Vulnerabilities > Cisco > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-06-13 | CVE-2017-6681 | Path Traversal vulnerability in Cisco Ultra Services Framework 21.0.0 A vulnerability in the AutoVNF VNFStagingView class of Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to execute a relative path traversal attack, enabling an attacker to read sensitive files on the system. | 5.0 |
2017-06-13 | CVE-2017-6680 | Improper Input Validation vulnerability in Cisco Ultra Services Framework 21.0.0 A vulnerability in the AutoVNF logging function of Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to create arbitrary directories on the affected system. | 5.0 |
2017-06-13 | CVE-2017-6675 | Cross-site Scripting vulnerability in Cisco Industrial Network Director 1.1(0.176) A vulnerability in the web interface of Cisco Industrial Network Director could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against an affected system. | 4.3 |
2017-06-13 | CVE-2017-6674 | Improper Input Validation vulnerability in Cisco Firesight System A vulnerability in the feature-license management functionality of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass URL filters that have been configured for an affected device. | 5.0 |
2017-06-13 | CVE-2017-6673 | Information Exposure vulnerability in Cisco Firepower Management Center 6.1.0.2/6.2.0 A vulnerability in Cisco Firepower Management Center could allow an authenticated, remote attacker to obtain user information. | 4.0 |
2017-06-13 | CVE-2017-6671 | Improper Input Validation vulnerability in Cisco Email Security Appliance Firmware 10.0.1087/9.7.1066 A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the device, as demonstrated by the Attachment Filter. | 5.0 |
2017-06-13 | CVE-2017-6670 | Open Redirect vulnerability in Cisco Unified Communications Domain Manager 8.1(7)Er1 A vulnerability in the web-based GUI of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect issue. | 5.8 |
2017-06-13 | CVE-2017-6668 | SQL Injection vulnerability in Cisco Unified Communications Domain Manager 8.1(7)Er1 Vulnerabilities in the web-based GUI of Cisco Unified Communications Domain Manager (CUCDM) could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. | 4.0 |
2017-06-13 | CVE-2017-6661 | Cross-site Scripting vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device, aka Message Tracking XSS. | 4.3 |
2017-06-13 | CVE-2017-6659 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Prime Collaboration Assurance 11.5(0)/11.6 A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. | 6.8 |