Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-02 | CVE-2019-12631 | Cross-site Scripting vulnerability in Cisco Identity Services Engine A vulnerability in the web-based guest portal of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. | 4.3 |
| 2019-09-25 | CVE-2019-12670 | Incorrect Permission Assignment for Critical Resource vulnerability in Cisco IOS 16.10.1 A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker within the IOx Guest Shell to modify the namespace container protections on an affected device. | 4.6 |
| 2019-09-25 | CVE-2019-12665 | Unspecified vulnerability in Cisco IOS 15.6(2)T/Fd1.5.0 A vulnerability in the HTTP client feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to read and modify data that should normally have been sent via an encrypted channel. network cisco | 5.8 |
| 2019-09-25 | CVE-2019-12660 | Improper Input Validation vulnerability in Cisco IOS XE A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to write values to the underlying memory of an affected device. | 4.9 |
| 2019-09-25 | CVE-2019-12659 | Improper Input Validation vulnerability in Cisco IOS XE 16.10.1 A vulnerability in the HTTP server code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the HTTP server to crash. | 5.0 |
| 2019-09-25 | CVE-2019-12656 | Improper Input Validation vulnerability in Cisco products A vulnerability in the IOx application environment of multiple Cisco platforms could allow an unauthenticated, remote attacker to cause the IOx web server to stop processing HTTPS requests, resulting in a denial of service (DoS) condition. | 5.0 |
| 2019-09-18 | CVE-2019-1975 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Cisco products A vulnerability in the web-based interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack on an affected device. | 4.3 |
| 2019-09-18 | CVE-2019-12620 | Insufficient Verification of Data Authenticity vulnerability in Cisco products A vulnerability in the statistics collection service of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to inject arbitrary values on an affected device. | 5.0 |
| 2019-09-05 | CVE-2019-1976 | Unspecified vulnerability in Cisco Industrial Network Director and Network Level Service A vulnerability in the “plug-and-play” services component of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to access sensitive information on an affected device. | 5.0 |
| 2019-09-05 | CVE-2019-12644 | Cross-site Scripting vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 4.3 |