Vulnerabilities > Cisco > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-04-07 CVE-2017-3885 Resource Exhaustion vulnerability in Cisco Secure Firewall Management Center
A vulnerability in the detection engine reassembly of Secure Sockets Layer (SSL) packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the Snort process consumes a high level of CPU resources.
network
high complexity
cisco CWE-400
5.9
2017-04-07 CVE-2017-3884 Information Exposure vulnerability in Cisco products
A vulnerability in the web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to access sensitive data.
network
low complexity
cisco CWE-200
6.5
2017-04-07 CVE-2017-3848 Cross-site Scripting vulnerability in Cisco Prime Infrastructure 2.2(2)/3.0
A vulnerability in the HTTP web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected system.
network
low complexity
cisco CWE-79
6.1
2017-04-07 CVE-2017-3817 Incorrect Authorization vulnerability in Cisco Unified Computing System Director 5.5.0.1/6.0.0.0
A vulnerability in the role-based resource checking functionality of Cisco Unified Computing System (UCS) Director could allow an authenticated, remote attacker to view unauthorized information for any virtual machine in a UCS domain.
network
low complexity
cisco CWE-863
4.3
2017-04-07 CVE-2016-9197 Permissions, Privileges, and Access Controls vulnerability in Cisco Mobility Services Engine 8.3.102.0
A vulnerability in the CLI command parser of the Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers could allow an authenticated, local attacker to obtain access to the underlying operating system shell with root-level privileges.
local
low complexity
cisco CWE-264
6.7
2017-04-07 CVE-2016-9196 Permissions, Privileges, and Access Controls vulnerability in Cisco Aironet Access Point
A vulnerability in login authentication management in Cisco Aironet 1800, 2800, and 3800 Series Access Point platforms could allow an authenticated, local attacker to gain unrestricted root access to the underlying Linux operating system.
local
low complexity
cisco CWE-264
6.7
2017-04-07 CVE-2016-9195 Resource Management Errors vulnerability in Cisco Wireless LAN Controller 8.3.102.0
A vulnerability in RADIUS Change of Authorization (CoA) request processing in the Cisco Wireless LAN Controller (WLC) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition by disconnecting a single connection.
network
low complexity
cisco CWE-399
5.3
2017-04-06 CVE-2016-9194 Resource Management Errors vulnerability in Cisco products
A vulnerability in 802.11 Wireless Multimedia Extensions (WME) action frame processing in Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition.
low complexity
cisco CWE-399
6.5
2017-03-21 CVE-2017-3850 Improper Input Validation vulnerability in Cisco IOS and IOS XE
A vulnerability in the Autonomic Networking Infrastructure (ANI) feature of Cisco IOS Software (15.4 through 15.6) and Cisco IOS XE Software (3.7 through 3.18, and 16) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
network
high complexity
cisco CWE-20
5.9
2017-03-17 CVE-2017-3880 Improper Authentication vulnerability in Cisco Webex Meetings Server
An Authentication Bypass vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access limited meeting information on the Cisco WebEx Meetings Server.
network
low complexity
cisco CWE-287
6.5