Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-08 | CVE-2018-0123 | Path Traversal vulnerability in Cisco IOS and IOS XE A Path Traversal vulnerability in the diagnostic shell for Cisco IOS and IOS XE Software could allow an authenticated, local attacker to use certain diagnostic shell commands that can overwrite system files. | 4.9 |
| 2018-02-08 | CVE-2018-0122 | OS Command Injection vulnerability in Cisco Staros 21.3.0.67664 A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to overwrite system files that are stored in the flash memory of an affected system. | 6.6 |
| 2018-02-08 | CVE-2018-0120 | SQL Injection vulnerability in Cisco Unified Communications Manager 11.5(1.13900.52) A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct an SQL injection attack against an affected system. | 4.0 |
| 2018-02-08 | CVE-2018-0119 | Unspecified vulnerability in Cisco Conference Director 20170830 A vulnerability in certain authentication controls in the account services of Cisco Spark could allow an authenticated, remote attacker to interact with and view information on an affected device that would normally be prohibited. | 6.5 |
| 2018-02-08 | CVE-2018-0116 | Improper Authentication vulnerability in Cisco Mobility Services Engine 13.0.0/13.1.0/14.0.0 A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthenticated, remote attacker to be authorized as a subscriber without providing a valid password; however, the attacker must provide a valid username. | 6.4 |
| 2018-02-08 | CVE-2018-0113 | Improper Input Validation vulnerability in Cisco Unified Computing System Central Software 1.5(1C) A vulnerability in an operations script of Cisco UCS Central could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the daemon user. | 6.5 |
| 2018-01-18 | CVE-2018-0111 | Information Exposure vulnerability in Cisco Webex Meetings Server A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access sensitive data about the application. | 5.0 |
| 2018-01-18 | CVE-2018-0110 | Incorrect Authorization vulnerability in Cisco Webex Meetings Server A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to access the remote support account even after it has been disabled via the web application. | 5.5 |
| 2018-01-18 | CVE-2018-0109 | Information Exposure vulnerability in Cisco Webex Meetings Server A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to access sensitive data about the application. | 4.0 |
| 2018-01-18 | CVE-2018-0108 | XXE vulnerability in Cisco Webex Meetings Server A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to collect customer files via an out-of-band XML External Entity (XXE) injection. | 5.0 |