Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-13 | CVE-2017-6670 | Open Redirect vulnerability in Cisco Unified Communications Domain Manager 8.1(7)Er1 A vulnerability in the web-based GUI of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect issue. | 6.1 |
| 2017-06-13 | CVE-2017-6668 | SQL Injection vulnerability in Cisco Unified Communications Domain Manager 8.1(7)Er1 Vulnerabilities in the web-based GUI of Cisco Unified Communications Domain Manager (CUCDM) could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. | 4.9 |
| 2017-06-13 | CVE-2017-6667 | Improper Input Validation vulnerability in Cisco Context Service Development KIT 2.0 A vulnerability in the update process for the dynamic JAR file of the Cisco Context Service software development kit (SDK) could allow an unauthenticated, remote attacker to execute arbitrary code on the affected device with the privileges of the web server. | 9.8 |
| 2017-06-13 | CVE-2017-6666 | Unspecified vulnerability in Cisco IOS XR A vulnerability in the forwarding component of Cisco IOS XR Software for Cisco Network Convergence System (NCS) 5500 Series Routers could allow an authenticated, local attacker to cause the router to stop forwarding data traffic across Traffic Engineering (TE) tunnels, resulting in a denial of service (DoS) condition. | 6.0 |
| 2017-06-13 | CVE-2017-6661 | Cross-site Scripting vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device, aka Message Tracking XSS. | 6.1 |
| 2017-06-13 | CVE-2017-6659 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Prime Collaboration Assurance 11.5(0)/11.6 A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. | 8.8 |
| 2017-06-13 | CVE-2017-6656 | Improper Input Validation vulnerability in Cisco IP Phone 8800 Series 11.0(0.1) A vulnerability in Session Initiation Protocol (SIP) call handling of Cisco IP Phone 8800 Series devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the SIP process unexpectedly restarting. | 5.9 |
| 2017-06-13 | CVE-2017-6655 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products A vulnerability in the Fibre Channel over Ethernet (FCoE) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition when an FCoE-related process unexpectedly reloads. | 6.5 |
| 2017-06-08 | CVE-2017-6648 | Unspecified vulnerability in Cisco Telepresence CE Software and Telepresence TC Software A vulnerability in the Session Initiation Protocol (SIP) of the Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause a TelePresence endpoint to reload unexpectedly, resulting in a denial of service (DoS) condition. | 7.5 |
| 2017-06-08 | CVE-2017-6640 | Allocation of Resources Without Limits or Throttling vulnerability in Cisco Prime Data Center Network Manager 10.1.0/10.1(1)/10.1(2) A vulnerability in Cisco Prime Data Center Network Manager (DCNM) Software could allow an unauthenticated, remote attacker to log in to the administrative console of a DCNM server by using an account that has a default, static password. | 9.8 |