Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-19 | CVE-2018-0228 | Improper Locking vulnerability in Cisco Adaptive Security Appliance Software A vulnerability in the ingress flow creation functionality of Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause the CPU to increase upwards of 100% utilization, causing a denial of service (DoS) condition on an affected system. | 8.6 |
| 2018-04-19 | CVE-2018-0227 | Improper Certificate Validation vulnerability in Cisco products A vulnerability in the Secure Sockets Layer (SSL) Virtual Private Network (VPN) Client Certificate Authentication feature for Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to establish an SSL VPN connection and bypass certain SSL certificate verification steps. | 7.5 |
| 2018-04-19 | CVE-2018-0112 | Improper Input Validation vulnerability in Cisco products A vulnerability in Cisco WebEx Business Suite clients, Cisco WebEx Meetings, and Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute arbitrary code on a targeted system. | 9.0 |
| 2018-04-02 | CVE-2018-0194 | OS Command Injection vulnerability in Cisco IOS XE Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands into the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell of an affected device and execute commands with root privileges on the device. | 7.8 |
| 2018-03-28 | CVE-2018-0196 | Unspecified vulnerability in Cisco IOS XE 16.1.2/16.2.0/16.3(1) A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to write arbitrary files to the operating system of an affected device. | 4.9 |
| 2018-03-28 | CVE-2018-0195 | Improper Authentication vulnerability in Cisco IOS XE A vulnerability in the Cisco IOS XE Software REST API could allow an authenticated, remote attacker to bypass API authorization checks and use the API to perform privileged actions on an affected device. | 8.8 |
| 2018-03-28 | CVE-2018-0193 | OS Command Injection vulnerability in Cisco IOS XE Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands into the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell of an affected device and execute commands with root privileges on the device. | 7.8 |
| 2018-03-28 | CVE-2018-0190 | Cross-site Scripting vulnerability in Cisco IOS XE Multiple vulnerabilities in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web UI of the affected software. | 6.1 |
| 2018-03-28 | CVE-2018-0189 | Unspecified vulnerability in Cisco IOS XE A vulnerability in the Forwarding Information Base (FIB) code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, network attacker to cause a denial of service (DoS) condition. | 5.3 |
| 2018-03-28 | CVE-2018-0188 | Cross-site Scripting vulnerability in Cisco IOS XE Multiple vulnerabilities in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web UI of the affected software. | 6.1 |