Vulnerabilities > Cisco > Low

DATE CVE VULNERABILITY TITLE RISK
2020-01-15 CVE-2012-0334 Improper Input Validation vulnerability in Cisco Ironport web Security Appliance
Cisco IronPort Web Security Appliance AsyncOS software prior to 7.5 has a SSL Certificate Caching vulnerability which could allow man-in-the-middle attacks
high complexity
cisco CWE-20
3.2
3.2
2019-11-26 CVE-2019-15968 Cross-site Scripting vulnerability in Cisco products
A vulnerability in the web-based management interface of Cisco Unified Communications Domain Manager (Unified CDM) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system.
network
cisco CWE-79
3.5
3.5
2019-11-26 CVE-2019-15967 Unspecified vulnerability in Cisco Roomos and Telepresence Collaboration Endpoint
A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS Software could allow an authenticated, local attacker to enable audio recording without notifying users.
local
low complexity
cisco
2.1
2.1
2019-10-16 CVE-2019-12637 Cross-site Scripting vulnerability in Cisco Identity Services Engine
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web-based management interface.
network
cisco CWE-79
3.5
3.5
2019-10-16 CVE-2019-12638 Cross-site Scripting vulnerability in Cisco Identity Services Engine
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web-based management interface.
network
cisco CWE-79
3.5
3.5
2019-10-16 CVE-2019-12702 Cross-site Scripting vulnerability in Cisco Spa112 Firmware and Spa122 Firmware
A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to conduct cross-site scripting attacks.
network
cisco CWE-79
3.5
3.5
2019-10-16 CVE-2019-12703 Cross-site Scripting vulnerability in Cisco Spa122 Firmware 1.4.1
A vulnerability in the web-based management interface of Cisco SPA122 ATA with Router Devices could allow an unauthenticated, adjacent attacker to conduct cross-site scripting attacks. 		2.9
2.9
2019-10-16 CVE-2019-15265 Improper Input Validation vulnerability in Cisco products
A vulnerability in the bridge protocol data unit (BPDU) forwarding functionality of Cisco Aironet Access Points (APs) could allow an unauthenticated, adjacent attacker to cause an AP port to go into an error disabled state.
local
low complexity
cisco CWE-20
2.1
2.1
2019-10-16 CVE-2019-15266 Path Traversal vulnerability in Cisco Wireless LAN Controller Software
A vulnerability in the CLI of Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, local attacker to view system files that should be restricted.
local
low complexity
cisco CWE-22
2.1
2.1
2019-10-16 CVE-2019-15268 Cross-site Scripting vulnerability in Cisco products
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface.
network
cisco CWE-79
3.5
3.5