Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-16 | CVE-2017-12300 | Improper Input Validation vulnerability in Cisco Firepower Management Center A vulnerability in the SNORT detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a file policy that is configured to block the Server Message Block Version 2 (SMB2) protocol. | 5.0 |
| 2017-11-16 | CVE-2017-12299 | Improper Input Validation vulnerability in Cisco Firepower Extensible Operating System 2.2(1.58) A vulnerability exists in the process of creating default IP blocks during device initialization for Cisco ASA Next-Generation Firewall Services that could allow an unauthenticated, remote attacker to send traffic to the local IP address of the device, bypassing any filters that are configured to deny local IP management traffic. | 5.0 |
| 2017-11-16 | CVE-2017-12292 | Cross-site Scripting vulnerability in Cisco Email Encryption 5.3.0/5.3.0038 Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. | 4.3 |
| 2017-11-16 | CVE-2017-12291 | Cross-site Scripting vulnerability in Cisco Email Encryption 5.3.0/5.3.0038 Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. | 4.3 |
| 2017-11-16 | CVE-2017-12290 | Cross-site Scripting vulnerability in Cisco Email Encryption 5.3.0/5.3.0038 Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. | 4.3 |
| 2017-11-02 | CVE-2017-12295 | Information Exposure vulnerability in Cisco Webex Meetings Server A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access sensitive data about the application. | 5.0 |
| 2017-11-02 | CVE-2017-12294 | Cross-site Scripting vulnerability in Cisco Webex Meetings Server A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected system. | 3.5 |
| 2017-11-02 | CVE-2017-12283 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Aironet 3800 Firmware A vulnerability in the handling of 802.11w Protected Management Frames (PAF) by Cisco Aironet 3800 Series Access Points could allow an unauthenticated, adjacent attacker to terminate a valid user connection to an affected device, aka Denial of Service. | 2.9 |
| 2017-11-02 | CVE-2017-12282 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Wireless LAN Controller Software A vulnerability in the Access Network Query Protocol (ANQP) ingress frame processing functionality of Cisco Wireless LAN Controllers could allow an unauthenticated, Layer 2 RF-adjacent attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. | 5.7 |
| 2017-11-02 | CVE-2017-12281 | Improper Authentication vulnerability in Cisco products A vulnerability in the implementation of Protected Extensible Authentication Protocol (PEAP) functionality for standalone configurations of Cisco Aironet 1800, 2800, and 3800 Series Access Points could allow an unauthenticated, adjacent attacker to bypass authentication and connect to an affected device. | 5.4 |