Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-17 | CVE-2017-3811 | XXE vulnerability in Cisco Webex Meetings Server 2.6 An XML External Entity vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to have read access to part of the information stored in the affected system. | 4.0 |
| 2017-03-15 | CVE-2017-3854 | Improper Authentication vulnerability in Cisco products A vulnerability in the mesh code of Cisco Wireless LAN Controller (WLC) software could allow an unauthenticated, remote attacker to impersonate a WLC in a meshed topology. | 8.3 |
| 2017-03-15 | CVE-2017-3846 | Improper Input Validation vulnerability in Cisco Tidal Enterprise Scheduler A vulnerability in the Client Manager Server of Cisco Workload Automation and Cisco Tidal Enterprise Scheduler could allow an unauthenticated, remote attacker to retrieve any file from the Client Manager Server. | 5.0 |
| 2017-03-15 | CVE-2017-3831 | Improper Authentication vulnerability in Cisco Aironet Access Point Software A vulnerability in the web-based GUI of Cisco Mobility Express 1800 Series Access Points could allow an unauthenticated, remote attacker to bypass authentication. | 10.0 |
| 2017-03-15 | CVE-2017-3819 | Missing Authentication for Critical Function vulnerability in Cisco ASR 5000 Series Software and Virtualized Packet Core A privilege escalation vulnerability in the Secure Shell (SSH) subsystem in the StarOS operating system for Cisco ASR 5000 Series, ASR 5500 Series, ASR 5700 Series devices, and Cisco Virtualized Packet Core could allow an authenticated, remote attacker to gain unrestricted, root shell access. | 9.0 |
| 2017-03-01 | CVE-2017-3826 | Improper Input Validation vulnerability in Cisco Netflow Generation Appliance Software A vulnerability in the Stream Control Transmission Protocol (SCTP) decoder of the Cisco NetFlow Generation Appliance (NGA) with software before 1.1(1a) could allow an unauthenticated, remote attacker to cause the device to hang or unexpectedly reload, causing a denial of service (DoS) condition. | 5.0 |
| 2017-02-22 | CVE-2017-3847 | Cross-site Scripting vulnerability in Cisco Firepower Management Center 6.2.1 A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. | 3.5 |
| 2017-02-22 | CVE-2017-3845 | Cross-site Scripting vulnerability in Cisco Prime Collaboration Assurance 11.0.0/11.1.0/11.5.0 A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 4.3 |
| 2017-02-22 | CVE-2017-3844 | Improper Input Validation vulnerability in Cisco Prime Collaboration Assurance 11.0.0/11.1.0/11.5.0 A vulnerability in exporting functions of the user interface for Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to view file directory listings and download files. | 4.0 |
| 2017-02-22 | CVE-2017-3843 | Improper Input Validation vulnerability in Cisco Prime Collaboration Assurance 11.0.0/11.1.0/11.5.0 A vulnerability in the file download functions for Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to download system files that should be restricted. | 4.0 |