Skip to main content
CVE-2015-6389 CRITICAL Act Now

Cisco Prime Collaboration Assurance before 11.0 has a hardcoded cmuser account, which allows remote attackers to obtain access by establishing an SSH session and leveraging knowledge of this. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Prime Collaboration Assurance
NVD
CVSS 2.0
9.0
EPSS
0.6%
CVE-2015-6405 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in Cisco Emergency Responder 10.5(1) and 10.5(1a) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv26501. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Cisco Emergency Responder
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-6361 MEDIUM This Month

The administrative web interface on Cisco DPC3939 (XB3) devices with firmware 121109aCMCST allows remote authenticated users to execute arbitrary commands via unspecified fields, aka Bug ID. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Dpc3939 Wireless Residential Voice Gateway Firmware
NVD
CVSS 2.0
6.5
EPSS
0.5%
CVE-2015-6418 MEDIUM This Month

The random-number generator on Cisco Small Business RV routers 4.x and SA500 security appliances 2.2.07 does not have sufficient entropy, which makes it easier for remote attackers to determine a TLS. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Information Disclosure Microsoft Sa520 Sa520W +5
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2015-6400 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Emergency Responder 10.5(1a) allow remote attackers to inject arbitrary web script or HTML via unspecified fields, aka Bug ID CSCuv25547. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Emergency Responder
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-6406 MEDIUM This Month

Directory traversal vulnerability in the Tools menu in Cisco Emergency Responder 10.5(1.10000.5) allows remote authenticated users to write to arbitrary files via a crafted filename, aka Bug ID. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Cisco Emergency Responder
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2015-6407 MEDIUM This Month

Cisco Emergency Responder 10.5(3.10000.9) allows remote attackers to upload files to arbitrary locations via a crafted parameter, aka Bug ID CSCuv25501. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Emergency Responder
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2015-6413 MEDIUM This Month

Cisco TelePresence Video Communication Server (VCS) Expressway X8.6 allows remote authenticated users to bypass intended read-only restrictions and upload Tandberg Linux Package (TLP) files by. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Telepresence Video Communication Server Software
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2015-6414 LOW Monitor

Cisco TelePresence Video Communication Server (VCS) X8.6 uses the same encryption key across different customers' installations, which makes it easier for local users to defeat cryptographic. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Telepresence Video Communication Server Software
NVD
CVSS 2.0
2.1
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy