Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-12 | CVE-2015-6358 | Improper Certificate Validation vulnerability in Cisco products Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913. | 4.3 |
| 2017-10-05 | CVE-2017-12270 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco IOS XR A vulnerability in the gRPC code of Cisco IOS XR Software for Cisco Network Convergence System (NCS) 5500 Series Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition when the emsd service stops. | 5.0 |
| 2017-10-05 | CVE-2017-12267 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products A vulnerability in the Independent Computing Architecture (ICA) accelerator feature for the Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause an ICA application optimization-related process to restart, resulting in a partial denial of service (DoS) condition. | 5.0 |
| 2017-10-05 | CVE-2017-12266 | Uncontrolled Search Path Element vulnerability in Cisco Meeting APP A vulnerability in the routine that loads DLL files in Cisco Meeting App for Windows could allow an authenticated, local attacker to run an executable file with privileges equivalent to those of Cisco Meeting App. | 4.6 |
| 2017-10-05 | CVE-2017-12265 | Cross-site Scripting vulnerability in Cisco Adaptive Security Appliance A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device, aka HREF XSS. | 4.3 |
| 2017-10-05 | CVE-2017-12264 | Improper Input Validation vulnerability in Cisco Meeting Server A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. | 5.0 |
| 2017-10-05 | CVE-2017-12263 | Path Traversal vulnerability in Cisco License Manager 3.2.6 A vulnerability in the web interface of Cisco License Manager software could allow an unauthenticated, remote attacker to download and view files within the application that should be restricted, aka Directory Traversal. | 5.0 |
| 2017-10-05 | CVE-2017-12258 | Cross-site Scripting vulnerability in Cisco Unified Communications Manager A vulnerability in the web-based UI of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack. | 4.3 |
| 2017-10-05 | CVE-2017-12257 | Cross-site Scripting vulnerability in Cisco Webex Meetings Server A vulnerability in the web framework of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. | 4.3 |
| 2017-10-05 | CVE-2017-12245 | Missing Release of Resource after Effective Lifetime vulnerability in Cisco Firepower Management Center A vulnerability in SSL traffic decryption for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause depletion of system memory, aka a Firepower Detection Engine SSL Decryption Memory Consumption Denial of Service vulnerability. | 5.0 |