Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-06-19 | CVE-2015-4194 | Information Exposure vulnerability in Cisco Webex Meeting Center The web-based administrative interface in Cisco WebEx Meeting Center provides different error messages for failed login attempts depending on whether the username exists or corresponds to a privileged account, which allows remote attackers to enumerate account names and obtain sensitive information via a series of requests, aka Bug ID CSCuf28861. | 5.0 |
| 2015-06-19 | CVE-2015-4191 | Resource Management Errors vulnerability in Cisco IOS XR 5.2.1 Cisco IOS XR 5.2.1 allows remote attackers to cause a denial of service (ipv6_io service reload) via a malformed IPv6 packet, aka Bug ID CSCuq95565. | 5.0 |
| 2015-06-17 | CVE-2015-4190 | Man in the Middle Security Bypass vulnerability in Cisco Prime Service Catalog 9.4.1Vortex Cisco Cloud Portal in Cisco Prime Service Catalog 9.4.1_vortex on Cloud Portal appliances allows man-in-the-middle attackers to modify data via unspecified vectors, aka Bug ID CSCuh19683. network cisco | 4.3 |
| 2015-06-17 | CVE-2015-4188 | SQL Injection vulnerability in Cisco Prime Collaboration 10.5(1) SQL injection vulnerability in the Manager interface in Cisco Prime Collaboration 10.5(1) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug IDs CSCuu29910, CSCuu29928, and CSCuu59104. | 5.0 |
| 2015-06-13 | CVE-2015-4185 | Permissions, Privileges, and Access Controls vulnerability in Cisco IOS 15.2(4)M6/15.2M The TCL interpreter in Cisco IOS 15.2 does not properly maintain the vty state, which allows local users to gain privileges by starting a session very soon after a TCL script execution, aka Bug ID CSCuq24202. | 6.9 |
| 2015-06-13 | CVE-2015-4184 | Improper Input Validation vulnerability in Cisco Email Security Appliance 3.33109/7.5.1Gpl022/8.5.6074 The anti-spam scanner on Cisco Email Security Appliance (ESA) devices 3.3.1-09, 7.5.1-gpl-022, and 8.5.6-074 allows remote attackers to bypass intended e-mail restrictions via a malformed DNS SPF record, aka Bug IDs CSCuu35853 and CSCuu37733. | 5.0 |
| 2015-06-12 | CVE-2015-4182 | Permissions, Privileges, and Access Controls vulnerability in Cisco Identity Services Engine Software The administrative web interface in Cisco Identity Services Engine (ISE) before 1.3 allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or change settings, via unspecified vectors, aka Bug ID CSCui72087. | 5.5 |
| 2015-06-12 | CVE-2015-0776 | Resource Management Errors vulnerability in Cisco IOS XR 5.0.1 telnetd in Cisco IOS XR 5.0.1 on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (device reload) via a malformed TELNET packet, aka Bug ID CSCuq31566. | 5.0 |
| 2015-06-12 | CVE-2015-0775 | Resource Management Errors vulnerability in Cisco MDS 9000 Nx-Os, Nexus 1000V and Nx-Os The banner (aka MOTD) implementation in Cisco NX-OS 4.1(2)E1(1f) on Nexus 4000 devices, 5.2(1)SV3(2.1) on Nexus 1000V devices, 6.0(2)N2(2) on Nexus 5000 devices, 6.2(11) on MDS 9000 devices, 6.2(12) on Nexus 7000 devices, 7.0(3) on Nexus 9000 devices, and 7.2(0)ZN(99.67) on Nexus 3000 devices allows remote attackers to cause a denial of service (login process reset) via an unspecified terminal-session request during TELNET session setup, aka Bug IDs CSCuo10554, CSCuu75466, CSCuu75471, CSCuu75484, CSCuu75498, CSCuu77170, and CSCuu77182. | 5.0 |
| 2015-06-12 | CVE-2015-0768 | Permissions, Privileges, and Access Controls vulnerability in Cisco Prime Network Control System 2.1(0.0.85)/2.2(0.0.58)/2.2(0.0.69) The Device Work Center (DWC) component in Cisco Prime Network Control System (NCS) 2.1(0.0.85), 2.2(0.0.58), and 2.2(0.0.69) does not properly implement AAA roles, which allows remote authenticated users to bypass intended access restrictions and execute commands via a login session, aka Bug ID CSCur27371. | 6.5 |