Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-02-04 | CVE-2014-0686 | Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Communications Manager Cisco Unified Communications Manager (aka Unified CM) 9.1 (2.10000.28) and earlier allows local users to gain privileges by leveraging incorrect file permissions, aka Bug IDs CSCul24917 and CSCul24908. | 6.0 |
| 2014-01-29 | CVE-2014-0682 | Permissions, Privileges, and Access Controls vulnerability in Cisco Webex Meetings Server Cisco WebEx Meetings Server allows remote authenticated users to bypass authorization checks and (1) join arbitrary meetings, or (2) terminate a meeting without having a host role, via a crafted URL, aka Bug ID CSCuj42346. | 4.9 |
| 2014-01-29 | CVE-2014-0681 | Cross-Site Scripting vulnerability in Cisco Identity Services Engine Software Cross-site scripting (XSS) vulnerability in Cisco Identity Services Engine (ISE) 1.2 patch 2 and earlier allows remote attackers to inject arbitrary web script or HTML via a report containing a crafted URL that is not properly handled during generation of report-output pages, aka Bug ID CSCui15064. | 4.3 |
| 2014-01-29 | CVE-2014-0680 | Cross-Site Scripting vulnerability in Cisco Identity Services Engine Cross-site scripting (XSS) vulnerability in the HTTP control interface in the NAC Web Agent component in Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCui15038. | 4.3 |
| 2014-01-25 | CVE-2014-0678 | Permissions, Privileges, and Access Controls vulnerability in Cisco Secure Access Control System The portal interface in Cisco Secure Access Control System (ACS) does not properly manage sessions, which allows remote authenticated users to hijack sessions and gain privileges via unspecified vectors, aka Bug ID CSCue65951. | 5.5 |
| 2014-01-25 | CVE-2014-0673 | Cross-Site Scripting vulnerability in Cisco Video Surveillance Indoor Fixed Dome IP HD Camera 5010/5011 Multiple cross-site scripting (XSS) vulnerabilities in the web interface on Cisco Video Surveillance 5000 HD IP Dome cameras allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCud10943 and CSCud10950. | 4.3 |
| 2014-01-24 | CVE-2014-0674 | Improper Authentication vulnerability in Cisco Video Surveillance Operations Manager Cisco Video Surveillance Operations Manager (VSOM) does not require authentication for MySQL database connections, which allows remote attackers to obtain sensitive information, modify data, or cause a denial of service by leveraging network connectivity from a client system with a crafted host name, aka Bug ID CSCud10992. | 6.8 |
| 2014-01-23 | CVE-2014-0675 | Credentials Management vulnerability in Cisco Telepresence Video Communication Server The Expressway component in Cisco TelePresence Video Communication Server (VCS) uses the same default X.509 certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate's trust relationship, aka Bug ID CSCue07471. | 6.4 |
| 2014-01-22 | CVE-2014-0677 | Improper Input Validation vulnerability in Cisco Nx-Os The Label Distribution Protocol (LDP) functionality in Cisco NX-OS allows remote attackers to cause a denial of service (temporary LDP session outage) via LDP discovery traffic containing malformed Hello messages, aka Bug ID CSCul88851. | 5.0 |
| 2014-01-22 | CVE-2014-0676 | Permissions, Privileges, and Access Controls vulnerability in Cisco Nx-Os Cisco NX-OS allows local users to bypass intended TACACS+ command restrictions via a series of multiple commands, aka Bug ID CSCum47367. | 6.8 |