Vulnerabilities > Cisco > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-06-20 | CVE-2019-1629 | Missing Authentication for Critical Function vulnerability in Cisco products A vulnerability in the configuration import utility of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to have write access and upload arbitrary data to the filesystem. | 5.0 |
2019-06-20 | CVE-2019-1627 | Information Exposure vulnerability in Cisco products A vulnerability in the Server Utilities of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to gain unauthorized access to sensitive user information from the configuration data that is stored on the affected system. | 4.0 |
2019-06-20 | CVE-2019-1626 | Permissions, Privileges, and Access Controls vulnerability in Cisco Sd-Wan Firmware A vulnerability in the vManage web-based UI (Web UI) of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to gain elevated privileges on an affected vManage device. | 6.5 |
2019-06-05 | CVE-2019-1881 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Industrial Network Director 1.5(0.250) A vulnerability in the web-based management interface of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. | 6.8 |
2019-06-05 | CVE-2019-1872 | Server-Side Request Forgery (SSRF) vulnerability in Cisco Telepresence Video Communication Server A vulnerability in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway Series software could allow an unauthenticated, remote attacker to cause an affected system to send arbitrary network requests. | 5.0 |
2019-06-05 | CVE-2019-1870 | Cross-site Scripting vulnerability in Cisco Enterprise Chat and Email 11.6(1)/11.6(1)Es6 A vulnerability in the web-based management interface of Cisco Enterprise Chat and Email (ECE) Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 4.3 |
2019-06-05 | CVE-2019-1868 | Unspecified vulnerability in Cisco Webex Meetings Server 2.6 A vulnerability in the web-based management interface of Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to access sensitive system information. | 5.0 |
2019-06-05 | CVE-2019-1845 | Improper Input Validation vulnerability in Cisco products A vulnerability in the authentication service of the Cisco Unified Communications Manager IM and Presence (Unified CM IM&P) Service, Cisco TelePresence Video Communication Server (VCS), and Cisco Expressway Series could allow an unauthenticated, remote attacker to cause a service outage for users attempting to authenticate, resulting in a denial of service (DoS) condition. | 5.0 |
2019-06-05 | CVE-2019-1842 | Improper Authentication vulnerability in Cisco IOS XR Firmware A vulnerability in the Secure Shell (SSH) authentication function of Cisco IOS XR Software could allow an authenticated, remote attacker to successfully log in to an affected device using two distinct usernames. | 5.5 |
2019-05-16 | CVE-2019-1780 | Argument Injection or Modification vulnerability in Cisco Nx-Os A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying operating system of an affected device with elevated privileges. | 6.7 |