Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-08-29 | CVE-2013-3471 | Credentials Management vulnerability in Cisco Identity Services Engine Software The captive portal application in Cisco Identity Services Engine (ISE) allows remote attackers to discover cleartext usernames and passwords by leveraging unspecified use of hidden form fields in an HTML document, aka Bug ID CSCug02515. | 4.3 |
| 2013-08-13 | CVE-2013-3464 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco IOS XR Cisco IOS XR allows local users to cause a denial of service (Silicon Packet Processor memory corruption, improper mutex handling, and device reload) by starting an outbound flood of large ICMP Echo Request packets and stopping this with a CTRL-C sequence, aka Bug ID CSCui60347. | 4.6 |
| 2013-08-12 | CVE-2013-3457 | Path Traversal vulnerability in Cisco Finesse Absolute path traversal vulnerability in the web interface in Cisco Finesse allows remote attackers to read directory contents via a direct request to a directory URL, aka Bug ID CSCug16772. | 5.0 |
| 2013-08-12 | CVE-2013-3455 | Credentials Management vulnerability in Cisco Finesse Cisco Finesse allows remote attackers to obtain sensitive information by sniffing the network for HTTP query data, aka Bug ID CSCug16732. | 5.0 |
| 2013-08-05 | CVE-2013-3451 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unified Communications Manager Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Unified Communications Manager (Unified CM) allow remote attackers to hijack the authentication of arbitrary users for requests that perform arbitrary Unified CM operations, aka Bug ID CSCui13033. | 6.8 |
| 2013-08-05 | CVE-2013-3450 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unified Communications Manager Cross-site request forgery (CSRF) vulnerability in the User WebDialer page in Cisco Unified Communications Manager (Unified CM) allows remote attackers to hijack the authentication of arbitrary users for requests that dial calls, aka Bug ID CSCui13028. | 6.8 |
| 2013-08-05 | CVE-2013-3442 | Information Exposure vulnerability in Cisco Unified Communications Manager The web portal in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive stack-trace information via unspecified vectors that trigger a stack exception, aka Bug ID CSCug34854. | 4.0 |
| 2013-08-05 | CVE-2013-0149 | Remote Security Bypass vulnerability in Cisco IOS and IOS XE The OSPF implementation in Cisco IOS 12.0 through 12.4 and 15.0 through 15.3, IOS-XE 2.x through 3.9.xS, ASA and PIX 7.x through 9.1, FWSM, NX-OS, and StarOS before 14.0.50488 does not properly validate Link State Advertisement (LSA) type 1 packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a (1) unicast or (2) multicast packet, aka Bug IDs CSCug34485, CSCug34469, CSCug39762, CSCug63304, and CSCug39795. network cisco | 5.8 |
| 2013-08-02 | CVE-2013-3448 | Permissions, Privileges, and Access Controls vulnerability in Cisco Webex Meetings Server Cisco WebEx Meetings Server does not check whether a user account is active, which allows remote authenticated users to bypass intended access restrictions by performing meeting operations after account deactivation, aka Bug ID CSCuh33315. | 4.0 |
| 2013-08-02 | CVE-2013-1190 | Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Computing System The C-Series Rack Server component 1.4 in Cisco Unified Computing System (UCS) does not properly restrict inbound access to ports, which allows remote attackers to cause a denial of service (Integrated Management Controller reboot or hang) via crafted packets, as demonstrated by nmap, aka Bug ID CSCtx19850. | 5.0 |