Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-06-14 | CVE-2013-3375 | Cross-Site Scripting vulnerability in Cisco Prime Central FOR Hosted Collaboration Solution Cross-site scripting (XSS) vulnerability in the portal page in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCue23798. | 4.3 |
| 2013-06-12 | CVE-2013-3381 | Resource Management Errors vulnerability in Cisco Hosted Collaboration Solution Cisco Hosted Collaboration Mediation allows remote attackers to cause a denial of service (CPU consumption) via a flood of malformed UDP packets on port 162, aka Bug ID CSCug85756. | 5.0 |
| 2013-06-12 | CVE-2013-3380 | Information Exposure vulnerability in Cisco Secure Access Control Server Solution Engine The administrative web interface in the Access Control Server in Cisco Secure Access Control System (ACS) does not properly restrict the report view page, which allows remote authenticated users to obtain sensitive information via a direct request, aka Bug ID CSCue79279. | 4.0 |
| 2013-06-06 | CVE-2013-1205 | Improper Authentication vulnerability in Cisco Webex Meetings Server The Event Center module in Cisco WebEx Meetings Server does not perform request authentication in all intended circumstances, which allows remote attackers to discover host keys and event passwords via crafted URLs, aka Bug ID CSCue62485. | 4.3 |
| 2013-05-31 | CVE-2013-1247 | Cross-Site Scripting vulnerability in Cisco Prime Infrastructure Cross-site scripting (XSS) vulnerability in the wireless configuration module in Cisco Prime Infrastructure allows remote attackers to inject arbitrary web script or HTML via an SSID that is not properly handled during display of the XML windowing table, aka Bug ID CSCuf04356. | 4.3 |
| 2013-05-31 | CVE-2013-1246 | Resource Management Errors vulnerability in Cisco Telepresence System Software Cisco TelePresence System Software does not properly handle inactive t-shell sessions, which allows remote authenticated users to cause a denial of service (memory consumption and service outage) by establishing multiple SSH connections, aka Bug ID CSCug77610. | 6.8 |
| 2013-05-29 | CVE-2013-1213 | Resource Management Errors vulnerability in Cisco Nexus 1000V and Nx-Os Cisco NX-OS on the Nexus 1000V does not assign the proper priority to heartbeat messages from a Virtual Ethernet Module (VEM) to a Virtual Supervisor Module (VSM), which allows remote attackers to cause a denial of service (false VEM unavailability report) via a flood of UDP packets, aka Bug ID CSCud14840. | 5.0 |
| 2013-05-29 | CVE-2013-1212 | Cryptographic Issues vulnerability in Cisco Nexus 1000V and Nx-Os The SSL functionality in Cisco NX-OS on the Nexus 1000V does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof servers, and intercept or modify Virtual Supervisor Module (VSM) to VMware vCenter communication, via a crafted certificate, aka Bug ID CSCud14837. | 5.8 |
| 2013-05-29 | CVE-2013-1211 | Improper Authentication vulnerability in Cisco Nx-Os Cisco NX-OS on the Nexus 1000V does not properly handle authentication for Virtual Ethernet Module (VEM) to Virtual Supervisor Module (VSM) communication, which allows remote attackers to obtain VEM access via (1) spoofed STUN packets or (2) a crafted VMware ESXi instance, aka Bug ID CSCud14832. | 5.0 |
| 2013-05-29 | CVE-2013-1210 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Nx-Os Array index error in the Virtual Ethernet Module (VEM) kernel driver for VMware ESXi in Cisco NX-OS on the Nexus 1000V, when STUN debugging is enabled, allows remote attackers to cause a denial of service (ESXi crash and purple screen of death) by sending crafted STUN packets to a VEM, aka Bug ID CSCud14825. | 5.4 |