Vulnerabilities > Cisco > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-22 | CVE-2017-3852 | Improper Input Validation vulnerability in Cisco IOX 1.1.0/1.1(0) A vulnerability in the Cisco application-hosting framework (CAF) component of the Cisco IOx application environment could allow an authenticated, remote attacker to write or modify arbitrary files in the virtual instance running on the affected device. | 8.1 |
| 2017-03-22 | CVE-2017-3851 | Path Traversal vulnerability in Cisco IOX 1.1.0/1.1(0) A Directory Traversal vulnerability in the web framework code of the Cisco application-hosting framework (CAF) component of the Cisco IOx application environment could allow an unauthenticated, remote attacker to read any file from the CAF in the virtual instance running on the affected device. | 7.5 |
| 2017-03-21 | CVE-2017-3849 | Improper Input Validation vulnerability in Cisco IOS and IOS XE A vulnerability in the Autonomic Networking Infrastructure (ANI) registrar feature of Cisco IOS Software (possibly 15.2 through 15.6) and Cisco IOS XE Software (possibly 3.7 through 3.18, and 16) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. | 7.4 |
| 2017-03-15 | CVE-2017-3854 | Improper Authentication vulnerability in Cisco products A vulnerability in the mesh code of Cisco Wireless LAN Controller (WLC) software could allow an unauthenticated, remote attacker to impersonate a WLC in a meshed topology. | 8.8 |
| 2017-03-15 | CVE-2017-3846 | Improper Input Validation vulnerability in Cisco Tidal Enterprise Scheduler A vulnerability in the Client Manager Server of Cisco Workload Automation and Cisco Tidal Enterprise Scheduler could allow an unauthenticated, remote attacker to retrieve any file from the Client Manager Server. | 8.6 |
| 2017-03-15 | CVE-2017-3819 | Missing Authentication for Critical Function vulnerability in Cisco ASR 5000 Series Software and Virtualized Packet Core A privilege escalation vulnerability in the Secure Shell (SSH) subsystem in the StarOS operating system for Cisco ASR 5000 Series, ASR 5500 Series, ASR 5700 Series devices, and Cisco Virtualized Packet Core could allow an authenticated, remote attacker to gain unrestricted, root shell access. | 8.8 |
| 2017-03-01 | CVE-2017-3826 | Improper Input Validation vulnerability in Cisco Netflow Generation Appliance Software A vulnerability in the Stream Control Transmission Protocol (SCTP) decoder of the Cisco NetFlow Generation Appliance (NGA) with software before 1.1(1a) could allow an unauthenticated, remote attacker to cause the device to hang or unexpectedly reload, causing a denial of service (DoS) condition. | 7.5 |
| 2017-02-22 | CVE-2017-3841 | Information Exposure vulnerability in Cisco Secure Access Control System 5.8(2.5) A vulnerability in the web interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to disclose sensitive information. | 7.5 |
| 2017-02-22 | CVE-2017-3837 | Improper Input Validation vulnerability in Cisco Meeting Server An HTTP Packet Processing vulnerability in the Web Bridge interface of the Cisco Meeting Server (CMS), formerly Acano Conferencing Server, could allow an authenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information. | 8.1 |
| 2017-02-22 | CVE-2017-3835 | SQL Injection vulnerability in Cisco Identity Services Engine Software 1.4(0.908) A vulnerability in the sponsor portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access notices owned by other users, because of SQL Injection. | 8.8 |