Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-07 | CVE-2017-6601 | OS Command Injection vulnerability in Cisco products A vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. | 7.1 |
| 2017-04-07 | CVE-2017-6600 | OS Command Injection vulnerability in Cisco products A vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. | 7.8 |
| 2017-04-07 | CVE-2017-6599 | Missing Release of Resource after Effective Lifetime vulnerability in Cisco IOS XR 6.1.1/6.2.1 A vulnerability in Google-defined remote procedure call (gRPC) handling in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon (emsd) to crash due to a system memory leak, resulting in a denial of service (DoS) condition. | 5.3 |
| 2017-04-07 | CVE-2017-6598 | Missing Authorization vulnerability in Cisco products A vulnerability in the debug plug-in functionality of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to execute arbitrary commands, aka Privilege Escalation. | 6.7 |
| 2017-04-07 | CVE-2017-6597 | OS Command Injection vulnerability in Cisco products A vulnerability in the local-mgmt CLI command of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. | 7.8 |
| 2017-04-07 | CVE-2017-3889 | Open Redirect vulnerability in Cisco Registered Envelope Service 5.1.0015 A vulnerability in the web interface of the Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to redirect a user to a undesired web page, aka an Open Redirect. | 6.1 |
| 2017-04-07 | CVE-2017-3888 | Cross-site Scripting vulnerability in Cisco Unified Communications Manager 12.0(0.98000.452) A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 5.4 |
| 2017-04-07 | CVE-2017-3887 | Improper Handling of Exceptional Conditions vulnerability in Cisco Firepower Threat Defense 6.0.1/6.1.0/6.2.0 A vulnerability in the detection engine that handles Secure Sockets Layer (SSL) packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the Snort process unexpectedly restarts. | 5.9 |
| 2017-04-07 | CVE-2017-3886 | SQL Injection vulnerability in Cisco Unified Communications Manager 11.0(1.10000.10)/11.5(1.10000.6) A vulnerability in the Cisco Unified Communications Manager web interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. | 4.9 |
| 2017-04-07 | CVE-2017-3885 | Resource Exhaustion vulnerability in Cisco Firepower Management Center A vulnerability in the detection engine reassembly of Secure Sockets Layer (SSL) packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the Snort process consumes a high level of CPU resources. | 5.9 |