Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-16 | CVE-2017-12314 | Uncontrolled Search Path Element vulnerability in Cisco Findit Network Discovery Utility 2.1 A vulnerability in the Cisco FindIT Network Discovery Utility could allow an authenticated, local attacker to perform a DLL preloading attack, potentially causing a partial impact to the device availability, confidentiality, and integrity, aka Insecure Library Loading. | 4.6 |
| 2017-11-16 | CVE-2017-12313 | Improper Input Validation vulnerability in Cisco Packet Tracer An untrusted search path (aka DLL Preload) vulnerability in the Cisco Network Academy Packet Tracer software could allow an authenticated, local attacker to execute arbitrary code via DLL hijacking if a local user with administrative privileges executes the installer in the current working directory where a crafted DLL has been placed by an attacker. | 7.2 |
| 2017-11-16 | CVE-2017-12312 | Improper Input Validation vulnerability in Cisco Advanced Malware Protection for Endpoints 3.1.0 An untrusted search path (aka DLL Preloading) vulnerability in the Cisco Immunet antimalware installer could allow an authenticated, local attacker to execute arbitrary code via DLL hijacking if a local user with administrative privileges executes the installer in the current working directory where a crafted DLL has been placed by an attacker. | 7.2 |
| 2017-11-16 | CVE-2017-12311 | Improper Input Validation vulnerability in Cisco Meeting Server A vulnerability in the H.264 decoder function of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a Cisco Meeting Server media process to restart unexpectedly when it receives an illegal H.264 frame. | 5.0 |
| 2017-11-16 | CVE-2017-12309 | HTTP Response Splitting vulnerability in Cisco Email Security Appliance Firmware 10.0.2020/11.0.0105 A vulnerability in the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a HTTP response splitting attack. | 5.0 |
| 2017-11-16 | CVE-2017-12306 | Download of Code Without Integrity Check vulnerability in Cisco Conference Director 20170815 A vulnerability in the upgrade process of Cisco Spark Board could allow an authenticated, local attacker to install an unverified upgrade package, aka Signature Verification Bypass. | 2.1 |
| 2017-11-16 | CVE-2017-12305 | OS Command Injection vulnerability in Cisco IP Phone 8800 Series Firmware A vulnerability in the debug interface of Cisco IP Phone 8800 series could allow an authenticated, local attacker to execute arbitrary commands, aka Debug Shell Command Injection. | 7.2 |
| 2017-11-16 | CVE-2017-12304 | Cross-site Scripting vulnerability in Cisco IOS 15.7(2.0Z)M A vulnerability in the IOS daemon (IOSd) web-based management interface of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface on an affected device. | 4.3 |
| 2017-11-16 | CVE-2017-12303 | Improperly Implemented Security Check for Standard vulnerability in Cisco Asyncos 10.1.1234/10.1.1235 A vulnerability in the Advanced Malware Protection (AMP) file filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured AMP file filtering rule. | 5.0 |
| 2017-11-16 | CVE-2017-12302 | SQL Injection vulnerability in Cisco Unified Communications Domain Manager A vulnerability in the Cisco Unified Communications Manager SQL database interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. | 4.0 |