Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-16 | CVE-2017-12306 | Download of Code Without Integrity Check vulnerability in Cisco Conference Director 20170815 A vulnerability in the upgrade process of Cisco Spark Board could allow an authenticated, local attacker to install an unverified upgrade package, aka Signature Verification Bypass. | 4.4 |
| 2017-11-16 | CVE-2017-12305 | OS Command Injection vulnerability in Cisco IP Phone 8800 Series Firmware A vulnerability in the debug interface of Cisco IP Phone 8800 series could allow an authenticated, local attacker to execute arbitrary commands, aka Debug Shell Command Injection. | 6.7 |
| 2017-11-16 | CVE-2017-12304 | Cross-site Scripting vulnerability in Cisco IOS 15.7(2.0Z)M A vulnerability in the IOS daemon (IOSd) web-based management interface of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface on an affected device. | 6.1 |
| 2017-11-16 | CVE-2017-12303 | Improperly Implemented Security Check for Standard vulnerability in Cisco Asyncos 10.1.1234/10.1.1235 A vulnerability in the Advanced Malware Protection (AMP) file filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured AMP file filtering rule. | 5.3 |
| 2017-11-16 | CVE-2017-12302 | SQL Injection vulnerability in Cisco Unified Communications Domain Manager A vulnerability in the Cisco Unified Communications Manager SQL database interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. | 4.3 |
| 2017-11-16 | CVE-2017-12300 | Improper Input Validation vulnerability in Cisco Firepower Management Center A vulnerability in the SNORT detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a file policy that is configured to block the Server Message Block Version 2 (SMB2) protocol. | 5.8 |
| 2017-11-16 | CVE-2017-12299 | Improper Input Validation vulnerability in Cisco Firepower Extensible Operating System 2.2(1.58) A vulnerability exists in the process of creating default IP blocks during device initialization for Cisco ASA Next-Generation Firewall Services that could allow an unauthenticated, remote attacker to send traffic to the local IP address of the device, bypassing any filters that are configured to deny local IP management traffic. | 5.3 |
| 2017-11-16 | CVE-2017-12292 | Cross-site Scripting vulnerability in Cisco Email Encryption 5.3.0/5.3.0038 Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. | 6.1 |
| 2017-11-16 | CVE-2017-12291 | Cross-site Scripting vulnerability in Cisco Email Encryption 5.3.0/5.3.0038 Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. | 6.1 |
| 2017-11-16 | CVE-2017-12290 | Cross-site Scripting vulnerability in Cisco Email Encryption 5.3.0/5.3.0038 Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. | 6.1 |