Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-17 | CVE-2017-6767 | Improper Privilege Management vulnerability in Cisco Application Policy Infrastructure Controller A vulnerability in Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to gain higher privileges than the account is assigned. | 7.1 |
| 2017-08-17 | CVE-2017-6710 | OS Command Injection vulnerability in Cisco Virtual Network Function Element Manager 5.0.3/5.1.3 A vulnerability in the Cisco Virtual Network Function (VNF) Element Manager could allow an authenticated, remote attacker to elevate privileges and run commands in the context of the root user on the server. | 8.1 |
| 2017-08-07 | CVE-2017-6770 | Improper Input Validation vulnerability in Cisco products Cisco IOS 12.0 through 15.6, Adaptive Security Appliance (ASA) Software 7.0.1 through 9.7.1.2, NX-OS 4.0 through 12.0, and IOS XE 3.6 through 3.18 are affected by a vulnerability involving the Open Shortest Path First (OSPF) Routing Protocol Link State Advertisement (LSA) database. | 4.2 |
| 2017-08-07 | CVE-2017-6769 | Cross-site Scripting vulnerability in Cisco Secure Access Control System 5.8(0.8)/5.8(1.5) A vulnerability in the web-based management interface of the Cisco Secure Access Control System (ACS) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of the affected system. | 5.4 |
| 2017-08-07 | CVE-2017-6766 | Unspecified vulnerability in Cisco Firesight System Software A vulnerability in the Secure Sockets Layer (SSL) Decryption and Inspection feature of Cisco Firepower System Software 5.4.0, 5.4.1, 6.0.0, 6.1.0, 6.2.0, 6.2.1, and 6.2.2 could allow an unauthenticated, remote attacker to bypass the SSL policy for decrypting and inspecting traffic on an affected system. | 7.5 |
| 2017-08-07 | CVE-2017-6765 | Cross-site Scripting vulnerability in Cisco Adaptive Security Appliance Software 9.1(6.11)/9.4(1.2) A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) 9.1(6.11) and 9.4(1.2) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device, aka WebVPN XSS. | 6.1 |
| 2017-08-07 | CVE-2017-6764 | Cross-site Scripting vulnerability in Cisco Adaptive Security Appliance Software 9.5(1) A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) 9.5(1) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 5.4 |
| 2017-08-07 | CVE-2017-6763 | Improper Input Validation vulnerability in Cisco Meeting Server 2.1.4 A vulnerability in the implementation of the H.264 protocol in Cisco Meeting Server (CMS) 2.1.4 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. | 7.5 |
| 2017-08-07 | CVE-2017-6762 | Cross-site Scripting vulnerability in Cisco Jabber Guest A vulnerability in the web-based management interface of Cisco Jabber Guest Server 10.6(9), 11.0(0), and 11.0(1) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. | 6.1 |
| 2017-08-07 | CVE-2017-6761 | Cross-site Scripting vulnerability in Cisco Finesse 10.6(1)/11.5(1) A vulnerability in the web-based management interface of Cisco Finesse 10.6(1) and 11.5(1) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 6.1 |