Vulnerabilities > Cisco > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-06 | CVE-2019-1591 | OS Command Injection vulnerability in Cisco Nx-Os A vulnerability in a specific CLI command implementation of Cisco Nexus 9000 Series ACI Mode Switch Software could allow an authenticated, local attacker to escape a restricted shell on an affected device. | 7.8 |
| 2019-03-06 | CVE-2019-1585 | Configuration vulnerability in Cisco products A vulnerability in the controller authorization functionality of Cisco Nexus 9000 Series ACI Mode Switch Software could allow an authenticated, local attacker to escalate standard users with root privilege on an affected device. | 7.8 |
| 2019-02-28 | CVE-2019-1674 | OS Command Injection vulnerability in Cisco products A vulnerability in the update service of Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user. | 8.8 |
| 2019-02-25 | CVE-2019-1689 | Improper Input Validation vulnerability in Cisco Webex Teams A vulnerability in the client application for iOS of Cisco Webex Teams could allow an authenticated, remote attacker to upload arbitrary files within the scope of the iOS application. | 7.3 |
| 2019-02-25 | CVE-2019-1683 | Improper Certificate Validation vulnerability in Cisco products A vulnerability in the certificate handling component of the Cisco SPA112, SPA525, and SPA5X5 Series IP Phones could allow an unauthenticated, remote attacker to listen to or control some aspects of a Transport Level Security (TLS)-encrypted Session Initiation Protocol (SIP) conversation. | 7.4 |
| 2019-02-21 | CVE-2019-1681 | Path Traversal vulnerability in Cisco IOS XR A vulnerability in the TFTP service of Cisco Network Convergence System 1000 Series software could allow an unauthenticated, remote attacker to retrieve arbitrary files from the targeted device, possibly resulting in information disclosure. | 7.5 |
| 2019-02-21 | CVE-2019-1664 | Improper Authentication vulnerability in Cisco Hyperflex HX Data Platform A vulnerability in the hxterm service of Cisco HyperFlex Software could allow an unauthenticated, local attacker to gain root access to all nodes in the cluster. | 7.8 |
| 2019-02-21 | CVE-2019-1659 | Improper Certificate Validation vulnerability in Cisco Prime Infrastructure A vulnerability in the Identity Services Engine (ISE) integration feature of Cisco Prime Infrastructure (PI) could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack against the Secure Sockets Layer (SSL) tunnel established between ISE and PI. | 7.4 |
| 2019-02-20 | CVE-2018-15380 | OS Command Injection vulnerability in Cisco Hyperflex HX Data Platform 3.0(1A)/3.5(1A) A vulnerability in the cluster service manager of Cisco HyperFlex Software could allow an unauthenticated, adjacent attacker to execute commands as the root user. | 8.8 |
| 2019-02-12 | CVE-2019-1688 | Use of Hard-coded Credentials vulnerability in Cisco Network Assurance Engine 3.0(1) A vulnerability in the management web interface of Cisco Network Assurance Engine (NAE) could allow an unauthenticated, local attacker to gain unauthorized access or cause a Denial of Service (DoS) condition on the server. | 7.1 |