Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-05 | CVE-2018-0453 | OS Command Injection vulnerability in Cisco Firepower Threat Defense A vulnerability in the Sourcefire tunnel control channel protocol in Cisco Firepower System Software running on Cisco Firepower Threat Defense (FTD) sensors could allow an authenticated, local attacker to execute specific CLI commands with root privileges on the Cisco Firepower Management Center (FMC), or through Cisco FMC on other Firepower sensors and devices that are controlled by the same Cisco FMC. | 8.2 |
| 2018-10-05 | CVE-2018-0452 | Cross-site Scripting vulnerability in Cisco Tetration Analytics 2.1 A vulnerability in the web-based management interface of Cisco Tetration Analytics could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 6.1 |
| 2018-10-05 | CVE-2018-0451 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Tetration Analytics 2.0(2.20)/2.1(1.31) A vulnerability in the web-based management interface of Cisco Tetration Analytics could allow an authenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. | 8.8 |
| 2018-10-05 | CVE-2018-0450 | Cross-site Scripting vulnerability in Cisco Data Center Network Manager 10.4(2) A vulnerability in the web-based management interface of Cisco Data Center Network Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the management interface on an affected device. | 6.1 |
| 2018-10-05 | CVE-2018-0448 | Inadequate Encryption Strength vulnerability in Cisco Digital Network Architecture Center A vulnerability in the identity management service of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and take complete control of identity management functions. | 9.8 |
| 2018-10-05 | CVE-2018-0447 | Improper Input Validation vulnerability in Cisco Email Security Appliance A vulnerability in the anti-spam protection mechanisms of Cisco AsyncOS Software for the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass certain content filters on an affected device. | 5.3 |
| 2018-10-05 | CVE-2018-0446 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Network Level Service 1.5(0.128) A vulnerability in the web-based management interface of Cisco Industrial Network Director could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. | 8.8 |
| 2018-10-05 | CVE-2018-0445 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Packaged Contact Center Enterprise 11.6(1) A vulnerability in the web-based management interface of Cisco Packaged Contact Center Enterprise could allow an unauthenticated, remote attacker to conduct a CSRF attack and perform arbitrary actions on an affected device. | 8.8 |
| 2018-10-05 | CVE-2018-0444 | Cross-site Scripting vulnerability in Cisco Packaged Contact Center Enterprise 11.6(1) A vulnerability in the web-based management interface of Cisco Packaged Contact Center Enterprise could allow an unauthenticated, remote attacker to conduct a stored XSS attack against a user of the interface. | 6.1 |
| 2018-10-05 | CVE-2018-0440 | Improper Input Validation vulnerability in Cisco Data Center Network Manager A vulnerability in the web interface of Cisco Data Center Network Manager could allow an authenticated application administrator to execute commands on the underlying operating system with root-level privileges. | 7.2 |