Vulnerabilities > Cisco

DATE CVE VULNERABILITY TITLE RISK
2017-11-16 CVE-2017-12313 Untrusted Search Path vulnerability in Cisco Packet Tracer
An untrusted search path (aka DLL Preload) vulnerability in the Cisco Network Academy Packet Tracer software could allow an authenticated, local attacker to execute arbitrary code via DLL hijacking if a local user with administrative privileges executes the installer in the current working directory where a crafted DLL has been placed by an attacker.
local
low complexity
cisco CWE-426
6.7
2017-11-16 CVE-2017-12312 Untrusted Search Path vulnerability in Cisco Advanced Malware Protection for Endpoints 3.1.0
An untrusted search path (aka DLL Preloading) vulnerability in the Cisco Immunet antimalware installer could allow an authenticated, local attacker to execute arbitrary code via DLL hijacking if a local user with administrative privileges executes the installer in the current working directory where a crafted DLL has been placed by an attacker.
local
low complexity
cisco CWE-426
6.7
2017-11-16 CVE-2017-12311 Improper Input Validation vulnerability in Cisco Meeting Server
A vulnerability in the H.264 decoder function of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a Cisco Meeting Server media process to restart unexpectedly when it receives an illegal H.264 frame.
network
low complexity
cisco CWE-20
5.8
2017-11-16 CVE-2017-12309 HTTP Response Splitting vulnerability in Cisco Email Security Appliance Firmware 10.0.2020/11.0.0105
A vulnerability in the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a HTTP response splitting attack.
network
low complexity
cisco CWE-113
5.3
2017-11-16 CVE-2017-12306 Download of Code Without Integrity Check vulnerability in Cisco Conference Director 20170815
A vulnerability in the upgrade process of Cisco Spark Board could allow an authenticated, local attacker to install an unverified upgrade package, aka Signature Verification Bypass.
local
low complexity
cisco CWE-494
4.4
2017-11-16 CVE-2017-12305 OS Command Injection vulnerability in Cisco IP Phone 8800 Series Firmware
A vulnerability in the debug interface of Cisco IP Phone 8800 series could allow an authenticated, local attacker to execute arbitrary commands, aka Debug Shell Command Injection.
local
low complexity
cisco CWE-78
6.7
2017-11-16 CVE-2017-12304 Cross-site Scripting vulnerability in Cisco IOS 15.7(2.0Z)M
A vulnerability in the IOS daemon (IOSd) web-based management interface of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface on an affected device.
network
low complexity
cisco CWE-79
6.1
2017-11-16 CVE-2017-12303 Improperly Implemented Security Check for Standard vulnerability in Cisco Asyncos 10.1.1234/10.1.1235
A vulnerability in the Advanced Malware Protection (AMP) file filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured AMP file filtering rule.
network
low complexity
cisco CWE-358
5.3
2017-11-16 CVE-2017-12302 SQL Injection vulnerability in Cisco Unified Communications Domain Manager
A vulnerability in the Cisco Unified Communications Manager SQL database interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection.
network
low complexity
cisco CWE-89
4.3
2017-11-16 CVE-2017-12300 Improper Input Validation vulnerability in Cisco Secure Firewall Management Center
A vulnerability in the SNORT detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a file policy that is configured to block the Server Message Block Version 2 (SMB2) protocol.
network
low complexity
cisco CWE-20
5.8