Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-07 | CVE-2017-3887 | Improper Handling of Exceptional Conditions vulnerability in Cisco Firepower Threat Defense 6.0.1/6.1.0/6.2.0 A vulnerability in the detection engine that handles Secure Sockets Layer (SSL) packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the Snort process unexpectedly restarts. | 4.3 |
| 2017-04-07 | CVE-2017-3886 | SQL Injection vulnerability in Cisco Unified Communications Manager 11.0(1.10000.10)/11.5(1.10000.6) A vulnerability in the Cisco Unified Communications Manager web interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. | 4.0 |
| 2017-04-07 | CVE-2017-3884 | Information Exposure vulnerability in Cisco products A vulnerability in the web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to access sensitive data. | 4.0 |
| 2017-04-07 | CVE-2017-3848 | Cross-site Scripting vulnerability in Cisco Prime Infrastructure 2.2(2)/3.0 A vulnerability in the HTTP web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected system. | 4.3 |
| 2017-04-07 | CVE-2017-3817 | Incorrect Authorization vulnerability in Cisco Unified Computing System Director 5.5.0.1/6.0.0.0 A vulnerability in the role-based resource checking functionality of Cisco Unified Computing System (UCS) Director could allow an authenticated, remote attacker to view unauthorized information for any virtual machine in a UCS domain. | 4.0 |
| 2017-04-07 | CVE-2016-9195 | Resource Management Errors vulnerability in Cisco Wireless LAN Controller 8.3.102.0 A vulnerability in RADIUS Change of Authorization (CoA) request processing in the Cisco Wireless LAN Controller (WLC) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition by disconnecting a single connection. | 5.0 |
| 2017-04-06 | CVE-2016-9194 | Resource Management Errors vulnerability in Cisco products A vulnerability in 802.11 Wireless Multimedia Extensions (WME) action frame processing in Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. | 6.1 |
| 2017-03-22 | CVE-2017-3852 | Improper Input Validation vulnerability in Cisco IOX 1.1.0/1.1(0) A vulnerability in the Cisco application-hosting framework (CAF) component of the Cisco IOx application environment could allow an authenticated, remote attacker to write or modify arbitrary files in the virtual instance running on the affected device. | 5.5 |
| 2017-03-22 | CVE-2017-3851 | Path Traversal vulnerability in Cisco IOX 1.1.0/1.1(0) A Directory Traversal vulnerability in the web framework code of the Cisco application-hosting framework (CAF) component of the Cisco IOx application environment could allow an unauthenticated, remote attacker to read any file from the CAF in the virtual instance running on the affected device. | 5.0 |
| 2017-03-21 | CVE-2017-3849 | Improper Input Validation vulnerability in Cisco IOS and IOS XE A vulnerability in the Autonomic Networking Infrastructure (ANI) registrar feature of Cisco IOS Software (possibly 15.2 through 15.6) and Cisco IOS XE Software (possibly 3.7 through 3.18, and 16) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. | 6.1 |