Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-21 | CVE-2019-1904 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco IOS XE 16.1.3/16.2.1/16.3.1 A vulnerability in the web-based UI (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. | 6.8 |
| 2019-06-20 | CVE-2019-1906 | Improper Input Validation vulnerability in Cisco Prime Infrastructure 3.6 A vulnerability in the Virtual Domain system of Cisco Prime Infrastructure (PI) could allow an authenticated, remote attacker to change the virtual domain configuration, which could lead to privilege escalation. | 4.0 |
| 2019-06-20 | CVE-2019-1905 | Improper Input Validation vulnerability in Cisco Email Security Appliance 11.1.2/12.0.0 A vulnerability in the GZIP decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured content filters on the device. | 5.0 |
| 2019-06-20 | CVE-2019-1903 | XXE vulnerability in Cisco Security Manager 4.14 A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information or cause a denial of service (DoS) condition. | 6.4 |
| 2019-06-20 | CVE-2019-1899 | Forced Browsing vulnerability in Cisco Rv110W Firmware, Rv130W Firmware and Rv215W Firmware A vulnerability in the web interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to acquire the list of devices that are connected to the guest network. | 5.0 |
| 2019-06-20 | CVE-2019-1898 | Forced Browsing vulnerability in Cisco Rv110W Firmware, Rv130W Firmware and Rv215W Firmware A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to access the syslog file on an affected device. | 5.0 |
| 2019-06-20 | CVE-2019-1897 | Missing Authentication for Critical Function vulnerability in Cisco Rv110W Firmware, Rv130W Firmware and Rv215W Firmware A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to disconnect clients that are connected to the guest network on an affected router. | 5.0 |
| 2019-06-20 | CVE-2019-1879 | OS Command Injection vulnerability in Cisco products A vulnerability in the CLI of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. | 7.2 |
| 2019-06-20 | CVE-2019-1878 | OS Command Injection vulnerability in Cisco Telepresence CE and Telepresence TC A vulnerability in the Cisco Discovery Protocol (CDP) implementation for the Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software could allow an unauthenticated, adjacent attacker to inject arbitrary shell commands that are executed by the device. | 8.3 |
| 2019-06-20 | CVE-2019-1876 | Missing Authentication for Critical Function vulnerability in Cisco Wide Area Application Services 5.5(7)/6.1(1)/6.4(3B) A vulnerability in the HTTPS proxy feature of Cisco Wide Area Application Services (WAAS) Software could allow an unauthenticated, remote attacker to use the Central Manager as an HTTPS proxy. | 5.0 |