Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-18 | CVE-2018-0342 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products A vulnerability in the configuration and monitoring service of the Cisco SD-WAN Solution could allow an authenticated, local attacker to execute arbitrary code with root privileges or cause a denial of service (DoS) condition on an affected device. | 6.7 |
| 2018-07-16 | CVE-2018-0384 | Protection Mechanism Failure vulnerability in Cisco Secure Firewall Management Center A vulnerability in the detection engine of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass a URL-based access control policy that is configured to block traffic for an affected system. | 5.8 |
| 2018-07-16 | CVE-2018-0366 | Cross-site Scripting vulnerability in Cisco web Security Appliance 10.1.2003/10.5.1276 A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 6.1 |
| 2018-06-21 | CVE-2018-0373 | Improper Input Validation vulnerability in Cisco Anyconnect Secure Mobility Client A vulnerability in vpnva-6.sys for 32-bit Windows and vpnva64-6.sys for 64-bit Windows of Cisco AnyConnect Secure Mobility Client for Windows Desktop could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. | 5.5 |
| 2018-06-21 | CVE-2018-0371 | Improper Input Validation vulnerability in Cisco Meeting Server 2.2.5 A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. | 6.5 |
| 2018-06-21 | CVE-2018-0362 | Improper Authentication vulnerability in Cisco products A vulnerability in BIOS authentication management of Cisco 5000 Series Enterprise Network Compute System and Cisco Unified Computing (UCS) E-Series Servers could allow an unauthenticated, local attacker to bypass the BIOS authentication and execute actions as an unprivileged user. | 4.3 |
| 2018-06-21 | CVE-2018-0359 | Session Fixation vulnerability in Cisco Meeting Server 2.3.0 A vulnerability in the session identification management functionality of the web-based management interface for Cisco Meeting Server could allow an unauthenticated, local attacker to hijack a valid user session identifier, aka Session Fixation. | 5.5 |
| 2018-06-21 | CVE-2018-0331 | Improper Input Validation vulnerability in Cisco Nx-Os A vulnerability in the Cisco Discovery Protocol (formerly known as CDP) subsystem of devices running, or based on, Cisco NX-OS Software contain a vulnerability that could allow an unauthenticated, adjacent attacker to create a denial of service (DoS) condition. | 6.5 |
| 2018-06-21 | CVE-2018-0299 | Improper Input Validation vulnerability in Cisco Nx-Os 4.1(2)E1(1R) A vulnerability in the Simple Network Management Protocol (SNMP) feature of Cisco NX-OS on the Cisco Nexus 4000 Series Switch could allow an authenticated, remote attacker to cause the device to unexpectedly reload, resulting in a denial of service (DoS) condition. | 6.5 |
| 2018-06-20 | CVE-2018-0294 | Unspecified vulnerability in Cisco Firepower Extensible Operating System, Fxos and Nx-Os A vulnerability in the write-erase feature of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to configure an unauthorized administrator account for an affected device. | 6.7 |