Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-25 | CVE-2019-12651 | OS Command Injection vulnerability in Cisco products Multiple vulnerabilities in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands with elevated privileges on the affected device. | 8.8 |
| 2019-09-25 | CVE-2019-12650 | OS Command Injection vulnerability in Cisco IOS and IOS XE Multiple vulnerabilities in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands with elevated privileges on the affected device. | 8.8 |
| 2019-09-25 | CVE-2019-12649 | Improper Verification of Cryptographic Signature vulnerability in Cisco IOS and IOS XE A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install and boot a malicious software image or execute unsigned binaries on an affected device. | 6.7 |
| 2019-09-25 | CVE-2019-12648 | Incorrect Authorization vulnerability in Cisco IOS 15.7(3)M3 A vulnerability in the IOx application environment for Cisco IOS Software could allow an authenticated, remote attacker to gain unauthorized access to the Guest Operating System (Guest OS) running on an affected device. | 8.8 |
| 2019-09-25 | CVE-2019-12647 | NULL Pointer Dereference vulnerability in Cisco IOS XE Fuji16.7.1/Fuji16.8.1 A vulnerability in the Ident protocol handler of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. | 7.5 |
| 2019-09-25 | CVE-2019-12646 | Improper Initialization vulnerability in Cisco IOS XE A vulnerability in the Network Address Translation (NAT) Session Initiation Protocol (SIP) Application Layer Gateway (ALG) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. | 7.5 |
| 2019-09-18 | CVE-2019-1975 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Cisco products A vulnerability in the web-based interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack on an affected device. | 6.1 |
| 2019-09-18 | CVE-2019-12620 | Insufficient Verification of Data Authenticity vulnerability in Cisco products A vulnerability in the statistics collection service of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to inject arbitrary values on an affected device. | 5.3 |
| 2019-09-05 | CVE-2019-1976 | Unspecified vulnerability in Cisco Industrial Network Director and Network Level Service A vulnerability in the “plug-and-play” services component of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to access sensitive information on an affected device. | 9.8 |
| 2019-09-05 | CVE-2019-1939 | Improper Privilege Management vulnerability in Cisco Webex Teams 3.0.4533 A vulnerability in the Cisco Webex Teams client for Windows could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. | 8.8 |