Vulnerabilities > Cisco > Medium

DATE CVE VULNERABILITY TITLE RISK
2014-06-08 CVE-2014-3286 Permissions, Privileges, and Access Controls vulnerability in Cisco Webex Meetings Server
The web framework in Cisco WebEx Meeting Server does not properly restrict the content of reply messages, which allows remote attackers to obtain sensitive information via a crafted URL, aka Bug IDs CSCuj81685, CSCuj81688, CSCuj81665, CSCuj81744, and CSCuj81661.
network
low complexity
cisco CWE-264
5.0
2014-06-08 CVE-2014-3281 Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Communications Domain Manager
The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) does not properly implement access control, which allows remote attackers to obtain potentially sensitive user information by visiting an unspecified BVSMWeb web page, aka Bug IDs CSCun46071 and CSCun46101.
network
low complexity
cisco CWE-264
5.0
2014-06-08 CVE-2014-3278 Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Communications Domain Manager
The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) does not properly implement access control, which allows remote attackers to enumerate accounts by visiting an unspecified BVSMWeb web page, aka Bug IDs CSCun39619 and CSCun45572.
network
low complexity
cisco CWE-264
5.0
2014-06-03 CVE-2014-3280 Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Communications Domain Manager
The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain potentially sensitive user information by visiting an unspecified Administration GUI web page, aka Bug IDs CSCun46045 and CSCun46116.
network
low complexity
cisco CWE-264
4.0
2014-05-29 CVE-2014-3285 Improper Input Validation vulnerability in Cisco Wide Area Application Services
Cisco Wide Area Application Services (WAAS) 5.3(.5a) and earlier, when SharePoint acceleration is enabled, does not properly parse SharePoint responses, which allows remote attackers to cause a denial of service (application-optimization handler reload) via a crafted SharePoint application, aka Bug ID CSCue47674.
network
low complexity
cisco CWE-20
5.0
2014-05-29 CVE-2014-3283 Improper Input Validation vulnerability in Cisco Unified Communications Domain Manager
Open redirect vulnerability in Self-Care Client Portal applications in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka Bug ID CSCun79731.
network
cisco CWE-20
5.8
2014-05-29 CVE-2014-3282 Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Communications Domain Manager
The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain sensitive number-translation information by leveraging Location Administrator privileges and entering a crafted URL, aka Bug ID CSCum76930.
network
low complexity
cisco CWE-264
4.0
2014-05-29 CVE-2014-3279 Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Communications Domain Manager
The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote attackers to enumerate account names via a crafted URL, aka Bug IDs CSCun39631 and CSCun39643.
network
low complexity
cisco CWE-264
5.0
2014-05-29 CVE-2014-3277 Improper Authentication vulnerability in Cisco Unified Communications Domain Manager
The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain sensitive user and group information by leveraging Location Administrator privileges and entering a crafted URL, aka Bug ID CSCum77005.
network
low complexity
cisco CWE-287
4.0
2014-05-26 CVE-2014-3276 Resource Management Errors vulnerability in Cisco Identity Services Engine Software
Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier does not properly handle deadlock conditions during reception of crafted RADIUS accounting packets from multiple NAS devices, which allows remote authenticated users to cause a denial of service (RADIUS outage) by sourcing these packets from two origins, aka Bug ID CSCuo56780.
network
low complexity
cisco CWE-399
4.0