Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-30 | CVE-2017-12342 | Exposure of Resource to Wrong Sphere vulnerability in Cisco Nx-Os 7.0(0)Hsk(0.357)/8.1(1) A vulnerability in the Open Agent Container (OAC) feature of Cisco Nexus Series Switches could allow an unauthenticated, local attacker to read and send packets outside the scope of the OAC. | 4.6 |
| 2017-11-30 | CVE-2017-12340 | Improper Encoding or Escaping of Output vulnerability in Cisco Nx-Os 8.1(0.70)S0 A vulnerability in Cisco NX-OS System Software running on Cisco MDS Multilayer Director Switches, Cisco Nexus 7000 Series Switches, and Cisco Nexus 7700 Series Switches could allow an authenticated, local attacker to access the Bash shell of an affected device's operating system, even if the Bash shell is disabled on the system. | 4.6 |
| 2017-11-30 | CVE-2017-12339 | Command Injection vulnerability in Cisco LAN Switch Software and Nx-Os A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. | 4.6 |
| 2017-11-30 | CVE-2017-12336 | Improper Input Validation vulnerability in Cisco Nx-Os and Unified Computing System A vulnerability in the TCL scripting subsystem of Cisco NX-OS System Software could allow an authenticated, local attacker to escape the interactive TCL shell and gain unauthorized access to the underlying operating system of the device. | 4.6 |
| 2017-11-30 | CVE-2017-12335 | Command Injection vulnerability in Cisco Nx-Os and Unified Computing System A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. | 4.6 |
| 2017-11-30 | CVE-2017-12333 | Improper Verification of Cryptographic Signature vulnerability in Cisco Nx-Os and Unified Computing System A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software image. | 4.6 |
| 2017-11-30 | CVE-2017-12332 | Unrestricted Upload of File with Dangerous Type vulnerability in Cisco Nx-Os and Unified Computing System A vulnerability in Cisco NX-OS System Software patch installation could allow an authenticated, local attacker to write a file to arbitrary locations. | 4.9 |
| 2017-11-30 | CVE-2017-12330 | Command Injection vulnerability in Cisco Nx-Os 7.0(0)Hsk(0.357)/8.1(0)Bd(0.20)/8.1(1) A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. | 4.6 |
| 2017-11-30 | CVE-2017-12329 | Command Injection vulnerability in Cisco products A vulnerability in the CLI of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. | 4.6 |
| 2017-11-30 | CVE-2017-12328 | Improper Input Validation vulnerability in Cisco IP Phone 8800 Series Firmware 11.0(0.1) A vulnerability in Session Initiation Protocol (SIP) call handling in Cisco IP Phone 8800 Series devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the SIP process unexpectedly restarts. | 5.0 |