Vulnerabilities > Cisco > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-07-04 CVE-2017-6605 Cross-site Scripting vulnerability in Cisco Identity Services Engine 2.1(0.800)
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a reflective cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.
network
low complexity
cisco CWE-79
5.4
2017-07-04 CVE-2017-3865 Unspecified vulnerability in Cisco Staros 21.0.0/21.0M0.64246/21.0M0.64702
A vulnerability in the IPsec component of Cisco StarOS for Cisco ASR 5000 Series Routers could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from establishing, resulting in a denial of service (DoS) condition.
network
low complexity
cisco
5.8
2017-06-13 CVE-2017-6697 Information Exposure vulnerability in Cisco Elastic Services Controller 2.2(9.76)
A vulnerability in the web interface of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive system credentials that are stored in an affected system.
network
low complexity
cisco CWE-200
6.5
2017-06-13 CVE-2017-6696 Information Exposure vulnerability in Cisco Elastic Services Controller 2.3(2)
A vulnerability in the file system of Cisco Elastic Services Controllers could allow an authenticated, local attacker to gain access to sensitive user credentials that are stored in an affected system.
local
low complexity
cisco CWE-200
5.5
2017-06-13 CVE-2017-6695 Information Exposure vulnerability in Cisco Ultra Services Platform 21.0.V0.65839
A vulnerability in the ConfD server in Cisco Ultra Services Platform could allow an authenticated, local attacker to view sensitive information.
local
low complexity
cisco CWE-200
5.5
2017-06-13 CVE-2017-6694 Insufficiently Protected Credentials vulnerability in Cisco Ultra Services Platform 21.0.V0.65839
A vulnerability in the Virtual Network Function Manager's (VNFM) logging function of Cisco Ultra Services Platform could allow an authenticated, local attacker to view sensitive data (cleartext credentials) on an affected system.
local
low complexity
cisco CWE-522
5.5
2017-06-13 CVE-2017-6693 Missing Authorization vulnerability in Cisco Elastic Services Controller 2.2(9.76)/2.3(1)
A vulnerability in the ConfD server component of Cisco Elastic Services Controllers could allow an authenticated, local attacker to access information stored in the file system of an affected system, aka Unauthorized Directory Access.
local
low complexity
cisco CWE-862
5.5
2017-06-13 CVE-2017-6691 Information Exposure vulnerability in Cisco Elastic Services Controller 2.3(2)
A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive information on an affected system.
network
low complexity
cisco CWE-200
6.5
2017-06-13 CVE-2017-6690 Improper Input Validation vulnerability in Cisco ASR 5000 Software 21.0.V0.65839/21.3.M0.67005
A vulnerability in the file check operation of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify arbitrary files on an affected system.
network
low complexity
cisco CWE-20
4.9
2017-06-13 CVE-2017-6675 Cross-site Scripting vulnerability in Cisco Industrial Network Director 1.1(0.176)
A vulnerability in the web interface of Cisco Industrial Network Director could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against an affected system.
network
low complexity
cisco CWE-79
6.1