Vulnerabilities > Cisco

DATE CVE VULNERABILITY TITLE RISK
2018-02-08 CVE-2018-0137 Allocation of Resources Without Limits or Throttling vulnerability in Cisco Prime Network 4.3(0.0)Pp6/4.3(2.0)Pp1
A vulnerability in the TCP throttling process of Cisco Prime Network could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
network
low complexity
cisco CWE-770
5.0
2018-02-08 CVE-2018-0135 Improper Input Validation vulnerability in Cisco Unified Communications Manager 11.0(1.24075.1)
A vulnerability in Cisco Unified Communications Manager could allow an authenticated, remote attacker to access sensitive information on an affected system.
network
low complexity
cisco CWE-20
4.0
2018-02-08 CVE-2018-0134 Information Exposure Through Discrepancy vulnerability in Cisco Mobility Services Engine 13.0.0/13.1.0
A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthenticated, remote attacker to determine whether a subscriber username is valid.
network
low complexity
cisco CWE-203
5.0
2018-02-08 CVE-2018-0132 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Carrier Routing System 5.3.0.Rout
A vulnerability in the forwarding information base (FIB) code of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause inconsistency between the routing information base (RIB) and the FIB, resulting in a denial of service (DoS) condition.
network
low complexity
cisco CWE-119
5.0
2018-02-08 CVE-2018-0129 Cross-site Scripting vulnerability in Cisco Data Center Analytics Framework 1.0
A vulnerability in the web-based management interface of Cisco Data Center Analytics Framework could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.
network
cisco CWE-79
4.3
2018-02-08 CVE-2018-0128 Cross-site Scripting vulnerability in Cisco Data Center Analytics Framework
A vulnerability in the web-based management interface of Cisco Data Center Analytics Framework could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.
network
cisco CWE-79
4.3
2018-02-08 CVE-2018-0127 Missing Authentication for Critical Function vulnerability in Cisco Rv132W Firmware and Rv134W Firmware
A vulnerability in the web interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to view configuration parameters for an affected device, which could lead to the disclosure of confidential information.
network
low complexity
cisco CWE-306
5.0
2018-02-08 CVE-2018-0125 Improper Input Validation vulnerability in Cisco Rv132W Firmware and Rv134W Firmware
A vulnerability in the web interface of the Cisco RV132W ADSL2+ Wireless-N VPN and RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges.
network
low complexity
cisco CWE-20
critical
10.0
2018-02-08 CVE-2018-0123 Path Traversal vulnerability in Cisco IOS and IOS XE
A Path Traversal vulnerability in the diagnostic shell for Cisco IOS and IOS XE Software could allow an authenticated, local attacker to use certain diagnostic shell commands that can overwrite system files.
local
low complexity
cisco CWE-22
4.9
2018-02-08 CVE-2018-0122 OS Command Injection vulnerability in Cisco Staros 21.3.0.67664
A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to overwrite system files that are stored in the flash memory of an affected system.
local
low complexity
cisco CWE-78
6.6