Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-17 | CVE-2017-6775 | Unspecified vulnerability in Cisco ASR 5000 Software 21.0.V0.65839 A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to elevate their privileges to admin-level privileges. | 4.6 |
| 2017-08-17 | CVE-2017-6774 | Files or Directories Accessible to External Parties vulnerability in Cisco ASR 5000 Software 21.0.V0.65839 A vulnerability in Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify sensitive system files. | 4.0 |
| 2017-08-17 | CVE-2017-6773 | Improper Input Validation vulnerability in Cisco ASR 5000 Software 21.0.V0.65839 A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to bypass the CLI restrictions and execute commands on the underlying operating system. | 4.6 |
| 2017-08-17 | CVE-2017-6772 | Information Exposure vulnerability in Cisco Elastic Services Controller 2.3(2) A vulnerability in Cisco Elastic Services Controller (ESC) could allow an authenticated, remote attacker to view sensitive information. | 4.0 |
| 2017-08-17 | CVE-2017-6771 | Information Exposure vulnerability in Cisco Ultra Services Framework 21.0.V0.65839 A vulnerability in the AutoVNF automation tool of the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to acquire sensitive information. | 5.0 |
| 2017-08-17 | CVE-2017-6767 | Improper Privilege Management vulnerability in Cisco Application Policy Infrastructure Controller A vulnerability in Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to gain higher privileges than the account is assigned. | 4.6 |
| 2017-08-07 | CVE-2017-6770 | Improper Input Validation vulnerability in Cisco products Cisco IOS 12.0 through 15.6, Adaptive Security Appliance (ASA) Software 7.0.1 through 9.7.1.2, NX-OS 4.0 through 12.0, and IOS XE 3.6 through 3.18 are affected by a vulnerability involving the Open Shortest Path First (OSPF) Routing Protocol Link State Advertisement (LSA) database. | 4.2 |
| 2017-08-07 | CVE-2017-6766 | Unspecified vulnerability in Cisco Firesight System Software A vulnerability in the Secure Sockets Layer (SSL) Decryption and Inspection feature of Cisco Firepower System Software 5.4.0, 5.4.1, 6.0.0, 6.1.0, 6.2.0, 6.2.1, and 6.2.2 could allow an unauthenticated, remote attacker to bypass the SSL policy for decrypting and inspecting traffic on an affected system. | 5.0 |
| 2017-08-07 | CVE-2017-6765 | Cross-site Scripting vulnerability in Cisco Adaptive Security Appliance Software 9.1(6.11)/9.4(1.2) A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) 9.1(6.11) and 9.4(1.2) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device, aka WebVPN XSS. | 6.1 |
| 2017-08-07 | CVE-2017-6764 | Cross-site Scripting vulnerability in Cisco Adaptive Security Appliance Software 9.5(1) A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) 9.5(1) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 5.4 |