Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-19 | CVE-2017-12288 | Cross-site Scripting vulnerability in Cisco Finesse 11.5(1) A vulnerability in the web-based management interface of Cisco Unified Contact Center Express could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected device. | 6.1 |
| 2017-10-19 | CVE-2017-12287 | Improper Input Validation vulnerability in Cisco products A vulnerability in the cluster database (CDB) management component of Cisco Expressway Series Software and Cisco TelePresence Video Communication Server (VCS) Software could allow an authenticated, remote attacker to cause the CDB process on an affected system to restart unexpectedly, resulting in a temporary denial of service (DoS) condition. | 4.3 |
| 2017-10-19 | CVE-2017-12286 | Improper Input Validation vulnerability in Cisco Jabber and Webex Meeting Center A vulnerability in the web interface of Cisco Jabber could allow an authenticated, local attacker to retrieve user profile information from the affected software, which could lead to the disclosure of confidential information. | 5.5 |
| 2017-10-19 | CVE-2017-12285 | Improper Input Validation vulnerability in Cisco Prime Network Analysis Module 6.2(1B) A vulnerability in the web interface of Cisco Network Analysis Module Software could allow an unauthenticated, remote attacker to delete arbitrary files from an affected system, aka Directory Traversal. | 5.3 |
| 2017-10-19 | CVE-2017-12284 | Information Exposure vulnerability in Cisco Jabber 11.8(.4) A vulnerability in the web interface of Cisco Jabber for Windows Client could allow an authenticated, local attacker to retrieve user profile information, which could lead to the disclosure of confidential information. | 5.5 |
| 2017-10-19 | CVE-2017-12272 | Cross-site Scripting vulnerability in Cisco IOS XE 16.1.2/16.2.0/16.3(1) A vulnerability in the web framework code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected software. | 6.1 |
| 2017-10-12 | CVE-2015-6358 | Improper Certificate Validation vulnerability in Cisco products Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913. | 5.9 |
| 2017-10-05 | CVE-2017-12269 | Cross-site Scripting vulnerability in Cisco Spark A vulnerability in the web UI of Cisco Spark Messaging Software could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack. | 5.4 |
| 2017-10-05 | CVE-2017-12268 | Unspecified vulnerability in Cisco Anyconnect Secure Mobility Client 4.5(822) A vulnerability in the Network Access Manager (NAM) of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to enable multiple network adapters, aka a Dual-Homed Interface vulnerability. | 6.5 |
| 2017-10-05 | CVE-2017-12267 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products A vulnerability in the Independent Computing Architecture (ICA) accelerator feature for the Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause an ICA application optimization-related process to restart, resulting in a partial denial of service (DoS) condition. | 5.3 |