Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-07-18 | CVE-2013-3426 | Permissions, Privileges, and Access Controls vulnerability in Cisco products The Serviceability servlet on Cisco 9900 IP phones does not properly restrict paths, which allows remote attackers to read arbitrary files by specifying a pathname in a file request, aka Bug ID CSCuh52810. | 5.0 |
| 2013-07-18 | CVE-2013-3420 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco products Cross-site request forgery (CSRF) vulnerability in the web framework on the Cisco Identity Services Engine (ISE) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuh25506. | 6.8 |
| 2013-07-18 | CVE-2013-3434 | Local Privilege Escalation vulnerability in Cisco Unified Communications Manager Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCui02242. | 6.8 |
| 2013-07-18 | CVE-2013-3433 | Local Privilege Escalation vulnerability in Cisco Unified Communications Manager Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCui02276. | 6.8 |
| 2013-07-18 | CVE-2013-3412 | SQL Injection vulnerability in Cisco Unified Communications Manager SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuh81766. | 6.5 |
| 2013-07-18 | CVE-2013-3403 | Unspecified vulnerability in Cisco Unified Communications Manager Multiple untrusted search path vulnerabilities in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allow local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCuh73454. | 6.8 |
| 2013-07-18 | CVE-2013-3402 | Code Injection vulnerability in Cisco Unified Communications Manager An unspecified function in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary commands via unknown vectors, aka Bug ID CSCuh73440. | 6.5 |
| 2013-07-15 | CVE-2013-3428 | Information Exposure vulnerability in Cisco Secure Access Control System The web interface in Cisco Secure Access Control System (ACS) does not properly suppress error-condition details, which allows remote authenticated users to obtain sensitive information via an unspecified request that triggers an error, aka Bug ID CSCue65957. | 4.0 |
| 2013-07-12 | CVE-2013-3424 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Secure Access Control System Cross-site request forgery (CSRF) vulnerability in Administration and View pages in Cisco Secure Access Control System (ACS) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCud75177. | 6.8 |
| 2013-07-12 | CVE-2013-3423 | Cross-Site Scripting vulnerability in Cisco Secure Access Control System Cross-site scripting (XSS) vulnerability in the web interface in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified field, aka Bug ID CSCud75174. | 4.3 |