Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-17 | CVE-2017-3875 | Improper Input Validation vulnerability in Cisco Nx-Os An Access-Control Filtering Mechanisms Bypass vulnerability in certain access-control filtering mechanisms on Cisco Nexus 7000 Series Switches could allow an unauthenticated, remote attacker to bypass defined traffic configured within an access control list (ACL) on the affected system. | 5.0 |
| 2017-03-17 | CVE-2017-3874 | Cross-site Scripting vulnerability in Cisco Unified Communications Manager 11.5(1.11007.2) A vulnerability in the web framework of Cisco Unified Communications Manager (CallManager) could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack. | 3.5 |
| 2017-03-17 | CVE-2017-3872 | Cross-site Scripting vulnerability in Cisco Unified Communications Manager A cross-site scripting (XSS) filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct XSS attacks against a user of an affected device. | 4.3 |
| 2017-03-17 | CVE-2017-3871 | Information Exposure vulnerability in Cisco Prime Optical 10.6(0.1) A RADIUS Secret Disclosure vulnerability in the web network management interface of Cisco Prime Optical for Service Providers could allow an authenticated, remote attacker to disclose sensitive information in the configuration generated for a device. | 4.0 |
| 2017-03-17 | CVE-2017-3870 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco web Security Appliance 8.5.3069/9.1.1074/9.1.2010 A vulnerability in the URL filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured URL filter rule. | 5.0 |
| 2017-03-17 | CVE-2017-3869 | Security Bypass vulnerability in Cisco Prime Infrastructure 3.1(1) An API Credentials Management vulnerability in the APIs for Cisco Prime Infrastructure could allow an authenticated, remote attacker to access an API that should be restricted to a privileged user. | 5.5 |
| 2017-03-17 | CVE-2017-3868 | Cross-site Scripting vulnerability in Cisco Unified Computing System Director 6.0(0.0) A vulnerability in the web-based management interface of Cisco UCS Director could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 4.3 |
| 2017-03-17 | CVE-2017-3867 | Improper Authentication vulnerability in Cisco Adaptive Security Appliance Software A vulnerability in the Border Gateway Protocol (BGP) Bidirectional Forwarding Detection (BFD) implementation of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to bypass the access control list (ACL) for specific TCP and UDP traffic. | 5.3 |
| 2017-03-17 | CVE-2017-3866 | Cross-site Scripting vulnerability in Cisco Prime Service Catalog 11.1.2/11.1Base A vulnerability in the web framework code of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. | 4.3 |
| 2017-03-17 | CVE-2017-3815 | Cleartext Transmission of Sensitive Information vulnerability in Cisco Telepresence Server Software 4.2(4.17)/4.2(4.18)/4.2(4.19) An API Privilege vulnerability in Cisco TelePresence Server Software could allow an unauthenticated, remote attacker to emulate Cisco TelePresence Server endpoints. | 5.0 |