Vulnerabilities > Cisco > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-03-17 CVE-2017-3867 Improper Authentication vulnerability in Cisco Adaptive Security Appliance Software
A vulnerability in the Border Gateway Protocol (BGP) Bidirectional Forwarding Detection (BFD) implementation of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to bypass the access control list (ACL) for specific TCP and UDP traffic.
network
low complexity
cisco CWE-287
5.3
2017-03-17 CVE-2017-3866 Cross-site Scripting vulnerability in Cisco Prime Service Catalog 11.1.2/11.1Base
A vulnerability in the web framework code of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system.
network
low complexity
cisco CWE-79
6.1
2017-03-17 CVE-2017-3815 Cleartext Transmission of Sensitive Information vulnerability in Cisco Telepresence Server Software 4.2(4.17)/4.2(4.18)/4.2(4.19)
An API Privilege vulnerability in Cisco TelePresence Server Software could allow an unauthenticated, remote attacker to emulate Cisco TelePresence Server endpoints.
network
low complexity
cisco CWE-319
5.3
2017-03-17 CVE-2017-3811 XXE vulnerability in Cisco Webex Meetings Server 2.6
An XML External Entity vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to have read access to part of the information stored in the affected system.
network
low complexity
cisco CWE-611
6.5
2017-02-22 CVE-2017-3847 Cross-site Scripting vulnerability in Cisco Secure Firewall Management Center 6.2.1
A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface.
network
low complexity
cisco CWE-79
5.4
2017-02-22 CVE-2017-3845 Cross-site Scripting vulnerability in Cisco Prime Collaboration Assurance 11.0.0/11.1.0/11.5.0
A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.
network
low complexity
cisco CWE-79
6.1
2017-02-22 CVE-2017-3844 Improper Input Validation vulnerability in Cisco Prime Collaboration Assurance 11.0.0/11.1.0/11.5.0
A vulnerability in exporting functions of the user interface for Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to view file directory listings and download files.
network
low complexity
cisco CWE-20
4.3
2017-02-22 CVE-2017-3843 Improper Input Validation vulnerability in Cisco Prime Collaboration Assurance 11.0.0/11.1.0/11.5.0
A vulnerability in the file download functions for Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to download system files that should be restricted.
network
low complexity
cisco CWE-20
4.3
2017-02-22 CVE-2017-3842 Information Exposure vulnerability in Cisco Intrusion Prevention System Device Manager 7.2(1)V7
A vulnerability in the web-based management interface of the Cisco Intrusion Prevention System Device Manager (IDM) could allow an unauthenticated, remote attacker to view sensitive information stored in certain HTML comments.
network
low complexity
cisco CWE-200
5.3
2017-02-22 CVE-2017-3840 Open Redirect vulnerability in Cisco Secure Access Control System 5.8(2.5)
A vulnerability in the web interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect Vulnerability.
network
low complexity
cisco CWE-601
6.1