Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-08 | CVE-2018-0214 | OS Command Injection vulnerability in Cisco Identity Services Engine 2.1(102.103) A vulnerability in certain CLI commands of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to execute arbitrary commands on the host operating system with the privileges of the local user, aka Command Injection. | 5.3 |
| 2018-03-08 | CVE-2018-0212 | Cross-site Scripting vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 6.1 |
| 2018-03-08 | CVE-2018-0211 | Improper Input Validation vulnerability in Cisco Identity Services Engine 2.1(0.474)/2.2(1.145)/2.4(0.247) A vulnerability in specific CLI commands for the Cisco Identity Services Engine could allow an authenticated, local attacker to cause a denial of service (DoS) condition. | 4.4 |
| 2018-03-08 | CVE-2018-0208 | Cross-site Scripting vulnerability in Cisco Email Encryption 5.3.0 A vulnerability in the web-based management interface of the (cloud based) Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected service. | 5.4 |
| 2018-03-08 | CVE-2018-0144 | Cross-site Scripting vulnerability in Cisco Prime Data Center Network Manager 10.4(1.109) A vulnerability in the web-based management interface of Cisco Prime Data Center Network Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 6.1 |
| 2018-03-08 | CVE-2018-0087 | Improper Authentication vulnerability in Cisco Asyncos 10.5.1296 A vulnerability in the FTP server of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to log in to the FTP server of the device without a valid password. | 5.6 |
| 2018-03-05 | CVE-2017-17428 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits (SDKs) allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack. | 5.9 |
| 2018-02-22 | CVE-2018-0206 | Cross-site Scripting vulnerability in Cisco Unified Communications Manager 11.5(1.13900.52) A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 6.1 |
| 2018-02-22 | CVE-2018-0205 | Cross-site Scripting vulnerability in Cisco Prime Collaboration Provisioning 12.1 A vulnerability in the User Provisioning tab in the Cisco Prime Collaboration Provisioning Tool could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. | 6.1 |
| 2018-02-22 | CVE-2018-0203 | Unspecified vulnerability in Cisco Unity Connection A vulnerability in the SMTP relay of Cisco Unity Connection could allow an unauthenticated, remote attacker to send unsolicited email messages, aka a Mail Relay Vulnerability. | 5.3 |