Vulnerabilities > Cisco > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-11-08 | CVE-2006-5808 | Multiple vulnerability in Cisco Secure Desktop The installation of Cisco Secure Desktop (CSD) before 3.1.1.45 uses insecure default permissions (all users full control) for the CSD directory and its parent directory, which allow local users to gain privileges by replacing CSD executables, aka "Local Privilege Escalation". | 4.6 |
2006-11-08 | CVE-2006-5807 | Multiple vulnerability in Cisco Secure Desktop Cisco Secure Desktop (CSD) before 3.1.1.45 allows local users to escape out of the secure desktop environment by using certain applications that switch to the default desktop, aka "System Policy Evasion". | 4.6 |
2006-09-26 | CVE-2006-4982 | Security Bypass vulnerability in Network Access Control Cisco NAC maintains an exception list that does not record device properties other than MAC address, which allows physically proximate attackers to bypass control methods and join a local network by spoofing the MAC address of a different type of device, as demonstrated by using the MAC address of a disconnected printer. | 4.6 |
2006-09-21 | CVE-2006-4910 | Denial Of Service vulnerability in Cisco IPS/IDS Web Administration Interface The web administration interface (mainApp) to Cisco IDS before 4.1(5c), and IPS 5.0 before 5.0(6p1) and 5.1 before 5.1(2) allows remote attackers to cause a denial of service (unresponsive device) via a crafted SSLv2 Client Hello packet. | 5.0 |
2006-08-29 | CVE-2006-4430 | Unspecified vulnerability in Cisco products The Cisco Network Admission Control (NAC) 3.6.4.1 and earlier allows remote attackers to prevent installation of the Cisco Clean Access (CCA) Agent and bypass local and remote protection mechanisms by modifying (1) the HTTP User-Agent header or (2) the behavior of the TCP/IP stack. | 5.0 |
2006-08-25 | CVE-2006-4352 | Information Disclosure vulnerability in Cisco Content Services Switch 11000 Series The ArrowPoint cookie functionality for Cisco 11000 series Content Service Switches specifies an internal IP address if the administrator does not specify a string option, which allows remote attackers to obtain sensitive information. | 5.0 |
2006-08-23 | CVE-2006-4313 | Unspecified vulnerability in Cisco VPN 3000 Concentrator Series Software Multiple unspecified vulnerabilities in Cisco VPN 3000 series concentrators before 4.1, 4.1.x up to 4.1(7)L, and 4.7.x up to 4.7(2)F allow attackers to execute the (1) CWD, (2) MKD, (3) CDUP, (4) RNFR, (5) SIZE, and (6) RMD FTP commands to modify files or create and delete directories via unknown vectors. | 5.0 |
2006-08-23 | CVE-2006-4312 | Firewall Appliances Authentication Bypass vulnerability in Cisco Cisco PIX 500 Series Security Appliances and ASA 5500 Series Adaptive Security Appliances, when running 7.0(x) up to 7.0(5) and 7.1(x) up to 7.1(2.4), and Firewall Services Module (FWSM) 3.1(x) up to 3.1(1.6), causes the EXEC password, local user passwords, and the enable password to be changed to a "non-random value" under certain circumstances, which causes administrators to be locked out and might allow attackers to gain access. | 6.8 |
2006-08-09 | CVE-2006-4032 | Information Disclosure vulnerability in Cisco Callmanager Express 3.0 Unspecified vulnerability in Cisco IOS CallManager Express (CME) allows remote attackers to gain sensitive information (user names) from the Session Initiation Protocol (SIP) user directory via certain SIP messages, aka bug CSCse92417. | 5.0 |
2006-07-21 | CVE-2006-3732 | Multiple vulnerability in Retired: Cisco Security Monitoring Analysis and Response System Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1 ships with an Oracle database that contains several default accounts and passwords, which allows attackers to obtain sensitive information. | 5.0 |