Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-22 | CVE-2019-1765 | Path Traversal vulnerability in Cisco products A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an authenticated, remote attacker to write arbitrary files to the filesystem. | 4.0 |
| 2019-03-22 | CVE-2019-1764 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco products A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack. | 6.8 |
| 2019-03-22 | CVE-2019-1763 | Improper Access Control vulnerability in Cisco products A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to bypass authorization, access critical services, and cause a denial of service (DoS) condition. | 5.0 |
| 2019-03-11 | CVE-2019-1702 | Cross-site Scripting vulnerability in Cisco Enterprise Chat and Email 11.6(1) Multiple vulnerabilities in the web-based management interface of Cisco Enterprise Chat and Email could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. | 4.3 |
| 2019-03-11 | CVE-2019-1617 | Improper Control of Dynamically-Managed Code Resources vulnerability in Cisco Nx-Os A vulnerability in the Fibre Channel over Ethernet (FCoE) N-port Virtualization (NPV) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. | 6.1 |
| 2019-03-11 | CVE-2019-1616 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Nx-Os A vulnerability in the Cisco Fabric Services component of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a buffer overflow, resulting in a denial of service (DoS) condition. | 5.0 |
| 2019-03-11 | CVE-2019-1615 | Improper Verification of Cryptographic Signature vulnerability in Cisco Nx-Os A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. | 4.6 |
| 2019-03-11 | CVE-2019-1613 | Command Injection vulnerability in Cisco Nx-Os A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. | 4.6 |
| 2019-03-08 | CVE-2019-1603 | Improper Authorization vulnerability in Cisco Nx-Os A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to escalate lower-level privileges to the administrator level. | 4.6 |
| 2019-03-07 | CVE-2019-1600 | Incorrect Permission Assignment for Critical Resource vulnerability in Cisco Firepower Extensible Operating System and Nx-Os A vulnerability in the file system permissions of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to access sensitive information that is stored in the file system of an affected system. | 4.4 |