Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-26 | CVE-2017-3799 | Open Redirect vulnerability in Cisco Webex Meeting Center Wbs28Base A vulnerability in a URL parameter of Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to perform site redirection. | 5.8 |
| 2017-01-26 | CVE-2017-3798 | Cross-site Scripting vulnerability in Cisco Unified Communications Manager 11.5(1.12000.1) A cross-site scripting (XSS) filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to mount XSS attacks against a user of an affected device. | 4.3 |
| 2017-01-26 | CVE-2017-3797 | Information Exposure vulnerability in Cisco Webex Meetings Server 2.7.1/2.7Base A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to view the fully qualified domain name of the Cisco WebEx administration server. | 5.0 |
| 2017-01-26 | CVE-2017-3796 | OS Command Injection vulnerability in Cisco Webex Meetings Server 2.6.0 A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute predetermined shell commands on other hosts. | 6.5 |
| 2017-01-26 | CVE-2017-3795 | Improper Authentication vulnerability in Cisco Webex Meetings Server 2.6.0 A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to conduct arbitrary password changes against any non-administrative user. | 6.5 |
| 2017-01-26 | CVE-2017-3794 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Webex Meetings Server 2.6.0 A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against an administrative user. | 6.8 |
| 2017-01-26 | CVE-2016-9222 | Cross-site Scripting vulnerability in Cisco Netflow Generation Appliance 1.0(2) A vulnerability in the web-based management interface of Cisco NetFlow Generation Appliance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 4.3 |
| 2017-01-26 | CVE-2016-9218 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Hybrid Meeting Server 1.0Base A vulnerability in Cisco Hybrid Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against the user of the web interface. | 6.8 |
| 2017-01-26 | CVE-2016-9216 | Resource Management Errors vulnerability in Cisco ASR 5000 Series Software An IKE Packet Parsing Denial of Service Vulnerability in the ipsecmgr process of Cisco ASR 5000 Software could allow an unauthenticated, remote attacker to cause the ipsecmgr process to reload. | 5.0 |
| 2016-12-26 | CVE-2016-9224 | Improper Input Validation vulnerability in Cisco Jabber Guest A vulnerability in the Cisco Jabber Guest Server could allow an unauthenticated, remote attacker to initiate connections to arbitrary hosts. | 6.4 |