Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-07 | CVE-2018-0356 | Cross-site Scripting vulnerability in Cisco Webex Meetings T32 A vulnerability in the web framework of Cisco WebEx could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system. | 6.1 |
| 2018-06-07 | CVE-2018-0355 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Cisco Unified Communications Manager A vulnerability in the web UI of Cisco Unified Communications Manager (Unified CM) could allow an unauthenticated, remote attacker to conduct a cross-frame scripting (XFS) attack against the user of the web UI of an affected system. | 6.1 |
| 2018-06-07 | CVE-2018-0354 | Cross-site Scripting vulnerability in Cisco Unity Connection 12.5 A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system. | 6.1 |
| 2018-06-07 | CVE-2018-0352 | Incorrect Permission Assignment for Critical Resource vulnerability in Cisco Wide Area Application Services 6.2(3) A vulnerability in the Disk Check Tool (disk-check.sh) for Cisco Wide Area Application Services (WAAS) Software could allow an authenticated, local attacker to elevate their privilege level to root. | 6.7 |
| 2018-06-07 | CVE-2018-0340 | Cross-site Scripting vulnerability in Cisco Unified Communications Manager A vulnerability in the web framework of the Cisco Unified Communications Manager (Unified CM) software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. | 5.4 |
| 2018-06-07 | CVE-2018-0339 | Cross-site Scripting vulnerability in Cisco Identity Services Engine Software 2.3(0.298)/2.4(0.126) A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. | 6.1 |
| 2018-06-07 | CVE-2018-0338 | Incorrect Authorization vulnerability in Cisco Unified Computing System A vulnerability in the role-based access-checking mechanisms of Cisco Unified Computing System (UCS) Software could allow an authenticated, local attacker to execute arbitrary commands on an affected system. | 7.8 |
| 2018-06-07 | CVE-2018-0336 | Missing Authorization vulnerability in Cisco Prime Collaboration 12.1 A vulnerability in the batch provisioning feature of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to escalate privileges to the Administrator level. | 8.8 |
| 2018-06-07 | CVE-2018-0335 | Insufficiently Protected Credentials vulnerability in Cisco Prime Collaboration 12.2 A vulnerability in the web portal authentication process of Cisco Prime Collaboration Provisioning could allow an unauthenticated, local attacker to view sensitive data. | 7.8 |
| 2018-06-07 | CVE-2018-0334 | Improper Certificate Validation vulnerability in Cisco Anyconnect Secure Mobility Client 4.6(100) A vulnerability in the certificate management subsystem of Cisco AnyConnect Network Access Manager and of Cisco AnyConnect Secure Mobility Client for iOS, Mac OS X, Android, Windows, and Linux could allow an unauthenticated, remote attacker to bypass the TLS certificate check when downloading certain configuration files. | 4.8 |