Vulmon Recent Vulnerabilities Discussions Trends About Contact

cisco vulnerabilities and exploits

3.3
CVSSv2
CVE-2018-0249

A vulnerability when handling incoming 802.11 Association Requests for Cisco Aironet 1800 Series Access Point (APs) on Qualcomm Atheros (QCA) based hardware platforms could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected...

CiscoAironet Access Point Software
5.5
CVSSv2
CVE-2018-0381

A vulnerability in the Cisco Aironet Series Access Points (APs) software could allow an authenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to a deadlock condition that...

CiscoAironet Series Access Points
7.5
CVSSv2
CVE-2018-0321

A vulnerability in Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to access the Java Remote Method Invocation (RMI) system. The vulnerability is due to an open port in the Network Interface and Configuration Engine (NICE) service. An...

CiscoPrime CollaborationPrime Collaboration AssurancePrime Collaboration Provisioning
4.6
CVSSv2
CVE-2012-4131

Directory traversal vulnerability in tar in Cisco NX-OS allows local users to access arbitrary files via crafted command-line arguments, aka Bug IDs CSCty07157, CSCty07159, CSCty07162, and CSCty07164....

CiscoNx-os
5
CVSSv2
CVE-2016-6364

The User Data Services (UDS) API implementation in Cisco Unified Communications Manager 11.5 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified API calls, aka Bug ID CSCux67855....

CiscoUnified Communications Manager
9.3
CVSSv2
CVE-2018-15439

A vulnerability in the Cisco Small Business Switches software could allow an unauthenticated, remote attacker to bypass the user authentication mechanism of an affected device. The vulnerability exists because under specific circumstances, the affected software enables a...

CiscoSmall Business Switches
5
CVSSv2
CVE-2012-4658

The ios-authproxy implementation in Cisco IOS before 15.1(1)SY3 allows remote attackers to cause a denial of service (webauth and HTTP service outage) via vectors that trigger incorrectly terminated HTTP sessions, aka Bug ID CSCtz99447....

CiscoIos
4.3
CVSSv2
CVE-2011-2545

Cross-site scripting (XSS) vulnerability in the SIP implementation on the Cisco SPA8000 and SPA8800 before 6.1.11, SPA2102 and SPA3102 before 5.2.13, and SPA 500 series IP phones before 7.4.9 allows remote attackers to inject arbitrary web script or HTML via the FROM field of an...

CiscoSpa2102 Phone Adapter With RouterSpa3102 Voice Gateway With RouterSpa8000 8-port Ip Telephony GatewaySpa8800 Ip Telephony GatewaySpa 501g 8-line Ip PhoneSpa 502g 1-line Ip PhoneSpa 504g 4-line Ip PhoneSpa 508g 8-line Ip PhoneSpa 509g 12-line Ip PhoneSpa 512g 1-line Ip PhoneSpa 514g 4-line Ip PhoneSpa 525g2 5-line Ip PhoneSpa 525g 5-line Ip PhoneSpa2102 Phone Adapter With Router FirmwareSpa3102 Voice Gateway With Router FirmwareSpa8000 8-port Ip Telephony Gateway FirmwareSpa8800 8-port Ip Telephony Gateway FirmwareSpa 500 Series Ip Phone Firmware
4.3
CVSSv2
CVE-2015-0624

The web framework in Cisco AsyncOS on Email Security Appliance (ESA), Content Security Management Appliance (SMA), and Web Security Appliance (WSA) devices allows remote attackers to trigger redirects via a crafted HTTP header, aka Bug IDs CSCur44412, CSCur44415, CSCur89630,...

CiscoContent Security Management ApplianceWeb Security ApplianceEmail Security Appliance Firmware
6.5
CVSSv2
CVE-2014-3336

SQL injection vulnerability in the web framework in Cisco Unity Connection 9.1(2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted request, aka Bug ID CSCuq31016....

CiscoUnity Connection
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
crm technical foundationone-to-one fulfillmentCVE-2019-2677CVE-2019-3868CSRFCVE-2018-11976HTML injectionCVE-2019-9978local usersCVE-2019-11505mysql connector/jCVE-2019-2707mysql