Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-10-02 | CVE-2012-4102 | Improper Input Validation vulnerability in Cisco Unified Computing System The activate firmware command in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq02600. | 6.8 |
| 2013-10-02 | CVE-2012-4095 | Improper Input Validation vulnerability in Cisco Unified Computing System The local file editor in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges, and read or modify arbitrary files, via unspecified key bindings, aka Bug ID CSCtn04521. | 5.5 |
| 2013-10-01 | CVE-2013-5516 | Resource Management Errors vulnerability in Cisco Telepresence Multipoint Switch The Media Snapshot implementation on Cisco TelePresence Multipoint Switch (CTMS) devices allows remote authenticated users to cause a denial of service (device reload) by sending many Media Snapshot requests at the time of a meeting termination, aka Bug ID CSCuh44796. | 6.3 |
| 2013-10-01 | CVE-2012-4096 | Improper Input Validation vulnerability in Cisco Unified Computing System The local file editor in the Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) allows local users to gain privileges and modify arbitrary fabric-interconnect files, in the context of a vi process, via unspecified commands, aka Bug ID CSCtn06574. | 6.2 |
| 2013-09-30 | CVE-2013-5505 | Cross-Site Scripting vulnerability in Cisco Identity Services Engine Software Cross-site scripting (XSS) vulnerability in an administration page in Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui30275. | 4.3 |
| 2013-09-30 | CVE-2013-5504 | Cross-Site Scripting vulnerability in Cisco Identity Services Engine Software Cross-site scripting (XSS) vulnerability in the Mobile Device Management (MDM) portal in Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui30266. | 4.3 |
| 2013-09-30 | CVE-2013-3417 | Improper Authentication vulnerability in Cisco Video Surveillance Operations Manager The administrative web interface in Cisco Video Surveillance Operations Manager does not properly perform authentication, which allows remote attackers to watch video feeds via a crafted URL, aka Bug ID CSCtg72262. | 5.0 |
| 2013-09-27 | CVE-2013-5498 | Improper Input Validation vulnerability in Cisco IOS XR The PPTP-ALG component in CRS Carrier Grade Services Engine (CGSE) and ASR 9000 Integrated Service Module (ISM) in Cisco IOS XR allows remote attackers to cause a denial of service (module reset) via crafted packet streams, aka Bug ID CSCue91963. | 5.0 |
| 2013-09-27 | CVE-2012-1313 | Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Computing System The remote debug shell on the PALO adapter card in Cisco Unified Computing System (UCS) allows local users to gain privileges via malformed show-macstats parameters, aka Bug ID CSCub13772. | 6.5 |
| 2013-09-26 | CVE-2012-4092 | Improper Input Validation vulnerability in Cisco Unified Computing System The management interface in the Central Software component in Cisco Unified Computing System (UCS) does not properly validate the identity of vCenter consoles, which allows man-in-the-middle attackers to read or modify an inter-device data stream by spoofing an identity, aka Bug ID CSCtk00683. | 5.8 |