Vulnerabilities > Cisco > Medium

DATE CVE VULNERABILITY TITLE RISK
2015-06-13 CVE-2015-4185 Permissions, Privileges, and Access Controls vulnerability in Cisco IOS 15.2(4)M6/15.2M
The TCL interpreter in Cisco IOS 15.2 does not properly maintain the vty state, which allows local users to gain privileges by starting a session very soon after a TCL script execution, aka Bug ID CSCuq24202.
local
cisco CWE-264
6.9
6.9
2015-06-13 CVE-2015-4184 Improper Input Validation vulnerability in Cisco Email Security Appliance 3.33109/7.5.1Gpl022/8.5.6074
The anti-spam scanner on Cisco Email Security Appliance (ESA) devices 3.3.1-09, 7.5.1-gpl-022, and 8.5.6-074 allows remote attackers to bypass intended e-mail restrictions via a malformed DNS SPF record, aka Bug IDs CSCuu35853 and CSCuu37733.
network
low complexity
cisco CWE-20
5.0
5.0
2015-06-12 CVE-2015-4182 Permissions, Privileges, and Access Controls vulnerability in Cisco Identity Services Engine Software
The administrative web interface in Cisco Identity Services Engine (ISE) before 1.3 allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or change settings, via unspecified vectors, aka Bug ID CSCui72087.
network
low complexity
cisco CWE-264
5.5
5.5
2015-06-12 CVE-2015-0776 Resource Management Errors vulnerability in Cisco IOS XR 5.0.1
telnetd in Cisco IOS XR 5.0.1 on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (device reload) via a malformed TELNET packet, aka Bug ID CSCuq31566.
network
low complexity
cisco CWE-399
5.0
5.0
2015-06-12 CVE-2015-0775 Resource Management Errors vulnerability in Cisco MDS 9000 Nx-Os, Nexus 1000V and Nx-Os
The banner (aka MOTD) implementation in Cisco NX-OS 4.1(2)E1(1f) on Nexus 4000 devices, 5.2(1)SV3(2.1) on Nexus 1000V devices, 6.0(2)N2(2) on Nexus 5000 devices, 6.2(11) on MDS 9000 devices, 6.2(12) on Nexus 7000 devices, 7.0(3) on Nexus 9000 devices, and 7.2(0)ZN(99.67) on Nexus 3000 devices allows remote attackers to cause a denial of service (login process reset) via an unspecified terminal-session request during TELNET session setup, aka Bug IDs CSCuo10554, CSCuu75466, CSCuu75471, CSCuu75484, CSCuu75498, CSCuu77170, and CSCuu77182.
network
low complexity
cisco CWE-399
5.0
5.0
2015-06-12 CVE-2015-0768 Permissions, Privileges, and Access Controls vulnerability in Cisco Prime Network Control System 2.1(0.0.85)/2.2(0.0.58)/2.2(0.0.69)
The Device Work Center (DWC) component in Cisco Prime Network Control System (NCS) 2.1(0.0.85), 2.2(0.0.58), and 2.2(0.0.69) does not properly implement AAA roles, which allows remote authenticated users to bypass intended access restrictions and execute commands via a login session, aka Bug ID CSCur27371.
network
low complexity
cisco CWE-264
6.5
6.5
2015-06-12 CVE-2015-0774 Cross-site Scripting vulnerability in Cisco Application and Content Networking System Software 5.5(9)
Cross-site scripting (XSS) vulnerability in Cisco Application and Content Networking System (ACNS) 5.5(9) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuu70650.
network
cisco CWE-79
4.3
4.3
2015-06-12 CVE-2015-0773 Permissions, Privileges, and Access Controls vulnerability in Cisco Firesight System Software 5.3.1.1/6.0.0
Cisco FireSIGHT System Software 5.3.1.3 and 6.0.0 allows remote authenticated users to delete an arbitrary user's dashboard via a modified VPN deletion request in a management session, aka Bug ID CSCut67078.
network
low complexity
cisco CWE-264
5.5
5.5
2015-06-12 CVE-2015-0771 Resource Management Errors vulnerability in Cisco IOS 12.2(33)Sxj8/12.2Sxj
The IKE implementation in the WS-IPSEC-3 service module in Cisco IOS 12.2 on Catalyst 6500 devices allows remote authenticated users to cause a denial of service (device reload) by sending a crafted message during IPsec tunnel setup, aka Bug ID CSCur70505.
network
cisco CWE-399
6.3
6.3
2015-06-12 CVE-2015-0737 Cross-site Scripting vulnerability in Cisco Firesight System Software 5.3.1.1
Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSIGHT System Software 5.3.1.1 allow remote attackers to inject arbitrary web script or HTML via a crafted (1) GET or (2) POST parameter, aka Bug ID CSCuu11099.
network
cisco CWE-79
4.3
4.3