Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-05 | CVE-2018-0435 | Improper Authentication vulnerability in Cisco Umbrella A vulnerability in the Cisco Umbrella API could allow an authenticated, remote attacker to view and modify data across their organization and other organizations. | 6.5 |
| 2018-10-05 | CVE-2018-0434 | Improper Certificate Validation vulnerability in Cisco products A vulnerability in the Zero Touch Provisioning feature of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate. | 5.8 |
| 2018-10-05 | CVE-2018-0426 | Path Traversal vulnerability in Cisco Rv110W Firmware, Rv130W Firmware and Rv215W Firmware A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain access to sensitive information. | 5.0 |
| 2018-10-05 | CVE-2018-0425 | Improper Privilege Management vulnerability in Cisco Rv110W Firmware, Rv130W Firmware and Rv215W Firmware A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain access to sensitive information. | 5.0 |
| 2018-10-05 | CVE-2018-0422 | Incorrect Permission Assignment for Critical Resource vulnerability in Cisco products A vulnerability in the folder permissions of Cisco Webex Meetings client for Windows could allow an authenticated, local attacker to modify locally stored files and execute code on a targeted device with the privilege level of the user. | 6.9 |
| 2018-10-05 | CVE-2018-0421 | Missing Release of Resource after Effective Lifetime vulnerability in Cisco products A vulnerability in TCP connection management in Cisco Prime Access Registrar could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition when the application unexpectedly restarts. | 5.0 |
| 2018-08-15 | CVE-2018-0419 | Improper Input Validation vulnerability in Cisco Email Security Appliance A vulnerability in certain attachment detection mechanisms of Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass the filtering functionality of an affected system. | 4.3 |
| 2018-08-15 | CVE-2018-0415 | 7PK - Errors vulnerability in Cisco products A vulnerability in the implementation of Extensible Authentication Protocol over LAN (EAPOL) functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an authenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. | 5.5 |
| 2018-08-15 | CVE-2018-0409 | Out-of-bounds Read vulnerability in Cisco products A vulnerability in the XCP Router service of the Cisco Unified Communications Manager IM & Presence Service (CUCM IM&P) and the Cisco TelePresence Video Communication Server (VCS) and Expressway could allow an unauthenticated, remote attacker to cause a temporary service outage for all IM&P users, resulting in a denial of service (DoS) condition. | 5.0 |
| 2018-08-15 | CVE-2018-0386 | Cross-site Scripting vulnerability in Cisco products A vulnerability in Cisco Unified Communications Domain Manager Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on an affected system. | 4.3 |