Vulnerabilities > Cisco > Critical

DATE CVE VULNERABILITY TITLE RISK
2018-10-05 CVE-2018-0435 Improper Authentication vulnerability in Cisco Umbrella
A vulnerability in the Cisco Umbrella API could allow an authenticated, remote attacker to view and modify data across their organization and other organizations.
network
low complexity
cisco CWE-287
critical
 9.1
9.1
2018-10-05 CVE-2018-0426 Path Traversal vulnerability in Cisco Rv110W Firmware, Rv130W Firmware and Rv215W Firmware
A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain access to sensitive information.
network
low complexity
cisco CWE-22
critical
 9.8
9.8
2018-10-05 CVE-2018-0425 Improper Privilege Management vulnerability in Cisco Rv110W Firmware, Rv130W Firmware and Rv215W Firmware
A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain access to sensitive information.
network
low complexity
cisco CWE-269
critical
 9.8
9.8
2018-07-18 CVE-2018-0403 Server-Side Request Forgery (SSRF) vulnerability in Cisco products
Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to retrieve a cleartext password.
network
low complexity
cisco CWE-918
critical
 9.8
9.8
2018-07-18 CVE-2018-0399 Server-Side Request Forgery (SSRF) vulnerability in Cisco Finesse 11.5(1)
Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to retrieve a cleartext password from an affected system.
network
low complexity
cisco CWE-918
critical
 9.8
9.8
2018-07-18 CVE-2018-0398 Server-Side Request Forgery (SSRF) vulnerability in Cisco Finesse 11.5(1)
Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack.
network
low complexity
cisco CWE-918
critical
 9.8
9.8
2018-07-18 CVE-2018-0377 Missing Authentication for Critical Function vulnerability in Cisco Mobility Services Engine and Policy Suite
A vulnerability in the Open Systems Gateway initiative (OSGi) interface of Cisco Policy Suite before 18.1.0 could allow an unauthenticated, remote attacker to directly connect to the OSGi interface.
network
low complexity
cisco CWE-306
critical
 9.8
9.8
2018-07-18 CVE-2018-0376 Missing Authentication for Critical Function vulnerability in Cisco Mobility Services Engine and Policy Suite
A vulnerability in the Policy Builder interface of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to access the Policy Builder interface.
network
low complexity
cisco CWE-306
critical
 9.8
9.8
2018-07-18 CVE-2018-0375 Use of Hard-coded Credentials vulnerability in Cisco Mobility Services Engine and Policy Suite
A vulnerability in the Cluster Manager of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to log in to an affected system using the root account, which has default, static user credentials.
network
low complexity
cisco CWE-798
critical
 9.8
9.8
2018-07-18 CVE-2018-0374 Missing Authentication for Critical Function vulnerability in Cisco Mobility Services Engine 14.0.0
A vulnerability in the Policy Builder database of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to connect directly to the Policy Builder database.
network
low complexity
cisco CWE-306
critical
 9.8
9.8