Vulnerabilities > Cisco > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-15 | CVE-2019-1726 | OS Command Injection vulnerability in Cisco Nx-Os A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to access internal services that should be restricted on an affected device, such as the NX-API. | 7.8 |
| 2019-05-15 | CVE-2019-1717 | Path Traversal vulnerability in Cisco Video Surveillance Manager 7.21 A vulnerability in the web-based management interface of Cisco Video Surveillance Manager could allow an unauthenticated, remote attacker to access sensitive information. | 7.5 |
| 2019-05-13 | CVE-2019-1862 | Improper Input Validation vulnerability in Cisco IOS XE 16.3.7 A vulnerability in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands on the underlying Linux shell of an affected device with root privileges. | 7.2 |
| 2019-05-03 | CVE-2019-1859 | Improper Certificate Validation vulnerability in Cisco products A vulnerability in the Secure Shell (SSH) authentication process of Cisco Small Business Switches software could allow an attacker to bypass client-side certificate authentication and revert to password authentication. | 7.2 |
| 2019-05-03 | CVE-2019-1857 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco HyperFlex HX-Series could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. | 8.8 |
| 2019-05-03 | CVE-2019-1836 | Link Following vulnerability in Cisco Nx-Os 14.0(3D) A vulnerability in the system shell for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to use symbolic links to overwrite system files. | 7.1 |
| 2019-05-03 | CVE-2019-1817 | Improper Input Validation vulnerability in Cisco web Security Appliance A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliance could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 7.5 |
| 2019-05-03 | CVE-2019-1816 | Improper Input Validation vulnerability in Cisco web Security Appliance A vulnerability in the log subscription subsystem of the Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. | 7.8 |
| 2019-05-03 | CVE-2019-1807 | Session Fixation vulnerability in Cisco Umbrella A vulnerability in the session management functionality of the web UI for the Cisco Umbrella Dashboard could allow an authenticated, remote attacker to access the Dashboard via an active, user session. | 8.8 |
| 2019-05-03 | CVE-2019-1724 | Improper Authentication vulnerability in Cisco products A vulnerability in the session management functionality of the web-based interface for Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. | 8.8 |