Vulnerabilities > Cisco > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-03 | CVE-2019-1724 | Improper Authentication vulnerability in Cisco products A vulnerability in the session management functionality of the web-based interface for Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. | 8.8 |
| 2019-05-03 | CVE-2019-1715 | Insufficient Entropy in PRNG vulnerability in Cisco products A vulnerability in the Deterministic Random Bit Generator (DRBG), also known as Pseudorandom Number Generator (PRNG), used in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a cryptographic collision, enabling the attacker to discover the private key of an affected device. | 7.5 |
| 2019-05-03 | CVE-2019-1714 | Unspecified vulnerability in Cisco products A vulnerability in the implementation of Security Assertion Markup Language (SAML) 2.0 Single Sign-On (SSO) for Clientless SSL VPN (WebVPN) and AnyConnect Remote Access VPN in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to successfully establish a VPN session to an affected device. | 8.6 |
| 2019-05-03 | CVE-2019-1713 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Adaptive Security Appliance Software A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. | 8.8 |
| 2019-05-03 | CVE-2019-1709 | OS Command Injection vulnerability in Cisco products A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to perform a command injection attack. | 7.8 |
| 2019-05-03 | CVE-2019-1708 | Memory Leak vulnerability in Cisco products A vulnerability in the Internet Key Exchange Version 2 Mobility and Multihoming Protocol (MOBIKE) feature for the Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak or a reload of an affected device that leads to a denial of service (DoS) condition. | 8.6 |
| 2019-05-03 | CVE-2019-1706 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Cisco Adaptive Security Appliance Software A vulnerability in the software cryptography module of the Cisco Adaptive Security Virtual Appliance (ASAv) and Firepower 2100 Series running Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause an unexpected reload of the device that results in a denial of service (DoS) condition. | 8.6 |
| 2019-05-03 | CVE-2019-1704 | Resource Exhaustion vulnerability in Cisco Firepower Threat Defense Multiple vulnerabilities in the Server Message Block (SMB) Protocol preprocessor detection engine for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, adjacent or remote attacker to cause a denial of service (DoS) condition. | 7.5 |
| 2019-05-03 | CVE-2019-1703 | Allocation of Resources Without Limits or Throttling vulnerability in Cisco Firepower Threat Defense A vulnerability in the internal packet-processing functionality of Cisco Firepower Threat Defense (FTD) Software for the Cisco Firepower 2100 Series could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service (DoS) condition. | 8.6 |
| 2019-05-03 | CVE-2019-1699 | OS Command Injection vulnerability in Cisco Secure Firewall Management Center A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to perform a command injection attack. | 7.8 |