Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-27 | CVE-2018-0198 | Forced Browsing vulnerability in Cisco Unified Communications Manager A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. | 5.3 |
| 2018-03-27 | CVE-2017-12319 | Unspecified vulnerability in Cisco IOS and IOS XE A vulnerability in the Border Gateway Protocol (BGP) over an Ethernet Virtual Private Network (EVPN) for Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a denial of service (DoS) condition, or potentially corrupt the BGP routing table, which could result in network instability. | 5.9 |
| 2018-03-08 | CVE-2018-0224 | OS Command Injection vulnerability in Cisco Staros 21.3.0.67664/21.5.0 A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected operating system. | 6.7 |
| 2018-03-08 | CVE-2018-0223 | Cross-site Scripting vulnerability in Cisco Security Manager 4.9(0)Qa99 A vulnerability in DesktopServlet in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based interface. | 6.1 |
| 2018-03-08 | CVE-2018-0221 | OS Command Injection vulnerability in Cisco Identity Services Engine A vulnerability in specific CLI commands for the Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to perform command injection to the underlying operating system or cause a hang or disconnect of the user session. | 6.7 |
| 2018-03-08 | CVE-2018-0220 | Cross-site Scripting vulnerability in Cisco Videoscape Anyres Live 9.7.6 A vulnerability in the web-based management interface of Cisco Videoscape AnyRes Live could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 5.4 |
| 2018-03-08 | CVE-2018-0219 | Cross-site Scripting vulnerability in Cisco Unified Computing System Director 6.6(0.0) A vulnerability in the web-based management interface of Cisco Unified Computing System (UCS) Director could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 6.1 |
| 2018-03-08 | CVE-2018-0217 | OS Command Injection vulnerability in Cisco products A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to perform a command injection attack on an affected system. | 6.7 |
| 2018-03-08 | CVE-2018-0216 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. | 5.4 |
| 2018-03-08 | CVE-2018-0215 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Identity Services Engine 2.0(0.234) A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. | 6.3 |