Vulnerabilities > Cisco > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-05 | CVE-2018-0439 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Meeting Server A vulnerability in the web-based management interface of Cisco Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. | 8.8 |
| 2018-10-05 | CVE-2018-0438 | Improper Privilege Management vulnerability in Cisco Umbrella Enterprise Roaming Client A vulnerability in the Cisco Umbrella Enterprise Roaming Client (ERC) could allow an authenticated, local attacker to elevate privileges to Administrator. | 7.8 |
| 2018-10-05 | CVE-2018-0437 | Improper Privilege Management vulnerability in Cisco products A vulnerability in the Cisco Umbrella Enterprise Roaming Client (ERC) could allow an authenticated, local attacker to elevate privileges to Administrator. | 7.8 |
| 2018-10-05 | CVE-2018-0436 | Improper Privilege Management vulnerability in Cisco Webex Teams A vulnerability in Cisco Webex Teams, formerly Cisco Spark, could allow an authenticated, remote attacker to view and modify data for an organization other than their own organization. | 8.7 |
| 2018-10-05 | CVE-2018-0434 | Improper Certificate Validation vulnerability in Cisco products A vulnerability in the Zero Touch Provisioning feature of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate. | 7.4 |
| 2018-10-05 | CVE-2018-0433 | OS Command Injection vulnerability in Cisco products A vulnerability in the command-line interface (CLI) in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. | 7.8 |
| 2018-10-05 | CVE-2018-0432 | OS Command Injection vulnerability in Cisco products A vulnerability in the error reporting feature of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to gain elevated privileges on an affected device. | 8.8 |
| 2018-10-05 | CVE-2018-0431 | Command Injection vulnerability in Cisco Unified Computing System 2.0Base/3.0(3A)/3.1(3) A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject and execute arbitrary commands with root privileges on an affected device. | 8.8 |
| 2018-10-05 | CVE-2018-0430 | Command Injection vulnerability in Cisco Unified Computing System 2.0Base/3.0(3A)/3.1(3) A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject and execute arbitrary commands with root privileges on an affected device. | 8.8 |
| 2018-10-05 | CVE-2018-0424 | OS Command Injection vulnerability in Cisco Rv110W Firmware, Rv130W Firmware and Rv215W Firmware A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an authenticated, remote attacker to execute arbitrary commands. | 8.8 |