Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-10-19 | CVE-2012-4113 | Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Computing System The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges and read arbitrary files via crafted command parameters within the command-line interface, aka Bug ID CSCtr43374. | 4.6 |
| 2013-10-19 | CVE-2012-4112 | Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Computing System The Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) allows local users to gain privileges and execute arbitrary commands via crafted command parameters within the command-line interface, aka Bug ID CSCtr43330. | 6.8 |
| 2013-10-16 | CVE-2013-5540 | Resource Management Errors vulnerability in Cisco products The file-upload feature in Cisco Identity Services Engine (ISE) allows remote authenticated users to cause a denial of service (disk consumption and administration-interface outage) by uploading many files, aka Bug ID CSCui67519. | 6.8 |
| 2013-10-16 | CVE-2013-5539 | Improper Input Validation vulnerability in Cisco products The upload-dialog implementation in Cisco Identity Services Engine (ISE) allows remote authenticated users to upload files with an arbitrary file type, and consequently conduct attacks against unspecified other systems, via a crafted file, aka Bug ID CSCui67511. | 6.0 |
| 2013-10-16 | CVE-2013-5538 | Permissions, Privileges, and Access Controls vulnerability in Cisco products The Sponsor Portal in Cisco Identity Services Engine (ISE) uses weak permissions for uploaded files, which allows remote attackers to read arbitrary files via a direct request, aka Bug ID CSCui67506. | 5.0 |
| 2013-10-16 | CVE-2013-5535 | Credentials Management vulnerability in Cisco products The analytics page on Cisco Video Surveillance 4000 IP cameras has hardcoded credentials, which allows remote attackers to watch the video feed by leveraging knowledge of the password, aka Bug IDs CSCuj70402 and CSCuj70419. | 6.4 |
| 2013-10-16 | CVE-2013-5529 | Improper Input Validation vulnerability in Cisco Webex Meetings Server The deployment module in the server in Cisco WebEx Meeting Center does not properly validate the passphrase, which allows remote attackers to launch a deployment or cause a denial of service (deployment interruption) via a direct request, aka Bug ID CSCuf52200. | 6.8 |
| 2013-10-14 | CVE-2012-4121 | Permissions, Privileges, and Access Controls vulnerability in Cisco Nx-Os Cisco NX-OS allows local users to gain privileges, and read or modify arbitrary files, via the sed (1) r and (2) w commands, aka Bug IDs CSCts56559, CSCts56565, CSCts56570, and CSCts56574. | 6.8 |
| 2013-10-14 | CVE-2012-4099 | Improper Input Validation vulnerability in Cisco Nx-Os The BGP implementation in Cisco NX-OS does not properly filter AS paths, which allows remote attackers to cause a denial of service (BGP service reset and resync) via a malformed UPDATE message, aka Bug ID CSCtn13065. | 4.3 |
| 2013-10-14 | CVE-2012-4097 | Improper Input Validation vulnerability in Cisco Nx-Os The BGP implementation in Cisco NX-OS does not properly filter segment types in AS paths, which allows remote attackers to cause a denial of service (BGP service reset) via a malformed UPDATE message, aka Bug ID CSCtn13043. | 4.3 |