Vulnerabilities > Cisco > Medium

DATE CVE VULNERABILITY TITLE RISK
2014-04-29 CVE-2014-2180 Improper Input Validation vulnerability in Cisco products
The Document Management component in Cisco Unified Contact Center Express does not properly validate a parameter, which allows remote authenticated users to upload files to arbitrary pathnames via a crafted HTTP request, aka Bug ID CSCun74133.
network
low complexity
cisco CWE-20
4.0
2014-04-24 CVE-2012-5723 Improper Input Validation vulnerability in Cisco products
Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948.
low complexity
cisco CWE-20
6.1
2014-04-24 CVE-2012-3946 Permissions, Privileges, and Access Controls vulnerability in Cisco IOS
Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682.
network
low complexity
cisco CWE-264
5.0
2014-04-23 CVE-2012-5427 Improper Input Validation vulnerability in Cisco IOS
Cisco IOS Unified Border Element (CUBE) in Cisco IOS before 15.3(2)T allows remote authenticated users to cause a denial of service (input queue wedge) via a crafted series of RTCP packets, aka Bug ID CSCuc42518.
network
low complexity
cisco CWE-20
4.0
2014-04-23 CVE-2012-5422 Denial-Of-Service vulnerability in Cisco IOS
Unspecified vulnerability in Cisco IOS before 15.3(2)T on AS5400 devices allows remote authenticated users to cause a denial of service (spurious errors) via unknown vectors, aka Bug ID CSCub61009.
network
low complexity
cisco
6.8
2014-04-23 CVE-2012-5044 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco IOS
Cisco IOS before 15.3(1)T, when media flow-around is not used, allows remote attackers to cause a denial of service (media loops and stack memory corruption) via VoIP traffic, aka Bug ID CSCub45809.
network
high complexity
cisco CWE-119
5.4
2014-04-23 CVE-2012-5039 Resource Management Errors vulnerability in Cisco IOS
The BGP Router process in Cisco IOS before 12.2(50)SY1 allows remote attackers to cause a denial of service (memory consumption) via vectors involving BGP path attributes, aka Bug ID CSCsw63003.
network
cisco CWE-399
4.3
2014-04-23 CVE-2012-5037 Permissions, Privileges, and Access Controls vulnerability in Cisco IOS
The ACL implementation in Cisco IOS before 15.1(1)SY on Catalyst 6500 and 7600 devices allows local users to cause a denial of service (device reload) via a "no object-group" command followed by an object-group command, aka Bug ID CSCts16133.
local
low complexity
cisco CWE-264
4.6
2014-04-23 CVE-2012-5036 Resource Management Errors vulnerability in Cisco IOS
Cisco IOS before 12.2(50)SY1 allows remote authenticated users to cause a denial of service (memory consumption) via a sequence of VTY management sessions (aka exec sessions), aka Bug ID CSCtn43662.
network
low complexity
cisco CWE-399
6.8
2014-04-23 CVE-2012-5032 Improper Authentication vulnerability in Cisco IOS
The Flex-VPN load-balancing feature in the ipsec-ikev2 implementation in Cisco IOS before 15.1(1)SY3 does not require authentication, which allows remote attackers to trigger the forwarding of VPN traffic to an attacker-controlled destination, or the discarding of this traffic, by arranging for an arbitrary device to become a cluster member, aka Bug ID CSCub93641.
network
low complexity
cisco CWE-287
6.4