Vulnerabilities > Cisco > Medium

DATE CVE VULNERABILITY TITLE RISK
2015-02-20 CVE-2015-0628 Information Exposure vulnerability in Cisco web Security Appliance
The proxy engine on Cisco Web Security Appliance (WSA) devices allows remote attackers to bypass intended proxying restrictions via a malformed HTTP method, aka Bug ID CSCus79174.
network
low complexity
cisco CWE-200
5.0
5.0
2015-02-19 CVE-2015-0626 Improper Input Validation vulnerability in Cisco Hosted Collaboration Solution
The SOAP interface in Cisco Hosted Collaboration Solution (HCS) allows remote attackers to obtain access to system-management tools via crafted Challenge SOAP calls, aka Bug ID CSCuc38114.
network
cisco CWE-20
4.3
4.3
2015-02-19 CVE-2015-0623 Cross-site Scripting vulnerability in Cisco web Security Appliance
Cross-site scripting (XSS) vulnerability in the Administrator report page on Cisco Web Security Appliance (WSA) devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCus40627.
network
cisco CWE-79
4.3
4.3
2015-02-18 CVE-2015-0620 Improper Input Validation vulnerability in Cisco Telepresence Management Suite
The XML parser in Cisco TelePresence Management Suite (TMS) 14.3(.2) and earlier does not properly handle external entities, which allows remote authenticated users to cause a denial of service via POST requests, aka Bug ID CSCus51494.
network
low complexity
cisco CWE-20
4.0
4.0
2015-02-18 CVE-2015-0617 Resource Management Errors vulnerability in Cisco ASR 5000 Series Software
Cisco ASR 5500 System Architecture Evolution (SAE) Gateway devices allow remote attackers to cause a denial of service (CPU consumption and SNMP outage) via malformed SNMP packets, aka Bug ID CSCur13393.
network
low complexity
cisco CWE-399
5.0
5.0
2015-02-17 CVE-2014-8023 Permissions, Privileges, and Access Controls vulnerability in Cisco Adaptive Security Appliance Software
Cisco Adaptive Security Appliance (ASA) Software 9.2(.3) and earlier, when challenge-response authentication is used, does not properly select tunnel groups, which allows remote authenticated users to bypass intended resource-access restrictions via a crafted tunnel-group parameter, aka Bug ID CSCtz48533.
network
low complexity
cisco CWE-264
4.0
4.0
2015-02-12 CVE-2015-0611 Permissions, Privileges, and Access Controls vulnerability in Cisco Telepresence System Software IX 8.0.0/8.0.1
The administrative web-management portal in Cisco IX 8 (.0.1) and earlier on Cisco TelePresence IX5000 devices does not properly restrict the device-recovery account's access, which allows remote authenticated users to obtain HelpDesk-equivalent privileges by leveraging device-recovery authentication, aka Bug ID CSCus74174.
network
low complexity
cisco CWE-264
6.5
6.5
2015-02-12 CVE-2015-0610 Race Condition vulnerability in Cisco IOS
Race condition in the object-group ACL feature in Cisco IOS 15.5(2)T and earlier allows remote attackers to bypass intended access restrictions via crafted network traffic that triggers improper handling of the timing of process switching and Cisco Express Forwarding (CEF) switching, aka Bug ID CSCun21071.
network
cisco CWE-362
4.3
4.3
2015-02-12 CVE-2015-0606 Improper Input Validation vulnerability in Cisco IOS
The IOS Shell in Cisco IOS allows local users to cause a denial of service (device crash) via unspecified commands, aka Bug ID CSCur59696.
local
low complexity
cisco CWE-20
4.9
4.9
2015-02-12 CVE-2015-0580 SQL Injection vulnerability in Cisco Secure Access Control System
Multiple SQL injection vulnerabilities in the ACS View reporting interface pages in Cisco Secure Access Control System (ACS) before 5.5 patch 7 allow remote authenticated administrators to execute arbitrary SQL commands via crafted HTTPS requests, aka Bug ID CSCuq79027.
network
low complexity
cisco CWE-89
6.5
6.5