Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-05 | CVE-2018-0426 | Path Traversal vulnerability in Cisco Rv110W Firmware, Rv130W Firmware and Rv215W Firmware A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain access to sensitive information. | 9.8 |
| 2018-10-05 | CVE-2018-0425 | Improper Privilege Management vulnerability in Cisco Rv110W Firmware, Rv130W Firmware and Rv215W Firmware A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain access to sensitive information. | 9.8 |
| 2018-10-05 | CVE-2018-0424 | OS Command Injection vulnerability in Cisco Rv110W Firmware, Rv130W Firmware and Rv215W Firmware A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an authenticated, remote attacker to execute arbitrary commands. | 8.8 |
| 2018-10-05 | CVE-2018-0423 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Rv110W Firmware, Rv130W Firmware and Rv215W Firmware A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to cause a denial of service condition or to execute arbitrary code. | 8.1 |
| 2018-10-05 | CVE-2018-0422 | Incorrect Permission Assignment for Critical Resource vulnerability in Cisco products A vulnerability in the folder permissions of Cisco Webex Meetings client for Windows could allow an authenticated, local attacker to modify locally stored files and execute code on a targeted device with the privilege level of the user. | 7.3 |
| 2018-10-05 | CVE-2018-0421 | Missing Release of Resource after Effective Lifetime vulnerability in Cisco products A vulnerability in TCP connection management in Cisco Prime Access Registrar could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition when the application unexpectedly restarts. | 8.6 |
| 2018-10-05 | CVE-2018-0414 | XXE vulnerability in Cisco Secure Access Control Server Solution Engine A vulnerability in the web-based UI of Cisco Secure Access Control Server could allow an authenticated, remote attacker to gain read access to certain information in an affected system. | 5.7 |
| 2018-10-05 | CVE-2018-0197 | Improper Input Validation vulnerability in Cisco IOS and IOS XE A vulnerability in the VLAN Trunking Protocol (VTP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to corrupt the internal VTP database on an affected device and cause a denial of service (DoS) condition. | 6.5 |
| 2018-08-15 | CVE-2018-0428 | Improper Privilege Management vulnerability in Cisco web Security Appliance A vulnerability in the account management subsystem of Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to elevate privileges to root. | 6.7 |
| 2018-08-15 | CVE-2018-0427 | OS Command Injection vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module Dnac1.1 A vulnerability in the CronJob scheduler API of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to perform a command injection attack. | 8.8 |