Vulnerabilities > Cisco > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2012-12-19 | CVE-2012-5991 | Unspecified vulnerability in Cisco products screens/base/web_auth_custom.html on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allows remote authenticated users to cause a denial of service (device reload) via a certain buttonClicked value in an internal webauth_type request, aka Bug ID CSCud50209. network cisco | 6.3 |
2012-11-07 | CVE-2012-5424 | Improper Input Validation vulnerability in Cisco Secure Access Control Server Cisco Secure Access Control System (ACS) 5.x before 5.2 Patch 11 and 5.3 before 5.3 Patch 7, when a certain configuration involving TACACS+ and LDAP is used, does not properly validate passwords, which allows remote attackers to bypass authentication by sending a valid username and a crafted password string, aka Bug ID CSCuc65634. | 5.0 |
2012-09-16 | CVE-2012-3919 | Resource Management Errors vulnerability in Cisco Application Control Engine Module 3.0 The Cisco Application Control Engine (ACE) module 3.0 for Cisco Catalyst switches and Cisco routers does not properly monitor Load Balancer (LB) queues, which allows remote attackers to cause a denial of service (incorrect memory access and module reboot) via application traffic, aka Bug ID CSCtw70879. | 5.0 |
2012-09-16 | CVE-2012-3915 | Buffer Errors vulnerability in Cisco IOS 15.2 The DMVPN tunnel implementation in Cisco IOS 15.2 allows remote attackers to cause a denial of service (persistent IKE state) via a large volume of hub-to-spoke traffic, aka Bug ID CSCtq39602. | 5.0 |
2012-09-16 | CVE-2012-3908 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco products Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684. | 6.8 |
2012-09-16 | CVE-2012-3901 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco products The updateTime function in sensorApp on Cisco IPS 4200 series sensors 7.0 and 7.1 allows remote attackers to cause a denial of service (process crash and traffic-inspection outage) via network traffic, aka Bug ID CSCta96144. | 5.0 |
2012-09-16 | CVE-2012-3899 | Resource Management Errors vulnerability in Cisco products sensorApp on Cisco IPS 4200 series sensors 6.0, 6.2, and 7.0 does not properly allocate memory, which allows remote attackers to cause a denial of service (memory corruption and process crash, and traffic-inspection outage) via network traffic, aka Bug ID CSCtn23051. | 5.0 |
2012-09-16 | CVE-2012-3895 | Denial-Of-Service vulnerability in IOS Cisco IOS 15.0 through 15.3 allows remote authenticated users to cause a denial of service (device crash) via an MVPNv6 update, aka Bug ID CSCty89224. network cisco | 6.3 |
2012-09-16 | CVE-2012-3893 | Denial-Of-Service vulnerability in Cisco IOS 15.2/15.3 The FlexVPN implementation in Cisco IOS 15.2 and 15.3 allows remote authenticated users to cause a denial of service (spoke crash) via spoke-to-spoke traffic, aka Bug ID CSCtz02622. network cisco | 6.3 |
2012-09-16 | CVE-2012-3096 | Denial-Of-Service vulnerability in Cisco Unity Connection 7.1/8.0/8.5 Cisco Unity Connection (UC) 7.1, 8.0, and 8.5 allows remote authenticated users to cause a denial of service (resource consumption and administration outage) via extended use of the product, aka Bug ID CSCtd79132. | 4.0 |