| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2013-2779 |
20 |
|
DoS |
2013-04-11 |
2013-04-11 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Cisco IOS XE 3.4 before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregation Services Routers (ASR) does not properly implement the Cisco Multicast Leaf Recycle Elimination (MLRE) feature, which allows remote attackers to cause a denial of service (card reload) via fragmented IPv6 MVPN (aka MVPNv6) packets, aka Bug ID CSCub34945, a different vulnerability than CVE-2013-1164. |
|
2 |
CVE-2013-1245 |
20 |
|
Bypass |
2013-05-15 |
2013-05-16 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
The user-management page in Cisco WebEx Social relies on client-side validation of values in the Screen Name, First Name, Middle Name, Last Name, Email Address, and Job Title fields, which allows remote authenticated users to bypass intended access restrictions via crafted requests, aka Bug ID CSCue67190. |
|
3 |
CVE-2013-1244 |
79 |
|
XSS |
2013-05-15 |
2013-05-16 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the portal module in Cisco WebEx Social allows remote authenticated users to inject arbitrary web script or HTML via a javascript: URL in the link field in a post, aka Bug ID CSCue67199. |
|
4 |
CVE-2013-1242 |
399 |
|
DoS |
2013-05-10 |
2013-05-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Memory leak in the web framework in the server in Cisco Unified Presence (CUP) allows remote attackers to cause a denial of service (memory consumption) via malformed TCP packets, aka Bug ID CSCug38080. |
|
5 |
CVE-2013-1241 |
287 |
|
DoS |
2013-05-08 |
2013-05-08 |
6.3 |
None |
Remote |
Medium |
Single system |
None |
None |
Complete |
|
The ISM module in Cisco IOS on ISR G2 routers does not properly handle authentication-header packets, which allows remote authenticated users to cause a denial of service (module reload) via a series of malformed packets, aka Bug ID CSCub92025. |
|
6 |
CVE-2013-1240 |
20 |
|
|
2013-05-03 |
2013-05-06 |
4.6 |
None |
Local |
Low |
Single system |
Complete |
None |
None |
|
The command-line interface in Cisco Unified Communications Manager (CUCM) does not properly validate input, which allows local users to read arbitrary files via unspecified vectors, aka Bug ID CSCue25770. |
|
7 |
CVE-2013-1236 |
20 |
|
DoS |
2013-05-15 |
2013-05-16 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Cisco TelePresence Supervisor MSE 8050 before 2.3(1.31) allows remote attackers to cause a denial of service (CPU consumption or device reload) by establishing TCP connections at a high rate, aka Bug IDs CSCuf76076 and CSCuf79763. |
|
8 |
CVE-2013-1235 |
|
|
DoS |
2013-05-03 |
2013-05-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Cisco Wireless LAN Controller (WLC) devices do not properly address the resource consumption of terminated TELNET sessions, which allows remote attackers to cause a denial of service (TELNET outage) by making many TELNET connections and improperly ending these connections, aka Bug ID CSCug35507. |
|
9 |
CVE-2013-1234 |
119 |
|
DoS Overflow |
2013-05-03 |
2013-05-03 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
The SNMP module in Cisco IOS XR allows remote authenticated users to cause a denial of service (process restart) via crafted SNMP packets, aka Bug ID CSCue69472. |
|
10 |
CVE-2013-1232 |
20 |
|
|
2013-05-03 |
2013-05-06 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The HTTP implementation in Cisco WebEx Node for MCS, WebEx Meetings Server, and WebEx Node for ASR 1000 Series allows remote attackers to read the contents of uninitialized memory locations via a crafted request, aka Bug IDs CSCue36672, CSCue31363, CSCuf17466, and CSCug61252. |
|
11 |
CVE-2013-1231 |
20 |
|
|
2013-05-03 |
2013-05-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The HTTP implementation in Cisco WebEx Node for MCS and WebEx Meetings Server allows remote attackers to read cache files via a crafted request, aka Bug IDs CSCue36664 and CSCue36629. |
|
12 |
CVE-2013-1230 |
119 |
|
DoS Overflow |
2013-05-01 |
2013-05-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Cisco Unified Communications Domain Manager allows remote attackers to cause a denial of service (CPU consumption) via a flood of malformed UDP packets, aka Bug ID CSCug47057. |
|
13 |
CVE-2013-1229 |
20 |
|
DoS |
2013-05-01 |
2013-05-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
TMSSNMPService.exe in TelePresence Manager in Cisco TelePresence Management Suite (TMS) on 64-bit platforms allows remote attackers to cause a denial of service (process crash) via SNMP traps, aka Bug ID CSCue00028. |
|
14 |
CVE-2013-1227 |
79 |
|
XSS |
2013-04-29 |
2013-04-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the web framework in Cisco Unified Communications Domain Manager allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCug37902. |
|
15 |
CVE-2013-1226 |
119 |
|
DoS Overflow |
2013-04-29 |
2013-04-29 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
|
The Ethernet frame-forwarding implementation in Cisco NX-OS on Nexus 7000 devices allows remote attackers to cause a denial of service (forwarding loop and service outage) via a crafted frame, aka Bug ID CSCug47098. |
|
16 |
CVE-2013-1225 |
264 |
|
|
2013-05-09 |
2013-05-09 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 allows remote attackers to read arbitrary files via a Resource Manager (1) HTTP or (2) HTTPS request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCub38366. |
|
17 |
CVE-2013-1224 |
22 |
|
Dir. Trav. |
2013-05-09 |
2013-05-09 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
Complete |
None |
|
Directory traversal vulnerability in the Resource Manager in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 allows remote attackers to overwrite arbitrary files via a crafted (1) HTTP or (2) HTTPS request that triggers incorrect parameter validation, aka Bug ID CSCub38369. |
|
18 |
CVE-2013-1223 |
20 |
|
|
2013-05-09 |
2013-05-09 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
The log viewer in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly validate an unspecified parameter, which allows remote attackers to read arbitrary files via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCub38372. |
|
19 |
CVE-2013-1222 |
16 |
|
|
2013-05-09 |
2013-05-09 |
7.8 |
None |
Remote |
Low |
Not required |
None |
Complete |
None |
|
The Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly configure Tomcat components, which allows remote attackers to launch arbitrary custom web applications via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCub38379. |
|
20 |
CVE-2013-1221 |
16 |
|
Exec Code |
2013-05-09 |
2013-05-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly configure Tomcat components, which allows remote attackers to execute arbitrary code via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCub38384. |
|
21 |
CVE-2013-1220 |
|
|
DoS |
2013-05-09 |
2013-05-09 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The CallServer component in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 allows remote attackers to cause a denial of service (call-acceptance outage) via malformed SIP INVITE messages, aka Bug ID CSCua65148. |
|
22 |
CVE-2013-1219 |
|
|
DoS |
2013-04-29 |
2013-05-01 |
4.4 |
None |
Local |
Medium |
Single system |
None |
None |
Complete |
|
SensorApp in Cisco Intrusion Prevention System (IPS) allows local users to cause a denial of service (Regex hardware job failure and application hang) via a (1) initiate signature upgrade, (2) initiate global correlation, (3) show statistics anomaly-detection, or (4) clear database action, aka Bug ID CSCuc74630. |
|
23 |
CVE-2013-1217 |
119 |
|
DoS Overflow |
2013-04-24 |
2013-04-24 |
6.8 |
None |
Remote |
Low |
Single system |
None |
None |
Complete |
|
The generic input/output control implementation in Cisco IOS does not properly manage buffers, which allows remote authenticated users to cause a denial of service (device reload) by sending many SNMP requests at the same time, aka Bug ID CSCub41105. |
|
24 |
CVE-2013-1216 |
200 |
|
DoS +Info |
2013-04-29 |
2013-05-01 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
Memory leak in the SNMP module in Cisco IOS XR allows remote authenticated users to cause a denial of service (memory consumption and process restart) via crafted SNMP packets, aka Bug ID CSCue31546. |
|
25 |
CVE-2013-1215 |
264 |
|
+Priv |
2013-04-25 |
2013-04-26 |
6.8 |
None |
Local |
Low |
Single system |
Complete |
Complete |
Complete |
|
The vpnclient program in the Easy VPN component on Cisco Adaptive Security Appliances (ASA) 5505 devices allows local users to gain privileges via unspecified vectors, aka Bug ID CSCuf85295. |
|
26 |
CVE-2013-1214 |
264 |
|
|
2013-04-24 |
2013-04-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The scripts editor in Cisco Unified Contact Center Express (aka Unified CCX) does not properly manage privileges for anonymous logins, which allows remote attackers to read arbitrary scripts by visiting the scripts repository directory, aka Bug ID CSCuf77546. |
|
27 |
CVE-2013-1200 |
287 |
|
|
2013-05-15 |
2013-05-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Session fixation vulnerability in Cisco Secure Access Control System (ACS) allows remote attackers to hijack web sessions via unspecified vectors, aka Bug ID CSCud95787. |
|
28 |
CVE-2013-1199 |
362 |
|
DoS |
2013-04-18 |
2013-04-19 |
4.9 |
None |
Remote |
High |
Single system |
None |
None |
Complete |
|
Race condition in the CIFS implementation in the rewriter module in the Clientless SSL VPN component on Cisco Adaptive Security Appliances (ASA) devices allows remote authenticated users to cause a denial of service (device reload) by accessing resources within multiple sessions, aka Bug ID CSCub58996. |
|
29 |
CVE-2013-1198 |
79 |
|
XSS |
2013-04-29 |
2013-04-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in a Flash component in Cisco Unified Computing System (UCS) Central allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud15430. |
|
30 |
CVE-2013-1197 |
20 |
|
DoS |
2013-04-16 |
2013-04-16 |
6.8 |
None |
Remote |
Low |
Single system |
None |
None |
Complete |
|
The XML parser in the server in Cisco Unified Presence (CUP) allows remote authenticated users to cause a denial of service (jabberd daemon crash) via crafted XML content in an XMPP message, aka Bug ID CSCue13912. |
|
31 |
CVE-2013-1196 |
20 |
|
|
2013-04-29 |
2013-04-30 |
6.8 |
None |
Local |
Low |
Single system |
Complete |
Complete |
Complete |
|
The command-line interface in Cisco Secure Access Control System (ACS), Identity Services Engine Software, Context Directory Agent, Application Networking Manager (ANM), Prime Network Control System, Prime LAN Management Solution (LMS), Prime Collaboration, Unified Provisioning Manager, Network Services Manager, Prime Data Center Network Manager (DCNM), and Quad does not properly validate input, which allows local users to obtain root privileges via unspecified vectors, aka Bug IDs CSCug29384, CSCug13866, CSCug29400, CSCug29406, CSCug29411, CSCug29413, CSCug29416, CSCug29418, CSCug29422, CSCug29425, and CSCug29426, a different issue than CVE-2013-1125. |
|
32 |
CVE-2013-1195 |
264 |
|
Bypass |
2013-04-24 |
2013-04-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The time-based ACL implementation on Cisco Adaptive Security Appliances (ASA) devices, and in Cisco Firewall Services Module (FWSM), does not properly handle periodic statements for the time-range command, which allows remote attackers to bypass intended access restrictions by sending network traffic during denied time periods, aka Bug IDs CSCuf79091 and CSCug45850. |
|
33 |
CVE-2013-1194 |
200 |
|
+Info |
2013-04-18 |
2013-04-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The ISAKMP implementation on Cisco Adaptive Security Appliances (ASA) devices generates different responses for IKE aggressive-mode messages depending on whether invalid VPN groups are specified, which allows remote attackers to enumerate groups via a series of messages, aka Bug ID CSCue73708. |
|
34 |
CVE-2013-1193 |
|
|
DoS |
2013-04-16 |
2013-04-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Secure Shell (SSH) implementation on Cisco Adaptive Security Appliances (ASA) devices, and in Cisco Firewall Services Module (FWSM), does not properly terminate sessions, which allows remote attackers to cause a denial of service (SSH service outage) by repeatedly establishing SSH connections, aka Bug IDs CSCue63881, CSCuf51892, CSCue78671, and CSCug26937. |
|
35 |
CVE-2013-1192 |
20 |
|
Exec Code |
2013-04-25 |
2013-05-02 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The JAR files on Cisco Device Manager for Cisco MDS 9000 devices before 5.2.8, and Cisco Device Manager for Cisco Nexus 5000 devices, allow remote attackers to execute arbitrary commands on Windows client machines via a crafted element-manager.jnlp file, aka Bug IDs CSCty17417 and CSCty10802. |
|
36 |
CVE-2013-1189 |
20 |
|
DoS |
2013-04-11 |
2013-04-11 |
5.7 |
None |
Local Network |
Medium |
Not required |
None |
None |
Complete |
|
Cisco Universal Broadband (aka uBR) 10000 series routers, when an IPv4/IPv6 dual-stack modem is used, allow remote attackers to cause a denial of service (routing-engine reload) via unspecified changes to IP address assignments, aka Bug ID CSCue15313. |
|
37 |
CVE-2013-1188 |
287 |
|
DoS |
2013-05-15 |
2013-05-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Cisco Unified Communications Manager (CUCM) does not properly limit the rate of authentication attempts, which allows remote attackers to cause a denial of service (application slowdown) via a series of requests, aka Bug ID CSCud39515. |
|
38 |
CVE-2013-1187 |
20 |
|
DoS |
2013-04-16 |
2013-04-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Connection Manager in Cisco Jabber Extensible Communications Platform (aka Jabber XCP) does not properly validate login data, which allows remote attackers to cause a denial of service (service crash) by sending a series of malformed login packets, aka Bug ID CSCts76762. |
|
39 |
CVE-2013-1186 |
287 |
|
Bypass |
2013-04-25 |
2013-05-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Cisco Unified Computing System (UCS) 1.x before 1.4(4) and 2.x before 2.0(2m) allows remote attackers to bypass KVM authentication via a crafted authentication request to a Cisco Integrated Management Controller (IMC), aka Bug ID CSCts53746. |
|
40 |
CVE-2013-1185 |
200 |
|
+Info |
2013-04-25 |
2013-04-25 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The web interface in the Manager component in Cisco Unified Computing System (UCS) 1.x and 2.x before 2.0(2m) allows remote attackers to obtain sensitive information by reading a (1) technical-support bundle file or (2) on-device configuration backup, aka Bug ID CSCtq86543. |
|
41 |
CVE-2013-1184 |
20 |
|
DoS |
2013-04-25 |
2013-04-25 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The management API in the XML API management service in the Manager component in Cisco Unified Computing System (UCS) 1.x before 1.2(1b) allows remote attackers to cause a denial of service (service outage) via a malformed request, aka Bug ID CSCtg48206. |
|
42 |
CVE-2013-1183 |
119 |
|
Exec Code Overflow |
2013-04-25 |
2013-04-25 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the Intelligent Platform Management Interface (IPMI) functionality in the Manager component in Cisco Unified Computing System (UCS) 1.0 and 1.1 before 1.1(1j) and 1.2 before 1.2(1b) allows remote attackers to execute arbitrary code via malformed data in a UDP packet, aka Bug ID CSCtd32371. |
|
43 |
CVE-2013-1182 |
264 |
|
Bypass |
2013-04-25 |
2013-04-25 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The login page in the Web Console in the Manager component in Cisco Unified Computing System (UCS) before 1.0(2h), 1.1 before 1.1(1j), and 1.3(x) allows remote attackers to bypass LDAP authentication via a malformed request, aka Bug ID CSCtc91207. |
|
44 |
CVE-2013-1181 |
20 |
|
DoS |
2013-04-25 |
2013-04-25 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Cisco NX-OS on Nexus 5500 devices 4.x and 5.x before 5.0(3)N2(2), Nexus 3000 devices 5.x before 5.0(3)U3(2), and Unified Computing System (UCS) 6200 devices before 2.0(1w) allows remote attackers to cause a denial of service (device reload) by sending a jumbo packet to the management interface, aka Bug IDs CSCtx17544, CSCts10593, and CSCtx95389. |
|
45 |
CVE-2013-1180 |
119 |
|
Exec Code Overflow |
2013-04-25 |
2013-04-25 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
Buffer overflow in the SNMP implementation in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(5) and 6.x before 6.1(1) and MDS 9000 devices 4.x and 5.x before 5.2(5) allows remote authenticated users to execute arbitrary code via a crafted SNMP request, aka Bug ID CSCtx54822. |
|
46 |
CVE-2013-1179 |
119 |
|
Exec Code Overflow |
2013-04-25 |
2013-04-29 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
Multiple buffer overflows in the (1) SNMP and (2) License Manager implementations in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(5) and 6.x before 6.1(1) and MDS 9000 devices 4.x and 5.x before 5.2(5) allow remote authenticated users to execute arbitrary code via a crafted SNMP request, aka Bug ID CSCtx54830. |
|
47 |
CVE-2013-1178 |
119 |
|
Exec Code Overflow |
2013-04-25 |
2013-04-25 |
8.3 |
None |
Local Network |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple buffer overflows in the Cisco Discovery Protocol (CDP) implementation in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(4) and 6.x before 6.1(1), Nexus 5000 and 5500 devices 4.x and 5.x before 5.1(3)N1(1), Nexus 4000 devices before 4.1(2)E1(1h), Nexus 3000 devices 5.x before 5.0(3)U3(1), Nexus 1000V devices 4.x before 4.2(1)SV1(5.1), MDS 9000 devices 4.x and 5.x before 5.2(4), Unified Computing System (UCS) 6100 and 6200 devices before 2.0(2m), and Connected Grid Router (CGR) 1000 devices before CG4(1) allow remote attackers to execute arbitrary code via malformed CDP packets, aka Bug IDs CSCtu10630, CSCtu10551, CSCtu10550, CSCtw56581, CSCtu10548, CSCtu10544, and CSCuf61275. |
|
48 |
CVE-2013-1177 |
89 |
|
Exec Code Sql |
2013-04-18 |
2013-04-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in Cisco Network Admission Control (NAC) Manager before 4.8.3.1 and 4.9.x before 4.9.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCub23095. |
|
49 |
CVE-2013-1176 |
20 |
|
DoS |
2013-04-18 |
2013-04-19 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
The DSP card on Cisco TelePresence MCU 4500 and 4501 devices before 4.3(2.30), TelePresence MCU MSE 8510 devices before 4.3(2.30), and TelePresence Server before 2.3(1.55) does not properly validate H.264 data, which allows remote attackers to cause a denial of service (device reload) via crafted RTP packets in a (1) SIP session or (2) H.323 session, aka Bug IDs CSCuc11328 and CSCub05448. |
|
50 |
CVE-2013-1175 |
399 |
|
DoS |
2013-05-15 |
2013-05-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The SSL logging daemon in the Application Control Engine module in Cisco ACE allows remote attackers to cause a denial of service (disk consumption) via a large number of SSL connections that trigger log entries, aka Bug ID CSCug78957. |
