Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-08 | CVE-2018-0209 | Unspecified vulnerability in Cisco Small Business 500 Series Stackable Managed Switches Firmware 2.2.5.68/2.3.0.130 A vulnerability in the Simple Network Management Protocol (SNMP) subsystem communication channel through the Cisco 550X Series Stackable Managed Switches could allow an authenticated, remote attacker to cause the device to reload unexpectedly, causing a denial of service (DoS) condition. | 7.7 |
| 2018-03-08 | CVE-2018-0208 | Cross-site Scripting vulnerability in Cisco Email Encryption 5.3.0 A vulnerability in the web-based management interface of the (cloud based) Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected service. | 5.4 |
| 2018-03-08 | CVE-2018-0207 | XXE vulnerability in Cisco Secure Access Control Server Solution Engine 5.8(0.8) A vulnerability in the web-based user interface of the Cisco Secure Access Control Server prior to 5.8 patch 9 could allow an unauthenticated, remote attacker to gain read access to certain information in the affected system. | 3.3 |
| 2018-03-08 | CVE-2018-0147 | Deserialization of Untrusted Data vulnerability in Cisco Secure Access Control System 5.2(0.3) A vulnerability in Java deserialization used by Cisco Secure Access Control System (ACS) prior to release 5.8 patch 9 could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. | 9.8 |
| 2018-03-08 | CVE-2018-0144 | Cross-site Scripting vulnerability in Cisco Prime Data Center Network Manager 10.4(1.109) A vulnerability in the web-based management interface of Cisco Prime Data Center Network Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 6.1 |
| 2018-03-08 | CVE-2018-0141 | Use of Hard-coded Credentials vulnerability in Cisco products A vulnerability in Cisco Prime Collaboration Provisioning (PCP) Software 11.6 could allow an unauthenticated, local attacker to log in to the underlying Linux operating system. | 8.4 |
| 2018-03-08 | CVE-2018-0087 | Improper Authentication vulnerability in Cisco Asyncos 10.5.1296 A vulnerability in the FTP server of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to log in to the FTP server of the device without a valid password. | 5.6 |
| 2018-03-05 | CVE-2017-17428 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits (SDKs) allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack. | 5.9 |
| 2018-02-22 | CVE-2018-0206 | Cross-site Scripting vulnerability in Cisco Unified Communications Manager 11.5(1.13900.52) A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 6.1 |
| 2018-02-22 | CVE-2018-0205 | Cross-site Scripting vulnerability in Cisco Prime Collaboration Provisioning 12.1 A vulnerability in the User Provisioning tab in the Cisco Prime Collaboration Provisioning Tool could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. | 6.1 |