Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-21 | CVE-2019-1667 | Incorrect Authorization vulnerability in Cisco Hyperflex HX Data Platform A vulnerability in the Graphite interface of Cisco HyperFlex software could allow an authenticated, local attacker to write arbitrary data to the Graphite interface. | 2.1 |
| 2019-02-21 | CVE-2019-1666 | Improper Access Control vulnerability in Cisco Hyperflex HX Data Platform A vulnerability in the Graphite service of Cisco HyperFlex software could allow an unauthenticated, remote attacker to retrieve data from the Graphite service. | 5.0 |
| 2019-02-21 | CVE-2019-1665 | Cross-site Scripting vulnerability in Cisco Hyperflex HX Data Platform A vulnerability in the web-based management interface of Cisco HyperFlex software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. | 4.3 |
| 2019-02-21 | CVE-2019-1664 | Improper Access Control vulnerability in Cisco Hyperflex HX Data Platform A vulnerability in the hxterm service of Cisco HyperFlex Software could allow an unauthenticated, local attacker to gain root access to all nodes in the cluster. | 7.2 |
| 2019-02-21 | CVE-2019-1662 | Improper Authentication vulnerability in Cisco Prime Collaboration Assurance A vulnerability in the Quality of Voice Reporting (QOVR) service of Cisco Prime Collaboration Assurance (PCA) Software could allow an unauthenticated, remote attacker to access the system as a valid user. | 6.4 |
| 2019-02-21 | CVE-2019-1659 | Improper Certificate Validation vulnerability in Cisco Prime Infrastructure A vulnerability in the Identity Services Engine (ISE) integration feature of Cisco Prime Infrastructure (PI) could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack against the Secure Sockets Layer (SSL) tunnel established between ISE and PI. | 5.8 |
| 2019-02-20 | CVE-2018-15380 | OS Command Injection vulnerability in Cisco Hyperflex HX Data Platform 3.0(1A)/3.5(1A) A vulnerability in the cluster service manager of Cisco HyperFlex Software could allow an unauthenticated, adjacent attacker to execute commands as the root user. | 8.3 |
| 2019-02-12 | CVE-2019-1688 | Use of Hard-coded Credentials vulnerability in Cisco Network Assurance Engine 3.0(1) A vulnerability in the management web interface of Cisco Network Assurance Engine (NAE) could allow an unauthenticated, local attacker to gain unauthorized access or cause a Denial of Service (DoS) condition on the server. | 7.1 |
| 2019-02-08 | CVE-2019-1676 | Improper Input Validation vulnerability in Cisco Meeting Server A vulnerability in the Session Initiation Protocol (SIP) call processing of Cisco Meeting Server (CMS) software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition of the Cisco Meeting Server. | 5.0 |
| 2019-02-08 | CVE-2019-1672 | Resource Exhaustion vulnerability in Cisco web Security Appliance 10.1.0204/10.5.2072/11.5.1Fcs115 A vulnerability in the Decryption Policy Default Action functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured drop policy and allow traffic onto the network that should have been denied. | 5.0 |