Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-30 | CVE-2019-1969 | Improper Input Validation vulnerability in Cisco Nx-Os A vulnerability in the implementation of the Simple Network Management Protocol (SNMP) Access Control List (ACL) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to perform SNMP polling of an affected device, even if it is configured to deny SNMP traffic. | 5.3 |
| 2019-08-28 | CVE-2019-1963 | Improper Input Validation vulnerability in Cisco Nx-Os A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, remote attacker to cause the SNMP application on an affected device to restart unexpectedly. | 6.5 |
| 2019-08-21 | CVE-2019-1984 | Improper Input Validation vulnerability in Cisco Enterprise Network Function Virtualization Infrastructure Sofware A vulnerability in Cisco Enterprise Network Functions Virtualization Infrastructure Software (NFVIS) could allow an authenticated, remote attacker with administrator privileges to overwrite files on the underlying operating system (OS) of an affected device. | 6.5 |
| 2019-08-21 | CVE-2019-1948 | Improper Certificate Validation vulnerability in Cisco Webex Meetings 11.3/39.5 A vulnerability in Cisco Webex Meetings Mobile (iOS) could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data by using an invalid Secure Sockets Layer (SSL) certificate. | 5.9 |
| 2019-08-21 | CVE-2019-1839 | OS Command Injection vulnerability in Cisco products A vulnerability in Cisco Remote PHY Device Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. | 6.7 |
| 2019-08-21 | CVE-2019-12626 | Cross-site Scripting vulnerability in Cisco Unified Contact Center Express 12.5(1) A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 4.8 |
| 2019-08-21 | CVE-2019-12623 | File and Directory Information Exposure vulnerability in Cisco Enterprise Network Functions Virtualization Infrastructure A vulnerability in the web server functionality of Cisco Enterprise Network Functions Virtualization Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform file enumeration on an affected system. | 4.3 |
| 2019-08-21 | CVE-2019-12622 | Unspecified vulnerability in Cisco products A vulnerability in Cisco RoomOS Software could allow an authenticated, local attacker to write files to the underlying filesystem with root privileges. | 5.5 |
| 2019-08-08 | CVE-2019-1973 | Cross-site Scripting vulnerability in Cisco Enterprise Network Function Virtualization Infrastructure A vulnerability in the web portal framework of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. | 4.8 |
| 2019-08-08 | CVE-2019-1972 | Unspecified vulnerability in Cisco Enterprise Network Function Virtualization Infrastructure A vulnerability the Cisco Enterprise NFV Infrastructure Software (NFVIS) restricted CLI could allow an authenticated, local attacker with valid administrator-level credentials to elevate privileges and execute arbitrary commands on the underlying operating system as root. | 6.7 |