Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-30 | CVE-2017-12332 | Unrestricted Upload of File with Dangerous Type vulnerability in Cisco Nx-Os and Unified Computing System A vulnerability in Cisco NX-OS System Software patch installation could allow an authenticated, local attacker to write a file to arbitrary locations. | 4.4 |
| 2017-11-30 | CVE-2017-12331 | Improper Verification of Cryptographic Signature vulnerability in Cisco Nx-Os and Unified Computing System A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software patch. | 6.7 |
| 2017-11-30 | CVE-2017-12330 | Command Injection vulnerability in Cisco Nx-Os 7.0(0)Hsk(0.357)/8.1(0)Bd(0.20)/8.1(1) A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. | 6.3 |
| 2017-11-30 | CVE-2017-12329 | Command Injection vulnerability in Cisco products A vulnerability in the CLI of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. | 6.3 |
| 2017-11-30 | CVE-2017-12328 | Improper Input Validation vulnerability in Cisco IP Phone 8800 Series Firmware 11.0(0.1) A vulnerability in Session Initiation Protocol (SIP) call handling in Cisco IP Phone 8800 Series devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the SIP process unexpectedly restarts. | 5.8 |
| 2017-11-30 | CVE-2017-12297 | Improper Input Validation vulnerability in Cisco Webex Meeting Center A vulnerability in Cisco WebEx Meeting Center could allow an authenticated, remote attacker to initiate connections to arbitrary hosts, aka a "URL Redirection Vulnerability." The vulnerability is due to insufficient access control for HTTP traffic directed to the Cisco WebEx Meeting Center. | 5.0 |
| 2017-11-16 | CVE-2017-12350 | Use of Hard-coded Credentials vulnerability in Cisco Umbrella Insights Virtual Appliance A vulnerability in Cisco Umbrella Insights Virtual Appliances 2.1.0 and earlier could allow an authenticated, local attacker to log in to an affected virtual appliance with root privileges. | 8.2 |
| 2017-11-16 | CVE-2017-12337 | Improper Authentication vulnerability in Cisco products A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affected device. | 9.8 |
| 2017-11-16 | CVE-2017-12323 | Cross-site Scripting vulnerability in Cisco Registered Envelope Service Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. | 6.1 |
| 2017-11-16 | CVE-2017-12322 | Cross-site Scripting vulnerability in Cisco Email Encryption 5.3.0038 Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. | 6.1 |