Vulnerabilities > Cisco > Medium

DATE CVE VULNERABILITY TITLE RISK
2014-07-10 CVE-2014-3315 Cross-Site Scripting vulnerability in Cisco Unified Communications Manager 10.0(1)Base
Cross-site scripting (XSS) vulnerability in viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCup76308.
network
cisco CWE-79
4.3
2014-07-10 CVE-2014-3311 Buffer Errors vulnerability in Cisco Webex Meeting Center and Webex Meetings Server
Heap-based buffer overflow in the file-sharing feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center allows remote attackers to execute arbitrary code via crafted data, aka Bug IDs CSCup62463 and CSCup58467.
network
high complexity
cisco CWE-119
5.1
2014-07-10 CVE-2014-3310 Improper Input Validation vulnerability in Cisco Webex Meeting Center and Webex Meetings Server
The File Transfer feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center does not verify that a requested file was an offered file, which allows remote attackers to read arbitrary files via a modified request, aka Bug IDs CSCup62442 and CSCup58463.
network
cisco CWE-20
4.3
2014-07-09 CVE-2014-3313 Cross-Site Scripting vulnerability in Cisco products
Cross-site scripting (XSS) vulnerability in the web user interface on Cisco Small Business SPA300 and SPA500 phones allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuo52582.
network
cisco CWE-79
4.3
2014-07-09 CVE-2014-3312 Improper Authentication vulnerability in Cisco products
The debug console interface on Cisco Small Business SPA300 and SPA500 phones does not properly perform authentication, which allows local users to execute arbitrary debug-shell commands, or read or modify data in memory or a filesystem, via direct access to this interface, aka Bug ID CSCun77435.
local
cisco CWE-287
6.9
2014-07-09 CVE-2014-3309 Permissions, Privileges, and Access Controls vulnerability in Cisco IOS and IOS XE
The NTP implementation in Cisco IOS and IOS XE does not properly support use of the access-group command for a "deny all" configuration, which allows remote attackers to bypass intended restrictions on time synchronization via a standard query, aka Bug ID CSCuj66318.
network
low complexity
cisco CWE-264
5.0
2014-07-07 CVE-2014-3308 Improper Input Validation vulnerability in Cisco products
Cisco IOS XR on Trident line cards in ASR 9000 devices lacks a static punt policer, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted packets, aka Bug ID CSCun83985.
network
low complexity
cisco CWE-20
6.4
2014-07-02 CVE-2014-3307 Remote Arbitrary Command Execution vulnerability in Cisco Small Cell DHCP Message Processing
The DHCP client implementation in Universal Small Cell firmware on Cisco Small Cell products allows remote attackers to execute arbitrary commands via crafted DHCP messages, aka Bug ID CSCup47513.
high complexity
cisco
6.8
2014-07-02 CVE-2014-3298 Credentials Management vulnerability in Cisco Cloud Portal
Form Data Viewer in Cisco Intelligent Automation for Cloud in Cisco Cloud Portal places passwords in form data, which allows remote authenticated users to obtain sensitive information by reading HTML source code, aka Bug ID CSCui36976.
network
low complexity
cisco CWE-255
4.0
2014-07-02 CVE-2014-3297 Permissions, Privileges, and Access Controls vulnerability in Cisco Cloud Portal
Cisco Intelligent Automation for Cloud in Cisco Cloud Portal does not properly restrict the content of MyServices action URLs, which allows remote authenticated users to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, aka Bug IDs CSCui36937, CSCui37004, and CSCui36927.
network
low complexity
cisco CWE-264
4.0