Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-07 | CVE-2017-6795 | Improper Input Validation vulnerability in Cisco IOS XE A vulnerability in the USB-modem code of Cisco IOS XE Software running on Cisco ASR 920 Series Aggregation Services Routers could allow an authenticated, local attacker to overwrite arbitrary files on the underlying operating system of an affected device. | 4.4 |
| 2017-09-07 | CVE-2017-6794 | Command Injection vulnerability in Cisco Meeting Server A vulnerability in the CLI command-parsing code of Cisco Meeting Server could allow an authenticated, local attacker to perform command injection and escalate their privileges to root. | 6.7 |
| 2017-09-07 | CVE-2017-6793 | Information Exposure vulnerability in Cisco Prime Collaboration Provisioning A vulnerability in the Inventory Management feature of Cisco Prime Collaboration Provisioning Tool could allow an authenticated, remote attacker to view sensitive information on the system. | 6.5 |
| 2017-09-07 | CVE-2017-6792 | Improper Input Validation vulnerability in Cisco Prime Collaboration Provisioning A vulnerability in the batch provisioning feature in Cisco Prime Collaboration Provisioning Tool could allow an authenticated, remote attacker to overwrite system files as root. | 6.5 |
| 2017-09-07 | CVE-2017-6789 | Cross-site Scripting vulnerability in Cisco Unified Intelligence Center 11.0(1)Es10 A vulnerability in the Cisco Unified Intelligence Center web interface could allow an unauthenticated, remote attacker to impact the integrity of the system by executing a Document Object Model (DOM)-based, environment or client-side cross-site scripting (XSS) attack. | 6.1 |
| 2017-09-07 | CVE-2017-12227 | SQL Injection vulnerability in Cisco Emergency Responder A vulnerability in the SQL database interface for Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a blind SQL injection attack. | 5.4 |
| 2017-09-07 | CVE-2017-12225 | Session Fixation vulnerability in Cisco Prime LAN Management Solution 4.2(5) A vulnerability in the web functionality of the Cisco Prime LAN Management Solution could allow an authenticated, remote attacker to hijack another user's administrative session, aka a Session Fixation Vulnerability. | 6.5 |
| 2017-09-07 | CVE-2017-12224 | Information Exposure vulnerability in Cisco Meeting Server A vulnerability in the ability for guest users to join meetings via a hyperlink with Cisco Meeting Server could allow an authenticated, remote attacker to enter a meeting with a hyperlink URL, even though access should be denied. | 6.5 |
| 2017-09-07 | CVE-2017-12223 | Improper Input Validation vulnerability in Cisco Ir800 Integrated Services Router Firmware A vulnerability in the ROM Monitor (ROMMON) code of Cisco IR800 Integrated Services Router Software could allow an unauthenticated, local attacker to boot an unsigned Hypervisor on an affected device and compromise the integrity of the system. | 6.4 |
| 2017-09-07 | CVE-2017-12221 | Cross-site Scripting vulnerability in Cisco Secure Firewall Management Center A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected software. | 5.4 |