Vulnerabilities > Cisco > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-10-02 CVE-2019-12707 Cross-site Scripting vulnerability in Cisco products
A vulnerability in the web-based interface of multiple Cisco Unified Communications products could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected software.
network
cisco CWE-79
4.3
2019-10-02 CVE-2019-12706 Improper Input Validation vulnerability in Cisco Email Security Appliance Firmware
A vulnerability in the Sender Policy Framework (SPF) functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the configured user filters on an affected device.
network
low complexity
cisco CWE-20
5.0
2019-10-02 CVE-2019-12701 Improper Input Validation vulnerability in Cisco products
A vulnerability in the file and malware inspection feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass the file and malware inspection policies on an affected system.
network
low complexity
cisco CWE-20
5.0
2019-10-02 CVE-2019-12700 Unspecified vulnerability in Cisco products
A vulnerability in the configuration of the Pluggable Authentication Module (PAM) used in Cisco Firepower Threat Defense (FTD) Software, Cisco Firepower Management Center (FMC) Software, and Cisco FXOS Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition.
network
low complexity
cisco
6.5
2019-10-02 CVE-2019-12697 Unspecified vulnerability in Cisco Firepower
Multiple vulnerabilities in the Cisco Firepower System Software Detection Engine could allow an unauthenticated, remote attacker to bypass configured Malware and File Policies for RTF and RAR file types.
network
low complexity
cisco
5.0
2019-10-02 CVE-2019-12696 Unspecified vulnerability in Cisco Firepower
Multiple vulnerabilities in the Cisco Firepower System Software Detection Engine could allow an unauthenticated, remote attacker to bypass configured Malware and File Policies for RTF and RAR file types.
network
low complexity
cisco
5.0
2019-10-02 CVE-2019-12695 Cross-site Scripting vulnerability in Cisco Adaptive Security Appliance
A vulnerability in the Clientless SSL VPN (WebVPN) portal of Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.
network
low complexity
cisco CWE-79
6.1
2019-10-02 CVE-2019-12693 Incorrect Type Conversion or Cast vulnerability in Cisco Adaptive Security Appliance
A vulnerability in the Secure Copy (SCP) feature of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition.
network
low complexity
cisco CWE-704
4.9
2019-10-02 CVE-2019-12691 Path Traversal vulnerability in Cisco Firepower Management Center
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to perform a directory traversal attack on an affected device.
network
low complexity
cisco CWE-22
4.0
2019-10-02 CVE-2019-12677 Improper Handling of Exceptional Conditions vulnerability in Cisco Adaptive Security Appliance Software
A vulnerability in the Secure Sockets Layer (SSL) VPN feature of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition that prevents the creation of new SSL/Transport Layer Security (TLS) connections to an affected device.
network
low complexity
cisco CWE-755
6.5