Vulnerabilities > Cisco > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-02 | CVE-2019-12675 | Improper Encoding or Escaping of Output vulnerability in Cisco products Multiple vulnerabilities in the multi-instance feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to escape the container for their FTD instance and execute commands with root privileges in the host namespace. | 8.8 |
| 2019-10-02 | CVE-2019-12674 | Improper Encoding or Escaping of Output vulnerability in Cisco products Multiple vulnerabilities in the multi-instance feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to escape the container for their FTD instance and execute commands with root privileges in the host namespace. | 8.2 |
| 2019-10-02 | CVE-2019-12673 | Improper Input Validation vulnerability in Cisco Adaptive Security Appliance A vulnerability in the FTP inspection engine of Cisco Adaptive Security (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 7.5 |
| 2019-09-25 | CVE-2019-12717 | OS Command Injection vulnerability in Cisco Nx-Os A vulnerability in a CLI command related to the virtualization manager (VMAN) in Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with root privileges. | 7.8 |
| 2019-09-25 | CVE-2019-12671 | Incorrect Authorization vulnerability in Cisco IOS XE 16.11.1 A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to gain shell access on an affected device and execute commands on the underlying operating system (OS). | 7.8 |
| 2019-09-25 | CVE-2019-12669 | Unspecified vulnerability in Cisco IOS 15.2(3)E/15.2(3)E5/16.11.1 A vulnerability in the RADIUS Change of Authorization (CoA) code of Cisco TrustSec, a feature within Cisco IOS XE Software, could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 7.5 |
| 2019-09-25 | CVE-2019-12665 | Unspecified vulnerability in Cisco IOS 15.6(2)T/Fd1.5.0 A vulnerability in the HTTP client feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to read and modify data that should normally have been sent via an encrypted channel. | 7.4 |
| 2019-09-25 | CVE-2019-12664 | Improper Authentication vulnerability in Cisco IOS XE 16.6.4 A vulnerability in the Dialer interface feature for ISDN connections in Cisco IOS XE Software for Cisco 4000 Series Integrated Services Routers (ISRs) could allow an unauthenticated, adjacent attacker to pass IPv4 traffic through an ISDN channel prior to successful PPP authentication. | 7.5 |
| 2019-09-25 | CVE-2019-12663 | Improper Input Validation vulnerability in Cisco IOS XE 16.12.1/16.6.4 A vulnerability in the Cisco TrustSec (CTS) Protected Access Credential (PAC) provisioning module of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. | 8.6 |
| 2019-09-25 | CVE-2019-12659 | Resource Exhaustion vulnerability in Cisco IOS XE 16.10.1 A vulnerability in the HTTP server code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the HTTP server to crash. | 7.5 |