Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-02 | CVE-2018-0245 | Improper Privilege Management vulnerability in Cisco Wireless LAN Controller Software 8.3(133.0)/8.5(105.0) A vulnerability in the REST API of Cisco 5500 and 8500 Series Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to view system information that under normal circumstances should be prohibited. | 5.3 |
| 2018-04-19 | CVE-2018-0276 | Cross-site Scripting vulnerability in Cisco Webex Connect IM A vulnerability in Cisco WebEx Connect IM could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. | 6.1 |
| 2018-04-19 | CVE-2018-0275 | Unspecified vulnerability in Cisco Identity Services Engine A vulnerability in the support tunnel feature of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to access the device's shell. | 6.7 |
| 2018-04-19 | CVE-2018-0273 | Unspecified vulnerability in Cisco Staros A vulnerability in the IPsec Manager of Cisco StarOS for Cisco Aggregation Services Router (ASR) 5000 Series Routers and Virtualized Packet Core (VPC) System Software could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from being established, resulting in a denial of service (DoS) condition. | 5.3 |
| 2018-04-19 | CVE-2018-0272 | Improper Handling of Exceptional Conditions vulnerability in Cisco Firepower 6.2.1/6.2.2.1 A vulnerability in the Secure Sockets Layer (SSL) Engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. | 5.9 |
| 2018-04-19 | CVE-2018-0269 | Incorrect Authorization vulnerability in Cisco Digital Network Architecture Center 1.1 A vulnerability in the web framework of the Cisco Digital Network Architecture Center (DNA Center) could allow an unauthenticated, remote attacker to communicate with the Kong API server without restriction. | 4.3 |
| 2018-04-19 | CVE-2018-0267 | Forced Browsing vulnerability in Cisco Unified Communications Manager A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, local attacker to view sensitive data that should be restricted. | 6.5 |
| 2018-04-19 | CVE-2018-0266 | Forced Browsing vulnerability in Cisco Unified Communications Manager A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive data. | 4.3 |
| 2018-04-19 | CVE-2018-0260 | Improper Input Validation vulnerability in Cisco Mate Live 1.3 A vulnerability in the web interface of Cisco MATE Live could allow an unauthenticated, remote attacker to view and download the contents of certain web application virtual directories. | 5.3 |
| 2018-04-19 | CVE-2018-0257 | Unspecified vulnerability in Cisco IOS XE A vulnerability in Cisco IOS XE Software running on Cisco cBR Series Converged Broadband Routers could allow an unauthenticated, adjacent attacker to cause high CPU usage on an affected device, resulting in a denial of service (DoS) condition. low complexity cisco | 4.3 |