Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-05-29 | CVE-2013-1209 | Improper Authentication vulnerability in Cisco Nx-Os The encryption functionality in the Virtual Supervisor Module (VSM) to Virtual Ethernet Module (VEM) communication component in Cisco NX-OS on the Nexus 1000V does not properly authenticate VSM/VEM packets, which allows remote attackers to disable packet-level encryption and integrity protection via crafted packets, aka Bug ID CSCud14710. | 5.0 |
| 2013-05-29 | CVE-2013-1208 | Cryptographic Issues vulnerability in Cisco Nx-Os The encryption functionality in Cisco NX-OS on the Nexus 1000V does not properly handle Virtual Supervisor Module (VSM) to Virtual Ethernet Module (VEM) communication, which allows remote attackers to intercept or modify network traffic by leveraging certain Layer 2 or Layer 3 access, aka Bug ID CSCud14691. | 5.8 |
| 2013-05-27 | CVE-2012-6399 | Improper Input Validation vulnerability in Cisco Webex 4.1 Cisco WebEx 4.1 on iOS does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, aka Bug ID CSCud94176. | 5.8 |
| 2013-05-23 | CVE-2013-1204 | Resource Management Errors vulnerability in Cisco IOS XR Memory leak in the SNMP process in Cisco IOS XR allows remote attackers to cause a denial of service (memory consumption or process reload) by sending many port-162 UDP packets, aka Bug ID CSCug80345. | 5.0 |
| 2013-05-16 | CVE-2013-1245 | Improper Input Validation vulnerability in Cisco Webex Social The user-management page in Cisco WebEx Social relies on client-side validation of values in the Screen Name, First Name, Middle Name, Last Name, Email Address, and Job Title fields, which allows remote authenticated users to bypass intended access restrictions via crafted requests, aka Bug ID CSCue67190. | 4.0 |
| 2013-05-16 | CVE-2013-1200 | Improper Authentication vulnerability in Cisco Secure Access Control System Session fixation vulnerability in Cisco Secure Access Control System (ACS) allows remote attackers to hijack web sessions via unspecified vectors, aka Bug ID CSCud95787. | 6.8 |
| 2013-05-16 | CVE-2013-1188 | Improper Authentication vulnerability in Cisco Unified Communications Manager Cisco Unified Communications Manager (CUCM) does not properly limit the rate of authentication attempts, which allows remote attackers to cause a denial of service (application slowdown) via a series of requests, aka Bug ID CSCud39515. | 5.0 |
| 2013-05-13 | CVE-2013-1136 | Resource Management Errors vulnerability in Cisco IOS The crypto engine process in Cisco IOS on Aggregation Services Router (ASR) Route Processor 2 does not properly manage memory, which allows local users to cause a denial of service (route processor crash) by creating multiple tunnels and then examining encryption statistics, aka Bug ID CSCuc52193. | 4.6 |
| 2013-05-10 | CVE-2013-1242 | Resource Management Errors vulnerability in Cisco Unified Presence Server Memory leak in the web framework in the server in Cisco Unified Presence (CUP) allows remote attackers to cause a denial of service (memory consumption) via malformed TCP packets, aka Bug ID CSCug38080. | 5.0 |
| 2013-05-08 | CVE-2013-1241 | Improper Authentication vulnerability in Cisco products The ISM module in Cisco IOS on ISR G2 routers does not properly handle authentication-header packets, which allows remote authenticated users to cause a denial of service (module reload) via a series of malformed packets, aka Bug ID CSCub92025. | 6.3 |