Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-17 | CVE-2018-0277 | Improper Certificate Validation vulnerability in Cisco Identity Services Engine A vulnerability in the Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) certificate validation during EAP authentication for the Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause the ISE application server to restart unexpectedly, causing a denial of service (DoS) condition on an affected system. | 5.0 |
| 2018-05-17 | CVE-2018-0270 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco IOT Field Network Director 4.2(0.4) A vulnerability in the web-based management interface of Cisco IoT Field Network Director (IoT-FND) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and alter the data of existing users and groups on an affected device. | 6.8 |
| 2018-05-02 | CVE-2018-0288 | Information Exposure vulnerability in Cisco Webex Meetings Online T31.20/T31.20.2 A vulnerability in Cisco WebEx Recording Format (WRF) Player could allow an unauthenticated, remote attacker to access sensitive data about the application. | 5.0 |
| 2018-05-02 | CVE-2018-0287 | Improper Input Validation vulnerability in Cisco Webex Meetings Online T30/T32.7 A vulnerability in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. | 6.8 |
| 2018-05-02 | CVE-2018-0286 | Improper Handling of Exceptional Conditions vulnerability in Cisco IOS XR 6.3.1/6.3.2/6.5.1 A vulnerability in the netconf interface of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on affected system. | 5.0 |
| 2018-05-02 | CVE-2018-0285 | Resource Exhaustion vulnerability in Cisco Prime Service Catalog 11.1.2 A vulnerability in service logging for Cisco Prime Service Catalog could allow an authenticated, remote attacker to deny service to the user interface. | 4.0 |
| 2018-05-02 | CVE-2018-0283 | Cleartext Transmission of Sensitive Information vulnerability in Cisco Firepower Management Center A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to restart an instance of the Snort detection engine on an affected device, resulting in a brief denial of service (DoS) condition. | 5.0 |
| 2018-05-02 | CVE-2018-0281 | Cleartext Transmission of Sensitive Information vulnerability in Cisco Firepower Management Center A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to restart an instance of the Snort detection engine on an affected device, resulting in a brief denial of service (DoS) condition. | 5.0 |
| 2018-05-02 | CVE-2018-0278 | Incorrect Authorization vulnerability in Cisco Firepower Management Center A vulnerability in the management console of Cisco Firepower System Software could allow an unauthenticated, remote attacker to access sensitive data about the system. | 4.3 |
| 2018-05-02 | CVE-2018-0264 | Improper Input Validation vulnerability in Cisco products A vulnerability in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow an unauthenticated, remote attacker to execute arbitrary code on the system of a targeted user. | 6.8 |