Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-20 | CVE-2019-1848 | Exposure of Resource to Wrong Sphere vulnerability in Cisco Digital Network Architecture Center A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, adjacent attacker to bypass authentication and access critical internal services. | 4.8 |
| 2019-06-20 | CVE-2019-1843 | Improper Input Validation vulnerability in Cisco Rv110W Firmware, Rv130W Firmware and Rv215W Firmware A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. | 5.0 |
| 2019-06-20 | CVE-2019-1632 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. | 6.0 |
| 2019-06-20 | CVE-2019-1631 | Missing Authentication for Critical Function vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to access potentially sensitive system usage information. | 5.0 |
| 2019-06-20 | CVE-2019-1629 | Missing Authentication for Critical Function vulnerability in Cisco products A vulnerability in the configuration import utility of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to have write access and upload arbitrary data to the filesystem. | 5.0 |
| 2019-06-20 | CVE-2019-1627 | Information Exposure vulnerability in Cisco products A vulnerability in the Server Utilities of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to gain unauthorized access to sensitive user information from the configuration data that is stored on the affected system. | 4.0 |
| 2019-06-20 | CVE-2019-1626 | Permissions, Privileges, and Access Controls vulnerability in Cisco Sd-Wan Firmware A vulnerability in the vManage web-based UI (Web UI) of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to gain elevated privileges on an affected vManage device. | 6.5 |
| 2019-06-05 | CVE-2019-1881 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Industrial Network Director 1.5(0.250) A vulnerability in the web-based management interface of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. | 6.8 |
| 2019-06-05 | CVE-2019-1872 | Server-Side Request Forgery (SSRF) vulnerability in Cisco Telepresence Video Communication Server A vulnerability in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway Series software could allow an unauthenticated, remote attacker to cause an affected system to send arbitrary network requests. | 5.0 |
| 2019-06-05 | CVE-2019-1870 | Cross-site Scripting vulnerability in Cisco Enterprise Chat and Email 11.6(1)/11.6(1)Es6 A vulnerability in the web-based management interface of Cisco Enterprise Chat and Email (ECE) Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 4.3 |