Vulnerabilities > Cisco > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-08 | CVE-2018-15447 | SQL Injection vulnerability in Cisco Integrated Management Controller A vulnerability in the web framework code of Cisco Integrated Management Controller (IMC) Supervisor could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. | 9.8 |
| 2018-11-08 | CVE-2018-15439 | Use of Hard-coded Credentials vulnerability in Cisco products A vulnerability in the Cisco Small Business Switches software could allow an unauthenticated, remote attacker to bypass the user authentication mechanism of an affected device. | 9.8 |
| 2018-11-08 | CVE-2018-15394 | Unspecified vulnerability in Cisco Stealthwatch Enterprise 6.10.2 A vulnerability in the Stealthwatch Management Console (SMC) of Cisco Stealthwatch Enterprise could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected system. | 9.8 |
| 2018-11-08 | CVE-2018-15381 | Deserialization of Untrusted Data vulnerability in Cisco Unity Express A Java deserialization vulnerability in Cisco Unity Express (CUE) could allow an unauthenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. | 9.8 |
| 2018-10-05 | CVE-2018-15427 | Use of Hard-coded Credentials vulnerability in Cisco Video Surveillance Manager 7.10/7.11/7.11.1 A vulnerability in Cisco Video Surveillance Manager (VSM) Software running on certain Cisco Connected Safety and Security Unified Computing System (UCS) platforms could allow an unauthenticated, remote attacker to log in to an affected system by using the root account, which has default, static user credentials. | 9.8 |
| 2018-10-05 | CVE-2018-15389 | Use of Hard-coded Credentials vulnerability in Cisco Prime Collaboration 12.1 A vulnerability in the install function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to access the administrative web interface using a default hard-coded username and password that are used during install. | 9.8 |
| 2018-10-05 | CVE-2018-15387 | Improper Certificate Validation vulnerability in Cisco Sd-Wan A vulnerability in the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to bypass certificate validation on an affected device. | 9.8 |
| 2018-10-05 | CVE-2018-15386 | Unspecified vulnerability in Cisco Digital Network Architecture Center A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and have direct unauthorized access to critical management functions. | 9.8 |
| 2018-10-05 | CVE-2018-15379 | Incorrect Permission Assignment for Critical Resource vulnerability in Cisco Prime Infrastructure A vulnerability in which the HTTP web server for Cisco Prime Infrastructure (PI) has unrestricted directory permissions could allow an unauthenticated, remote attacker to upload an arbitrary file. | 9.8 |
| 2018-10-05 | CVE-2018-0448 | Inadequate Encryption Strength vulnerability in Cisco Digital Network Architecture Center A vulnerability in the identity management service of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and take complete control of identity management functions. | 9.8 |