Vulnerabilities > Cisco > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-24 | CVE-2017-11588 | OS Command Injection vulnerability in Cisco Residential Gateway Firmware Ddr2200Bnaannexafccv00.00.03.45.4E/Ddr2201V1Naannexafccv00.00.03.28.3 On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is remote command execution via shell metacharacters in the pingAddr parameter to the waitPingqry.cgi URI. | 9.8 |
| 2017-07-20 | CVE-2017-11502 | Information Exposure vulnerability in Cisco Dpc3928Ad Docsis Wireless Router Firmware Technicolor DPC3928AD DOCSIS devices allow remote attackers to read arbitrary files via a request starting with "GET /../" on TCP port 4321. | 9.8 |
| 2017-07-06 | CVE-2017-6714 | OS Command Injection vulnerability in Cisco Ultra Services Framework Staging Server 5.0.2 A vulnerability in the AutoIT service of Cisco Ultra Services Framework Staging Server could allow an unauthenticated, remote attacker to execute arbitrary shell commands as the Linux root user. | 9.8 |
| 2017-07-06 | CVE-2017-6713 | Allocation of Resources Without Limits or Throttling vulnerability in Cisco Elastic Services Controller A vulnerability in the Play Framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to gain full access to the affected system. | 9.8 |
| 2017-07-06 | CVE-2017-6711 | Improper Authentication vulnerability in Cisco Ultra Services Framework A vulnerability in the Ultra Automation Service (UAS) of the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to gain unauthorized access to a targeted device. | 9.1 |
| 2017-07-06 | CVE-2017-6709 | Insufficiently Protected Credentials vulnerability in Cisco Ultra Services Framework A vulnerability in the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to access administrative credentials for Cisco Elastic Services Controller (ESC) and Cisco OpenStack deployments in an affected system. | 9.8 |
| 2017-07-06 | CVE-2017-6708 | Information Exposure vulnerability in Cisco Ultra Services Framework A vulnerability in the symbolic link (symlink) creation functionality of the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to read sensitive files or execute malicious code on an affected system. | 9.8 |
| 2017-06-13 | CVE-2017-6667 | Improper Input Validation vulnerability in Cisco Context Service Development KIT 2.0 A vulnerability in the update process for the dynamic JAR file of the Cisco Context Service software development kit (SDK) could allow an unauthenticated, remote attacker to execute arbitrary code on the affected device with the privileges of the web server. | 9.8 |
| 2017-06-08 | CVE-2017-6640 | Allocation of Resources Without Limits or Throttling vulnerability in Cisco Prime Data Center Network Manager 10.1.0/10.1(1)/10.1(2) A vulnerability in Cisco Prime Data Center Network Manager (DCNM) Software could allow an unauthenticated, remote attacker to log in to the administrative console of a DCNM server by using an account that has a default, static password. | 9.8 |
| 2017-06-08 | CVE-2017-6639 | Missing Authorization vulnerability in Cisco Prime Data Center Network Manager 10.1.0/10.1(1)/10.1(2) A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to access sensitive information or execute arbitrary code with root privileges on an affected system. | 9.8 |