Vulnerabilities > Cisco > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-06-20 CVE-2019-1906 Improper Input Validation vulnerability in Cisco Prime Infrastructure 3.6
A vulnerability in the Virtual Domain system of Cisco Prime Infrastructure (PI) could allow an authenticated, remote attacker to change the virtual domain configuration, which could lead to privilege escalation.
network
low complexity
cisco CWE-20
6.5
2019-06-20 CVE-2019-1905 Improper Input Validation vulnerability in Cisco Email Security Appliance 11.1.2/12.0.0
A vulnerability in the GZIP decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured content filters on the device.
network
low complexity
cisco CWE-20
5.8
2019-06-20 CVE-2019-1899 Forced Browsing vulnerability in Cisco Rv110W Firmware, Rv130W Firmware and Rv215W Firmware
A vulnerability in the web interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to acquire the list of devices that are connected to the guest network.
network
low complexity
cisco CWE-425
5.3
2019-06-20 CVE-2019-1898 Forced Browsing vulnerability in Cisco Rv110W Firmware, Rv130W Firmware and Rv215W Firmware
A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to access the syslog file on an affected device.
network
low complexity
cisco CWE-425
5.3
2019-06-20 CVE-2019-1897 Missing Authentication for Critical Function vulnerability in Cisco Rv110W Firmware, Rv130W Firmware and Rv215W Firmware
A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to disconnect clients that are connected to the guest network on an affected router.
network
low complexity
cisco CWE-306
5.3
2019-06-20 CVE-2019-1879 OS Command Injection vulnerability in Cisco products
A vulnerability in the CLI of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges.
local
low complexity
cisco CWE-78
6.7
2019-06-20 CVE-2019-1876 Missing Authentication for Critical Function vulnerability in Cisco Wide Area Application Services 5.5(7)/6.1(1)/6.4(3B)
A vulnerability in the HTTPS proxy feature of Cisco Wide Area Application Services (WAAS) Software could allow an unauthenticated, remote attacker to use the Central Manager as an HTTPS proxy.
network
low complexity
cisco CWE-306
5.3
2019-06-20 CVE-2019-1875 Cross-site Scripting vulnerability in Cisco Prime Service Catalog
A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface.
network
low complexity
cisco CWE-79
4.8
2019-06-20 CVE-2019-1631 Missing Authentication for Critical Function vulnerability in Cisco products
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to access potentially sensitive system usage information.
network
low complexity
cisco CWE-306
5.3
2019-06-20 CVE-2019-1630 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products
A vulnerability in the firmware signature checking program of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to cause a buffer overflow, resulting in a denial of service (DoS) condition.
local
low complexity
cisco CWE-119
5.5