Vulnerabilities > Cisco > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2012-09-16 | CVE-2012-3094 | Information Exposure vulnerability in Cisco Anyconnect Secure Mobility Client 3.1.0 The VPN downloader in the download_install component in Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495 on Linux accepts arbitrary X.509 server certificates without user interaction, which allows remote attackers to obtain sensitive information via vectors involving an invalid certificate, aka Bug ID CSCua11967. | 5.0 |
2012-09-16 | CVE-2012-3052 | Unspecified vulnerability in Cisco VPN Client Untrusted search path vulnerability in Cisco VPN Client 5.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka Bug ID CSCua28747. local cisco | 6.9 |
2012-09-16 | CVE-2012-3051 | Remote Denial of Service vulnerability in Cisco Nexus 7000 Series Switches NX-OS Cisco NX-OS 5.2 and 6.1 on Nexus 7000 series switches allows remote attackers to cause a denial of service (process crash or packet loss) via a large number of ARP packets, aka Bug ID CSCtr44822. low complexity cisco | 6.1 |
2012-08-06 | CVE-2012-1361 | Information Exposure vulnerability in Cisco IOS 15.1/15.2 Cisco IOS 15.1 and 15.2, when the Multicast Music-on-Hold (MMoH) feature of Cisco Unified Communications Manager (CUCM) is enabled, allows remote attackers to obtain sensitive crosstalk information by listening during a PSTN call, aka Bug ID CSCtx77750. | 4.3 |
2012-08-06 | CVE-2012-1357 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Nexus 5000 and Nx-Os The igmp_snoop_orib_fill_source_update function in the IGMP process in NX-OS 5.0 and 5.1 on Cisco Nexus 5000 series switches allows remote attackers to cause a denial of service (device reload) via IGMP packets, aka Bug ID CSCts46521. | 5.0 |
2012-08-06 | CVE-2012-1348 | Information Exposure vulnerability in Cisco Wide Area Application Services 4.4/5.0/5.1 Cisco Wide Area Application Services (WAAS) appliances with software 4.4, 5.0, and 5.1 include a one-way hash of a password within output text, which might allow remote attackers to obtain sensitive information via a brute-force attack on the hash string, aka Bug ID CSCty17279. | 5.0 |
2012-08-06 | CVE-2012-1346 | Resource Management Errors vulnerability in Cisco Emergency Responder 8.6/9.2 Cisco Emergency Responder 8.6 and 9.2 allows remote attackers to cause a denial of service (CPU consumption) by sending malformed UDP packets to the CERPT port, aka Bug ID CSCtx38369. | 5.0 |
2012-08-06 | CVE-2012-2500 | Cryptographic Issues vulnerability in Cisco Anyconnect Secure Mobility Client 3.0/3.0.0629/3.0.07059 Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate during WebLaunch of IPsec, which allows man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz29470. | 4.0 |
2012-08-06 | CVE-2012-2499 | Cryptographic Issues vulnerability in Cisco Anyconnect Secure Mobility Client 3.0/3.0.0629/3.0.07059 The IPsec implementation in Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz26985. | 5.8 |
2012-08-06 | CVE-2012-2498 | Improper Authentication vulnerability in Cisco Anyconnect Secure Mobility Client Cisco AnyConnect Secure Mobility Client 3.0 through 3.0.08066 does not ensure that authentication makes use of a legitimate certificate, which allows user-assisted man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz29197. | 4.0 |