Vulnerabilities > Cisco > Medium

DATE CVE VULNERABILITY TITLE RISK
2014-03-14 CVE-2014-0694 Credentials Management vulnerability in Cisco Cloud Portal
Intelligent Automation for Cloud (IAC) in Cisco Cloud Portal 9.4.1 and earlier includes a cryptographic key in binary files, which makes it easier for remote attackers to obtain cleartext data from an arbitrary IAC installation by leveraging knowledge of this key, aka Bug IDs CSCui34764, CSCui34772, CSCui34776, CSCui34798, CSCui34800, CSCui34805, CSCui34809, CSCui34810, CSCui34813, CSCui34814, and CSCui34818.
network
low complexity
cisco CWE-255
5.0
5.0
2014-03-02 CVE-2014-2104 Cross-Site Scripting vulnerability in Cisco Unified Communications Domain Manager 9.0(.1)
Multiple cross-site scripting (XSS) vulnerabilities in the Business Voice Services Manager (BVSM) page in Cisco Unified Communications Domain Manager 9.0(.1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCum78536, CSCum78526, CSCum69809, and CSCum63113.
network
cisco CWE-79
4.3
4.3
2014-02-27 CVE-2014-2103 Improper Input Validation vulnerability in Cisco Intrusion Prevention System
Cisco Intrusion Prevention System (IPS) Software allows remote attackers to cause a denial of service (MainApp process outage) via malformed SNMP packets, aka Bug IDs CSCum52355 and CSCul49309.
network
low complexity
cisco CWE-20
6.8
6.8
2014-02-27 CVE-2014-2102 Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Contact Center Express Editor Software
Cisco Unified Contact Center Express (Unified CCX) does not properly restrict the content of the CCMConfig page, which allows remote authenticated users to obtain sensitive information by examining this content, aka Bug ID CSCum95575.
network
low complexity
cisco CWE-264
4.0
4.0
2014-02-27 CVE-2014-0747 Improper Input Validation vulnerability in Cisco Unified Communications Manager
The Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to inject commands via unspecified CAPF programs, aka Bug ID CSCum95493.
local
low complexity
cisco CWE-20
6.8
6.8
2014-02-27 CVE-2014-0746 Information Exposure vulnerability in Cisco Unified Contact Center Express Editor Software
The disaster recovery system (DRS) in Cisco Unified Contact Center Express (Unified CCX) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCum95536.
network
low complexity
cisco CWE-200
4.0
4.0
2014-02-27 CVE-2014-0745 Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unified Contact Center Express Editor Software
Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability subsystem in Cisco Unified Contact Center Express (Unified CCX) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCum95502.
network
cisco CWE-352
6.8
6.8
2014-02-27 CVE-2014-0743 Improper Authentication vulnerability in Cisco Unified Communications Manager
The Certificate Authority Proxy Function (CAPF) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and modify registered-device information via crafted data, aka Bug ID CSCum95468.
network
low complexity
cisco CWE-287
5.0
5.0
2014-02-27 CVE-2014-0742 Improper Input Validation vulnerability in Cisco Unified Communications Manager
The Certificate Authority Proxy Function (CAPF) CLI implementation in the CSR management feature in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via unspecified vectors, aka Bug ID CSCum95464.
local
low complexity
cisco CWE-20
6.2
6.2
2014-02-27 CVE-2014-0741 Cryptographic Issues vulnerability in Cisco Unified Communications Manager
The certificate-import feature in the Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via a crafted command, aka Bug ID CSCum95461.
local
low complexity
cisco CWE-310
6.2
6.2