Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-16 | CVE-2017-12303 | Improperly Implemented Security Check for Standard vulnerability in Cisco Asyncos 10.1.1234/10.1.1235 A vulnerability in the Advanced Malware Protection (AMP) file filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured AMP file filtering rule. | 5.3 |
| 2017-11-16 | CVE-2017-12302 | SQL Injection vulnerability in Cisco Unified Communications Domain Manager A vulnerability in the Cisco Unified Communications Manager SQL database interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. | 4.3 |
| 2017-11-16 | CVE-2017-12300 | Improper Input Validation vulnerability in Cisco Secure Firewall Management Center A vulnerability in the SNORT detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a file policy that is configured to block the Server Message Block Version 2 (SMB2) protocol. | 5.8 |
| 2017-11-16 | CVE-2017-12299 | Improper Input Validation vulnerability in Cisco Firepower Extensible Operating System 2.2(1.58) A vulnerability exists in the process of creating default IP blocks during device initialization for Cisco ASA Next-Generation Firewall Services that could allow an unauthenticated, remote attacker to send traffic to the local IP address of the device, bypassing any filters that are configured to deny local IP management traffic. | 5.3 |
| 2017-11-16 | CVE-2017-12292 | Cross-site Scripting vulnerability in Cisco Email Encryption 5.3.0/5.3.0038 Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. | 6.1 |
| 2017-11-16 | CVE-2017-12291 | Cross-site Scripting vulnerability in Cisco Email Encryption 5.3.0/5.3.0038 Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. | 6.1 |
| 2017-11-16 | CVE-2017-12290 | Cross-site Scripting vulnerability in Cisco Email Encryption 5.3.0/5.3.0038 Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. | 6.1 |
| 2017-11-02 | CVE-2017-12295 | Information Exposure vulnerability in Cisco Webex Meetings Server A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access sensitive data about the application. | 5.3 |
| 2017-11-02 | CVE-2017-12294 | Cross-site Scripting vulnerability in Cisco Webex Meetings Server A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected system. | 5.4 |
| 2017-11-02 | CVE-2017-12283 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Aironet 3800 Firmware A vulnerability in the handling of 802.11w Protected Management Frames (PAF) by Cisco Aironet 3800 Series Access Points could allow an unauthenticated, adjacent attacker to terminate a valid user connection to an affected device, aka Denial of Service. | 6.1 |