Vulnerabilities > Cisco > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-13 | CVE-2017-6680 | Improper Input Validation vulnerability in Cisco Ultra Services Framework 21.0.0 A vulnerability in the AutoVNF logging function of Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to create arbitrary directories on the affected system. | 7.5 |
| 2017-06-13 | CVE-2017-6674 | Improper Input Validation vulnerability in Cisco Firesight System A vulnerability in the feature-license management functionality of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass URL filters that have been configured for an affected device. | 7.5 |
| 2017-06-13 | CVE-2017-6671 | Improper Input Validation vulnerability in Cisco Email Security Appliance Firmware 10.0.1087/9.7.1066 A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the device, as demonstrated by the Attachment Filter. | 7.5 |
| 2017-06-13 | CVE-2017-6659 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Prime Collaboration Assurance 11.5(0)/11.6 A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. | 8.8 |
| 2017-06-08 | CVE-2017-6648 | Unspecified vulnerability in Cisco Telepresence CE Software and Telepresence TC Software A vulnerability in the Session Initiation Protocol (SIP) of the Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause a TelePresence endpoint to reload unexpectedly, resulting in a denial of service (DoS) condition. | 7.5 |
| 2017-06-08 | CVE-2017-6638 | Improper Input Validation vulnerability in Cisco Anyconnect Secure Mobility Client A vulnerability in how DLL files are loaded with Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and run an executable file with privileges equivalent to the Microsoft Windows SYSTEM account. | 7.8 |
| 2017-05-22 | CVE-2017-6653 | Allocation of Resources Without Limits or Throttling vulnerability in Cisco Identity Services Engine 2.1(0.474) A vulnerability in the TCP throttling process for the GUI of the Cisco Identity Services Engine (ISE) 2.1(0.474) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device where the ISE GUI may fail to respond to new or established connection requests. | 7.5 |
| 2017-05-22 | CVE-2017-6650 | Command Injection vulnerability in Cisco Nx-Os A vulnerability in the Telnet CLI command of Cisco NX-OS System Software 7.1 through 7.3 running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injection attack. | 7.8 |
| 2017-05-22 | CVE-2017-6649 | Command Injection vulnerability in Cisco Nx-Os A vulnerability in the CLI of Cisco NX-OS System Software 7.1 through 7.3 running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injection attack. | 7.8 |
| 2017-05-22 | CVE-2017-6641 | Allocation of Resources Without Limits or Throttling vulnerability in Cisco Remote Expert Manager 11.0.0 A vulnerability in the TCP connection handling functionality of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to disable TCP ports and cause a denial of service (DoS) condition on an affected system. | 7.5 |