Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-05 | CVE-2018-15428 | Improper Input Validation vulnerability in Cisco IOS XR A vulnerability in the implementation of Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. | 4.3 |
| 2018-10-05 | CVE-2018-15425 | Deserialization of Untrusted Data vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device with the privileges of the web server. | 6.5 |
| 2018-10-05 | CVE-2018-15424 | Unrestricted Upload of File with Dangerous Type vulnerability in Cisco Identity Services Engine 2.2(0.470) A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device with the privileges of the web server. | 6.5 |
| 2018-10-05 | CVE-2018-15423 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Cisco Hyperflex HX Data Platform 2.6(1D)/3.0(1A) A vulnerability in the web UI of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. | 4.3 |
| 2018-10-05 | CVE-2018-15409 | Improper Input Validation vulnerability in Cisco products A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. | 6.8 |
| 2018-10-05 | CVE-2018-15406 | Cross-site Scripting vulnerability in Cisco UCS Director 6.6 A vulnerability in the web-based management interface of Cisco UCS Director could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. | 4.3 |
| 2018-10-05 | CVE-2018-15405 | Incorrect Authorization vulnerability in Cisco UCS Director 2.1(0.0)/6.6(1.0) A vulnerability in the web interface for specific feature sets of Cisco Integrated Management Controller (IMC) Supervisor and Cisco UCS Director could allow an authenticated, remote attacker to access sensitive information. | 4.0 |
| 2018-10-05 | CVE-2018-15404 | Allocation of Resources Without Limits or Throttling vulnerability in Cisco products A vulnerability in the web interface of Cisco Integrated Management Controller (IMC) Supervisor and Cisco UCS Director could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. | 4.0 |
| 2018-10-05 | CVE-2018-15403 | Open Redirect vulnerability in Cisco products A vulnerability in the web interface of Cisco Emergency Responder, Cisco Unified Communications Manager, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an authenticated, remote attacker to redirect a user to a malicious web page. | 4.9 |
| 2018-10-05 | CVE-2018-15401 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Hosted Collaboration Mediation Fulfillment 11.5(2)/11.5(3)/12.5(1) A vulnerability in the web-based management interface of Cisco Hosted Collaboration Mediation Fulfillment could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. | 4.3 |