Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-10 | CVE-2017-6727 | Improper Input Validation vulnerability in Cisco Wide Area Application Services 6.2(3A) A vulnerability in the Server Message Block (SMB) protocol of Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device due to a process restarting unexpectedly and creating Core Dump files. | 5.3 |
| 2017-07-10 | CVE-2017-6726 | Information Exposure vulnerability in Cisco Prime Network 4.2(1.0)P1 A vulnerability in the CLI of the Cisco Prime Network Gateway could allow an authenticated, local attacker to retrieve system process information, which could lead to the disclosure of confidential information. | 5.5 |
| 2017-07-04 | CVE-2017-6725 | Cross-site Scripting vulnerability in Cisco Prime Infrastructure 2.2(2) A vulnerability in the web framework code of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. | 6.1 |
| 2017-07-04 | CVE-2017-6724 | Cross-site Scripting vulnerability in Cisco Prime Infrastructure 3.1(0.0) A vulnerability in the web framework code of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. | 6.1 |
| 2017-07-04 | CVE-2017-6722 | Improper Authentication vulnerability in Cisco Unified Contact Center Express 11.5.1Es01/11.5.1Su1/11.5(1) A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of Cisco Unified Contact Center Express (UCCx) could allow an unauthenticated, remote attacker to masquerade as a legitimate user, aka a Clear Text Authentication Vulnerability. | 6.1 |
| 2017-07-04 | CVE-2017-6721 | Improper Input Validation vulnerability in Cisco Wide Area Application Services 6.3(1) A vulnerability in the ingress processing of fragmented TCP packets by Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause the WAASNET process to restart unexpectedly, causing a denial of service (DoS) condition. | 5.3 |
| 2017-07-04 | CVE-2017-6719 | Improper Input Validation vulnerability in Cisco IOS XR 6.0.2/6.0.2.01 A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands on the host operating system with root privileges, aka Command Injection. | 6.7 |
| 2017-07-04 | CVE-2017-6718 | Improper Input Validation vulnerability in Cisco IOS XR 6.0.2/6.0.2.01 A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to elevate privileges to the root level. | 6.7 |
| 2017-07-04 | CVE-2017-6717 | Cross-site Scripting vulnerability in Cisco Secure Firewall Management Center A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. | 5.4 |
| 2017-07-04 | CVE-2017-6716 | Cross-site Scripting vulnerability in Cisco Secure Firewall Management Center A vulnerability in the web framework code of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of an affected system. | 5.4 |