Vulnerabilities > Cisco > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-16 | CVE-2018-0341 | OS Command Injection vulnerability in Cisco IP Phone Multiplatform Firmware 11.1(2) A vulnerability in the web-based UI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware before 11.2(1) could allow an authenticated, remote attacker to perform a command injection and execute commands with the privileges of the web server. | 8.8 |
| 2018-06-21 | CVE-2018-0365 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. | 8.8 |
| 2018-06-21 | CVE-2018-0364 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unified Communications Domain Manager A vulnerability in the web-based management interface of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. | 8.8 |
| 2018-06-21 | CVE-2018-0363 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unified Communications Manager IM and Presence Service 11.5(1) A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service (formerly CUPS) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. | 8.8 |
| 2018-06-21 | CVE-2018-0358 | Allocation of Resources Without Limits or Throttling vulnerability in Cisco Telepresence Video Communication Server A vulnerability in the file descriptor handling of Cisco TelePresence Video Communication Server (VCS) Expressway could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. | 7.5 |
| 2018-06-21 | CVE-2018-0337 | Incorrect Authorization vulnerability in Cisco Nx-Os A vulnerability in the role-based access-checking mechanisms of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on an affected device. | 7.8 |
| 2018-06-21 | CVE-2018-0313 | Injection vulnerability in Cisco Nx-Os A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to send a malicious packet to the management interface on an affected system and execute a command-injection exploit. | 8.8 |
| 2018-06-21 | CVE-2018-0311 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Nx-Os A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 7.5 |
| 2018-06-21 | CVE-2018-0309 | Resource Exhaustion vulnerability in Cisco Nx-Os 7.0(3)I5(2)/7.0(3)I6(1) A vulnerability in the implementation of a specific CLI command and the associated Simple Network Management Protocol (SNMP) MIB for Cisco NX-OS (in standalone NX-OS mode) on Cisco Nexus 3000 and 9000 Series Switches could allow an authenticated, remote attacker to exhaust system memory on an affected device, resulting in a denial of service (DoS) condition. | 7.7 |
| 2018-06-21 | CVE-2018-0306 | OS Command Injection vulnerability in Cisco Nx-Os A vulnerability in the CLI parser of Cisco NX-OS Software could allow an authenticated, local attacker to perform a command-injection attack on an affected device. | 7.8 |