Vulnerabilities > Cisco > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-12-03 | CVE-2013-6705 | Improper Input Validation vulnerability in Cisco IOS and IOS XE The IP Device Tracking (IPDT) feature in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (IPDT AVL corruption and device reload) via a crafted sequence of ARP packets, aka Bug ID CSCuh38133. | 6.1 |
2013-12-03 | CVE-2013-6690 | Cross-Site Scripting vulnerability in Cisco Prime Collaboration Multiple cross-site scripting (XSS) vulnerabilities in the web interface in the Assurance component in Cisco Prime Collaboration allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs CSCui92643, CSCui94038, and CSCui94161. | 4.3 |
2013-12-02 | CVE-2013-6695 | Permissions, Privileges, and Access Controls vulnerability in Cisco Secure Access Control System The RBAC implementation in Cisco Secure Access Control System (ACS) does not properly verify privileges for support-bundle downloads, which allows remote authenticated users to obtain sensitive information via a download action, as demonstrated by obtaining read access to the user database, aka Bug ID CSCuj39274. | 4.0 |
2013-11-29 | CVE-2013-6706 | Improper Input Validation vulnerability in Cisco IOS XE The Cisco Express Forwarding processing module in Cisco IOS XE allows remote attackers to cause a denial of service (device reload) via crafted MPLS packets that are not properly handled during IP header validation, aka Bug ID CSCuj23992. | 5.4 |
2013-11-29 | CVE-2013-6700 | Improper Input Validation vulnerability in Cisco IOS XR The SNMP module in Cisco IOS XR allows remote attackers to cause a denial of service (process reload) via a request for an unspecified MIB, aka Bug ID CSCuh43144. | 5.0 |
2013-11-27 | CVE-2013-3394 | Cross-Site Scripting vulnerability in Cisco Prime Network Registrar Cross-site scripting (XSS) vulnerability in the web interface in Cisco Prime Network Registrar 8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted field, aka Bug ID CSCuh41429. | 4.3 |
2013-11-22 | CVE-2013-6699 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Wireless LAN Controller The Control and Provisioning of Wireless Access Points (CAPWAP) protocol implementation on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service via a crafted CAPWAP packet that triggers a buffer over-read, aka Bug ID CSCuh81880. | 5.0 |
2013-11-22 | CVE-2013-6698 | Permissions, Privileges, and Access Controls vulnerability in Cisco Wireless LAN Controller The web interface on Cisco Wireless LAN Controller (WLC) devices does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCuf77821. | 4.3 |
2013-11-22 | CVE-2013-6694 | Improper Input Validation vulnerability in Cisco IOS The IPSec implementation in Cisco IOS allows remote attackers to cause a denial of service (MTU change and tunnel-session drop) via crafted ICMP packets, aka Bug ID CSCul29918. | 4.3 |
2013-11-22 | CVE-2013-6693 | Buffer Errors vulnerability in Cisco IOS The MLDP implementation in Cisco IOS 15.3(3)S and earlier on 7600 routers, when many VRFs are configured, allows remote attackers to cause a denial of service (chunk corruption and device reload) by establishing many multicast flows, aka Bug ID CSCue22345. | 5.4 |