Vulnerabilities > Cisco > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-07 | CVE-2018-0319 | Improper Authentication vulnerability in Cisco products A vulnerability in the password recovery function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. | 9.8 |
| 2018-06-07 | CVE-2018-0318 | Improper Authentication vulnerability in Cisco products A vulnerability in the password reset function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. | 9.8 |
| 2018-06-07 | CVE-2018-0315 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco IOS XE 16.7.1/16.8.1 A vulnerability in the authentication, authorization, and accounting (AAA) security services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device or cause an affected device to reload, resulting in a denial of service (DoS) condition. | 9.8 |
| 2018-05-17 | CVE-2018-0271 | Improper Authentication vulnerability in Cisco Digital Network Architecture Center 1.1/1.1.1 A vulnerability in the API gateway of the Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and access critical services. | 9.8 |
| 2018-05-17 | CVE-2018-0268 | Improperly Implemented Security Check for Standard vulnerability in Cisco Digital Network Architecture Center A vulnerability in the container management subsystem of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and gain elevated privileges. | 10.0 |
| 2018-05-17 | CVE-2018-0222 | Use of Hard-coded Credentials vulnerability in Cisco Digital Network Architecture Center A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to log in to an affected system by using an administrative account that has default, static user credentials. | 10.0 |
| 2018-05-02 | CVE-2018-0264 | Improper Input Validation vulnerability in Cisco products A vulnerability in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow an unauthenticated, remote attacker to execute arbitrary code on the system of a targeted user. | 9.6 |
| 2018-05-02 | CVE-2018-0258 | Unrestricted Upload of File with Dangerous Type vulnerability in Cisco products A vulnerability in the Cisco Prime File Upload servlet affecting multiple Cisco products could allow a remote attacker to upload arbitrary files to any directory of a vulnerable device (aka Path Traversal) and execute those files. | 9.8 |
| 2018-05-02 | CVE-2018-0253 | Improper Input Validation vulnerability in Cisco Secure Access Control System A vulnerability in the ACS Report component of Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. | 9.8 |
| 2018-04-19 | CVE-2018-0238 | Improper Authentication vulnerability in Cisco Unified Computing System Director 6.5(0.0)/6.5(0.1) A vulnerability in the role-based resource checking functionality of the Cisco Unified Computing System (UCS) Director could allow an authenticated, remote attacker to view unauthorized information for any virtual machine in the UCS Director end-user portal and perform any permitted operations on any virtual machine. | 9.9 |