Filtered by vendor Cisco
Subscribe
Total
5838 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-3805 | 1 Cisco | 1 Iox | 2017-07-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the web-based management interface of Cisco IOS and Cisco IOx Software could allow an unauthenticated, remote attacker to view confidential information that is displayed without authenticating to the device. Affected Products: This vulnerability affects Cisco IOS Software and Cisco IOx Software running on IR829, IR809, IE4K, and CGR1K platforms. More Information: CSCvb20897. Known Affected Releases: 1.0(0). | |||||
| CVE-2017-3792 | 1 Cisco | 8 Telepresence Mcu 4505, Telepresence Mcu 4510, Telepresence Mcu 4515 and 5 more | 2017-07-25 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in a proprietary device driver in the kernel of Cisco TelePresence Multipoint Control Unit (MCU) Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. The vulnerability is due to improper size validation when reassembling fragmented IPv4 or IPv6 packets. An attacker could exploit this vulnerability by sending crafted IPv4 or IPv6 fragments to a port receiving content in Passthrough content mode. An exploit could allow the attacker to overflow a buffer. If successful, the attacker could execute arbitrary code or cause a DoS condition on the affected system. Cisco TelePresence MCU platforms TelePresence MCU 5300 Series, TelePresence MCU MSE 8510 and TelePresence MCU 4500 are affected when running software version 4.3(1.68) or later configured for Passthrough content mode. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available, but mitigations are available. Cisco Bug IDs: CSCuu67675. | |||||
| CVE-2017-3794 | 1 Cisco | 1 Webex Meetings Server | 2017-07-25 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against an administrative user. More Information: CSCuz03317. Known Affected Releases: 2.6. Known Fixed Releases: 2.7.1.12. | |||||
| CVE-2017-3796 | 1 Cisco | 1 Webex Meetings Server | 2017-07-25 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute predetermined shell commands on other hosts. More Information: CSCuz03353. Known Affected Releases: 2.6. | |||||
| CVE-2017-3797 | 1 Cisco | 1 Webex Meetings Server | 2017-07-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to view the fully qualified domain name of the Cisco WebEx administration server. More Information: CSCvb60655. Known Affected Releases: 2.7. | |||||
| CVE-2017-3798 | 1 Cisco | 1 Unified Communications Manager | 2017-07-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to mount XSS attacks against a user of an affected device. More Information: CSCvb97237. Known Affected Releases: 11.0(1.10000.10) 11.5(1.10000.6). Known Fixed Releases: 11.5(1.12029.1) 11.5(1.12900.11) 12.0(0.98000.369) 12.0(0.98000.370) 12.0(0.98000.398) 12.0(0.98000.457). | |||||
| CVE-2017-3799 | 1 Cisco | 1 Webex Meeting Center | 2017-07-25 | 5.8 MEDIUM | 5.4 MEDIUM |
| A vulnerability in a URL parameter of Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to perform site redirection. More Information: CSCzu78401. Known Affected Releases: T28.1. | |||||
| CVE-2017-3800 | 1 Cisco | 1 Email Security Appliance | 2017-07-25 | 5.0 MEDIUM | 5.8 MEDIUM |
| A vulnerability in the content scanning engine of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured message or content filters on the device. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter or content filter to incoming email attachments. The vulnerability is not limited to any specific rules or actions for a message filter or content filter. More Information: CSCuz16076. Known Affected Releases: 9.7.1-066 9.7.1-HP2-207 9.8.5-085. Known Fixed Releases: 10.0.1-083 10.0.1-087. | |||||
| CVE-2017-3802 | 1 Cisco | 1 Unified Communications Manager | 2017-07-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCvc20679. Known Affected Releases: 12.0(0.99000.9). Known Fixed Releases: 12.0(0.98000.176) 12.0(0.98000.414) 12.0(0.98000.531) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.8). | |||||
| CVE-2017-11502 | 1 Cisco | 2 Dpc3928ad Docsis Wireless Router, Dpc3928ad Docsis Wireless Router Firmware | 2017-07-25 | 5.0 MEDIUM | 9.8 CRITICAL |
| Technicolor DPC3928AD DOCSIS devices allow remote attackers to read arbitrary files via a request starting with "GET /../" on TCP port 4321. | |||||
| CVE-2017-3838 | 1 Cisco | 1 Secure Access Control System | 2017-07-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to conduct a DOM-based cross-site scripting (XSS) attack against the user of the web interface of the affected system. More Information: CSCvc04838. Known Affected Releases: 5.8(2.5). | |||||
| CVE-2017-3840 | 1 Cisco | 1 Secure Access Control System | 2017-07-24 | 5.8 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect Vulnerability. More Information: CSCvc04849. Known Affected Releases: 5.8(2.5). | |||||
| CVE-2017-3841 | 1 Cisco | 1 Secure Access Control System | 2017-07-24 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the web interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to disclose sensitive information. More Information: CSCvc04854. Known Affected Releases: 5.8(2.5). | |||||
| CVE-2017-3842 | 1 Cisco | 1 Intrusion Prevention System Device Manager | 2017-07-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the web-based management interface of the Cisco Intrusion Prevention System Device Manager (IDM) could allow an unauthenticated, remote attacker to view sensitive information stored in certain HTML comments. More Information: CSCuh91455. Known Affected Releases: 7.2(1)V7. | |||||
| CVE-2017-3843 | 1 Cisco | 1 Prime Collaboration Assurance | 2017-07-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability in the file download functions for Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to download system files that should be restricted. More Information: CSCvc99446. Known Affected Releases: 11.5(0). | |||||
| CVE-2017-3835 | 1 Cisco | 1 Identity Services Engine Software | 2017-07-24 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability in the sponsor portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access notices owned by other users, because of SQL Injection. More Information: CSCvb15627. Known Affected Releases: 1.4(0.908). | |||||
| CVE-2017-3836 | 1 Cisco | 1 Unified Communications Manager | 2017-07-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability in the web framework Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. More Information: CSCvb61689. Known Affected Releases: 11.5(1.11007.2). Known Fixed Releases: 12.0(0.98000.162) 12.0(0.98000.178) 12.0(0.98000.383) 12.0(0.98000.488) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.6). | |||||
| CVE-2017-3809 | 1 Cisco | 1 Firepower Management Center | 2017-07-24 | 5.0 MEDIUM | 5.8 MEDIUM |
| A vulnerability in the Policy deployment module of the Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to prevent deployment of a complete and accurate rule base. More Information: CSCvb95281. Known Affected Releases: 6.1.0 6.2.0. Known Fixed Releases: 6.1.0.1 6.2.0. | |||||
| CVE-2017-3810 | 1 Cisco | 1 Prime Service Catalog | 2017-07-24 | 4.9 MEDIUM | 5.4 MEDIUM |
| A vulnerability in the web framework of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a web URL redirect attack against a user who is logged in to an affected system. More Information: CSCvb21745. Known Affected Releases: 10.0_R2_tanggula. | |||||
| CVE-2017-3818 | 1 Cisco | 1 Email Security Appliance Firmware | 2017-07-24 | 5.0 MEDIUM | 5.8 MEDIUM |
| A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device, aka a Malformed MIME Header Filtering Bypass. This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter or content filter to incoming email attachments. More Information: CSCvb65245. Known Affected Releases: 9.7.1-066. Known Fixed Releases: 9.8.0-092. | |||||