Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-25 | CVE-2019-12659 | Improper Input Validation vulnerability in Cisco IOS XE 16.10.1 A vulnerability in the HTTP server code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the HTTP server to crash. | 5.0 |
| 2019-09-25 | CVE-2019-12656 | Improper Input Validation vulnerability in Cisco products A vulnerability in the IOx application environment of multiple Cisco platforms could allow an unauthenticated, remote attacker to cause the IOx web server to stop processing HTTPS requests, resulting in a denial of service (DoS) condition. | 5.0 |
| 2019-09-18 | CVE-2019-1975 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Cisco products A vulnerability in the web-based interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack on an affected device. | 4.3 |
| 2019-09-18 | CVE-2019-12620 | Insufficient Verification of Data Authenticity vulnerability in Cisco products A vulnerability in the statistics collection service of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to inject arbitrary values on an affected device. | 5.0 |
| 2019-09-05 | CVE-2019-1976 | Unspecified vulnerability in Cisco Industrial Network Director and Network Level Service A vulnerability in the “plug-and-play” services component of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to access sensitive information on an affected device. | 5.0 |
| 2019-09-05 | CVE-2019-12644 | Cross-site Scripting vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 4.3 |
| 2019-09-05 | CVE-2019-12635 | Improper Authorization vulnerability in Cisco Content Security Management Appliance A vulnerability in the authorization module of Cisco Content Security Management Appliance (SMA) Software could allow an authenticated, remote attacker to gain out-of-scope access to email. | 4.0 |
| 2019-09-05 | CVE-2019-12633 | Improper Input Validation vulnerability in Cisco Unified Contact Center Express A vulnerability in Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack on a targeted system. | 5.0 |
| 2019-09-05 | CVE-2019-12632 | Improper Input Validation vulnerability in Cisco Finesse 11.6(1)/12.0(1)/12.5(1) A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack on an affected system. | 5.0 |
| 2019-08-30 | CVE-2019-1977 | State Issues vulnerability in Cisco Nx-Os A vulnerability within the Endpoint Learning feature of Cisco Nexus 9000 Series Switches running in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an endpoint device in certain circumstances. | 4.3 |