Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-21 | CVE-2019-1908 | Unspecified vulnerability in Cisco products A vulnerability in the Intelligent Platform Management Interface (IPMI) implementation of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to view sensitive system information. | 5.0 |
| 2019-08-21 | CVE-2019-1907 | Unspecified vulnerability in Cisco products A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to set sensitive configuration values and gain elevated privileges. | 6.5 |
| 2019-08-21 | CVE-2019-12634 | Permissions, Privileges, and Access Controls vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. | 5.0 |
| 2019-08-21 | CVE-2019-12627 | Improper Access Control vulnerability in Cisco Firepower Threat Defense A vulnerability in the application policy configuration of the Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data. | 5.0 |
| 2019-08-21 | CVE-2019-12624 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco IOS XE A vulnerability in the web-based management interface of Cisco IOS XE New Generation Wireless Controller (NGWC) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. | 6.8 |
| 2019-08-21 | CVE-2019-12623 | File and Directory Information Exposure vulnerability in Cisco Enterprise Network Functions Virtualization Infrastructure A vulnerability in the web server functionality of Cisco Enterprise Network Functions Virtualization Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform file enumeration on an affected system. | 4.0 |
| 2019-08-21 | CVE-2019-12621 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Cisco products A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack. | 5.8 |
| 2019-08-08 | CVE-2019-1970 | Protection Mechanism Failure vulnerability in Cisco products A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) protocol inspection engine of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the configured file policies on an affected system. | 5.0 |
| 2019-08-08 | CVE-2019-1961 | Improper Input Validation vulnerability in Cisco Enterprise Network Function Virtualization Infrastructure A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system (OS) of an affected device. | 6.8 |
| 2019-08-08 | CVE-2019-1958 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Hyperflex HX Data Platform A vulnerability in the web-based management interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. | 6.8 |