Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-17 | CVE-2017-3871 | Information Exposure vulnerability in Cisco Prime Optical 10.6(0.1) A RADIUS Secret Disclosure vulnerability in the web network management interface of Cisco Prime Optical for Service Providers could allow an authenticated, remote attacker to disclose sensitive information in the configuration generated for a device. | 4.0 |
| 2017-03-17 | CVE-2017-3870 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco web Security Appliance 8.5.3069/9.1.1074/9.1.2010 A vulnerability in the URL filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured URL filter rule. | 5.0 |
| 2017-03-17 | CVE-2017-3869 | Security Bypass vulnerability in Cisco Prime Infrastructure 3.1(1) An API Credentials Management vulnerability in the APIs for Cisco Prime Infrastructure could allow an authenticated, remote attacker to access an API that should be restricted to a privileged user. | 5.5 |
| 2017-03-17 | CVE-2017-3868 | Cross-site Scripting vulnerability in Cisco Unified Computing System Director 6.0(0.0) A vulnerability in the web-based management interface of Cisco UCS Director could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 4.3 |
| 2017-03-17 | CVE-2017-3867 | Improper Authentication vulnerability in Cisco Adaptive Security Appliance Software A vulnerability in the Border Gateway Protocol (BGP) Bidirectional Forwarding Detection (BFD) implementation of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to bypass the access control list (ACL) for specific TCP and UDP traffic. | 5.3 |
| 2017-03-17 | CVE-2017-3866 | Cross-site Scripting vulnerability in Cisco Prime Service Catalog 11.1.2/11.1Base A vulnerability in the web framework code of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. | 4.3 |
| 2017-03-17 | CVE-2017-3815 | Cleartext Transmission of Sensitive Information vulnerability in Cisco Telepresence Server Software 4.2(4.17)/4.2(4.18)/4.2(4.19) An API Privilege vulnerability in Cisco TelePresence Server Software could allow an unauthenticated, remote attacker to emulate Cisco TelePresence Server endpoints. | 5.0 |
| 2017-03-17 | CVE-2017-3811 | XXE vulnerability in Cisco Webex Meetings Server 2.6 An XML External Entity vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to have read access to part of the information stored in the affected system. | 4.0 |
| 2017-03-15 | CVE-2017-3846 | Improper Input Validation vulnerability in Cisco Tidal Enterprise Scheduler A vulnerability in the Client Manager Server of Cisco Workload Automation and Cisco Tidal Enterprise Scheduler could allow an unauthenticated, remote attacker to retrieve any file from the Client Manager Server. | 5.0 |
| 2017-03-01 | CVE-2017-3826 | Improper Input Validation vulnerability in Cisco Netflow Generation Appliance Software A vulnerability in the Stream Control Transmission Protocol (SCTP) decoder of the Cisco NetFlow Generation Appliance (NGA) with software before 1.1(1a) could allow an unauthenticated, remote attacker to cause the device to hang or unexpectedly reload, causing a denial of service (DoS) condition. | 5.0 |