Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-01-08 | CVE-2013-6982 | Improper Input Validation vulnerability in Cisco Nx-Os The BGP implementation in Cisco NX-OS 6.2(2a) and earlier does not properly handle the interaction of UPDATE messages with IPv6, VPNv4, and VPNv6 labeled unicast-address families, which allows remote attackers to cause a denial of service (peer reset) via a crafted message, aka Bug ID CSCuj03174. | 4.3 |
| 2013-12-31 | CVE-2013-6983 | SQL Injection vulnerability in Cisco Unified Presence Server SQL injection vulnerability in the web interface in Cisco Unified Presence Server allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuh35615. | 6.5 |
| 2013-12-28 | CVE-2013-6981 | Improper Input Validation vulnerability in Cisco IOS XE Cisco IOS XE 3.7S(.1) and earlier allows remote attackers to cause a denial of service (Packet Processor crash) via fragmented MPLS IP packets, aka Bug ID CSCul00709. | 5.4 |
| 2013-12-23 | CVE-2013-6979 | Improper Authentication vulnerability in Cisco IOS XE The VTY authentication implementation in Cisco IOS XE 03.02.xxSE and 03.03.xxSE incorrectly relies on the Linux-IOS internal-network configuration, which allows remote attackers to bypass authentication by leveraging access to a 192.168.x.2 source IP address, aka Bug ID CSCuj90227. | 5.4 |
| 2013-12-21 | CVE-2013-6978 | Information Exposure vulnerability in Cisco Unified Communications Manager The disaster recovery system (DRS) component in Cisco Unified Communications Manager (UCM) 9.1(1) and earlier allows remote authenticated users to obtain sensitive device information by reading "extraneous information" in HTML source code, aka Bug ID CSCuj39249. | 4.0 |
| 2013-12-21 | CVE-2012-4135 | Path Traversal vulnerability in Cisco Nx-Os Directory traversal vulnerability in filesys in Cisco NX-OS 6.1(2) and earlier allows local users to access arbitrary files via crafted command-line arguments during a delete action, aka Bug IDs CSCty07270, CSCty07271, CSCty07273, and CSCty07275. | 4.6 |
| 2013-12-21 | CVE-2012-4131 | Path Traversal vulnerability in Cisco Nx-Os Directory traversal vulnerability in tar in Cisco NX-OS allows local users to access arbitrary files via crafted command-line arguments, aka Bug IDs CSCty07157, CSCty07159, CSCty07162, and CSCty07164. | 4.6 |
| 2013-12-19 | CVE-2013-6976 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Epc3925 Cross-site request forgery (CSRF) vulnerability in goform/Quick_setup on Cisco EPC3925 devices allows remote attackers to hijack the authentication of administrators for requests that change a password via the Password and PasswordReEnter parameters, aka Bug ID CSCuh37496. | 6.8 |
| 2013-12-18 | CVE-2013-6701 | Improper Input Validation vulnerability in Cisco products The tNetTaskLimit process on the Transport Node Controller (TNC) on Cisco ONS 15454 devices with software 9.6 and earlier does not properly prioritize health pings, which allows remote attackers to cause a denial of service (watchdog timeout and TNC reset) via a flood of network traffic, aka Bug ID CSCud97155. | 5.0 |
| 2013-12-17 | CVE-2013-6966 | Improper Input Validation vulnerability in Cisco Webex Training Center Open redirect vulnerability in Cisco WebEx Training Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul36031. | 5.8 |