Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-30 | CVE-2017-12297 | Improper Input Validation vulnerability in Cisco Webex Meeting Center A vulnerability in Cisco WebEx Meeting Center could allow an authenticated, remote attacker to initiate connections to arbitrary hosts, aka a "URL Redirection Vulnerability." The vulnerability is due to insufficient access control for HTTP traffic directed to the Cisco WebEx Meeting Center. | 4.0 |
| 2017-11-16 | CVE-2017-12323 | Cross-site Scripting vulnerability in Cisco Registered Envelope Service Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. | 4.3 |
| 2017-11-16 | CVE-2017-12322 | Cross-site Scripting vulnerability in Cisco Email Encryption 5.3.0038 Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. | 4.3 |
| 2017-11-16 | CVE-2017-12321 | Cross-site Scripting vulnerability in Cisco Registered Envelope Service Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. | 4.3 |
| 2017-11-16 | CVE-2017-12320 | Cross-site Scripting vulnerability in Cisco Registered Envelope Service Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. | 4.3 |
| 2017-11-16 | CVE-2017-12318 | Resource Exhaustion vulnerability in Cisco RF Gateway 1 Firmware A vulnerability in the TCP state machine of Cisco RF Gateway 1 devices could allow an unauthenticated, remote attacker to prevent an affected device from delivering switched digital video (SDV) or video on demand (VoD) streams, resulting in a denial of service (DoS) condition. | 5.0 |
| 2017-11-16 | CVE-2017-12316 | Improper Restriction of Excessive Authentication Attempts vulnerability in Cisco Identity Services Engine Software 2.1(0.229) A vulnerability in the Guest Portal login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. | 5.0 |
| 2017-11-16 | CVE-2017-12314 | Uncontrolled Search Path Element vulnerability in Cisco Findit Network Discovery Utility 2.1 A vulnerability in the Cisco FindIT Network Discovery Utility could allow an authenticated, local attacker to perform a DLL preloading attack, potentially causing a partial impact to the device availability, confidentiality, and integrity, aka Insecure Library Loading. | 4.6 |
| 2017-11-16 | CVE-2017-12311 | Improper Input Validation vulnerability in Cisco Meeting Server A vulnerability in the H.264 decoder function of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a Cisco Meeting Server media process to restart unexpectedly when it receives an illegal H.264 frame. | 5.0 |
| 2017-11-16 | CVE-2017-12309 | HTTP Response Splitting vulnerability in Cisco Email Security Appliance Firmware 10.0.2020/11.0.0105 A vulnerability in the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a HTTP response splitting attack. | 5.0 |