Vulnerabilities > Cisco > Medium

DATE CVE VULNERABILITY TITLE RISK
2013-09-20 CVE-2013-5501 Cross-Site Scripting vulnerability in Cisco Mediasense
Cross-site scripting (XSS) vulnerability in the oraservice page in Cisco MediaSense allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuj23328.
network
cisco CWE-79
4.3
2013-09-20 CVE-2013-5500 Cross-Site Scripting vulnerability in Cisco Mediasense
Multiple cross-site scripting (XSS) vulnerabilities in the oraadmin service page in Cisco MediaSense allow remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs CSCuj23320, CSCuj23324, CSCuj23333, and CSCuj23338.
network
cisco CWE-79
4.3
2013-09-20 CVE-2013-1130 Permissions, Privileges, and Access Controls vulnerability in Cisco Anyconnect Secure Mobility Client
Cisco AnyConnect Secure Mobility Client on Mac OS X uses weak permissions for a library directory, which allows local users to gain privileges via a crafted library file, aka Bug ID CSCue33619.
local
low complexity
cisco apple CWE-264
6.8
2013-09-20 CVE-2012-4093 Improper Input Validation vulnerability in Cisco Unified Computing System
The Manager component in Cisco Unified Computing System (UCS) allows local users to cause a denial of service via an invalid Smart Call Home contact address, aka Bug ID CSCtl00186.
local
low complexity
cisco CWE-20
4.6
2013-09-20 CVE-2012-4083 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Unified Computing System
Multiple buffer overflows in the administrative web interface in Cisco Unified Computing System (UCS) allow remote authenticated users to cause a denial of service (memory corruption and session termination) via long string values for unspecified parameters, aka Bug ID CSCtg20751.
network
low complexity
cisco CWE-119
4.0
2013-09-20 CVE-2012-4074 Credentials Management vulnerability in Cisco Unified Computing System
The Board Management Controller (BMC) in the Serial over LAN (SoL) subsystem in Cisco Unified Computing System (UCS) relies on a hardcoded private key, which allows man-in-the-middle attackers to obtain sensitive information or modify the data stream by leveraging knowledge of this key, aka Bug ID CSCte90338.
network
cisco CWE-255
5.8
2013-09-20 CVE-2012-4073 Cryptographic Issues vulnerability in Cisco Unified Computing System
The KVM subsystem in the client in Cisco Unified Computing System (UCS) does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers, and read or modify KVM data, via a crafted certificate, aka Bug ID CSCte90332.
network
cisco CWE-310
5.8
2013-09-20 CVE-2012-4072 Improper Input Validation vulnerability in Cisco Unified Computing System
The KVM subsystem in Cisco Unified Computing System (UCS) relies on a hardcoded X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers, and read keyboard and mouse events, by leveraging knowledge of this certificate's private key, aka Bug ID CSCte90327.
network
cisco CWE-20
4.3
2013-09-19 CVE-2013-5497 Improper Authentication vulnerability in Cisco Intrusion Prevention System
The authentication manager process in the web framework in Cisco Intrusion Prevention System (IPS) does not properly handle user tokens, which allows remote attackers to cause a denial of service (intermittent MainApp hang) via a crafted management-interface connection request, aka Bug ID CSCuf20148.
network
cisco CWE-287
4.3
2013-09-19 CVE-2013-1121 Resource Management Errors vulnerability in Cisco Nx-Os
The regex engine in the BGP implementation in Cisco NX-OS, when a complex regular expression is configured for inbound routes, allows remote attackers to cause a denial of service (device reload) via a crafted AS path set, aka Bug ID CSCuf49554.
network
high complexity
cisco CWE-399
5.4