Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-06 | CVE-2017-6711 | Improper Authentication vulnerability in Cisco Ultra Services Framework A vulnerability in the Ultra Automation Service (UAS) of the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to gain unauthorized access to a targeted device. | 9.1 |
| 2017-07-06 | CVE-2017-6709 | Insufficiently Protected Credentials vulnerability in Cisco Ultra Services Framework A vulnerability in the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to access administrative credentials for Cisco Elastic Services Controller (ESC) and Cisco OpenStack deployments in an affected system. | 9.8 |
| 2017-07-06 | CVE-2017-6708 | Information Exposure vulnerability in Cisco Ultra Services Framework A vulnerability in the symbolic link (symlink) creation functionality of the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to read sensitive files or execute malicious code on an affected system. | 9.8 |
| 2017-07-06 | CVE-2017-6707 | OS Command Injection vulnerability in Cisco Staros A vulnerability in the CLI command-parsing code of the Cisco StarOS operating system for Cisco ASR 5000 Series 11.0 through 21.0, 5500 Series, and 5700 Series devices and Cisco Virtualized Packet Core (VPC) Software could allow an authenticated, local attacker to break from the StarOS CLI of an affected system and execute arbitrary shell commands as a Linux root user on the system, aka Command Injection. | 8.2 |
| 2017-07-04 | CVE-2017-6725 | Cross-site Scripting vulnerability in Cisco Prime Infrastructure 2.2(2) A vulnerability in the web framework code of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. | 6.1 |
| 2017-07-04 | CVE-2017-6724 | Cross-site Scripting vulnerability in Cisco Prime Infrastructure 3.1(0.0) A vulnerability in the web framework code of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. | 6.1 |
| 2017-07-04 | CVE-2017-6722 | Improper Authentication vulnerability in Cisco Unified Contact Center Express 11.5.1Es01/11.5.1Su1/11.5(1) A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of Cisco Unified Contact Center Express (UCCx) could allow an unauthenticated, remote attacker to masquerade as a legitimate user, aka a Clear Text Authentication Vulnerability. | 6.1 |
| 2017-07-04 | CVE-2017-6721 | Improper Input Validation vulnerability in Cisco Wide Area Application Services 6.3(1) A vulnerability in the ingress processing of fragmented TCP packets by Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause the WAASNET process to restart unexpectedly, causing a denial of service (DoS) condition. | 5.3 |
| 2017-07-04 | CVE-2017-6719 | Improper Input Validation vulnerability in Cisco IOS XR 6.0.2/6.0.2.01 A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands on the host operating system with root privileges, aka Command Injection. | 6.7 |
| 2017-07-04 | CVE-2017-6718 | Improper Input Validation vulnerability in Cisco IOS XR 6.0.2/6.0.2.01 A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to elevate privileges to the root level. | 6.7 |