Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-05-02 | CVE-2012-0338 | Improper Input Validation vulnerability in Cisco IOS Cisco IOS 12.2 through 12.4 and 15.0 does not recognize the vrf-also keyword during enforcement of access-class commands, which allows remote attackers to establish SSH connections from arbitrary source IP addresses via a standard SSH client, aka Bug ID CSCsv86113. | 5.0 |
| 2012-05-02 | CVE-2012-0337 | SQL Injection vulnerability in Cisco Unified Meetingplace 7.1 SQL injection vulnerability in the web component in Cisco Unified MeetingPlace 7.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtx08939. | 6.5 |
| 2012-05-02 | CVE-2012-0333 | Improper Authentication vulnerability in Cisco products Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and earlier do not require authentication for Push XML requests, which allows remote attackers to make telephone calls via an XML document, aka Bug ID CSCts08768. | 5.0 |
| 2012-05-02 | CVE-2011-4016 | Improper Input Validation vulnerability in Cisco IOS The PPP implementation in Cisco IOS 12.2 and 15.0 through 15.2, when Point-to-Point Termination and Aggregation (PTA) and L2TP are used, allows remote attackers to cause a denial of service (device crash) via crafted network traffic, aka Bug ID CSCtf71673. | 5.4 |
| 2012-05-02 | CVE-2011-4015 | Improper Input Validation vulnerability in Cisco IOS 15.2S Cisco IOS 15.2S allows remote attackers to cause a denial of service (interface queue wedge) via malformed UDP traffic on port 465, aka Bug ID CSCts48300. | 5.0 |
| 2012-05-02 | CVE-2011-4014 | Information Exposure vulnerability in Cisco Wireless Control System Software The TAC Case Attachment tool in Cisco Wireless Control System (WCS) 7.0 allows remote authenticated users to read arbitrary files under webnms/Temp/ via unspecified vectors, aka Bug ID CSCtq86807. | 4.0 |
| 2012-05-02 | CVE-2011-4007 | Improper Input Validation vulnerability in Cisco IOS and IOS XE Cisco IOS 15.0 and 15.1 and IOS XE 3.x do not properly handle the "set mpls experimental imposition" command, which allows remote attackers to cause a denial of service (device crash) via network traffic that triggers (1) fragmentation or (2) reassembly, aka Bug ID CSCtr56576. | 5.4 |
| 2012-05-02 | CVE-2011-3317 | Cross-Site Scripting vulnerability in Cisco Secure Access Control Server 5.2 Multiple cross-site scripting (XSS) vulnerabilities in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCtr78192. | 4.3 |
| 2012-05-02 | CVE-2011-3293 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Secure Access Control Server 5.2 Multiple cross-site request forgery (CSRF) vulnerabilities in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.2 allow remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences, aka Bug ID CSCtr78143. | 6.8 |
| 2012-05-02 | CVE-2011-3283 | Improper Input Validation vulnerability in Cisco Carrier Routing System 3.9.1 Cisco Carrier Routing System 3.9.1 allows remote attackers to cause a denial of service (Metro subsystem crash) via a fragmented GRE packet, aka Bug ID CSCts14887. | 5.0 |