Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-10 | CVE-2017-6727 | Improper Input Validation vulnerability in Cisco Wide Area Application Services 6.2(3A) A vulnerability in the Server Message Block (SMB) protocol of Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device due to a process restarting unexpectedly and creating Core Dump files. | 5.0 |
| 2017-07-10 | CVE-2017-6726 | Information Exposure vulnerability in Cisco Prime Network 4.2(1.0)P1 A vulnerability in the CLI of the Cisco Prime Network Gateway could allow an authenticated, local attacker to retrieve system process information, which could lead to the disclosure of confidential information. | 2.1 |
| 2017-07-06 | CVE-2017-6714 | OS Command Injection vulnerability in Cisco Ultra Services Framework Staging Server A vulnerability in the AutoIT service of Cisco Ultra Services Framework Staging Server could allow an unauthenticated, remote attacker to execute arbitrary shell commands as the Linux root user. | 10.0 |
| 2017-07-06 | CVE-2017-6713 | Allocation of Resources Without Limits or Throttling vulnerability in Cisco Elastic Services Controller A vulnerability in the Play Framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to gain full access to the affected system. | 10.0 |
| 2017-07-06 | CVE-2017-6712 | OS Command Injection vulnerability in Cisco Elastic Services Controller A vulnerability in certain commands of Cisco Elastic Services Controller could allow an authenticated, remote attacker to elevate privileges to root and run dangerous commands on the server. | 9.0 |
| 2017-07-06 | CVE-2017-6711 | Improper Authentication vulnerability in Cisco Ultra Services Framework A vulnerability in the Ultra Automation Service (UAS) of the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to gain unauthorized access to a targeted device. | 6.4 |
| 2017-07-06 | CVE-2017-6709 | Information Exposure Through Log Files vulnerability in Cisco Ultra Services Framework A vulnerability in the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to access administrative credentials for Cisco Elastic Services Controller (ESC) and Cisco OpenStack deployments in an affected system. | 5.0 |
| 2017-07-06 | CVE-2017-6708 | Information Exposure vulnerability in Cisco Ultra Services Framework A vulnerability in the symbolic link (symlink) creation functionality of the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to read sensitive files or execute malicious code on an affected system. | 7.5 |
| 2017-07-06 | CVE-2017-6707 | OS Command Injection vulnerability in Cisco Staros A vulnerability in the CLI command-parsing code of the Cisco StarOS operating system for Cisco ASR 5000 Series 11.0 through 21.0, 5500 Series, and 5700 Series devices and Cisco Virtualized Packet Core (VPC) Software could allow an authenticated, local attacker to break from the StarOS CLI of an affected system and execute arbitrary shell commands as a Linux root user on the system, aka Command Injection. | 7.2 |
| 2017-07-04 | CVE-2017-6725 | Cross-site Scripting vulnerability in Cisco Prime Infrastructure 2.2(2) A vulnerability in the web framework code of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. | 4.3 |