Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-12-14 | CVE-2016-9193 | Improper Input Validation vulnerability in Cisco products A vulnerability in the malicious file detection and blocking features of Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system. | 7.5 |
| 2016-12-14 | CVE-2016-9192 | Permissions, Privileges, and Access Controls vulnerability in Cisco Anyconnect Secure Mobility Client A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and execute an arbitrary executable file with privileges equivalent to the Microsoft Windows operating system SYSTEM account. | 7.8 |
| 2016-12-14 | CVE-2016-6474 | Improper Authentication vulnerability in Cisco IOS 15.5(2.25)T A vulnerability in the implementation of X.509 Version 3 for SSH authentication functionality in Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication on an affected system. | 7.3 |
| 2016-12-14 | CVE-2016-6470 | Permissions, Privileges, and Access Controls vulnerability in Cisco Hybrid Media Service 1.0Base A vulnerability in the installation procedure of the Cisco Hybrid Media Service could allow an authenticated, local attacker to elevate privileges to the root level. | 7.8 |
| 2016-12-14 | CVE-2016-6469 | Resource Management Errors vulnerability in Cisco web Security Appliance 9.0.1162/9.1.1074 A vulnerability in HTTP URL parsing of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) vulnerability due to the proxy process unexpectedly restarting. | 7.5 |
| 2016-12-14 | CVE-2016-6468 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Emergency Responder 11.5(1.10000.4) A vulnerability in the web-based management interface of Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. | 8.8 |
| 2016-12-14 | CVE-2016-6467 | Resource Management Errors vulnerability in Cisco ASR 5000 Series Software 20.0.0/21.0.0/21.0.M0.64702 A vulnerability in IPv6 packet fragment reassembly of StarOS for Cisco Aggregation Services Router (ASR) 5000 Series Switch could allow an unauthenticated, remote attacker to cause an unexpected reload of the Network Processing Unit (NPU) process. | 7.5 |
| 2016-12-14 | CVE-2016-6464 | Information Exposure vulnerability in Cisco Unified Communications Manager IM and Presence Service A vulnerability in the web management interface of the Cisco Unified Communications Manager IM and Presence Service could allow an unauthenticated, remote attacker to view information on web pages that should be restricted. | 7.5 |
| 2016-12-14 | CVE-2016-6449 | Permissions, Privileges, and Access Controls vulnerability in Cisco Fireamp Connector Endpoint Software 4.4.0/4.4.2.10200 A vulnerability in the system management of certain FireAMP system processes in Cisco FireAMP Connector Endpoint software could allow an authenticated, local attacker to stop certain protected FireAMP processes without requiring a password. | 7.8 |
| 2016-12-13 | CVE-2016-2334 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16.00 and p7zip allows remote attackers to execute arbitrary code via a crafted HFS+ image. | 7.8 |