Vulnerabilities > Cisco > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-21 | CVE-2019-1664 | Improper Access Control vulnerability in Cisco Hyperflex HX Data Platform A vulnerability in the hxterm service of Cisco HyperFlex Software could allow an unauthenticated, local attacker to gain root access to all nodes in the cluster. | 7.2 |
| 2019-02-20 | CVE-2018-15380 | OS Command Injection vulnerability in Cisco Hyperflex HX Data Platform 3.0(1A)/3.5(1A) A vulnerability in the cluster service manager of Cisco HyperFlex Software could allow an unauthenticated, adjacent attacker to execute commands as the root user. | 8.3 |
| 2019-02-12 | CVE-2019-1688 | Use of Hard-coded Credentials vulnerability in Cisco Network Assurance Engine 3.0(1) A vulnerability in the management web interface of Cisco Network Assurance Engine (NAE) could allow an unauthenticated, local attacker to gain unauthorized access or cause a Denial of Service (DoS) condition on the server. | 7.1 |
| 2019-02-07 | CVE-2019-1675 | Use of Hard-coded Credentials vulnerability in Cisco products A vulnerability in the default configuration of the Cisco Aironet Active Sensor could allow an unauthenticated, remote attacker to restart the sensor. | 7.8 |
| 2019-01-24 | CVE-2019-1648 | Permissions, Privileges, and Access Controls vulnerability in Cisco products A vulnerability in the user group configuration of the Cisco SD-WAN Solution could allow an authenticated, local attacker to gain elevated privileges on an affected device. | 7.2 |
| 2019-01-24 | CVE-2019-1647 | Improper Access Control vulnerability in Cisco Sd-Wan and Vsmart Controller A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, adjacent attacker to bypass authentication and have direct unauthorized access to other vSmart containers. | 7.7 |
| 2019-01-24 | CVE-2019-1646 | Permissions, Privileges, and Access Controls vulnerability in Cisco products A vulnerability in the local CLI of the Cisco SD-WAN Solution could allow an authenticated, local attacker to escalate privileges and modify device configuration files. | 7.2 |
| 2019-01-10 | CVE-2018-15460 | Allocation of Resources Without Limits or Throttling vulnerability in Cisco Asyncos A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to cause the CPU utilization to increase to 100 percent, causing a denial of service (DoS) condition on an affected device. | 7.8 |
| 2019-01-10 | CVE-2018-15453 | Out-of-bounds Write vulnerability in Cisco Email Security Appliance Firmware 11.0.1401/11.1.0131 A vulnerability in the Secure/Multipurpose Internet Mail Extensions (S/MIME) Decryption and Verification or S/MIME Public Key Harvesting features of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause an affected device to corrupt system memory. | 7.8 |
| 2019-01-10 | CVE-2018-0282 | Unspecified vulnerability in Cisco IOS and IOS XE A vulnerability in the TCP socket code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. network cisco | 7.1 |