Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-17 | CVE-2017-6776 | Cross-site Scripting vulnerability in Cisco Elastic Services Controller 2.2(9.76)/2.3(1) A vulnerability in the web framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. | 6.1 |
| 2017-08-17 | CVE-2017-6775 | Unspecified vulnerability in Cisco ASR 5000 Software 21.0.V0.65839 A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to elevate their privileges to admin-level privileges. | 5.7 |
| 2017-08-17 | CVE-2017-6774 | Files or Directories Accessible to External Parties vulnerability in Cisco ASR 5000 Software 21.0.V0.65839 A vulnerability in Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify sensitive system files. | 5.0 |
| 2017-08-17 | CVE-2017-6773 | Improper Input Validation vulnerability in Cisco ASR 5000 Software 21.0.V0.65839 A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to bypass the CLI restrictions and execute commands on the underlying operating system. | 6.7 |
| 2017-08-17 | CVE-2017-6772 | Information Exposure vulnerability in Cisco Elastic Services Controller 2.3(2) A vulnerability in Cisco Elastic Services Controller (ESC) could allow an authenticated, remote attacker to view sensitive information. | 4.3 |
| 2017-08-17 | CVE-2017-6771 | Information Exposure vulnerability in Cisco Ultra Services Framework 21.0.V0.65839 A vulnerability in the AutoVNF automation tool of the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to acquire sensitive information. | 7.5 |
| 2017-08-17 | CVE-2017-6768 | Untrusted Search Path vulnerability in Cisco Application Policy Infrastructure Controller A vulnerability in the build procedure for certain executable system files installed at boot time on Cisco Application Policy Infrastructure Controller (APIC) devices could allow an authenticated, local attacker to gain root-level privileges. | 7.8 |
| 2017-08-17 | CVE-2017-6767 | Improper Privilege Management vulnerability in Cisco Application Policy Infrastructure Controller A vulnerability in Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to gain higher privileges than the account is assigned. | 7.1 |
| 2017-08-17 | CVE-2017-6710 | OS Command Injection vulnerability in Cisco Virtual Network Function Element Manager 5.0.3/5.1.3 A vulnerability in the Cisco Virtual Network Function (VNF) Element Manager could allow an authenticated, remote attacker to elevate privileges and run commands in the context of the root user on the server. | 8.1 |
| 2017-08-07 | CVE-2017-6770 | Improper Input Validation vulnerability in Cisco products Cisco IOS 12.0 through 15.6, Adaptive Security Appliance (ASA) Software 7.0.1 through 9.7.1.2, NX-OS 4.0 through 12.0, and IOS XE 3.6 through 3.18 are affected by a vulnerability involving the Open Shortest Path First (OSPF) Routing Protocol Link State Advertisement (LSA) database. | 4.2 |