Vulnerabilities > Cisco

DATE CVE VULNERABILITY TITLE RISK
2018-03-08 CVE-2018-0087 Improper Authentication vulnerability in Cisco Asyncos 10.5.1296
A vulnerability in the FTP server of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to log in to the FTP server of the device without a valid password.
network
high complexity
cisco CWE-287
5.6
5.6
2018-03-05 CVE-2017-17428 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits (SDKs) allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.
network
high complexity
cavium cisco CWE-327
5.9
5.9
2018-02-22 CVE-2018-0206 Cross-site Scripting vulnerability in Cisco Unified Communications Manager 11.5(1.13900.52)
A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.
network
low complexity
cisco CWE-79
6.1
6.1
2018-02-22 CVE-2018-0205 Cross-site Scripting vulnerability in Cisco Prime Collaboration Provisioning 12.1
A vulnerability in the User Provisioning tab in the Cisco Prime Collaboration Provisioning Tool could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack.
network
low complexity
cisco CWE-79
6.1
6.1
2018-02-22 CVE-2018-0204 Weak Password Requirements vulnerability in Cisco Prime Collaboration Provisioning 12.1
A vulnerability in the web portal of the Cisco Prime Collaboration Provisioning Tool could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition for individual users.
network
low complexity
cisco CWE-521
7.5
7.5
2018-02-22 CVE-2018-0203 Unspecified vulnerability in Cisco Unity Connection
A vulnerability in the SMTP relay of Cisco Unity Connection could allow an unauthenticated, remote attacker to send unsolicited email messages, aka a Mail Relay Vulnerability.
network
low complexity
cisco
5.3
5.3
2018-02-22 CVE-2018-0201 Cross-site Scripting vulnerability in Cisco Jabber 11.9/11.9(.0)
A vulnerability in Cisco Jabber Client Framework (JCF) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected device.
network
low complexity
cisco CWE-79
5.4
5.4
2018-02-22 CVE-2018-0200 Cross-site Scripting vulnerability in Cisco Prime Service Catalog
A vulnerability in the web-based interface of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based interface of an affected product.
network
low complexity
cisco CWE-79
6.1
6.1
2018-02-22 CVE-2018-0199 Cross-site Scripting vulnerability in Cisco Jabber 11.9/11.9(0)
A vulnerability in Cisco Jabber Client Framework (JCF) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected device.
network
low complexity
cisco CWE-79
6.1
6.1
2018-02-22 CVE-2018-0148 Cross-Site Request Forgery (CSRF) vulnerability in Cisco UCS Director 6.5(0.0.65832)
A vulnerability in the web-based management interface of Cisco UCS Director Software and Cisco Integrated Management Controller (IMC) Supervisor Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system.
network
low complexity
cisco CWE-352
8.8
8.8