Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-18 | CVE-2019-1725 | OS Command Injection vulnerability in Cisco Unified Computing System A vulnerability in the local management CLI implementation for specific commands on the Cisco UCS B-Series Blade Servers could allow an authenticated, local attacker to overwrite an arbitrary file on disk. | 5.5 |
| 2019-04-18 | CVE-2019-1722 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco products A vulnerability in the FindMe feature of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. | 6.5 |
| 2019-04-18 | CVE-2019-1721 | Improper Input Validation vulnerability in Cisco Telepresence Video Communication Server A vulnerability in the phone book feature of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to cause the CPU to increase to 100% utilization, causing a denial of service (DoS) condition on an affected system. | 6.5 |
| 2019-04-18 | CVE-2019-1720 | Improper Input Validation vulnerability in Cisco Telepresence Video Communication Server A vulnerability in the XML API of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to cause the CPU to increase to 100% utilization, causing a denial of service (DoS) condition on an affected system. | 4.9 |
| 2019-04-18 | CVE-2019-1719 | Cross-site Scripting vulnerability in Cisco Identity Services Engine 2.1(0.474) A vulnerability in the web-based guest portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. | 5.4 |
| 2019-04-17 | CVE-2018-0248 | Improper Input Validation vulnerability in Cisco Wireless LAN Controller Software A vulnerability in the administrative GUI configuration feature of Cisco Wireless LAN Controller (WLC) Software could allow an aUTHENTICated, remote attacker to cause the device to reload unexpectedly during device configuration when the administrator is using this GUI, causing a denial of service (DoS) condition on an affected device. | 4.9 |
| 2019-04-04 | CVE-2019-1827 | Cross-site Scripting vulnerability in Cisco Rv320 Firmware and Rv325 Firmware A vulnerability in the Online Help web service of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the service. | 6.1 |
| 2019-03-28 | CVE-2019-1762 | Information Exposure vulnerability in Cisco IOS and IOS XE A vulnerability in the Secure Storage feature of Cisco IOS and IOS XE Software could allow an authenticated, local attacker to access sensitive system information on an affected device. | 4.4 |
| 2019-03-28 | CVE-2019-1761 | Improper Initialization vulnerability in Cisco IOS and IOS XE A vulnerability in the Hot Standby Router Protocol (HSRP) subsystem of Cisco IOS and IOS XE Software could allow an unauthenticated, adjacent attacker to receive potentially sensitive information from an affected device. | 4.3 |
| 2019-03-28 | CVE-2019-1760 | Improper Input Validation vulnerability in Cisco IOS XE A vulnerability in Performance Routing Version 3 (PfRv3) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the affected device to reload. | 5.9 |