Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-10-14 | CVE-2012-4077 | Permissions, Privileges, and Access Controls vulnerability in Cisco Nx-Os Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via the sed e option, aka Bug IDs CSCtf25457 and CSCtf27651. | 6.8 |
| 2013-10-14 | CVE-2012-4076 | Improper Input Validation vulnerability in Cisco Nx-Os Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in a command that calls the system library function, aka Bug IDs CSCtf23559 and CSCtf27780. | 6.8 |
| 2013-10-13 | CVE-2013-5506 | Permissions, Privileges, and Access Controls vulnerability in Cisco Firewall Services Module Software The authorization functionality in Cisco Firewall Services Module (FWSM) 3.1.x and 3.2.x before 3.2(25) and 4.x before 4.1(13), when multiple-context mode is enabled, allows local users to read or modify any context's configuration via unspecified commands, aka Bug ID CSCue46080. | 6.6 |
| 2013-10-13 | CVE-2012-4108 | OS Command Injection vulnerability in Cisco Unified Computing System The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges and execute arbitrary operating-system commands via crafted parameters to a file-related command, aka Bug ID CSCtq86554. | 6.8 |
| 2013-10-13 | CVE-2012-4107 | Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Computing System The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges and execute arbitrary commands via crafted parameters to a file-related command, aka Bug ID CSCtq86489. | 4.6 |
| 2013-10-13 | CVE-2012-4106 | Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Computing System The fabric-interconnect component in Cisco Unified Computing System (UCS) uses the same privilege level for execution of every script, which allows local users to gain privileges and execute arbitrary commands via an unspecified script-execution approach, aka Bug ID CSCtq86477. | 6.8 |
| 2013-10-13 | CVE-2012-4105 | Improper Input Validation vulnerability in Cisco Unified Computing System The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to cause a denial of service (component crash) via crafted "debug hardware" parameters, aka Bug ID CSCtq86468. | 4.6 |
| 2013-10-11 | CVE-2013-5533 | Improper Input Validation vulnerability in Cisco products The image-upgrade functionality on Cisco 9900 Unified IP phones allows local users to gain privileges by placing shell commands in an unspecified parameter, aka Bug ID CSCuh10334. | 6.0 |
| 2013-10-11 | CVE-2013-5532 | Improper Input Validation vulnerability in Cisco products Buffer overflow in the web-application interface on Cisco 9900 IP phones allows remote attackers to cause a denial of service (webapp interface outage) via long values in unspecified fields, aka Bug ID CSCuh10343. | 5.0 |
| 2013-10-11 | CVE-2013-5528 | Path Traversal vulnerability in Cisco Unified Communications Manager Directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug ID CSCui78815. | 4.0 |