Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-02 | CVE-2017-12282 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Wireless LAN Controller Software A vulnerability in the Access Network Query Protocol (ANQP) ingress frame processing functionality of Cisco Wireless LAN Controllers could allow an unauthenticated, Layer 2 RF-adjacent attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. | 6.1 |
| 2017-11-02 | CVE-2017-12279 | Information Exposure vulnerability in Cisco Aironet AP Firmware A vulnerability in the packet processing code of Cisco IOS Software for Cisco Aironet Access Points could allow an unauthenticated, adjacent attacker to retrieve content from memory on an affected device, which could lead to the disclosure of confidential information. | 4.3 |
| 2017-11-02 | CVE-2017-12278 | Missing Release of Resource after Effective Lifetime vulnerability in Cisco Wireless LAN Controller Software A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco Wireless LAN Controllers could allow an authenticated, remote attacker to cause an affected device to restart, resulting in a denial of service (DoS) condition. | 6.3 |
| 2017-11-02 | CVE-2017-12274 | Improper Input Validation vulnerability in Cisco products A vulnerability in Extensible Authentication Protocol (EAP) ingress frame processing for the Cisco Aironet 1560, 2800, and 3800 Series Access Points could allow an unauthenticated, Layer 2 radio frequency (RF) adjacent attacker to cause the Access Point (AP) to reload, resulting in a denial of service (DoS) condition. | 6.5 |
| 2017-11-02 | CVE-2017-12273 | Improper Input Validation vulnerability in Cisco products A vulnerability in 802.11 association request frame processing for the Cisco Aironet 1560, 2800, and 3800 Series Access Points could allow an unauthenticated, Layer 2 radio frequency (RF) adjacent attacker to cause the Access Point (AP) to reload, resulting in a denial of service (DoS) condition. | 6.5 |
| 2017-10-22 | CVE-2017-12317 | Use of Hard-coded Credentials vulnerability in Cisco Advanced Malware Protection The Cisco AMP For Endpoints application allows an authenticated, local attacker to access a static key value stored in the local application software. | 6.7 |
| 2017-10-19 | CVE-2017-12301 | Improper Input Validation vulnerability in Cisco Nx-Os A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and gain unauthorized access to the underlying operating system of the device. | 6.7 |
| 2017-10-19 | CVE-2017-12298 | Cross-site Scripting vulnerability in Cisco Webex Meeting Center A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. | 6.1 |
| 2017-10-19 | CVE-2017-12296 | Cross-site Scripting vulnerability in Cisco Webex Meetings Server 2.6/2.7/2.8 A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected system. | 6.1 |
| 2017-10-19 | CVE-2017-12289 | Information Exposure vulnerability in Cisco IOS A vulnerability in conditional, verbose debug logging for the IPsec feature of Cisco IOS XE Software could allow an authenticated, local attacker to display sensitive IPsec information in the system log file. | 4.4 |