Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-03-06 | CVE-2015-0607 | Improper Authentication vulnerability in Cisco IOS The Authentication Proxy feature in Cisco IOS does not properly handle invalid AAA return codes from RADIUS and TACACS+ servers, which allows remote attackers to bypass authentication in opportunistic circumstances via a connection attempt that triggers an invalid code, as demonstrated by a connection attempt with a blank password, aka Bug IDs CSCuo09400 and CSCun16016. | 4.3 |
| 2015-03-06 | CVE-2015-0598 | Data Processing Errors vulnerability in Cisco IOS and IOS XE The RADIUS implementation in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (device reload) via crafted IPv6 Attributes in Access-Accept packets, aka Bug IDs CSCur84322 and CSCur27693. | 6.8 |
| 2015-03-06 | CVE-2014-2130 | Permissions, Privileges, and Access Controls vulnerability in Cisco Secure Access Control System Cisco Secure Access Control Server (ACS) provides an unintentional administration web interface based on Apache Tomcat, which allows remote authenticated users to modify application files and configuration files, and consequently execute arbitrary code, by leveraging administrative privileges, aka Bug ID CSCuj83189. | 6.5 |
| 2015-03-04 | CVE-2015-0656 | Cross-site Scripting vulnerability in Cisco Network Analysis Module Firmware 6.0(2) Cross-site scripting (XSS) vulnerability in the login page in Cisco Network Analysis Module (NAM) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCum81269. | 4.3 |
| 2015-02-28 | CVE-2015-0655 | Cross-site Scripting vulnerability in Cisco Unified web and E-Mail Interaction Manager Cross-site scripting (XSS) vulnerability in Unified Web Interaction Manager in Cisco Unified Web and E-Mail Interaction Manager allows remote attackers to inject arbitrary web script or HTML via vectors related to a POST request, aka Bug ID CSCus74184. | 4.3 |
| 2015-02-27 | CVE-2015-0651 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Application Networking Manager Cross-site request forgery (CSRF) vulnerability in the web GUI in Cisco Application Networking Manager (ANM), and Device Manager (DM) on Cisco 4710 Application Control Engine (ACE) appliances, allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuo99753. | 6.8 |
| 2015-02-27 | CVE-2015-0632 | Race Condition vulnerability in Cisco IOS and IOS XE Race condition in the Neighbor Discovery (ND) protocol implementation in Cisco IOS and IOS XE allows remote attackers to cause a denial of service via a flood of Router Solicitation messages on the local network, aka Bug ID CSCuo67770. | 5.7 |
| 2015-02-27 | CVE-2015-0594 | Cross-site Scripting vulnerability in Cisco Prime LAN Management Solution and Security Manager Multiple cross-site scripting (XSS) vulnerabilities in the help pages in Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS) and Cisco Security Manager, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCuq54654 and CSCun18263. | 4.3 |
| 2015-02-26 | CVE-2015-0633 | Improper Input Validation vulnerability in Cisco Unified Computing System The Integrated Management Controller (IMC) in Cisco Unified Computing System (UCS) 1.4(7h) and earlier on C-Series servers allows remote attackers to bypass intended access restrictions by sending crafted DHCP response packets on the local network, aka Bug ID CSCuf52876. | 6.8 |
| 2015-02-21 | CVE-2015-0624 | Improper Input Validation vulnerability in Cisco products The web framework in Cisco AsyncOS on Email Security Appliance (ESA), Content Security Management Appliance (SMA), and Web Security Appliance (WSA) devices allows remote attackers to trigger redirects via a crafted HTTP header, aka Bug IDs CSCur44412, CSCur44415, CSCur89630, CSCur89636, CSCur89633, and CSCur89639. | 4.3 |