9 results (0.007 seconds)

CVSS: 7.8EPSS: 0%CPEs: 32EXPL: 0

Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because a certain system log file does not have a maximum size restriction. Therefore, the file is allowed to consume the majority of available disk space on the appliance. An attacker could exploit this vulnerability by sending crafted remote connection requests to the appliance. Successful exploitation could allow the attacker to increase the size of a system log file so that it consumes most of the disk space. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •

CVSS: 10.0EPSS: 3%CPEs: 12EXPL: 0

A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affected device. The vulnerability occurs when a refresh upgrade (RU) or Prime Collaboration Deployment (PCD) migration is performed on an affected device. When a refresh upgrade or PCD migration is completed successfully, an engineering flag remains enabled and could allow root access to the device with a known password. If the vulnerable device is subsequently upgraded using the standard upgrade method to an Engineering Special Release, service update, or a new major release of the affected product, this vulnerability is remediated by that action. Note: Engineering Special Releases that are installed as COP files, as opposed to the standard upgrade method, do not remediate this vulnerability. • http://www.securityfocus.com/bid/101865 http://www.securitytracker.com/id/1039813 http://www.securitytracker.com/id/1039814 http://www.securitytracker.com/id/1039815 http://www.securitytracker.com/id/1039816 http://www.securitytracker.com/id/1039817 http://www.securitytracker.com/id/1039818 http://www.securitytracker.com/id/1039819 http://www.securitytracker.com/id/1039820 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-vos • CWE-287: Improper Authentication •

CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0

Cross-site request forgery (CSRF) vulnerability in Cisco MediaSense 10.5(1) and earlier allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu16728. Vulnerabilidad de CSRF en Cisco MediaSense 10.5(1) y anteriores permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios, también conocido como Bug ID CSCuu16728. • http://tools.cisco.com/security/center/viewAlert.x?alertId=38869 http://www.securitytracker.com/id/1032336 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in the Search and Play interface in Cisco MediaSense allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCum16686. Vulnerabilidad de XSS en la interfaz Search and Play de Cisco Media Sense permite a atacantes remotos inyectar script Web o HTML arbitrario a través de un parámetro no especificado, también conocido como Bug ID CSCum16686. • http://osvdb.org/102319 http://secunia.com/advisories/56563 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0670 http://tools.cisco.com/security/center/viewAlert.x?alertId=32514 http://www.securityfocus.com/bid/65053 http://www.securitytracker.com/id/1029667 https://exchange.xforce.ibmcloud.com/vulnerabilities/90615 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0

Open redirect vulnerability in Cisco MediaSense allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter, aka Bug ID CSCum16749. Vulnerabilidad de redirección abierta en Cisco MediaSense permite a atacantes remotos redirigir usuarios hacia sitios Web arbitrarios y llevar a cabo ataques de phishing a través de un parámetro no especificado, también conocido Bug ID CSCum16749. • http://osvdb.org/102341 http://secunia.com/advisories/56544 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0671 http://tools.cisco.com/security/center/viewAlert.x?alertId=32517 http://www.securityfocus.com/bid/65055 http://www.securitytracker.com/id/1029669 https://exchange.xforce.ibmcloud.com/vulnerabilities/90617 • CWE-20: Improper Input Validation •