Vulnerabilities > Cisco > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-17 | CVE-2018-7340 | Improper Verification of Cryptographic Signature vulnerability in Cisco DUO Network Gateway Duo Network Gateway 1.2.9 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers. | 7.5 |
| 2019-04-04 | CVE-2019-1828 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Cisco Rv320 Firmware and Rv325 Firmware A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to access administrative credentials. | 8.1 |
| 2019-03-28 | CVE-2019-1756 | Improper Input Validation vulnerability in Cisco IOS and IOS XE A vulnerability in Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands on the underlying Linux shell of an affected device with root privileges. | 7.2 |
| 2019-03-28 | CVE-2019-1755 | Improper Input Validation vulnerability in Cisco IOS XE A vulnerability in the Web Services Management Agent (WSMA) function of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary Cisco IOS commands as a privilege level 15 user. | 7.2 |
| 2019-03-28 | CVE-2019-1754 | Improper Privilege Management vulnerability in Cisco IOS XE A vulnerability in the authorization subsystem of Cisco IOS XE Software could allow an authenticated but unprivileged (level 1), remote attacker to run privileged Cisco IOS commands by using the web UI. | 8.8 |
| 2019-03-28 | CVE-2019-1753 | Improper Input Validation vulnerability in Cisco IOS XE A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated but unprivileged (level 1), remote attacker to run privileged Cisco IOS commands by using the web UI. | 8.8 |
| 2019-03-28 | CVE-2019-1752 | Improper Input Validation vulnerability in Cisco IOS and IOS XE A vulnerability in the ISDN functions of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. | 7.5 |
| 2019-03-28 | CVE-2019-1751 | Improper Input Validation vulnerability in Cisco IOS A vulnerability in the Network Address Translation 64 (NAT64) functions of Cisco IOS Software could allow an unauthenticated, remote attacker to cause either an interface queue wedge or a device reload. | 7.5 |
| 2019-03-28 | CVE-2019-1750 | 7PK - Errors vulnerability in Cisco IOS XE A vulnerability in the Easy Virtual Switching System (VSS) of Cisco IOS XE Software on Catalyst 4500 Series Switches could allow an unauthenticated, adjacent attacker to cause the switches to reload. | 7.4 |
| 2019-03-28 | CVE-2019-1749 | Improper Input Validation vulnerability in Cisco IOS XE A vulnerability in the ingress traffic validation of Cisco IOS XE Software for Cisco Aggregation Services Router (ASR) 900 Route Switch Processor 3 (RSP3) could allow an unauthenticated, adjacent attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. | 7.4 |