Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-07 | CVE-2018-0329 | Use of Hard-coded Credentials vulnerability in Cisco Wide Area Application Services 6.2(3)/6.4(1) A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) feature of Cisco Wide Area Application Services (WAAS) Software could allow an unauthenticated, remote attacker to read data from an affected device via SNMP. | 5.3 |
| 2018-06-07 | CVE-2018-0149 | Cross-site Scripting vulnerability in Cisco Integrated Management Controller Supervisor 2.1(0.2)/2.2(0.2) A vulnerability in the web-based management interface of Cisco Integrated Management Controller Supervisor Software and Cisco UCS Director Software could allow an authenticated, remote attacker to conduct a Document Object Model-based (DOM-based), stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 4.8 |
| 2018-06-04 | CVE-2017-16007 | Unspecified vulnerability in Cisco Node-Jose node-jose is a JavaScript implementation of the JSON Object Signing and Encryption (JOSE) for current web browsers and node.js-based servers. | 5.9 |
| 2018-05-17 | CVE-2018-0328 | Cross-site Scripting vulnerability in Cisco Unified Communications Manager A vulnerability in the web framework of Cisco Unified Communications Manager and Cisco Unified Presence could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. | 6.1 |
| 2018-05-17 | CVE-2018-0327 | Cross-site Scripting vulnerability in Cisco Identity Services Engine Software 2.1(0.905) A vulnerability in the web framework of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. | 6.1 |
| 2018-05-17 | CVE-2018-0326 | Protection Mechanism Failure vulnerability in Cisco Telepresence Tx9000 Firmware 10.0(2.98000.99) A vulnerability in the web UI of Cisco TelePresence Server Software could allow an unauthenticated, remote attacker to conduct a cross-frame scripting (XFS) attack against a user of the web UI of the affected software. | 6.1 |
| 2018-05-17 | CVE-2018-0324 | OS Command Injection vulnerability in Cisco Network Functions Virtualization Infrastructure 3.6.1/3.6.2/3.7.1 A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, high-privileged, local attacker to perform a command injection attack. | 6.7 |
| 2018-05-17 | CVE-2018-0323 | Path Traversal vulnerability in Cisco Network Functions Virtualization Infrastructure 3.6.1/3.7.1 A vulnerability in the web management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to conduct a path traversal attack on a targeted system. | 6.5 |
| 2018-05-17 | CVE-2018-0297 | Protection Mechanism Failure vulnerability in Cisco Firepower Threat Defense A vulnerability in the detection engine of Cisco Firepower Threat Defense software could allow an unauthenticated, remote attacker to bypass a configured Secure Sockets Layer (SSL) Access Control (AC) policy to block SSL traffic. | 5.8 |
| 2018-05-17 | CVE-2018-0290 | Unspecified vulnerability in Cisco Socialminer 11.6(1) A vulnerability in the TCP stack of Cisco SocialMiner could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition in the notification system. | 5.3 |