Vulnerabilities > Cisco > Medium

DATE CVE VULNERABILITY TITLE RISK
2006-11-08 CVE-2006-5808 Multiple vulnerability in Cisco Secure Desktop
The installation of Cisco Secure Desktop (CSD) before 3.1.1.45 uses insecure default permissions (all users full control) for the CSD directory and its parent directory, which allow local users to gain privileges by replacing CSD executables, aka "Local Privilege Escalation".
local
low complexity
cisco
4.6
2006-11-08 CVE-2006-5807 Multiple vulnerability in Cisco Secure Desktop
Cisco Secure Desktop (CSD) before 3.1.1.45 allows local users to escape out of the secure desktop environment by using certain applications that switch to the default desktop, aka "System Policy Evasion".
local
low complexity
cisco
4.6
2006-09-26 CVE-2006-4982 Security Bypass vulnerability in Network Access Control
Cisco NAC maintains an exception list that does not record device properties other than MAC address, which allows physically proximate attackers to bypass control methods and join a local network by spoofing the MAC address of a different type of device, as demonstrated by using the MAC address of a disconnected printer.
local
low complexity
cisco
4.6
2006-09-21 CVE-2006-4910 Denial Of Service vulnerability in Cisco IPS/IDS Web Administration Interface
The web administration interface (mainApp) to Cisco IDS before 4.1(5c), and IPS 5.0 before 5.0(6p1) and 5.1 before 5.1(2) allows remote attackers to cause a denial of service (unresponsive device) via a crafted SSLv2 Client Hello packet.
network
low complexity
cisco
5.0
2006-08-29 CVE-2006-4430 Unspecified vulnerability in Cisco products
The Cisco Network Admission Control (NAC) 3.6.4.1 and earlier allows remote attackers to prevent installation of the Cisco Clean Access (CCA) Agent and bypass local and remote protection mechanisms by modifying (1) the HTTP User-Agent header or (2) the behavior of the TCP/IP stack.
network
low complexity
cisco
5.0
2006-08-25 CVE-2006-4352 Information Disclosure vulnerability in Cisco Content Services Switch 11000 Series
The ArrowPoint cookie functionality for Cisco 11000 series Content Service Switches specifies an internal IP address if the administrator does not specify a string option, which allows remote attackers to obtain sensitive information.
network
low complexity
cisco
5.0
2006-08-23 CVE-2006-4313 Unspecified vulnerability in Cisco VPN 3000 Concentrator Series Software
Multiple unspecified vulnerabilities in Cisco VPN 3000 series concentrators before 4.1, 4.1.x up to 4.1(7)L, and 4.7.x up to 4.7(2)F allow attackers to execute the (1) CWD, (2) MKD, (3) CDUP, (4) RNFR, (5) SIZE, and (6) RMD FTP commands to modify files or create and delete directories via unknown vectors.
network
low complexity
cisco
5.0
2006-08-23 CVE-2006-4312 Firewall Appliances Authentication Bypass vulnerability in Cisco
Cisco PIX 500 Series Security Appliances and ASA 5500 Series Adaptive Security Appliances, when running 7.0(x) up to 7.0(5) and 7.1(x) up to 7.1(2.4), and Firewall Services Module (FWSM) 3.1(x) up to 3.1(1.6), causes the EXEC password, local user passwords, and the enable password to be changed to a "non-random value" under certain circumstances, which causes administrators to be locked out and might allow attackers to gain access.
local
low complexity
cisco
6.8
2006-08-09 CVE-2006-4032 Information Disclosure vulnerability in Cisco Callmanager Express 3.0
Unspecified vulnerability in Cisco IOS CallManager Express (CME) allows remote attackers to gain sensitive information (user names) from the Session Initiation Protocol (SIP) user directory via certain SIP messages, aka bug CSCse92417.
network
low complexity
cisco
5.0
2006-07-21 CVE-2006-3732 Multiple vulnerability in Retired: Cisco Security Monitoring Analysis and Response System
Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1 ships with an Oracle database that contains several default accounts and passwords, which allows attackers to obtain sensitive information.
network
low complexity
cisco
5.0