Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-02 | CVE-2017-12243 | OS Command Injection vulnerability in Cisco products A vulnerability in the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to obtain root shell privileges on the device, aka Command Injection. | 7.2 |
| 2017-10-24 | CVE-2014-0691 | Insufficient Entropy vulnerability in Cisco Webex Meetings Server 1.0 Cisco WebEx Meetings Server before 1.1 uses meeting IDs with insufficient entropy, which makes it easier for remote attackers to bypass authentication and join arbitrary meetings without a password, aka Bug ID CSCuc79643. | 5.0 |
| 2017-10-23 | CVE-2017-15805 | Path Traversal vulnerability in Cisco products Cisco Small Business SA520 and SA540 devices with firmware 2.1.71 and 2.2.0.7 allow ../ directory traversal in scgi-bin/platform.cgi via the thispage parameter, for reading arbitrary files. | 5.0 |
| 2017-10-22 | CVE-2017-12317 | Use of Hard-coded Credentials vulnerability in Cisco Advanced Malware Protection The Cisco AMP For Endpoints application allows an authenticated, local attacker to access a static key value stored in the local application software. | 4.6 |
| 2017-10-19 | CVE-2017-3883 | Allocation of Resources Without Limits or Throttling vulnerability in Cisco Firepower Extensible Operating System, Fxos and Nx-Os A vulnerability in the authentication, authorization, and accounting (AAA) implementation of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System Software could allow an unauthenticated, remote attacker to cause an affected device to reload. | 8.6 |
| 2017-10-19 | CVE-2017-12301 | Improper Input Validation vulnerability in Cisco Nx-Os A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and gain unauthorized access to the underlying operating system of the device. | 7.2 |
| 2017-10-19 | CVE-2017-12298 | Cross-site Scripting vulnerability in Cisco Webex Meeting Center A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. | 4.3 |
| 2017-10-19 | CVE-2017-12296 | Cross-site Scripting vulnerability in Cisco Webex Meetings Server 2.6/2.7/2.8 A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected system. | 4.3 |
| 2017-10-19 | CVE-2017-12293 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Webex Meetings Server 2.7 A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. | 5.0 |
| 2017-10-19 | CVE-2017-12289 | Information Exposure vulnerability in Cisco IOS A vulnerability in conditional, verbose debug logging for the IPsec feature of Cisco IOS XE Software could allow an authenticated, local attacker to display sensitive IPsec information in the system log file. | 2.1 |