Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-25 | CVE-2019-12672 | Link Following vulnerability in Cisco IOS 16.9.1 A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker with physical access to an affected device to execute arbitrary code on the underlying operating system (OS) with root privileges. | 6.8 |
| 2019-09-25 | CVE-2019-12670 | Incorrect Default Permissions vulnerability in Cisco IOS 16.10.1 A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker within the IOx Guest Shell to modify the namespace container protections on an affected device. | 6.7 |
| 2019-09-25 | CVE-2019-12668 | Cross-site Scripting vulnerability in Cisco IOS and IOS XE A vulnerability in the web framework code of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of the affected software using the banner parameter. | 4.8 |
| 2019-09-25 | CVE-2019-12667 | Cross-site Scripting vulnerability in Cisco IOS XE A vulnerability in the web framework code of Cisco IOS XE Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of the affected software. | 4.8 |
| 2019-09-25 | CVE-2019-12666 | Path Traversal vulnerability in Cisco IOS XE A vulnerability in the Guest Shell of Cisco IOS XE Software could allow an authenticated, local attacker to perform directory traversal on the base Linux operating system of Cisco IOS XE Software. | 6.7 |
| 2019-09-25 | CVE-2019-12662 | Improper Verification of Cryptographic Signature vulnerability in Cisco products A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service image and bypass signature verification on an affected device. | 6.7 |
| 2019-09-25 | CVE-2019-12661 | OS Command Injection vulnerability in Cisco IOS XE A vulnerability in a Virtualization Manager (VMAN) related CLI command of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root. | 6.7 |
| 2019-09-25 | CVE-2019-12660 | Exposure of Resource to Wrong Sphere vulnerability in Cisco IOS XE A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to write values to the underlying memory of an affected device. | 5.5 |
| 2019-09-25 | CVE-2019-12649 | Improper Verification of Cryptographic Signature vulnerability in Cisco IOS and IOS XE A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install and boot a malicious software image or execute unsigned binaries on an affected device. | 6.7 |
| 2019-09-18 | CVE-2019-1975 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Cisco products A vulnerability in the web-based interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack on an affected device. | 6.1 |