Vulnerabilities > Cisco
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-06-13 | CVE-2017-6680 | Improper Input Validation vulnerability in Cisco Ultra Services Framework 21.0.0 A vulnerability in the AutoVNF logging function of Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to create arbitrary directories on the affected system. | 5.0 |
2017-06-13 | CVE-2017-6675 | Cross-site Scripting vulnerability in Cisco Industrial Network Director 1.1(0.176) A vulnerability in the web interface of Cisco Industrial Network Director could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against an affected system. | 4.3 |
2017-06-13 | CVE-2017-6674 | Improper Input Validation vulnerability in Cisco Firesight System A vulnerability in the feature-license management functionality of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass URL filters that have been configured for an affected device. | 5.0 |
2017-06-13 | CVE-2017-6673 | Information Exposure vulnerability in Cisco Firepower Management Center 6.1.0.2/6.2.0 A vulnerability in Cisco Firepower Management Center could allow an authenticated, remote attacker to obtain user information. | 4.0 |
2017-06-13 | CVE-2017-6671 | Improper Input Validation vulnerability in Cisco Email Security Appliance Firmware 10.0.1087/9.7.1066 A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the device, as demonstrated by the Attachment Filter. | 5.0 |
2017-06-13 | CVE-2017-6670 | Open Redirect vulnerability in Cisco Unified Communications Domain Manager 8.1(7)Er1 A vulnerability in the web-based GUI of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect issue. | 5.8 |
2017-06-13 | CVE-2017-6668 | SQL Injection vulnerability in Cisco Unified Communications Domain Manager 8.1(7)Er1 Vulnerabilities in the web-based GUI of Cisco Unified Communications Domain Manager (CUCDM) could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. | 4.0 |
2017-06-13 | CVE-2017-6667 | Improper Input Validation vulnerability in Cisco Context Service Development KIT 2.0 A vulnerability in the update process for the dynamic JAR file of the Cisco Context Service software development kit (SDK) could allow an unauthenticated, remote attacker to execute arbitrary code on the affected device with the privileges of the web server. | 10.0 |
2017-06-13 | CVE-2017-6666 | Local Denial of Service vulnerability in Cisco IOS XR Software A vulnerability in the forwarding component of Cisco IOS XR Software for Cisco Network Convergence System (NCS) 5500 Series Routers could allow an authenticated, local attacker to cause the router to stop forwarding data traffic across Traffic Engineering (TE) tunnels, resulting in a denial of service (DoS) condition. local cisco | 1.9 |
2017-06-13 | CVE-2017-6661 | Cross-site Scripting vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device, aka Message Tracking XSS. | 4.3 |