Vulnerabilities > Cisco > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-07-04 | CVE-2017-6605 | Cross-site Scripting vulnerability in Cisco Identity Services Engine 2.1(0.800) A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a reflective cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 5.4 |
2017-07-04 | CVE-2017-3865 | Unspecified vulnerability in Cisco Staros 21.0.0/21.0M0.64246/21.0M0.64702 A vulnerability in the IPsec component of Cisco StarOS for Cisco ASR 5000 Series Routers could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from establishing, resulting in a denial of service (DoS) condition. | 5.8 |
2017-06-13 | CVE-2017-6697 | Information Exposure vulnerability in Cisco Elastic Services Controller 2.2(9.76) A vulnerability in the web interface of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive system credentials that are stored in an affected system. | 6.5 |
2017-06-13 | CVE-2017-6696 | Information Exposure vulnerability in Cisco Elastic Services Controller 2.3(2) A vulnerability in the file system of Cisco Elastic Services Controllers could allow an authenticated, local attacker to gain access to sensitive user credentials that are stored in an affected system. | 5.5 |
2017-06-13 | CVE-2017-6695 | Information Exposure vulnerability in Cisco Ultra Services Platform 21.0.V0.65839 A vulnerability in the ConfD server in Cisco Ultra Services Platform could allow an authenticated, local attacker to view sensitive information. | 5.5 |
2017-06-13 | CVE-2017-6694 | Insufficiently Protected Credentials vulnerability in Cisco Ultra Services Platform 21.0.V0.65839 A vulnerability in the Virtual Network Function Manager's (VNFM) logging function of Cisco Ultra Services Platform could allow an authenticated, local attacker to view sensitive data (cleartext credentials) on an affected system. | 5.5 |
2017-06-13 | CVE-2017-6693 | Missing Authorization vulnerability in Cisco Elastic Services Controller 2.2(9.76)/2.3(1) A vulnerability in the ConfD server component of Cisco Elastic Services Controllers could allow an authenticated, local attacker to access information stored in the file system of an affected system, aka Unauthorized Directory Access. | 5.5 |
2017-06-13 | CVE-2017-6691 | Information Exposure vulnerability in Cisco Elastic Services Controller 2.3(2) A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive information on an affected system. | 6.5 |
2017-06-13 | CVE-2017-6690 | Improper Input Validation vulnerability in Cisco ASR 5000 Software 21.0.V0.65839/21.3.M0.67005 A vulnerability in the file check operation of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify arbitrary files on an affected system. | 4.9 |
2017-06-13 | CVE-2017-6675 | Cross-site Scripting vulnerability in Cisco Industrial Network Director 1.1(0.176) A vulnerability in the web interface of Cisco Industrial Network Director could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against an affected system. | 6.1 |