Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-03 | CVE-2017-6624 | Improper Authentication vulnerability in Cisco IOS 15.5(3)M A vulnerability in Cisco IOS 15.5(3)M Software for Cisco CallManager Express (CME) could allow an unauthenticated, remote attacker to make unauthorized phone calls. | 5.0 |
| 2017-05-03 | CVE-2017-6620 | Improper Input Validation vulnerability in Cisco Small Business RV Series Router Firmware 1.0.1.19 A vulnerability in the remote management access control list (ACL) feature of the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, remote attacker to bypass the remote management ACL. | 5.0 |
| 2017-04-20 | CVE-2017-6617 | Improper Authentication vulnerability in Cisco Integrated Management Controller Supervisor 3.0(1C) A vulnerability in the session identification management functionality of the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. | 4.3 |
| 2017-04-20 | CVE-2017-6615 | Race Condition vulnerability in Cisco IOS XE A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE 3.16 could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. | 6.3 |
| 2017-04-20 | CVE-2017-6614 | Information Exposure vulnerability in Cisco Findit Network Probe 1.0.0 A vulnerability in the file-download feature of the web user interface for Cisco FindIT Network Probe Software 1.0.0 could allow an authenticated, remote attacker to download and view any system file by using the affected software. | 6.8 |
| 2017-04-20 | CVE-2017-6613 | Improper Input Validation vulnerability in Cisco Prime Network Registrar A vulnerability in the DNS input packet processor for Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to cause the DNS process to momentarily restart, which could lead to a partial denial of service (DoS) condition on the affected system. | 5.0 |
| 2017-04-20 | CVE-2017-6611 | Cross-site Scripting vulnerability in Cisco Prime Infrastructure 2.2(2) A vulnerability in the web framework code of Cisco Prime Infrastructure 2.2(2) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. | 4.3 |
| 2017-04-20 | CVE-2017-3793 | Resource Exhaustion vulnerability in Cisco Adaptive Security Appliance Software A vulnerability in the TCP normalizer of Cisco Adaptive Security Appliance (ASA) Software (8.0 through 8.7 and 9.0 through 9.6) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause Cisco ASA and FTD to drop any further incoming traffic on all interfaces, resulting in a denial of service (DoS) condition. | 4.0 |
| 2017-04-20 | CVE-2016-6368 | Resource Management Errors vulnerability in Cisco Firepower Management Center A vulnerability in the detection engine parsing of Pragmatic General Multicast (PGM) protocol packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the Snort process unexpectedly restarting. | 5.0 |
| 2017-04-07 | CVE-2017-6606 | OS Command Injection vulnerability in Cisco IOS XE A vulnerability in a startup script of Cisco IOS XE Software could allow an unauthenticated attacker with physical access to the targeted system to execute arbitrary commands on the underlying operating system with the privileges of the root user. | 6.9 |