Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-05-16 | CVE-2014-3262 | Improper Input Validation vulnerability in Cisco IOS XE The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS 15.3(3)S and earlier and IOS XE does not properly validate parameters in ITR control messages, which allows remote attackers to cause a denial of service (CEF outage and packet drops) via malformed messages, aka Bug ID CSCun73782. | 4.3 |
| 2014-05-07 | CVE-2014-2191 | Cross-Site Scripting vulnerability in Cisco Broadband Access Center Telco Wireless Software Cross-site scripting (XSS) vulnerability in the web framework in Cisco Broadcast Access Center for Telco and Wireless (aka BAC-TW) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun91113. | 4.3 |
| 2014-05-07 | CVE-2014-2190 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Broadband Access Center Telco Wireless Software Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Broadcast Access Center for Telco and Wireless (aka BAC-TW) allows remote attackers to hijack the authentication of arbitrary users for requests that make BAC-TW changes, aka Bug IDs CSCuo23804 and CSCuo26389. | 6.8 |
| 2014-05-07 | CVE-2014-0685 | Permissions, Privileges, and Access Controls vulnerability in Cisco Nexus 1000V Intercloud 5.2(1)Ic1(1.2) Cisco Nexus 1000V InterCloud 5.2(1)IC1(1.2) and earlier for VMware allows remote attackers to bypass ACL deny statements via crafted (1) IGMPv2 or (2) IGMPv3 packets, aka Bug ID CSCug61691. | 5.0 |
| 2014-05-07 | CVE-2014-0684 | Improper Input Validation vulnerability in Cisco products Cisco NX-OS 6.2(2) on Nexus 7000 switches allows local users to cause a denial of service via crafted sed input, aka Bug ID CSCui56136. | 4.6 |
| 2014-05-02 | CVE-2014-2172 | Buffer Errors vulnerability in Cisco Telepresence TC Software and Telepresence TE Software Buffer overflow in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows local users to gain privileges by leveraging improper handling of the u-boot compiler flag for internal executable files, aka Bug ID CSCub67693. | 6.6 |
| 2014-04-30 | CVE-2014-2186 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Webex Meetings Server Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco WebEx Meetings Server allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj81777. | 6.8 |
| 2014-04-29 | CVE-2014-2185 | Information Exposure vulnerability in Cisco Unified Communications Manager The Call Detail Records (CDR) Management component in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCun74374. | 4.0 |
| 2014-04-29 | CVE-2014-2184 | Improper Input Validation vulnerability in Cisco Unified Communications Manager The IP Manager Assistant (IPMA) component in Cisco Unified Communications Manager (Unified CM) allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCun74352. | 5.0 |
| 2014-04-29 | CVE-2014-2183 | Improper Input Validation vulnerability in Cisco products The L2TP module in Cisco IOS XE 3.10S(.2) and earlier on ASR 1000 routers allows remote authenticated users to cause a denial of service (ESP card reload) via a malformed L2TP packet, aka Bug ID CSCun09973. | 6.3 |