Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-17 | CVE-2018-0328 | Cross-site Scripting vulnerability in Cisco Unified Communications Manager A vulnerability in the web framework of Cisco Unified Communications Manager and Cisco Unified Presence could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. | 4.3 |
| 2018-05-17 | CVE-2018-0327 | Cross-site Scripting vulnerability in Cisco Identity Services Engine Software 2.1(0.905) A vulnerability in the web framework of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. | 4.3 |
| 2018-05-17 | CVE-2018-0326 | Protection Mechanism Failure vulnerability in Cisco Telepresence Tx9000 Firmware 10.0(2.98000.99) A vulnerability in the web UI of Cisco TelePresence Server Software could allow an unauthenticated, remote attacker to conduct a cross-frame scripting (XFS) attack against a user of the web UI of the affected software. | 4.3 |
| 2018-05-17 | CVE-2018-0325 | Improper Input Validation vulnerability in Cisco IP Phone 7800 Firmware and IP Phone 8800 Firmware A vulnerability in the Session Initiation Protocol (SIP) call-handling functionality of Cisco IP Phone 7800 Series phones and Cisco IP Phone 8800 Series phones could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected phone. | 5.0 |
| 2018-05-17 | CVE-2018-0324 | OS Command Injection vulnerability in Cisco Network Functions Virtualization Infrastructure 3.6.1/3.6.2/3.7.1 A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, high-privileged, local attacker to perform a command injection attack. | 4.6 |
| 2018-05-17 | CVE-2018-0323 | Path Traversal vulnerability in Cisco Network Functions Virtualization Infrastructure 3.6.1/3.7.1 A vulnerability in the web management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to conduct a path traversal attack on a targeted system. | 4.0 |
| 2018-05-17 | CVE-2018-0297 | Protection Mechanism Failure vulnerability in Cisco Firepower Threat Defense A vulnerability in the detection engine of Cisco Firepower Threat Defense software could allow an unauthenticated, remote attacker to bypass a configured Secure Sockets Layer (SSL) Access Control (AC) policy to block SSL traffic. | 5.0 |
| 2018-05-17 | CVE-2018-0290 | Unspecified vulnerability in Cisco Socialminer 11.6(1) A vulnerability in the TCP stack of Cisco SocialMiner could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition in the notification system. | 5.0 |
| 2018-05-17 | CVE-2018-0289 | Cross-site Scripting vulnerability in Cisco Identity Services Engine Software 2.3(0.298)/2.4(0.223) A vulnerability in the logs component of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. | 4.3 |
| 2018-05-17 | CVE-2018-0280 | Improper Input Validation vulnerability in Cisco Meeting Server A vulnerability in the Real-Time Transport Protocol (RTP) bitstream processing of the Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. | 5.0 |