Vulnerabilities > Cisco > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-06-13 CVE-2017-6673 Information Exposure vulnerability in Cisco Secure Firewall Management Center 6.1.0.2/6.2.0
A vulnerability in Cisco Firepower Management Center could allow an authenticated, remote attacker to obtain user information.
network
low complexity
cisco CWE-200
6.5
2017-06-13 CVE-2017-6670 Open Redirect vulnerability in Cisco Unified Communications Domain Manager 8.1(7)Er1
A vulnerability in the web-based GUI of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect issue.
network
low complexity
cisco CWE-601
6.1
2017-06-13 CVE-2017-6668 SQL Injection vulnerability in Cisco Unified Communications Domain Manager 8.1(7)Er1
Vulnerabilities in the web-based GUI of Cisco Unified Communications Domain Manager (CUCDM) could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection.
network
low complexity
cisco CWE-89
4.9
2017-06-13 CVE-2017-6666 Unspecified vulnerability in Cisco IOS XR
A vulnerability in the forwarding component of Cisco IOS XR Software for Cisco Network Convergence System (NCS) 5500 Series Routers could allow an authenticated, local attacker to cause the router to stop forwarding data traffic across Traffic Engineering (TE) tunnels, resulting in a denial of service (DoS) condition.
local
low complexity
cisco
6.0
2017-06-13 CVE-2017-6661 Cross-site Scripting vulnerability in Cisco products
A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device, aka Message Tracking XSS.
network
low complexity
cisco CWE-79
6.1
2017-06-13 CVE-2017-6656 Improper Input Validation vulnerability in Cisco IP Phone 8800 Series 11.0(0.1)
A vulnerability in Session Initiation Protocol (SIP) call handling of Cisco IP Phone 8800 Series devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the SIP process unexpectedly restarting.
network
high complexity
cisco CWE-20
5.9
2017-06-13 CVE-2017-6655 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products
A vulnerability in the Fibre Channel over Ethernet (FCoE) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition when an FCoE-related process unexpectedly reloads.
low complexity
cisco CWE-119
6.5
2017-05-22 CVE-2017-6654 Cross-site Scripting vulnerability in Cisco Unified Communications Manager 10.5(2.10000.5)/11.0(1.10000.10)/11.5(1.10000.6)
A vulnerability in the web-based management interface of Cisco Unified Communications Manager 10.5 through 11.5 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.
network
low complexity
cisco CWE-79
6.1
2017-05-22 CVE-2017-6647 Information Exposure vulnerability in Cisco Remote Expert Manager 11.0.0
A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Temporary File information on an affected system.
network
low complexity
cisco CWE-200
5.3
2017-05-22 CVE-2017-6646 Information Exposure vulnerability in Cisco Remote Expert Manager 11.0.0
A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Order information on an affected system.
network
low complexity
cisco CWE-200
5.3