Vulnerabilities > Cisco

DATE CVE VULNERABILITY TITLE RISK
2017-09-07 CVE-2017-6627 Improper Resource Shutdown or Release vulnerability in Cisco IOS and IOS XE
A vulnerability in the UDP processing code of Cisco IOS 15.1, 15.2, and 15.4 and IOS XE 3.14 through 3.18 could allow an unauthenticated, remote attacker to cause the input queue of an affected system to hold UDP packets, causing an interface queue wedge and a denial of service (DoS) condition.
network
low complexity
cisco CWE-404
7.5
2017-09-07 CVE-2017-12227 SQL Injection vulnerability in Cisco Emergency Responder
A vulnerability in the SQL database interface for Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a blind SQL injection attack.
network
low complexity
cisco CWE-89
5.4
2017-09-07 CVE-2017-12225 Session Fixation vulnerability in Cisco Prime LAN Management Solution 4.2(5)
A vulnerability in the web functionality of the Cisco Prime LAN Management Solution could allow an authenticated, remote attacker to hijack another user's administrative session, aka a Session Fixation Vulnerability.
network
low complexity
cisco CWE-384
6.5
2017-09-07 CVE-2017-12224 Information Exposure vulnerability in Cisco Meeting Server
A vulnerability in the ability for guest users to join meetings via a hyperlink with Cisco Meeting Server could allow an authenticated, remote attacker to enter a meeting with a hyperlink URL, even though access should be denied.
network
low complexity
cisco CWE-200
6.5
2017-09-07 CVE-2017-12223 Improper Input Validation vulnerability in Cisco Ir800 Integrated Services Router Firmware
A vulnerability in the ROM Monitor (ROMMON) code of Cisco IR800 Integrated Services Router Software could allow an unauthenticated, local attacker to boot an unsigned Hypervisor on an affected device and compromise the integrity of the system.
high complexity
cisco CWE-20
6.4
2017-09-07 CVE-2017-12221 Cross-site Scripting vulnerability in Cisco Firepower Management Center
A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected software.
network
low complexity
cisco CWE-79
5.4
2017-09-07 CVE-2017-12220 Cross-site Scripting vulnerability in Cisco Firepower Management Center
A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.
network
low complexity
cisco CWE-79
6.1
2017-09-07 CVE-2017-12218 Improper Input Validation vulnerability in Cisco Asyncos
A vulnerability in the malware detection functionality within Advanced Malware Protection (AMP) of Cisco AsyncOS Software for Cisco Email Security Appliances (ESAs) could allow an unauthenticated, remote attacker to cause an email attachment containing malware to be delivered to the end user.
network
low complexity
cisco CWE-20
5.8
2017-09-07 CVE-2017-12217 Improper Input Validation vulnerability in Cisco ASR 5500 Firmware
A vulnerability in the General Packet Radio Service (GPRS) Tunneling Protocol ingress packet handler of Cisco ASR 5500 System Architecture Evolution (SAE) Gateways could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition on an affected device.
network
low complexity
cisco CWE-20
5.3
2017-09-07 CVE-2017-12216 XXE vulnerability in Cisco Socialminer
A vulnerability in the web-based user interface of Cisco SocialMiner could allow an unauthenticated, remote attacker to have read and write access to information stored in the affected system.
network
low complexity
cisco CWE-611
8.8