Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-05 | CVE-2018-15383 | Allocation of Resources Without Limits or Throttling vulnerability in Cisco products A vulnerability in the cryptographic hardware accelerator driver of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a temporary denial of service (DoS) condition. | 7.5 |
| 2018-10-05 | CVE-2018-15382 | External Control of Critical State Data vulnerability in Cisco Hyperflex HX Data Platform 3.0(1A) A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to generate valid, signed session tokens. | 7.5 |
| 2018-10-05 | CVE-2018-15379 | Incorrect Permission Assignment for Critical Resource vulnerability in Cisco Prime Infrastructure A vulnerability in which the HTTP web server for Cisco Prime Infrastructure (PI) has unrestricted directory permissions could allow an unauthenticated, remote attacker to upload an arbitrary file. | 7.5 |
| 2018-10-05 | CVE-2018-15377 | Memory Leak vulnerability in Cisco IOS 15.7(3.1S)M/Denali16.3.6/Everest16.5.1 A vulnerability in the Cisco Network Plug and Play agent, also referred to as the Cisco Open Plug-n-Play agent, of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. | 7.8 |
| 2018-10-05 | CVE-2018-15376 | Write-what-where Condition vulnerability in Cisco IOS 15.5(2.21)T/15.6(3)M A vulnerability in the embedded test subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers could allow an authenticated, local attacker to write arbitrary values to arbitrary locations in the memory space of an affected device. | 7.2 |
| 2018-10-05 | CVE-2018-15375 | Write-what-where Condition vulnerability in Cisco IOS 15.5(2.21)T/15.6(3)M A vulnerability in the embedded test subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers could allow an authenticated, local attacker to write arbitrary values to arbitrary locations in the memory space of an affected device. | 7.2 |
| 2018-10-05 | CVE-2018-15374 | Improper Verification of Cryptographic Signature vulnerability in Cisco IOS XE 16.6.1 A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install a malicious software image or file on an affected device. | 7.2 |
| 2018-10-05 | CVE-2018-15373 | Allocation of Resources Without Limits or Throttling vulnerability in Cisco IOS and IOS XE A vulnerability in the implementation of Cisco Discovery Protocol functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust memory on an affected device, resulting in a denial of service (DoS) condition. | 6.1 |
| 2018-10-05 | CVE-2018-15372 | Unspecified vulnerability in Cisco IOS XE 16.8.1/16.9.1 A vulnerability in the MACsec Key Agreement (MKA) using Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) functionality of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to bypass authentication and pass traffic through a Layer 3 interface of an affected device. low complexity cisco | 4.8 |
| 2018-10-05 | CVE-2018-15371 | Improper Authentication vulnerability in Cisco IOS XE 16.3(1) A vulnerability in the shell access request mechanism of Cisco IOS XE Software could allow an authenticated, local attacker to bypass authentication and gain unrestricted access to the root shell of an affected device. | 7.2 |