Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-20 | CVE-2019-1879 | OS Command Injection vulnerability in Cisco products A vulnerability in the CLI of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. | 6.7 |
| 2019-06-20 | CVE-2019-1876 | Missing Authentication for Critical Function vulnerability in Cisco Wide Area Application Services 5.5(7)/6.1(1)/6.4(3B) A vulnerability in the HTTPS proxy feature of Cisco Wide Area Application Services (WAAS) Software could allow an unauthenticated, remote attacker to use the Central Manager as an HTTPS proxy. | 5.3 |
| 2019-06-20 | CVE-2019-1875 | Cross-site Scripting vulnerability in Cisco Prime Service Catalog A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. | 4.8 |
| 2019-06-20 | CVE-2019-1631 | Missing Authentication for Critical Function vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to access potentially sensitive system usage information. | 5.3 |
| 2019-06-20 | CVE-2019-1630 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products A vulnerability in the firmware signature checking program of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to cause a buffer overflow, resulting in a denial of service (DoS) condition. | 5.5 |
| 2019-06-20 | CVE-2019-1629 | Missing Authentication for Critical Function vulnerability in Cisco products A vulnerability in the configuration import utility of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to have write access and upload arbitrary data to the filesystem. | 5.3 |
| 2019-06-20 | CVE-2019-1628 | Integer Underflow (Wrap or Wraparound) vulnerability in Cisco products A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to cause a buffer overflow, resulting in a denial of service (DoS) condition on an affected device. | 5.5 |
| 2019-06-20 | CVE-2019-1627 | Cleartext Storage of Sensitive Information vulnerability in Cisco products A vulnerability in the Server Utilities of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to gain unauthorized access to sensitive user information from the configuration data that is stored on the affected system. | 6.5 |
| 2019-06-20 | CVE-2019-1623 | OS Command Injection vulnerability in Cisco Meeting Server A vulnerability in the CLI configuration shell of Cisco Meeting Server could allow an authenticated, local attacker to inject arbitrary commands as the root user. | 6.7 |
| 2019-06-05 | CVE-2019-1882 | Cross-site Scripting vulnerability in Cisco Industrial Network Director 1.5(0.250) A vulnerability in Cisco Industrial Network Director could allow an authenticated, remote attacker to conduct stored cross-site scripting (XSS) attacks. | 5.4 |