Vulnerabilities > Cisco > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-10-02 CVE-2019-12695 Cross-site Scripting vulnerability in Cisco Adaptive Security Appliance
A vulnerability in the Clientless SSL VPN (WebVPN) portal of Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.
network
low complexity
cisco CWE-79
6.1
2019-10-02 CVE-2019-12694 Improper Input Validation vulnerability in Cisco Firepower Threat Defense
A vulnerability in the command line interface (CLI) of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker with administrative privileges to execute commands on the underlying operating system with root privileges.
local
low complexity
cisco CWE-20
6.7
2019-10-02 CVE-2019-12693 Incorrect Type Conversion or Cast vulnerability in Cisco Adaptive Security Appliance
A vulnerability in the Secure Copy (SCP) feature of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition.
network
low complexity
cisco CWE-704
4.9
2019-10-02 CVE-2019-12691 Path Traversal vulnerability in Cisco Secure Firewall Management Center
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to perform a directory traversal attack on an affected device.
network
low complexity
cisco CWE-22
4.9
2019-10-02 CVE-2019-12677 Improper Handling of Exceptional Conditions vulnerability in Cisco Adaptive Security Appliance Software
A vulnerability in the Secure Sockets Layer (SSL) VPN feature of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition that prevents the creation of new SSL/Transport Layer Security (TLS) connections to an affected device.
network
low complexity
cisco CWE-755
6.5
2019-10-02 CVE-2019-12631 Cross-site Scripting vulnerability in Cisco Identity Services Engine
A vulnerability in the web-based guest portal of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface.
network
low complexity
cisco CWE-79
6.1
2019-09-25 CVE-2019-12709 OS Command Injection vulnerability in Cisco IOS XR
A vulnerability in a CLI command related to the virtualization manager (VMAN) in Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with root privileges.
local
low complexity
cisco CWE-78
6.7
2019-09-25 CVE-2019-12672 Link Following vulnerability in Cisco IOS 16.9.1
A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker with physical access to an affected device to execute arbitrary code on the underlying operating system (OS) with root privileges.
low complexity
cisco CWE-59
6.8
2019-09-25 CVE-2019-12670 Incorrect Default Permissions vulnerability in Cisco IOS 16.10.1
A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker within the IOx Guest Shell to modify the namespace container protections on an affected device.
local
low complexity
cisco CWE-276
6.7
2019-09-25 CVE-2019-12668 Cross-site Scripting vulnerability in Cisco IOS and IOS XE
A vulnerability in the web framework code of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of the affected software using the banner parameter.
network
low complexity
cisco CWE-79
4.8