Vulnerabilities > Cisco > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-10 | CVE-2018-0181 | Missing Authentication for Critical Function vulnerability in Cisco products A vulnerability in the Redis implementation used by the Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent software could allow an unauthenticated, remote attacker to modify key-value pairs for short-lived events stored by the Redis server. | 7.5 |
| 2018-12-24 | CVE-2018-15465 | Incorrect Authorization vulnerability in Cisco Adaptive Security Appliance Software A vulnerability in the authorization subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, but unprivileged (levels 0 and 1), remote attacker to perform privileged actions by using the web management interface. | 8.1 |
| 2018-11-28 | CVE-2018-15441 | SQL Injection vulnerability in Cisco Prime License Manager 11.5(1) A vulnerability in the web framework code of Cisco Prime License Manager (PLM) could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. | 7.5 |
| 2018-11-08 | CVE-2018-15447 | SQL Injection vulnerability in Cisco Integrated Management Controller A vulnerability in the web framework code of Cisco Integrated Management Controller (IMC) Supervisor could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. | 7.5 |
| 2018-11-08 | CVE-2018-15394 | Unspecified vulnerability in Cisco Stealthwatch Enterprise A vulnerability in the Stealthwatch Management Console (SMC) of Cisco Stealthwatch Enterprise could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected system. | 7.5 |
| 2018-11-01 | CVE-2018-15454 | Improper Input Validation vulnerability in Cisco Adaptive Security Appliance Software A vulnerability in the Session Initiation Protocol (SIP) inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload or trigger high CPU, resulting in a denial of service (DoS) condition. | 8.6 |
| 2018-10-24 | CVE-2018-15442 | OS Command Injection vulnerability in Cisco Webex Meetings Desktop and Webex Productivity Tools A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user. | 7.2 |
| 2018-10-17 | CVE-2018-0417 | Unspecified vulnerability in Cisco Wireless LAN Controller Software A vulnerability in TACACS authentication with Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, local attacker to perform certain operations within the GUI that are not normally available to that user on the CLI. | 7.8 |
| 2018-10-17 | CVE-2018-0378 | Improper Input Validation vulnerability in Cisco Nx-Os 7.3(2)N1(0.8) A vulnerability in the Precision Time Protocol (PTP) feature of Cisco Nexus 5500, 5600, and 6000 Series Switches running Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 7.8 |
| 2018-10-05 | CVE-2018-15391 | Incorrect Calculation vulnerability in Cisco Remote PHY A vulnerability in certain IPv4 fragment-processing functions of Cisco Remote PHY Software could allow an unauthenticated, remote attacker to impact traffic passing through a device, potentially causing a denial of service (DoS) condition. | 7.8 |