Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-19 | CVE-2015-0689 | Data Processing Errors vulnerability in Cisco Cloud web Security Cisco Cloud Web Security before 3.0.1.7 allows remote attackers to bypass intended filtering protection mechanisms by leveraging improper handling of HTTP methods, aka Bug ID CSCut69743. | 7.5 |
| 2017-09-15 | CVE-2017-9805 | Deserialization of Untrusted Data vulnerability in multiple products The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads. | 8.1 |
| 2017-09-13 | CVE-2017-12249 | Exposure of Resource to Wrong Sphere vulnerability in Cisco Meeting Server A vulnerability in the Traversal Using Relay NAT (TURN) server included with Cisco Meeting Server (CMS) could allow an authenticated, remote attacker to gain unauthenticated or unauthorized access to components of or sensitive information in an affected system. | 9.1 |
| 2017-09-07 | CVE-2017-6796 | OS Command Injection vulnerability in Cisco IOS XE A vulnerability in the USB-modem code of Cisco IOS XE Software running on Cisco ASR 920 Series Aggregation Services Routers could allow an authenticated, local attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. | 6.7 |
| 2017-09-07 | CVE-2017-6795 | Improper Input Validation vulnerability in Cisco IOS XE A vulnerability in the USB-modem code of Cisco IOS XE Software running on Cisco ASR 920 Series Aggregation Services Routers could allow an authenticated, local attacker to overwrite arbitrary files on the underlying operating system of an affected device. | 4.4 |
| 2017-09-07 | CVE-2017-6794 | Command Injection vulnerability in Cisco Meeting Server A vulnerability in the CLI command-parsing code of Cisco Meeting Server could allow an authenticated, local attacker to perform command injection and escalate their privileges to root. | 6.7 |
| 2017-09-07 | CVE-2017-6793 | Information Exposure vulnerability in Cisco Prime Collaboration Provisioning A vulnerability in the Inventory Management feature of Cisco Prime Collaboration Provisioning Tool could allow an authenticated, remote attacker to view sensitive information on the system. | 6.5 |
| 2017-09-07 | CVE-2017-6792 | Improper Input Validation vulnerability in Cisco Prime Collaboration Provisioning A vulnerability in the batch provisioning feature in Cisco Prime Collaboration Provisioning Tool could allow an authenticated, remote attacker to overwrite system files as root. | 6.5 |
| 2017-09-07 | CVE-2017-6791 | Unspecified vulnerability in Cisco Unified Communications Manager A vulnerability in the Trust Verification Service (TVS) of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 7.5 |
| 2017-09-07 | CVE-2017-6789 | Cross-site Scripting vulnerability in Cisco Unified Intelligence Center 11.0(1)Es10 A vulnerability in the Cisco Unified Intelligence Center web interface could allow an unauthenticated, remote attacker to impact the integrity of the system by executing a Document Object Model (DOM)-based, environment or client-side cross-site scripting (XSS) attack. | 6.1 |