Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2018-07-18 CVE-2018-0387 Improper Input Validation vulnerability in Cisco Webex Teams
A vulnerability in Cisco Webex Teams (for Windows and macOS) could allow an unauthenticated, remote attacker to execute arbitrary code on the user's device, possibly with elevated privileges.
network
low complexity
cisco CWE-20
8.8
2018-07-18 CVE-2018-0379 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products
Multiple vulnerabilities exist in the Cisco Webex Network Recording Player for Advanced Recording Format (ARF) and Webex Recording Format (WRF) files.
local
low complexity
cisco CWE-119
7.8
2018-07-18 CVE-2018-0372 Resource Exhaustion vulnerability in Cisco Nx-Os 13.0(1K)
A vulnerability in the DHCPv6 feature of the Cisco Nexus 9000 Series Fabric Switches in Application-Centric Infrastructure (ACI) Mode could allow an unauthenticated, remote attacker to cause the device to run low on system memory, which could result in a Denial of Service (DoS) condition on an affected system.
network
low complexity
cisco CWE-400
7.5
2018-07-18 CVE-2018-0351 Command Injection vulnerability in Cisco products
A vulnerability in the command-line tcpdump utility in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges.
local
low complexity
cisco CWE-77
7.8
2018-07-18 CVE-2018-0350 Command Injection vulnerability in Cisco products
A vulnerability in the VPN subsystem configuration in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges.
network
low complexity
cisco CWE-77
8.8
2018-07-18 CVE-2018-0348 OS Command Injection vulnerability in Cisco products
A vulnerability in the CLI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges.
network
low complexity
cisco CWE-78
7.2
2018-07-18 CVE-2018-0347 Command Injection vulnerability in Cisco products
A vulnerability in the Zero Touch Provisioning (ZTP) subsystem of the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges.
local
low complexity
cisco CWE-77
7.8
2018-07-18 CVE-2018-0346 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products
A vulnerability in the Zero Touch Provisioning service of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
network
low complexity
cisco CWE-119
7.5
2018-07-18 CVE-2018-0345 Argument Injection or Modification vulnerability in Cisco products
A vulnerability in the configuration and management database of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary commands with the privileges of the vmanage user in the configuration management system of the affected software.
network
low complexity
cisco CWE-88
8.8
2018-07-18 CVE-2018-0344 Command Injection vulnerability in Cisco products
A vulnerability in the vManage dashboard for the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system.
network
low complexity
cisco CWE-77
7.2