Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-17 | CVE-2017-6788 | Cross-site Scripting vulnerability in Cisco Anyconnect Secure Mobility Client 4.4(4027)/4.5(58) The WebLaunch functionality of Cisco AnyConnect Secure Mobility Client Software contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected software. | 4.3 |
| 2017-08-17 | CVE-2017-6786 | Information Exposure vulnerability in Cisco Elastic Services Controller 2.2(9.76) A vulnerability in Cisco Elastic Services Controller could allow an authenticated, local, unprivileged attacker to access sensitive information, including credentials for system accounts, on an affected system. | 4.6 |
| 2017-08-17 | CVE-2017-6785 | Improper Input Validation vulnerability in Cisco Unified Communications Manager 10.5(2.10000.5)/11.0(1.10000.10)/11.5(1.10000.6) A vulnerability in configuration modification permissions validation for Cisco Unified Communications Manager could allow an authenticated, remote attacker to perform a horizontal privilege escalation where one user can modify another user's configuration. | 4.0 |
| 2017-08-17 | CVE-2017-6784 | Information Exposure vulnerability in Cisco products A vulnerability in the web interface of the Cisco RV340, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to access sensitive data. | 5.0 |
| 2017-08-17 | CVE-2017-6783 | Information Exposure vulnerability in Cisco products A vulnerability in SNMP polling for the Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA) could allow an authenticated, remote attacker to discover confidential information about the appliances that should be available only to an administrative user. | 4.0 |
| 2017-08-17 | CVE-2017-6782 | Code Injection vulnerability in Cisco Prime Infrastructure 3.2(0.0) A vulnerability in the administrative web interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to modify a page in the web interface of the affected application. | 4.9 |
| 2017-08-17 | CVE-2017-6781 | Improper Authentication vulnerability in Cisco Policy Suite A vulnerability in the management of shell user accounts for Cisco Policy Suite (CPS) Software for CPS appliances could allow an authenticated, local attacker to gain elevated privileges on an affected system. | 4.6 |
| 2017-08-17 | CVE-2017-6778 | Information Exposure vulnerability in Cisco Ultra Services Platform 21.0.V0.65839 A vulnerability in the Elastic Services Controller (ESC) web interface of the Cisco Ultra Services Platform could allow an authenticated, remote attacker to acquire sensitive information. | 4.0 |
| 2017-08-17 | CVE-2017-6777 | Information Exposure vulnerability in Cisco Elastic Services Controller 2.3/2.3(2) A vulnerability in the ConfD server of the Cisco Elastic Services Controller (ESC) could allow an authenticated, remote attacker to acquire sensitive system information. | 4.0 |
| 2017-08-17 | CVE-2017-6776 | Cross-site Scripting vulnerability in Cisco Elastic Services Controller 2.2(9.76)/2.3(1) A vulnerability in the web framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. | 4.3 |