Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-04-03 | CVE-2015-0686 | Resource Management Errors vulnerability in Cisco Nx-Os 6.1(2)I2(3) The SNMP implementation in Cisco NX-OS 6.1(2)I2(3) on Nexus 9000 devices, when a Reset High Availability (HA) policy is configured, allows remote authenticated users to cause a denial of service (device reload) via unspecified vectors, aka Bug ID CSCuq92240. | 6.3 |
| 2015-03-28 | CVE-2015-0680 | Information Exposure vulnerability in Cisco Unified Callmanager 9.1(2.1000.28) Cisco Unified Call Manager (CM) 9.1(2.1000.28) does not properly restrict resource requests, which allows remote authenticated users to read arbitrary files via unspecified vectors, aka Bug ID CSCuq44439. | 4.0 |
| 2015-03-28 | CVE-2015-0679 | Improper Input Validation vulnerability in Cisco Wireless LAN Controller Software 7.3(103.8)/7.4(110.0) The web-authentication functionality on Cisco Wireless LAN Controller (WLC) devices 7.3(103.8) and 7.4(110.0) allows remote attackers to cause a denial of service (device reload) via a malformed password, aka Bug ID CSCui57980. | 6.1 |
| 2015-03-26 | CVE-2015-0673 | Information Exposure vulnerability in Cisco Mobility Services Engine 8.0(110.0) Cisco Mobility Services Engine (MSE) 8.0(110.0) allows remote authenticated users to discover the passwords of arbitrary users by (1) reading log files or (2) using an unspecified GUI feature, aka Bug ID CSCut24792. | 4.0 |
| 2015-03-26 | CVE-2015-0672 | Resource Management Errors vulnerability in Cisco IOS XR 5.2.2 The DHCPv4 server in Cisco IOS XR 5.2.2 on ASR 9000 devices allows remote attackers to cause a denial of service (service outage) via a flood of crafted DHCP packets, aka Bug ID CSCup67822. | 5.0 |
| 2015-03-21 | CVE-2015-0670 | Improper Authentication vulnerability in Cisco products The default configuration of Cisco Small Business IP phones SPA 300 7.5.5 and SPA 500 7.5.5 does not properly support authentication, which allows remote attackers to read audio-stream data or originate telephone calls via a crafted XML request, aka Bug ID CSCuo52482. | 6.4 |
| 2015-03-21 | CVE-2015-0669 | Improper Input Validation vulnerability in Cisco IOS 15.4(3)S/15.4S The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 15.4S and 15.4(3)S allows remote attackers to modify configuration settings or cause a denial of service (partial service outage) by sending crafted Autonomic Networking (AN) messages on an intranet network, aka Bug ID CSCup62167. | 6.4 |
| 2015-03-20 | CVE-2015-0671 | Resource Management Errors vulnerability in Cisco Videoscape Delivery System for Internet Streamer 3.2.1 The DNS implementation in Cisco Videoscape Distribution Suite for Internet Streaming (VDS-IS) 3.2(1) allows remote attackers to cause a denial of service (CPU consumption and network-resource consumption) via crafted packets, aka Bug ID CSCun15911. | 5.0 |
| 2015-03-20 | CVE-2015-0668 | Cross-site Scripting vulnerability in Cisco Webex Meetings Server 2.5/2.5.99.2 Cross-site scripting (XSS) vulnerability in the administration portal in Cisco WebEx Meetings Server 2.5 and 2.5.99.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuq66737. | 4.3 |
| 2015-03-18 | CVE-2015-0667 | Improper Access Control vulnerability in Cisco Content Services Switch 11500 Firmware 8.20.4.02 The Management Interface on Cisco Content Services Switch (CSS) 11500 devices 8.20.4.02 and earlier allows remote attackers to bypass intended restrictions on local-network device access via crafted SSH packets, aka Bug ID CSCut14855. | 5.0 |