Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-02 | CVE-2017-12274 | Improper Input Validation vulnerability in Cisco products A vulnerability in Extensible Authentication Protocol (EAP) ingress frame processing for the Cisco Aironet 1560, 2800, and 3800 Series Access Points could allow an unauthenticated, Layer 2 radio frequency (RF) adjacent attacker to cause the Access Point (AP) to reload, resulting in a denial of service (DoS) condition. | 6.1 |
| 2017-11-02 | CVE-2017-12273 | Improper Input Validation vulnerability in Cisco products A vulnerability in 802.11 association request frame processing for the Cisco Aironet 1560, 2800, and 3800 Series Access Points could allow an unauthenticated, Layer 2 radio frequency (RF) adjacent attacker to cause the Access Point (AP) to reload, resulting in a denial of service (DoS) condition. | 6.1 |
| 2017-11-02 | CVE-2017-12262 | Improper Initialization vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module A vulnerability within the firewall configuration of the Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) could allow an unauthenticated, adjacent attacker to gain privileged access to services only available on the internal network of the device. | 5.8 |
| 2017-10-24 | CVE-2014-0691 | Insufficient Entropy vulnerability in Cisco Webex Meetings Server 1.0 Cisco WebEx Meetings Server before 1.1 uses meeting IDs with insufficient entropy, which makes it easier for remote attackers to bypass authentication and join arbitrary meetings without a password, aka Bug ID CSCuc79643. | 5.0 |
| 2017-10-23 | CVE-2017-15805 | Path Traversal vulnerability in Cisco products Cisco Small Business SA520 and SA540 devices with firmware 2.1.71 and 2.2.0.7 allow ../ directory traversal in scgi-bin/platform.cgi via the thispage parameter, for reading arbitrary files. | 5.0 |
| 2017-10-22 | CVE-2017-12317 | Use of Hard-coded Credentials vulnerability in Cisco Advanced Malware Protection The Cisco AMP For Endpoints application allows an authenticated, local attacker to access a static key value stored in the local application software. | 4.6 |
| 2017-10-19 | CVE-2017-12298 | Cross-site Scripting vulnerability in Cisco Webex Meeting Center A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. | 4.3 |
| 2017-10-19 | CVE-2017-12296 | Cross-site Scripting vulnerability in Cisco Webex Meetings Server 2.6/2.7/2.8 A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected system. | 4.3 |
| 2017-10-19 | CVE-2017-12293 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Webex Meetings Server 2.7 A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. | 5.0 |
| 2017-10-19 | CVE-2017-12288 | Cross-site Scripting vulnerability in Cisco Finesse 11.5(1) A vulnerability in the web-based management interface of Cisco Unified Contact Center Express could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected device. | 4.3 |