Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-30 | CVE-2017-12351 | Exposure of Resource to Wrong Sphere vulnerability in Cisco Nx-Os 7.0(3)I7(1)/8.1(0)Bd(0.20) A vulnerability in the guest shell feature of Cisco NX-OS System Software could allow an authenticated, local attacker to read and send packets outside the scope of the guest shell container. | 5.7 |
| 2017-11-30 | CVE-2017-12349 | Cross-site Scripting vulnerability in Cisco Unified Computing System Central Software 2.2(1A)A Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface. | 5.4 |
| 2017-11-30 | CVE-2017-12348 | Cross-site Scripting vulnerability in Cisco Unified Computing System Central Software 2.2(1A)A Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface. | 5.4 |
| 2017-11-30 | CVE-2017-12347 | Cross-site Scripting vulnerability in Cisco Data Center Network Manager 10.2(1) Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. | 6.1 |
| 2017-11-30 | CVE-2017-12346 | Cross-site Scripting vulnerability in Cisco Data Center Network Manager 10.2(1) Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. | 6.1 |
| 2017-11-30 | CVE-2017-12345 | Cross-site Scripting vulnerability in Cisco Data Center Network Manager 10.2(1) Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. | 4.7 |
| 2017-11-30 | CVE-2017-12344 | Open Redirect vulnerability in Cisco Data Center Network Manager 10.2(1) Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. | 6.1 |
| 2017-11-30 | CVE-2017-12343 | Cross-site Scripting vulnerability in Cisco Data Center Network Manager 10.3(1)S3 Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. | 8.8 |
| 2017-11-30 | CVE-2017-12342 | Exposure of Resource to Wrong Sphere vulnerability in Cisco Nx-Os 7.0(0)Hsk(0.357)/8.1(1) A vulnerability in the Open Agent Container (OAC) feature of Cisco Nexus Series Switches could allow an unauthenticated, local attacker to read and send packets outside the scope of the OAC. | 6.8 |
| 2017-11-30 | CVE-2017-12341 | Command Injection vulnerability in Cisco Nx-Os and Unified Computing System A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. | 6.7 |