Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-31 | CVE-2017-9476 | Information Exposure vulnerability in multiple products The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); and Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices makes it easy for remote attackers to determine the hidden SSID and passphrase for a Home Security Wi-Fi network. | 6.5 |
| 2017-07-25 | CVE-2017-6755 | Cross-site Scripting vulnerability in Cisco Prime Collaboration Provisioning 12.1 A vulnerability in the web portal of the Cisco Prime Collaboration Provisioning (PCP) Tool could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. | 6.1 |
| 2017-07-25 | CVE-2017-6749 | Cross-site Scripting vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 5.4 |
| 2017-07-25 | CVE-2017-6748 | Injection vulnerability in Cisco products A vulnerability in the CLI parser of the Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. | 6.7 |
| 2017-07-25 | CVE-2015-0674 | Cross-site Scripting vulnerability in Cisco Cloud web Security Cross-site scripting (XSS) vulnerability in the Alert Service of Cisco Cloud Web Security base revision allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | 6.1 |
| 2017-07-10 | CVE-2017-6735 | Improper Input Validation vulnerability in Cisco Firesight System Software 6.2.0/6.2.1 A vulnerability in the backup and restore functionality of Cisco FireSIGHT System Software could allow an authenticated, local attacker to execute arbitrary code on a targeted system. | 6.7 |
| 2017-07-10 | CVE-2017-6734 | Cross-site Scripting vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected device, related to the Guest Portal. | 5.4 |
| 2017-07-10 | CVE-2017-6733 | Cross-site Scripting vulnerability in Cisco Identity Services Engine 2.1(102.101)/2.2(0.283)/2.3(0.151) A vulnerability in the web-based application interface of the Cisco Identity Services Engine (ISE) portal could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of an affected system. | 6.1 |
| 2017-07-10 | CVE-2017-6732 | Improper Privilege Management vulnerability in Cisco Prime Network A vulnerability in the installation procedure for Cisco Prime Network Software could allow an authenticated, local attacker to elevate their privileges to root privileges. | 6.7 |
| 2017-07-10 | CVE-2017-6730 | Information Exposure vulnerability in Cisco Wide Area Application Services 4.4(7)/6.2(1)/6.2(3) A vulnerability in the web-based GUI of Cisco Wide Area Application Services (WAAS) Central Manager could allow an unauthenticated, remote attacker to retrieve completed reports from an affected system, aka Information Disclosure. | 5.3 |