Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-13 | CVE-2017-6694 | Insufficiently Protected Credentials vulnerability in Cisco Ultra Services Platform 21.0.V0.65839 A vulnerability in the Virtual Network Function Manager's (VNFM) logging function of Cisco Ultra Services Platform could allow an authenticated, local attacker to view sensitive data (cleartext credentials) on an affected system. | 5.5 |
| 2017-06-13 | CVE-2017-6693 | Missing Authorization vulnerability in Cisco Elastic Services Controller 2.2(9.76)/2.3(1) A vulnerability in the ConfD server component of Cisco Elastic Services Controllers could allow an authenticated, local attacker to access information stored in the file system of an affected system, aka Unauthorized Directory Access. | 5.5 |
| 2017-06-13 | CVE-2017-6691 | Information Exposure vulnerability in Cisco Elastic Services Controller 2.3(2) A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive information on an affected system. | 6.5 |
| 2017-06-13 | CVE-2017-6690 | Improper Input Validation vulnerability in Cisco ASR 5000 Software 21.0.V0.65839/21.3.M0.67005 A vulnerability in the file check operation of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify arbitrary files on an affected system. | 4.9 |
| 2017-06-13 | CVE-2017-6675 | Cross-site Scripting vulnerability in Cisco Industrial Network Director 1.1(0.176) A vulnerability in the web interface of Cisco Industrial Network Director could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against an affected system. | 6.1 |
| 2017-06-13 | CVE-2017-6673 | Information Exposure vulnerability in Cisco Secure Firewall Management Center 6.1.0.2/6.2.0 A vulnerability in Cisco Firepower Management Center could allow an authenticated, remote attacker to obtain user information. | 6.5 |
| 2017-06-13 | CVE-2017-6670 | Open Redirect vulnerability in Cisco Unified Communications Domain Manager 8.1(7)Er1 A vulnerability in the web-based GUI of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect issue. | 6.1 |
| 2017-06-13 | CVE-2017-6668 | SQL Injection vulnerability in Cisco Unified Communications Domain Manager 8.1(7)Er1 Vulnerabilities in the web-based GUI of Cisco Unified Communications Domain Manager (CUCDM) could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. | 4.9 |
| 2017-06-13 | CVE-2017-6666 | Unspecified vulnerability in Cisco IOS XR A vulnerability in the forwarding component of Cisco IOS XR Software for Cisco Network Convergence System (NCS) 5500 Series Routers could allow an authenticated, local attacker to cause the router to stop forwarding data traffic across Traffic Engineering (TE) tunnels, resulting in a denial of service (DoS) condition. | 6.0 |
| 2017-06-13 | CVE-2017-6661 | Cross-site Scripting vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device, aka Message Tracking XSS. | 6.1 |