Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-10 | CVE-2018-15458 | Allocation of Resources Without Limits or Throttling vulnerability in Cisco Firepower Management Center 6.2.2/6.2.3/6.3.0 A vulnerability in the Shell Access Filter feature of Cisco Firepower Management Center (FMC), when used in conjunction with remote authentication, could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. | 5.0 |
| 2019-01-10 | CVE-2018-15457 | Cross-site Scripting vulnerability in Cisco Prime Infrastructure 3.5 A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. | 4.3 |
| 2019-01-10 | CVE-2018-15456 | Insufficiently Protected Credentials vulnerability in Cisco Identity Services Engine A vulnerability in the Admin Portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to view saved passwords in plain text. | 4.0 |
| 2019-01-10 | CVE-2018-0484 | Unspecified vulnerability in Cisco IOS 16.6.2/16.6.4 A vulnerability in the access control logic of the Secure Shell (SSH) server of Cisco IOS and IOS XE Software may allow connections sourced from a virtual routing and forwarding (VRF) instance despite the absence of the vrf-also keyword in the access-class configuration. | 4.0 |
| 2019-01-10 | CVE-2018-0474 | Insufficiently Protected Credentials vulnerability in Cisco Unified Communications Manager 10.5(2.14076.1) A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view digest credentials in clear text. | 4.0 |
| 2019-01-10 | CVE-2018-0461 | Code Injection vulnerability in Cisco IP Phone 8800 Series Firmware 12.5(1) A vulnerability in the Cisco IP Phone 8800 Series Software could allow an unauthenticated, remote attacker to conduct an arbitrary script injection attack on an affected device. | 6.8 |
| 2018-12-23 | CVE-2018-20392 | Insufficiently Protected Credentials vulnerability in Cisco Dpc2100 Firmware 2.0.2R1256060303 S-A WebSTAR DPC2100 v2.0.2r1256-060303 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | 5.0 |
| 2018-12-04 | CVE-2018-0468 | Use of Hard-coded Credentials vulnerability in Cisco Energy Management Suite 5.2 A vulnerability in the configuration of a local database installed as part of the Cisco Energy Management Suite (CEMS) could allow an authenticated, local attacker to access and alter confidential data. | 4.6 |
| 2018-11-13 | CVE-2018-15452 | Uncontrolled Search Path Element vulnerability in Cisco Advanced Malware Protection FOR Endpoints A vulnerability in the DLL loading component of Cisco Advanced Malware Protection (AMP) for Endpoints on Windows could allow an authenticated, local attacker to disable system scanning services or take other actions to prevent detection of unauthorized intrusions. | 4.6 |
| 2018-11-08 | CVE-2018-15450 | Path Traversal vulnerability in Cisco Prime Collaboration 12.1 A vulnerability in the web-based UI of Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to overwrite files on the file system. | 5.5 |