Cisco : Security vulnerabilities - CVE Details [PDF]

The Active Directory (AD) integration component in Cisco Identity Service Engine (ISE) before 1.2.0.899 patch 7, when AD

9 downloads 36 Views 118KB Size

Recommend Stories


INSPECTION REPORT Security Vulnerabilities
Don't fear change. The surprise is the only way to new discoveries. Be playful! Gordana Biernat

Finding security vulnerabilities
When you talk, you are only repeating what you already know. But if you listen, you may learn something

and Major Cloud Security Vulnerabilities
Don’t grieve. Anything you lose comes round in another form. Rumi

PORT SECURITY-Threats and Vulnerabilities
What we think, what we become. Buddha

Security Vulnerabilities of Mobile Devices
Those who bring sunshine to the lives of others cannot keep it from themselves. J. M. Barrie

Qualys Security Advisory CVE-2015-0235
So many books, so little time. Frank Zappa

Security advisory for dnsmasq vulnerabilities
Where there is ruin, there is hope for a treasure. Rumi

CVE-2015-0001,Candidate, CVE-2015-0002,Candidate, CVE ... - IS MU [PDF]
EMC RSA Identity Management and Governance (IMG) 6.9 before P04 and 6.9.1 before P01 does not properly restrict pass. EMC RSA BSAFE Micro Edition Suite ..... The DNS implementation in Cisco Videoscape Distribution Suite for Internet Streaming (VDS-IS

Download Cisco CCNA Security Simplified pdf
Happiness doesn't result from what we get, but from what we give. Ben Carson

CVE-1276248
What you seek is seeking you. Rumi

Idea Transcript


(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)



Search



View CVE

Vulnerability Feeds & WidgetsNew www.itsecdb.com

Log In Register Switch to https:// Home Browse :

Cisco : Security Vulnerabilities (CVSS score between 5 and 5.99) CVSS Scores Greater Than: 0 1 2 3 4 5 6 7 8 9

Vendors

Sort Results By : CVE Number Descending CVE Number Ascending CVSS Score Descending Number Of Exploits Descending

Products Vulnerabilities By Date Vulnerabilities By Type

Total number of vulnerabilities : 732 Page : 1 2 3 4 (This Page) 5 6 7 8 9 10 11 12 13 14 15 Copy Results Download Results #

Reports :

CVE ID

CVSS Score Report CVSS Score Distribution Search :

CWE ID

151 CVE-2016-6462 20

# of Exploits

Vulnerability Type(s) Bypass

Publish Date

Update Date

2016-11-18

2017-07-27

Score

Gained Access Level

Access

5.0

None

Remote

Complexity Authentication Low

Not required

Conf. Integ.

Avail.

Partial

None

None

Version Search

A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protection (AMP) filters that are configured for an affected device. This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for both virtual and hardware versions of Cisco Email Security Appliances, if the AMP feature is configured to scan incoming email attachments. More Information: CSCva13456. Known Affected Releases: 10.0.0-082 10.0.0-125 9.7.1-066. Known Fixed Releases: 10.0.0203 9.7.2-131.

Vulnerability Search

152 CVE-2016-6460 254

Vendor Search Product Search

By Microsoft References Top 50 : Vendors Vendor Cvss Scores Products Product Cvss Scores Versions Other : Microsoft Bulletins

Bypass

2016-11-18

2016-12-06

5.0

None

Remote

Low

Not required

None

Partial

None

A vulnerability in the FTP Representational State Transfer Application Programming Interface (REST API) for Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass FTP malware detection rules and download malware over an FTP connection. Cisco Firepower System Software is affected when the device has a file policy with malware block configured for FTP connections. More Information: CSCuv36188 CSCuy91156. Known Affected Releases: 5.4.0.2 5.4.1.1 5.4.1.6 6.0.0 6.1.0 6.2.0. Known Fixed Releases: 6.0.0. 153 CVE-2016-6458 20

Bypass

2016-11-18

2017-07-28

5.0

None

Remote

Low

Not required

None

Partial

None

A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass content filters configured on an affected device. Email that should have been filtered could instead be forwarded by the device. This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to use a content filter for email attachments that are protected or encrypted. More Information: CSCva52546. Known Affected Releases: 10.0.0-125 9.7.1-066.

Bugtraq Entries

154 CVE-2016-6455 399

CWE Definitions

FAQ

A vulnerability in the Slowpath of StarOS for Cisco ASR 5500 Series routers with Data Processing Card 2 (DPC2) could allow an unauthenticated, remote attacker to cause a subset of the subscriber sessions to be disconnected, resulting in a partial denial of service (DoS) condition. This vulnerability affects Cisco ASR 5500 devices with Data Processing Card 2 (DPC2) running StarOS 18.0 or later. More Information: CSCvb12081. Known Affected Releases: 18.7.4 19.5.0 20.0.2.64048 20.2.3 21.0.0. Known Fixed Releases: 18.7.4 18.7.4.65030 18.8.M0.65044 19.5.0 19.5.0.65092 19.5.M0.65023 19.5.M0.65050 20.2.3 20.2.3.64982 20.2.3.65017 20.2.a4.65307 20.3.M0.64984 20.3.M0.65029 20.3.M0.65037 20.3.M0.65071 20.3.T0.64985 20.3.T0.65031 20.3.T0.65043 20.3.T0.65067 21.0.0 21.0.0.65256 21.0.M0.64922 21.0.M0.64983 21.0.M0.65140 21.0.V0.65150 21.1.A0.64932 21.1.A0.64987 21.1.A0.65145 21.1.PP0.65270 21.1.R0.65130 21.1.R0.65135 21.1.R0.65154 21.1.VC0.65203 21.2.A0.65147.

Articles

155 CVE-2016-6446 200

About & Contact Feedback CVE Help

External Links : NVD Website CWE Web Site View CVE : Go (e.g.: CVE-2009-1234 or 2010-1234 or 20101234) View BID : Go

DoS

+Info

2016-11-03

2016-10-27

2017-07-28

2016-11-28

5.0

5.0

None

None

Remote

Low

Remote

Low

Not required

Not required

None

Partial

None

None

Partial

None

A vulnerability in Web Bridge for Cisco Meeting Server could allow an unauthenticated, remote attacker to retrieve memory from a connected server. More Information: CSCvb03308. Known Affected Releases: 1.8, 1.9, 2.0. 156 CVE-2016-6421 399

DoS

2016-10-05

2017-07-29

5.0

None

Remote

Low

Not required

None

None

Partial

Partial

None

None

Cisco IOS XR 5.2.2 allows remote attackers to cause a denial of service (process restart) via a crafted OSPF Link State Advertisement (LSA) update, aka Bug ID CSCvb05643. 157 CVE-2016-6415 200

+Info

2016-09-18

2017-07-29

5.0

None

Remote

Low

Not required

The server IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.6, IOS XE through 3.18S, IOS XR 4.3.x and 5.0.x through 5.2.x, and PIX before 7.0 allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request, aka Bug IDs CSCvb29204 and CSCvb36055 or BENIGNCERTAIN. 158 CVE-2016-6411 20

Bypass

2016-09-23

2017-07-29

5.0

None

Remote

Low

Not required

None

Partial

None

(e.g.: 12345)

Cisco Firepower Management Center and FireSIGHT System Software 6.0.1 mishandle comparisons between URLs and X.509 certificates, which allows remote attackers to bypass intended do-not-decrypt settings via a crafted URL, aka Bug ID CSCva50585.

Search By Microsoft Reference ID:

159 CVE-2016-6407 399

Go (e.g.: ms10-001 or 979352)

DoS

2016-09-16

2017-07-29

5.0

None

Remote

Low

Not required

None

None

Partial

Cisco AsyncOS through 9.5.0-444 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (link saturation) by making many HTTP requests for overlapping byte ranges simultaneously, aka Bug ID CSCuz27219. 160 CVE-2016-6401 399

DoS

2016-09-16

2017-07-29

5.7

None

Local Network

Medium

Not required

None

None Complete

Cisco Carrier Routing System (CRS) 5.1 and 5.1.4, as used in CRS Carrier Grade Services for CRS-1 and CRS-3 devices, allows remote attackers to cause a denial of service (line-card reload) via crafted IPv6-over-MPLS packets, aka Bug ID CSCva32494. 161 CVE-2016-6398 200

+Info

2016-09-12

2016-11-28

5.0

None

Remote

Low

Not required

Partial

None

None

The PPTP server in Cisco IOS 15.5(3)M does not properly initialize packet buffers, which allows remote attackers to obtain sensitive information from earlier network communication by reading packet data, aka Bug ID CSCvb16274. 162 CVE-2016-6396 20

Bypass

2016-09-12

2016-11-28

5.0

None

Remote

Low

Not required

None

Partial

None

Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1, when certain malware blocking options are enabled, allow remote attackers to bypass malware detection via crafted fields in HTTP headers, aka Bug ID CSCuz44482. 163 CVE-2016-6394 264

2016-09-12

2016-11-28

5.8

None

Remote

Medium

Not required

Partial Partial

None

Session fixation vulnerability in Cisco Firepower Management Center and Cisco FireSIGHT System Software through 6.1.0 allows remote attackers to hijack web sessions via a session identifier, aka Bug ID CSCuz80503. 164 CVE-2016-6375 399

DoS

2016-09-11

2016-11-28

5.7

None

Local Network

Medium

Not required

None

None Complete

Cisco Wireless LAN Controller (WLC) devices before 8.0.140.0, 8.1.x and 8.2.x before 8.2.121.0, and 8.3.x before 8.3.102.0 allow remote attackers to cause a denial of service (device reload) by sending crafted Inter-Access Point Protocol (IAPP) packets and then sending a traffic stream metrics (TSM) information request over SNMP, aka Bug ID CSCuz40221. 165 CVE-2016-6372 20

Bypass

2016-10-28

2017-07-28

5.0

None

Remote

Low

Not required

Partial

None

None

A vulnerability in the email message and content filtering for malformed Multipurpose Internet Mail Extensions (MIME) headers of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to bypass the filtering functionality of the targeted device. Emails that should have been quarantined could instead be processed. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco ESA and Cisco WSA on both virtual and hardware appliances that are configured with message or content filters to scan incoming email attachments. More Information: CSCuy54740, CSCuy75174. Known Affected Releases: 9.7.1-066 9.5.0-575 WSA10.0.0-000. Known Fixed Releases: 10.0.0125 9.1.1-038 9.7.2-047. 166 CVE-2016-6371 22

Dir. Trav.

2016-09-12

2016-12-12

5.0

None

Remote

Low

Not required

None

Partial

None

Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10.6(3) and earlier allows remote attackers to write to arbitrary files via a crafted URL, aka Bug ID CSCuz64717. 167 CVE-2016-6368 399

DoS Bypass

2017-04-20

2017-05-05

5.0

None

Remote

Low

Not required

None

None

Partial

A vulnerability in the detection engine parsing of Pragmatic General Multicast (PGM) protocol packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the Snort process unexpectedly restarting. The vulnerability is due to improper input validation of the fields in the PGM protocol packet. An attacker could exploit this vulnerability by sending a crafted PGM packet to the detection engine on the targeted device. An exploit could allow the attacker to cause a DoS condition if the Snort process restarts and traffic inspection is bypassed or traffic is dropped. This vulnerability affects Cisco Firepower System Software that has one or more file action policies configured and is running on any of the following Cisco products: Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services; Adaptive Security Appliance (ASA) 5500-X Series Next-Generation Firewalls; Advanced Malware Protection (AMP) for Networks, 7000 Series Appliances; Advanced Malware Protection (AMP) for Networks, 8000 Series Appliances; Firepower 4100 Series Security Appliances; FirePOWER 7000 Series Appliances; FirePOWER 8000 Series Appliances; Firepower 9300 Series Security Appliances; FirePOWER Threat Defense for Integrated Services Routers (ISRs); Industrial Security Appliance 3000; Sourcefire 3D System Appliances; Virtual Next-Generation Intrusion Prevention System (NGIPSv) for VMware. Fixed versions: 5.4.0.10 5.4.1.9 6.0.1.3 6.1.0 6.2.0. Cisco Bug IDs: CSCuz00876. 168 CVE-2016-6364 200

Bypass +Info

2016-08-22

2016-12-12

5.0

None

Remote

Low

Not required

Partial

None

None

The User Data Services (UDS) API implementation in Cisco Unified Communications Manager 11.5 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified API calls, aka Bug ID CSCux67855. 169 CVE-2016-6360 20

DoS

2016-10-28

2017-07-28

5.0

None

Remote

Low

Not required

None

None

Partial

A vulnerability in Advanced Malware Protection (AMP) for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition due to the AMP process unexpectedly restarting. Affected Products: Cisco AsyncOS Software for Email Security Appliances (ESA) versions 9.5 and later up to the first fixed release, Cisco AsyncOS Software for Web Security Appliances (WSA) all versions prior to the first fixed release. More Information: CSCux56406, CSCux59928. Known Affected Releases: 9.6.0-051 9.7.0-125 8.8.0-085 9.5.0-444 WSA10.0.0-000. Known Fixed Releases: 9.7.1-066 WSA10.0.0-233. 170 CVE-2016-6358 20

DoS

2016-10-28

2017-07-28

5.0

None

Remote

Low

Not required

None

None

Partial

A vulnerability in local FTP to the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition when the FTP application unexpectedly quits. More Information: CSCux68539. Known Affected Releases: 9.1.0-032 9.7.1-000. Known Fixed Releases: 9.1.1-038. 171 CVE-2016-6357 388

Bypass

2016-10-28

2017-07-28

5.0

None

Remote

Low

Not required

Partial

None

None

A vulnerability in the configured security policies, including drop email filtering, in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass a configured drop filter by using an email with a corrupted attachment. More Information: CSCuz01651. Known Affected Releases: 10.0.9-015 9.7.1-066 9.9.6-026. 172 CVE-2016-2183 200

+Info

2016-08-31

2018-02-21

5.0

None

Remote

Low

Not required

Partial

None

None

The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. 173 CVE-2016-1484 20

Bypass +Info

2016-08-22

2017-08-15

5.0

None

Remote

Low

Not required

Partial

None

None

Cisco WebEx Meetings Server 2.6 allows remote attackers to bypass intended access restrictions and obtain sensitive application information via unspecified vectors, aka Bug ID CSCuy92724. 174 CVE-2016-1480 388

Bypass

2016-10-28

2017-07-28

5.0

None

Remote

Low

Not required

Partial

None

None

A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device. Affected Products: all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco ESA and Cisco WSA, both virtual and hardware appliances, if the software is configured with message or content filters to scan incoming email attachments. More Information: CSCuw03606, CSCux59734. Known Affected Releases: 8.0.0-000 8.5.6-106 9.0.0-000 9.1.0-032 9.6.0-042 9.5.0-444 WSA10.0.0-000. Known Fixed Releases: 9.1.1-038 9.7.1-066. 175 CVE-2016-1472 20

DoS

2016-09-01

2017-08-12

5.0

None

Remote

Low

Not required

None

None

Partial

The web-based management interface on Cisco Small Business 220 devices with firmware before 1.0.1.1 allows remote attackers to cause a denial of service (interface outage) via a crafted HTTP request, aka Bug ID CSCuz76238. 176 CVE-2016-1463 20

Bypass

2016-07-27

2017-08-31

5.0

None

Remote

Low

Not required

None

Partial

None

Cisco FireSIGHT System Software 5.3.0, 5.3.1, 5.4.0, 6.0, and 6.0.1 allows remote attackers to bypass Snort rules via crafted parameters in the header of an HTTP packet, aka Bug ID CSCuz20737. 177 CVE-2016-1455 200

+Info

2016-10-05

2017-07-29

5.0

None

Remote

Low

Not required

Partial

None

None

Cisco NX-OS before 7.0(3)I2(2e) and 7.0(3)I4 before 7.0(3)I4(1) has an incorrect iptables local-interface configuration, which allows remote attackers to obtain sensitive information via TCP or UDP traffic, aka Bug ID CSCuz05365. 178 CVE-2016-1444 20

Bypass

2016-07-07

2017-08-31

5.8

None

Remote

Medium

Not required

Partial Partial

None

The Mobile and Remote Access (MRA) component in Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7 and Expressway X8.1 through X8.6 mishandles certificates, which allows remote attackers to bypass authentication via an arbitrary trusted certificate, aka Bug ID CSCuz64601. 179 CVE-2016-1440 399

DoS

2016-07-02

2017-08-31

5.0

None

Remote

Low

Not required

None

None

Partial

The proxy process on Cisco Web Security Appliance (WSA) devices through 9.1.0-070 allows remote attackers to cause a denial of service (CPU consumption) by establishing an FTP session and then improperly terminating the control connection after a file transfer, aka Bug ID CSCuy43468. 180 CVE-2016-1438 20

Bypass

2016-06-22

2016-11-29

5.0

None

Remote

Low

Not required

None

Partial

None

Cisco AsyncOS 9.7.0-125 on Email Security Appliance (ESA) devices allows remote attackers to bypass intended spam filtering via crafted executable content in a ZIP archive, aka Bug ID CSCuy39210. 181 CVE-2016-1436 119

DoS Overflow

2016-06-22

2016-11-29

5.0

None

Remote

Low

Not required

None

None

Partial

The General Packet Radio Switching Tunneling Protocol 1 (aka GTPv1) implementation on Cisco ASR 5000 Packet Data Network Gateway devices before 19.4 allows remote attackers to cause a denial of service (Session Manager process restart) via a crafted GTPv1 packet, aka Bug ID CSCuz46198. 182 CVE-2016-1433 399

DoS

2016-09-18

2017-07-29

5.0

None

Remote

Low

Not required

None

None

Partial

None

None

Cisco IOS XR 6.0 and 6.0.1 on NCS 6000 devices allows remote attackers to cause a denial of service (OSPFv3 process reload) via crafted OSPFv3 packets, aka Bug ID CSCuz66289. 183 CVE-2016-1427 287

+Info

2016-06-17

2016-11-29

5.0

None

Remote

Low

Not required

Partial

The System Configuration Protocol (SCP) core messaging interface in Cisco Prime Network Registrar 8.2 before 8.2.3.1 and 8.3 before 8.3.2 allows remote attackers to obtain sensitive information via crafted SCP messages, aka Bug ID CSCuv35694. 184 CVE-2016-1421 119

DoS Overflow

2016-06-09

2016-06-10

5.0

None

Remote

Low

Not required

None

None

Partial

The web application on Cisco IP 8800 devices allows remote attackers to cause a denial of service (out-of-bounds memory access and web-server outage) via a crafted request, aka Bug ID CSCuz03034. 185 CVE-2016-1410 200

+Info

2016-05-27

2016-11-30

5.0

None

Remote

Low

Not required

Partial

None

None

Cisco WebEx Meeting Center Original Release Base allows remote attackers to obtain sensitive information about username validity by (1) attending or (2) hosting a meeting, aka Bug ID CSCux84312. 186 CVE-2016-1409 20

DoS

2016-05-29

2017-08-15

5.0

None

Remote

Low

Not required

None

None

Partial

The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS XE 2.1 through 3.17S, IOS XR 2.0.0 through 5.3.2, and NX-OS allows remote attackers to cause a denial of service (packet-processing outage) via crafted ND messages, aka Bug ID CSCuz66542, as exploited in the wild in May 2016. 187 CVE-2016-1407 20

DoS

2016-05-24

2016-11-30

5.0

None

Remote

Low

Not required

None

None

Partial

Cisco IOS XR through 5.3.2 mishandles Local Packet Transport Services (LPTS) flow-base entries, which allows remote attackers to cause a denial of service (session drop) by making many connection attempts to open TCP ports, aka Bug ID CSCux95576. 188 CVE-2016-1405 119

DoS Overflow

2016-06-08

2016-11-28

5.0

None

Remote

Low

Not required

None

None

Partial

libclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware Protection (AMP) on Cisco Email Security Appliance (ESA) devices before 9.7.0-125 and Web Security Appliance (WSA) devices before 9.0.1-135 and 9.1.x before 9.1.1-041, allows remote attackers to cause a denial of service (AMP process restart) via a crafted document, aka Bug IDs CSCuv78533 and CSCuw60503. 189 CVE-2016-1404 200

+Info

2016-05-29

2016-11-30

5.0

None

Remote

Low

Not required

Partial

None

None

Cisco UCS Invicta 4.3, 4.5, and 5.0.1 on Invicta appliances and Invicta Scaling System uses the same hardcoded GnuPG encryption key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by sniffing network traffic to an Autosupport server and leveraging knowledge of this key from another installation, aka Bug ID CSCur85504. 190 CVE-2016-1402 119

DoS Overflow

2016-05-20

2016-11-30

5.0

None

Remote

Low

Not required

None

None

Partial

The Active Directory (AD) integration component in Cisco Identity Service Engine (ISE) before 1.2.0.899 patch 7, when AD group-membership authorization is enabled, allows remote attackers to cause a denial of service (authentication outage) via a crafted Password Authentication Protocol (PAP) authentication request, aka Bug ID CSCun25815. 191 CVE-2016-1400 20

DoS

2016-05-24

2016-11-30

5.0

None

Remote

Low

Not required

None

None

Partial

Cisco TelePresence Video Communications Server (VCS) X8.x before X8.7.2 allows remote attackers to cause a denial of service (service disruption) via a crafted URI in a SIP header, aka Bug ID CSCuy43258. 192 CVE-2016-1399 399

DoS

2016-05-13

2016-11-30

5.0

None

Remote

Low

Not required

None

None

Partial

The packet-processing microcode in Cisco IOS 15.2(2)EA, 15.2(2)EA1, 15.2(2)EA2, and 15.2(4)EA on Industrial Ethernet 4000 devices and 15.2(2)EB and 15.2(2)EB1 on Industrial Ethernet 5000 devices allows remote attackers to cause a denial of service (packet data corruption) via crafted IPv4 ICMP packets, aka Bug ID CSCuy13431. 193 CVE-2016-1392

2016-05-05

2016-11-30

5.8

None

Remote

Medium

Not required

Partial Partial

None

Open redirect vulnerability in Cisco Prime Collaboration Assurance Software 10.5 through 11.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuu34121. 194 CVE-2016-1386 264

2016-04-28

2016-12-02

5.0

None

Remote

Low

Not required

None

Partial

None

The API in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0(1) allows remote attackers to spoof administrative notifications via crafted attribute-value pairs, aka Bug ID CSCux15521. 195 CVE-2016-1384 264

2016-04-20

2016-12-02

5.0

None

Remote

Low

Not required

None

Partial

None

Partial

None

None

The NTP implementation in Cisco IOS 15.1 and 15.5 and IOS XE 3.2 through 3.17 allows remote attackers to modify the system time via crafted packets, aka Bug ID CSCux46898. 196 CVE-2016-1378 200

+Info

2016-04-13

2016-12-02

5.0

None

Remote

Low

Not required

Cisco IOS before 15.2(2)E1 on Catalyst switches allows remote attackers to obtain potentially sensitive software-version information via a request to the Network Mobility Services Protocol (NMSP) port, aka Bug ID CSCum62591. 197 CVE-2016-1376 20

DoS

2016-04-12

2016-12-02

5.0

None

Remote

Low

Not required

None

None

Partial

Cisco IOS XR 4.2.3, 4.3.0, 4.3.4, and 5.3.1 on ASR 9000 devices allows remote attackers to cause a denial of service (CRC and symbol errors, and interface flap) via crafted bit patterns in packets, aka Bug ID CSCuv78548. 198 CVE-2016-1373

2016-05-05

2016-11-30

5.0

None

Remote

Low

Not required

None

Partial

None

The gadgets-integration API in Cisco Finesse 8.5(1) through 8.5(5), 8.6(1), 9.0(1), 9.0(2), 9.1(1), 9.1(1)SU1, 9.1(1)SU1.1, 9.1(1)ES1 through 9.1(1)ES5, 10.0(1), 10.0(1)SU1, 10.0(1)SU1.1, 10.5(1), 10.5(1)ES1 through 10.5(1)ES4, 10.5(1)SU1, 10.5(1)SU1.1, 10.5(1)SU1.7, 10.6(1), 10.6(1)SU1, 10.6(1)SU2, and 11.0(1) allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted request, aka Bug ID CSCuw86623. 199 CVE-2016-1370 20

DoS

2016-06-02

2017-09-02

5.0

None

Remote

Low

Not required

None

None

Partial

Cisco Prime Network Analysis Module (NAM) before 6.2(1-b) miscalculates IPv6 payload lengths, which allows remote attackers to cause a denial of service (mond process crash and monitoring outage) via crafted IPv6 packets, aka Bug ID CSCuy37324. 200 CVE-2016-1358 119

DoS Overflow

2016-03-03

2016-12-02

5.5

None

Remote

Low

Single system

Partial

None

Partial

Cisco Prime Infrastructure 2.2, 3.0, and 3.1(0.0) allows remote authenticated users to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCuw81497. Total number of vulnerabilities : 732 Page : 1 2 3 4 (This Page) 5 6 7 8 9 10 11 12 13 14 15 How does it work? Known limitations & technical details User agreement, disclaimer and privacy statement About & Contact Feedback CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

Smile Life

When life gives you a hundred reasons to cry, show life that you have a thousand reasons to smile

Get in touch

© Copyright 2015 - 2024 PDFFOX.COM - All rights reserved.