CSCuv22662, CSCuv22697, and CSCuv22702. | 4.3 |
| 2015-07-14 | CVE-2015-4268 | Cross-site Scripting vulnerability in Cisco Identity Services Engine Software 1.2(1.198)/1.3(0.876) Multiple cross-site scripting (XSS) vulnerabilities in the Infra Admin UI in Cisco Identity Services Engine (ISE) 1.2(1.198) and 1.3(0.876) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in a (1) GET or (2) POST request, aka Bug ID CSCus16052. | 4.3 |
| 2015-07-14 | CVE-2015-4272 | Cross-site Scripting vulnerability in Cisco Unified Communications Manager 10.5(2.10000.5) Multiple cross-site scripting (XSS) vulnerabilities in the ccmivr page in Cisco Unified Communications Manager (formerly CallManager) 10.5(2.10000.5) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCut19580. | 4.3 |