Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-07 | CVE-2019-1680 | Improper Input Validation vulnerability in Cisco Webex Business Suite and Webex Meetings Online A vulnerability in Cisco Webex Business Suite could allow an unauthenticated, remote attacker to inject arbitrary text into a user's browser. | 4.3 |
| 2019-02-07 | CVE-2019-1679 | Server-Side Request Forgery (SSRF) vulnerability in Cisco Telepresence Video Communication Server A vulnerability in the web interface of Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server (VCS) Software could allow an authenticated, remote attacker to trigger an HTTP request from an affected server to an arbitrary host. | 5.0 |
| 2019-02-07 | CVE-2019-1660 | Permissions, Privileges, and Access Controls vulnerability in Cisco Telepresence Management Suite A vulnerability in the Simple Object Access Protocol (SOAP) of Cisco TelePresence Management Suite (TMS) software could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. | 5.0 |
| 2019-02-07 | CVE-2019-1678 | Improper Input Validation vulnerability in Cisco Meeting Server 2.3.6 A vulnerability in Cisco Meeting Server could allow an authenticated, remote attacker to cause a partial denial of service (DoS) to Cisco Meetings application users who are paired with a Session Initiation Protocol (SIP) endpoint. | 4.3 |
| 2019-02-07 | CVE-2019-1677 | Cross-site Scripting vulnerability in Cisco Webex Meetings A vulnerability in Cisco Webex Meetings for Android could allow an unauthenticated, local attacker to perform a cross-site scripting attack against the application. | 4.6 |
| 2019-01-24 | CVE-2019-1669 | Protection Mechanism Failure vulnerability in Cisco Firepower Threat Defense 6.3.0/6.4.0 A vulnerability in the data acquisition (DAQ) component of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured access control policies or cause a denial of service (DoS) condition. | 5.0 |
| 2019-01-24 | CVE-2019-1668 | Cross-site Scripting vulnerability in Cisco Socialminer 11.6(1)/11.6(2)/12.0(1) A vulnerability in the chat feed feature of Cisco SocialMiner could allow an unauthenticated, remote attacker to perform cross-site scripting (XSS) attacks against a user of the web-based user interface of an affected system. | 6.1 |
| 2019-01-24 | CVE-2019-1658 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unified Intelligence Center 11.6(1) A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. | 4.3 |
| 2019-01-24 | CVE-2019-1657 | Credentials Management vulnerability in Cisco AMP Threat Grid Appliance and AMP Threat Grid Cloud A vulnerability in Cisco AMP Threat Grid could allow an authenticated, remote attacker to access sensitive information. | 4.0 |
| 2019-01-24 | CVE-2019-1656 | Improper Input Validation vulnerability in Cisco Enterprise NFV Infrastructure Software 3.9.1 A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to access the shell of the underlying Linux operating system on the affected device. | 4.6 |