Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-21 | CVE-2019-12627 | Improper Access Control vulnerability in Cisco Firepower Threat Defense A vulnerability in the application policy configuration of the Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data. | 5.0 |
| 2019-08-21 | CVE-2019-12626 | Improper Input Validation vulnerability in Cisco Unified Contact Center Express 12.5(1) A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 3.5 |
| 2019-08-21 | CVE-2019-12624 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco IOS XE A vulnerability in the web-based management interface of Cisco IOS XE New Generation Wireless Controller (NGWC) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. | 6.8 |
| 2019-08-21 | CVE-2019-12623 | File and Directory Information Exposure vulnerability in Cisco Enterprise Network Functions Virtualization Infrastructure A vulnerability in the web server functionality of Cisco Enterprise Network Functions Virtualization Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform file enumeration on an affected system. | 4.0 |
| 2019-08-21 | CVE-2019-12622 | Permission Issues vulnerability in Cisco products A vulnerability in Cisco RoomOS Software could allow an authenticated, local attacker to write files to the underlying filesystem with root privileges. | 7.2 |
| 2019-08-21 | CVE-2019-12621 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Cisco products A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack. | 5.8 |
| 2019-08-08 | CVE-2019-1973 | Cross-site Scripting vulnerability in Cisco Enterprise Network Function Virtualization Infrastructure 3.11.1/3.5.1/3.5.2 A vulnerability in the web portal framework of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. | 3.5 |
| 2019-08-08 | CVE-2019-1972 | Unspecified vulnerability in Cisco Enterprise Network Function Virtualization Infrastructure A vulnerability the Cisco Enterprise NFV Infrastructure Software (NFVIS) restricted CLI could allow an authenticated, local attacker with valid administrator-level credentials to elevate privileges and execute arbitrary commands on the underlying operating system as root. | 7.2 |
| 2019-08-08 | CVE-2019-1971 | Improper Input Validation vulnerability in Cisco Enterprise Network Function Virtualization Infrastructure A vulnerability in the web portal of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to perform a command injection attack and execute arbitrary commands with root privileges. | 10.0 |
| 2019-08-08 | CVE-2019-1970 | Protection Mechanism Failure vulnerability in Cisco products A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) protocol inspection engine of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the configured file policies on an affected system. | 5.0 |