Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-02 | CVE-2019-12630 | Deserialization of Untrusted Data vulnerability in Cisco Security Manager A vulnerability in the Java deserialization function used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. | 7.5 |
| 2019-09-25 | CVE-2019-12717 | OS Command Injection vulnerability in Cisco Nx-Os A vulnerability in a CLI command related to the virtualization manager (VMAN) in Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with root privileges. | 7.2 |
| 2019-09-25 | CVE-2019-12709 | OS Command Injection vulnerability in Cisco IOS XR A vulnerability in a CLI command related to the virtualization manager (VMAN) in Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with root privileges. | 7.2 |
| 2019-09-25 | CVE-2019-12672 | Link Following vulnerability in Cisco IOS 16.9.1 A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker with physical access to an affected device to execute arbitrary code on the underlying operating system (OS) with root privileges. | 7.2 |
| 2019-09-25 | CVE-2019-12671 | Incorrect Authorization vulnerability in Cisco IOS XE 16.11.1 A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to gain shell access on an affected device and execute commands on the underlying operating system (OS). | 7.8 |
| 2019-09-25 | CVE-2019-12670 | Incorrect Permission Assignment for Critical Resource vulnerability in Cisco IOS 16.10.1 A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker within the IOx Guest Shell to modify the namespace container protections on an affected device. | 4.6 |
| 2019-09-25 | CVE-2019-12669 | Improper Input Validation vulnerability in Cisco IOS 15.2(3)E/15.2(3)E5/16.11.1 A vulnerability in the RADIUS Change of Authorization (CoA) code of Cisco TrustSec, a feature within Cisco IOS XE Software, could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 7.8 |
| 2019-09-25 | CVE-2019-12668 | Cross-site Scripting vulnerability in Cisco IOS and IOS XE A vulnerability in the web framework code of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of the affected software using the banner parameter. | 3.5 |
| 2019-09-25 | CVE-2019-12667 | Cross-site Scripting vulnerability in Cisco IOS XE A vulnerability in the web framework code of Cisco IOS XE Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of the affected software. | 3.5 |
| 2019-09-25 | CVE-2019-12666 | Path Traversal vulnerability in Cisco IOS XE A vulnerability in the Guest Shell of Cisco IOS XE Software could allow an authenticated, local attacker to perform directory traversal on the base Linux operating system of Cisco IOS XE Software. | 7.2 |