Vulnerabilities > Cisco > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-08 | CVE-2018-0116 | Improper Authentication vulnerability in Cisco Mobility Services Engine 13.0.0/13.1.0/14.0.0 A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthenticated, remote attacker to be authorized as a subscriber without providing a valid password; however, the attacker must provide a valid username. | 7.2 |
| 2018-02-08 | CVE-2018-0113 | Improper Input Validation vulnerability in Cisco Unified Computing System Central Software 1.5(1C) A vulnerability in an operations script of Cisco UCS Central could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the daemon user. | 8.8 |
| 2018-01-31 | CVE-2018-0136 | Unspecified vulnerability in Cisco IOS XR 5.3.4 A vulnerability in the IPv6 subsystem of Cisco IOS XR Software Release 5.3.4 for the Cisco Aggregation Services Router (ASR) 9000 Series could allow an unauthenticated, remote attacker to trigger a reload of one or more Trident-based line cards, resulting in a denial of service (DoS) condition. | 8.6 |
| 2018-01-18 | CVE-2018-0110 | Incorrect Authorization vulnerability in Cisco Webex Meetings Server A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to access the remote support account even after it has been disabled via the web application. | 8.1 |
| 2018-01-18 | CVE-2018-0107 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Prime Service Catalog A vulnerability in the web framework of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device. | 8.8 |
| 2018-01-18 | CVE-2018-0102 | Double Free vulnerability in Cisco Nx-Os 7.2(1)D(1)/7.2(2)D1(1)/7.2(2)D1(2) A vulnerability in the Pong tool of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. | 7.4 |
| 2018-01-18 | CVE-2018-0099 | OS Command Injection vulnerability in Cisco D9800 Firmware A vulnerability in the web management GUI of the Cisco D9800 Network Transport Receiver could allow an authenticated, remote attacker to perform a command injection attack. | 8.8 |
| 2018-01-18 | CVE-2018-0095 | Unspecified vulnerability in Cisco Asyncos 9.1.1005/9.7.2065 A vulnerability in the administrative shell of Cisco AsyncOS on Cisco Email Security Appliance (ESA) and Content Security Management Appliance (SMA) could allow an authenticated, local attacker to escalate their privilege level and gain root access. | 7.8 |
| 2018-01-18 | CVE-2018-0094 | Resource Exhaustion vulnerability in Cisco Unified Computing System Central Software 1.4(1A) A vulnerability in IPv6 ingress packet processing for Cisco UCS Central Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high CPU utilization on the targeted device. | 7.5 |
| 2018-01-18 | CVE-2018-0092 | Missing Authorization vulnerability in Cisco Nx-Os 7.0(3)I5(2)/7.0(3)I6(1)/7.0(3)I7(1) A vulnerability in the network-operator user role implementation for Cisco NX-OS System Software could allow an authenticated, local attacker to improperly delete valid user accounts. | 7.1 |