Vulnerabilities > Cisco > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-07-18 | CVE-2018-0399 | Server-Side Request Forgery (SSRF) vulnerability in Cisco Finesse 11.5(1) Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to retrieve a cleartext password from an affected system. | 5.0 |
2018-07-18 | CVE-2018-0396 | Cross-site Scripting vulnerability in Cisco Unified Communications Manager IM and Presence Service 11.5/12.0 A vulnerability in the web framework of the Cisco Unified Communications Manager IM and Presence Service software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system. | 4.3 |
2018-07-18 | CVE-2018-0394 | Improper Input Validation vulnerability in Cisco Cloud Services Platform 2100 2.2(4) A vulnerability in the web upload function of Cisco Cloud Services Platform 2100 could allow an authenticated, remote attacker to obtain restricted shell access on an affected system. | 6.5 |
2018-07-18 | CVE-2018-0393 | Unspecified vulnerability in Cisco products A Read-Only User Effect Change vulnerability in the Policy Builder interface of Cisco Policy Suite could allow an authenticated, remote attacker to make policy changes in the Policy Builder interface. | 4.0 |
2018-07-18 | CVE-2018-0390 | Cross-site Scripting vulnerability in Cisco Webex Meetings 2.0 A vulnerability in the web framework of Cisco Webex could allow an unauthenticated, remote attacker to conduct a Document Object Model-based (DOM-based) cross-site scripting (XSS) attack against the user of the web interface of an affected system. | 4.3 |
2018-07-18 | CVE-2018-0380 | Unspecified vulnerability in Cisco Webex Meetings Online Multiple vulnerabilities exist in the Cisco Webex Network Recording Player for Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. network cisco | 4.3 |
2018-07-18 | CVE-2018-0379 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products Multiple vulnerabilities exist in the Cisco Webex Network Recording Player for Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. | 6.8 |
2018-07-18 | CVE-2018-0344 | Command Injection vulnerability in Cisco products A vulnerability in the vManage dashboard for the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. | 6.5 |
2018-07-18 | CVE-2018-0343 | Improper Privilege Management vulnerability in Cisco products A vulnerability in the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary code with vmanage user privileges or cause a denial of service (DoS) condition on an affected system. | 6.5 |
2018-07-16 | CVE-2018-0385 | Improper Input Validation vulnerability in Cisco Firepower Management Center A vulnerability in the detection engine parsing of Security Socket Layer (SSL) protocol packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the Snort process unexpectedly restarting. | 5.0 |