Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-07 | CVE-2017-6794 | Command Injection vulnerability in Cisco Meeting Server A vulnerability in the CLI command-parsing code of Cisco Meeting Server could allow an authenticated, local attacker to perform command injection and escalate their privileges to root. | 6.7 |
| 2017-09-07 | CVE-2017-6793 | Information Exposure vulnerability in Cisco Prime Collaboration Provisioning A vulnerability in the Inventory Management feature of Cisco Prime Collaboration Provisioning Tool could allow an authenticated, remote attacker to view sensitive information on the system. | 6.5 |
| 2017-09-07 | CVE-2017-6792 | Improper Input Validation vulnerability in Cisco Prime Collaboration Provisioning A vulnerability in the batch provisioning feature in Cisco Prime Collaboration Provisioning Tool could allow an authenticated, remote attacker to overwrite system files as root. | 6.5 |
| 2017-09-07 | CVE-2017-6791 | Unspecified vulnerability in Cisco Unified Communications Manager A vulnerability in the Trust Verification Service (TVS) of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 7.5 |
| 2017-09-07 | CVE-2017-6789 | Cross-site Scripting vulnerability in Cisco Unified Intelligence Center 11.0(1)Es10 A vulnerability in the Cisco Unified Intelligence Center web interface could allow an unauthenticated, remote attacker to impact the integrity of the system by executing a Document Object Model (DOM)-based, environment or client-side cross-site scripting (XSS) attack. | 6.1 |
| 2017-09-07 | CVE-2017-6780 | Allocation of Resources Without Limits or Throttling vulnerability in Cisco products A vulnerability in the TCP throttling process for Cisco IoT Field Network Director (IoT-FND) could allow an unauthenticated, remote attacker to cause the system to consume additional memory, eventually forcing the device to restart, aka Memory Exhaustion. | 7.5 |
| 2017-09-07 | CVE-2017-6631 | Unspecified vulnerability in Cisco products A vulnerability in the HTTP remote procedure call (RPC) service of set-top box (STB) receivers manufactured by Cisco for Yes could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 7.5 |
| 2017-09-07 | CVE-2017-6627 | Improper Resource Shutdown or Release vulnerability in Cisco IOS and IOS XE A vulnerability in the UDP processing code of Cisco IOS 15.1, 15.2, and 15.4 and IOS XE 3.14 through 3.18 could allow an unauthenticated, remote attacker to cause the input queue of an affected system to hold UDP packets, causing an interface queue wedge and a denial of service (DoS) condition. | 7.5 |
| 2017-09-07 | CVE-2017-12227 | SQL Injection vulnerability in Cisco Emergency Responder A vulnerability in the SQL database interface for Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a blind SQL injection attack. | 5.4 |
| 2017-09-07 | CVE-2017-12225 | Session Fixation vulnerability in Cisco Prime LAN Management Solution 4.2(5) A vulnerability in the web functionality of the Cisco Prime LAN Management Solution could allow an authenticated, remote attacker to hijack another user's administrative session, aka a Session Fixation Vulnerability. | 6.5 |