Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-02 | CVE-2019-12697 | Unspecified vulnerability in Cisco Firepower Multiple vulnerabilities in the Cisco Firepower System Software Detection Engine could allow an unauthenticated, remote attacker to bypass configured Malware and File Policies for RTF and RAR file types. | 5.0 |
| 2019-10-02 | CVE-2019-12696 | Unspecified vulnerability in Cisco Firepower Multiple vulnerabilities in the Cisco Firepower System Software Detection Engine could allow an unauthenticated, remote attacker to bypass configured Malware and File Policies for RTF and RAR file types. | 5.0 |
| 2019-10-02 | CVE-2019-12695 | Cross-site Scripting vulnerability in Cisco Adaptive Security Appliance A vulnerability in the Clientless SSL VPN (WebVPN) portal of Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 6.1 |
| 2019-10-02 | CVE-2019-12693 | Incorrect Type Conversion or Cast vulnerability in Cisco Adaptive Security Appliance A vulnerability in the Secure Copy (SCP) feature of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. | 4.9 |
| 2019-10-02 | CVE-2019-12691 | Path Traversal vulnerability in Cisco Firepower Management Center A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to perform a directory traversal attack on an affected device. | 4.0 |
| 2019-10-02 | CVE-2019-12677 | Improper Handling of Exceptional Conditions vulnerability in Cisco Adaptive Security Appliance Software A vulnerability in the Secure Sockets Layer (SSL) VPN feature of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition that prevents the creation of new SSL/Transport Layer Security (TLS) connections to an affected device. | 6.5 |
| 2019-10-02 | CVE-2019-12631 | Cross-site Scripting vulnerability in Cisco Identity Services Engine A vulnerability in the web-based guest portal of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. | 4.3 |
| 2019-09-25 | CVE-2019-12670 | Incorrect Permission Assignment for Critical Resource vulnerability in Cisco IOS 16.10.1 A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker within the IOx Guest Shell to modify the namespace container protections on an affected device. | 4.6 |
| 2019-09-25 | CVE-2019-12665 | Unspecified vulnerability in Cisco IOS 15.6(2)T/Fd1.5.0 A vulnerability in the HTTP client feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to read and modify data that should normally have been sent via an encrypted channel. network cisco | 5.8 |
| 2019-09-25 | CVE-2019-12660 | Improper Input Validation vulnerability in Cisco IOS XE A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to write values to the underlying memory of an affected device. | 4.9 |