Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-15 | CVE-2019-1770 | OS Command Injection vulnerability in Cisco Ns-Ox A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. | 6.7 |
| 2019-05-15 | CVE-2019-1769 | OS Command Injection vulnerability in Cisco Nx-Os A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying Linux operating system of an attached line card with the privilege level of root. | 6.7 |
| 2019-05-15 | CVE-2019-1732 | Improper Locking vulnerability in Cisco Nx-Os A vulnerability in the Remote Package Manager (RPM) subsystem of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to leverage a time-of-check, time-of-use (TOCTOU) race condition to corrupt local variables, which could lead to arbitrary command injection. | 6.9 |
| 2019-05-15 | CVE-2019-1729 | Improper Input Validation vulnerability in Cisco Nx-Os A vulnerability in the CLI implementation of a specific command used for image maintenance for Cisco NX-OS Software could allow an authenticated, local attacker to overwrite any file on the file system including system files. | 6.6 |
| 2019-05-15 | CVE-2019-1726 | Improper Input Validation vulnerability in Cisco Nx-Os A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to access internal services that should be restricted on an affected device, such as the NX-API. | 4.6 |
| 2019-05-15 | CVE-2019-1717 | Path Traversal vulnerability in Cisco Video Surveillance Manager 7.21 A vulnerability in the web-based management interface of Cisco Video Surveillance Manager could allow an unauthenticated, remote attacker to access sensitive information. | 5.0 |
| 2019-05-13 | CVE-2019-1649 | Improper Locking vulnerability in Cisco products A vulnerability in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component. | 6.7 |
| 2019-05-03 | CVE-2019-1859 | Incorrect Authorization vulnerability in Cisco products A vulnerability in the Secure Shell (SSH) authentication process of Cisco Small Business Switches software could allow an attacker to bypass client-side certificate authentication and revert to password authentication. | 6.5 |
| 2019-05-03 | CVE-2019-1857 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco HyperFlex HX-Series could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. | 6.8 |
| 2019-05-03 | CVE-2019-1856 | Cross-site Scripting vulnerability in Cisco Prime Collaboration Assurance 12.1 A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance (PCA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 4.3 |