Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-18 | CVE-2019-12620 | Insufficient Verification of Data Authenticity vulnerability in Cisco products A vulnerability in the statistics collection service of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to inject arbitrary values on an affected device. | 5.3 |
| 2019-09-05 | CVE-2019-1976 | Unspecified vulnerability in Cisco Industrial Network Director and Network Level Service A vulnerability in the “plug-and-play” services component of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to access sensitive information on an affected device. | 9.8 |
| 2019-09-05 | CVE-2019-1939 | Improper Privilege Management vulnerability in Cisco Webex Teams 3.0.4533 A vulnerability in the Cisco Webex Teams client for Windows could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. | 8.8 |
| 2019-09-05 | CVE-2019-12645 | Incorrect Permission Assignment for Critical Resource vulnerability in Cisco Jabber 12.5(0) A vulnerability in Cisco Jabber Client Framework (JCF) for Mac Software, installed as part of the Cisco Jabber for Mac client, could allow an authenticated, local attacker to execute arbitrary code on an affected device The vulnerability is due to improper file level permissions on an affected device when it is running Cisco JCF for Mac Software. | 7.8 |
| 2019-09-05 | CVE-2019-12644 | Cross-site Scripting vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 6.1 |
| 2019-09-05 | CVE-2019-12635 | Incorrect Permission Assignment for Critical Resource vulnerability in Cisco Content Security Management Appliance A vulnerability in the authorization module of Cisco Content Security Management Appliance (SMA) Software could allow an authenticated, remote attacker to gain out-of-scope access to email. | 4.3 |
| 2019-09-05 | CVE-2019-12633 | Server-Side Request Forgery (SSRF) vulnerability in Cisco Unified Contact Center Express A vulnerability in Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack on a targeted system. | 7.5 |
| 2019-09-05 | CVE-2019-12632 | Server-Side Request Forgery (SSRF) vulnerability in Cisco Finesse 11.6(1)/12.0(1)/12.5(1) A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack on an affected system. | 7.5 |
| 2019-08-30 | CVE-2019-1977 | State Issues vulnerability in Cisco Nx-Os A vulnerability within the Endpoint Learning feature of Cisco Nexus 9000 Series Switches running in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an endpoint device in certain circumstances. | 7.5 |
| 2019-08-30 | CVE-2019-1969 | Improper Input Validation vulnerability in Cisco Nx-Os A vulnerability in the implementation of the Simple Network Management Protocol (SNMP) Access Control List (ACL) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to perform SNMP polling of an affected device, even if it is configured to deny SNMP traffic. | 5.3 |