Vulnerabilities > Cisco > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-10 | CVE-2019-1867 | Improper Authentication vulnerability in Cisco Elastic Services Controller A vulnerability in the REST API of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to bypass authentication on the REST API. | 10.0 |
| 2019-05-03 | CVE-2019-1804 | Insecure Default Initialization of Resource vulnerability in Cisco products A vulnerability in the SSH key management for the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, remote attacker to connect to the affected system with the privileges of the root user. | 9.8 |
| 2019-04-17 | CVE-2019-1710 | Improper Input Validation vulnerability in Cisco IOS XR A vulnerability in the sysadmin virtual machine (VM) on Cisco ASR 9000 Series Aggregation Services Routers running Cisco IOS XR 64-bit Software could allow an unauthenticated, remote attacker to access internal applications running on the sysadmin VM. | 9.8 |
| 2019-03-22 | CVE-2019-1716 | Improper Input Validation vulnerability in Cisco products A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code. | 9.8 |
| 2019-03-13 | CVE-2019-1723 | Use of Hard-coded Credentials vulnerability in Cisco Common Services Platform Collector A vulnerability in the Cisco Common Services Platform Collector (CSPC) could allow an unauthenticated, remote attacker to access an affected device by using an account that has a default, static password. | 9.8 |
| 2019-02-28 | CVE-2019-1663 | Out-of-bounds Write vulnerability in Cisco Rv110W Firmware, Rv130W Firmware and Rv215W Firmware A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. | 9.8 |
| 2019-02-21 | CVE-2019-1662 | Improper Authentication vulnerability in Cisco Prime Collaboration Assurance A vulnerability in the Quality of Voice Reporting (QOVR) service of Cisco Prime Collaboration Assurance (PCA) Software could allow an unauthenticated, remote attacker to access the system as a valid user. | 9.1 |
| 2019-01-10 | CVE-2018-0181 | Missing Authentication for Critical Function vulnerability in Cisco products A vulnerability in the Redis implementation used by the Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent software could allow an unauthenticated, remote attacker to modify key-value pairs for short-lived events stored by the Redis server. | 9.8 |
| 2018-12-23 | CVE-2018-20392 | Insufficiently Protected Credentials vulnerability in Cisco Dpc2100 Firmware 2.0.2R1256060303 S-A WebSTAR DPC2100 v2.0.2r1256-060303 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | 9.8 |
| 2018-11-28 | CVE-2018-15441 | SQL Injection vulnerability in Cisco Prime License Manager 11.0.1/11.5/11.5(1) A vulnerability in the web framework code of Cisco Prime License Manager (PLM) could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. | 9.8 |