Vulnerabilities > Cisco > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-05 | CVE-2018-0471 | Missing Release of Resource after Effective Lifetime vulnerability in Cisco IOS XE 16.6.1/16.6.2 A vulnerability in the Cisco Discovery Protocol (CDP) module of Cisco IOS XE Software Releases 16.6.1 and 16.6.2 could allow an unauthenticated, adjacent attacker to cause a memory leak that may lead to a denial of service (DoS) condition. | 7.4 |
| 2018-10-05 | CVE-2018-0470 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco IOS XE 16.2.0/16.3(1) A vulnerability in the web framework of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a buffer overflow condition on an affected device, resulting in a denial of service (DoS) condition. | 8.6 |
| 2018-10-05 | CVE-2018-0467 | Improper Input Validation vulnerability in Cisco IOS XE 15.6(2)Sp/16.6.1/Everest16.6.1 A vulnerability in the IPv6 processing code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. | 8.6 |
| 2018-10-05 | CVE-2018-0463 | Unspecified vulnerability in Cisco Network Services Orchestrator 1.2.0 A vulnerability in the Cisco Network Plug and Play server component of Cisco Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to gain unauthorized access to configuration data that is stored on an affected NSO system. | 7.5 |
| 2018-10-05 | CVE-2018-0455 | Unspecified vulnerability in Cisco Firepower System Software A vulnerability in the Server Message Block Version 2 (SMBv2) and Version 3 (SMBv3) protocol implementation for the Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause the device to run low on system memory, possibly preventing the device from forwarding traffic. | 7.5 |
| 2018-10-05 | CVE-2018-0454 | Command Injection vulnerability in Cisco Cloud Services Platform 2100 Firmware 2.2(4) A vulnerability in the web-based management interface of Cisco Cloud Services Platform 2100 could allow an authenticated, remote attacker to perform command injection. | 8.8 |
| 2018-10-05 | CVE-2018-0453 | OS Command Injection vulnerability in Cisco Firepower Threat Defense A vulnerability in the Sourcefire tunnel control channel protocol in Cisco Firepower System Software running on Cisco Firepower Threat Defense (FTD) sensors could allow an authenticated, local attacker to execute specific CLI commands with root privileges on the Cisco Firepower Management Center (FMC), or through Cisco FMC on other Firepower sensors and devices that are controlled by the same Cisco FMC. | 8.2 |
| 2018-10-05 | CVE-2018-0451 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Tetration Analytics 2.0(2.20)/2.1(1.31) A vulnerability in the web-based management interface of Cisco Tetration Analytics could allow an authenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. | 8.8 |
| 2018-10-05 | CVE-2018-0446 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Network Level Service 1.5(0.128) A vulnerability in the web-based management interface of Cisco Industrial Network Director could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. | 8.8 |
| 2018-10-05 | CVE-2018-0445 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Packaged Contact Center Enterprise 11.6(1) A vulnerability in the web-based management interface of Cisco Packaged Contact Center Enterprise could allow an unauthenticated, remote attacker to conduct a CSRF attack and perform arbitrary actions on an affected device. | 8.8 |