Vulnerabilities > Cisco > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-01-26 | CVE-2017-3795 | Improper Authentication vulnerability in Cisco Webex Meetings Server 2.6.0 A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to conduct arbitrary password changes against any non-administrative user. | 6.5 |
2017-01-26 | CVE-2017-3794 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Webex Meetings Server 2.6.0 A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against an administrative user. | 6.8 |
2017-01-26 | CVE-2016-9222 | Cross-site Scripting vulnerability in Cisco Netflow Generation Appliance 1.0(2) A vulnerability in the web-based management interface of Cisco NetFlow Generation Appliance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 4.3 |
2017-01-26 | CVE-2016-9218 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Hybrid Meeting Server 1.0Base A vulnerability in Cisco Hybrid Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against the user of the web interface. | 6.8 |
2017-01-26 | CVE-2016-9216 | Resource Management Errors vulnerability in Cisco ASR 5000 Series Software An IKE Packet Parsing Denial of Service Vulnerability in the ipsecmgr process of Cisco ASR 5000 Software could allow an unauthenticated, remote attacker to cause the ipsecmgr process to reload. | 5.0 |
2016-12-26 | CVE-2016-9224 | Improper Input Validation vulnerability in Cisco Jabber Guest A vulnerability in the Cisco Jabber Guest Server could allow an unauthenticated, remote attacker to initiate connections to arbitrary hosts. | 6.4 |
2016-12-26 | CVE-2016-9217 | Improper Authorization vulnerability in Cisco Intercloud Fabric 2.2.1Base/2.3.1Base/3.1.1Base A vulnerability in Cisco Intercloud Fabric for Business and Cisco Intercloud Fabric for Providers could allow an unauthenticated, remote attacker to connect to the database used by these products. | 6.5 |
2016-12-14 | CVE-2016-9214 | Cross-site Scripting vulnerability in Cisco Identity Services Engine Software 2.0(1.130) Cisco Identity Services Engine (ISE) contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. | 4.3 |
2016-12-14 | CVE-2016-9212 | Improper Input Validation vulnerability in Cisco web Security Appliance 9.0.1162/9.1.1074 A vulnerability in the Decrypt for End-User Notification configuration parameter of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to connect to a secure website over Secure Sockets Layer (SSL) or Transport Layer Security (TLS), even if the WSA is configured to block connections to the website. | 5.0 |
2016-12-14 | CVE-2016-9211 | Improper Input Validation vulnerability in Cisco ONS 15454 SDH Multiservice Platform Software 10.51.0 A vulnerability in TCP port management in Cisco ONS 15454 Series Multiservice Provisioning Platforms could allow an unauthenticated, remote attacker to cause the controller card to unexpectedly reload. | 5.0 |