Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-08 | CVE-2018-0216 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. | 5.8 |
| 2018-03-08 | CVE-2018-0215 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Identity Services Engine 2.0(0.234) A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. | 6.8 |
| 2018-03-08 | CVE-2018-0214 | OS Command Injection vulnerability in Cisco Identity Services Engine 2.1(102.103) A vulnerability in certain CLI commands of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to execute arbitrary commands on the host operating system with the privileges of the local user, aka Command Injection. | 4.6 |
| 2018-03-08 | CVE-2018-0213 | Improper Input Validation vulnerability in Cisco Identity Services Engine 2.1(0.904) A vulnerability in the credential reset functionality for Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to gain elevated privileges. | 6.5 |
| 2018-03-08 | CVE-2018-0212 | Cross-site Scripting vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 4.3 |
| 2018-03-08 | CVE-2018-0211 | Improper Input Validation vulnerability in Cisco Identity Services Engine 2.1(0.474)/2.2(1.145)/2.4(0.247) A vulnerability in specific CLI commands for the Cisco Identity Services Engine could allow an authenticated, local attacker to cause a denial of service (DoS) condition. | 4.9 |
| 2018-03-08 | CVE-2018-0210 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Data Center Network Manager 10.4(1.128)/10.4(2) A vulnerability in the web-based management interface of Cisco Data Center Network Manager could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. | 6.8 |
| 2018-03-08 | CVE-2018-0209 | Unspecified vulnerability in Cisco Small Business 500 Series Stackable Managed Switches Firmware 2.2.5.68/2.3.0.130 A vulnerability in the Simple Network Management Protocol (SNMP) subsystem communication channel through the Cisco 550X Series Stackable Managed Switches could allow an authenticated, remote attacker to cause the device to reload unexpectedly, causing a denial of service (DoS) condition. | 6.8 |
| 2018-03-08 | CVE-2018-0207 | XXE vulnerability in Cisco Secure Access Control Server Solution Engine 5.8(0.8) A vulnerability in the web-based user interface of the Cisco Secure Access Control Server prior to 5.8 patch 9 could allow an unauthenticated, remote attacker to gain read access to certain information in the affected system. | 4.3 |
| 2018-03-08 | CVE-2018-0144 | Cross-site Scripting vulnerability in Cisco Prime Data Center Network Manager 10.4(1.109) A vulnerability in the web-based management interface of Cisco Prime Data Center Network Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 4.3 |