Latest CVE Feed
-
7.8
HIGHCVE-2018-0437
A vulnerability in the Cisco Umbrella Enterprise Roaming Client (ERC) could allow an authenticated, local attacker to elevate privileges to Administrator. To exploit the vulnerability, the attacker must authenticate with valid local user credentials. This... Read more
- Published: Oct. 05, 2018
- Modified: Nov. 21, 2024
-
8.7
HIGHCVE-2018-0436
A vulnerability in Cisco Webex Teams, formerly Cisco Spark, could allow an authenticated, remote attacker to view and modify data for an organization other than their own organization. The vulnerability exists because the affected software performs insuff... Read more
Affected Products : webex_teams- Published: Oct. 05, 2018
- Modified: Nov. 21, 2024
-
9.1
CRITICALCVE-2018-0435
A vulnerability in the Cisco Umbrella API could allow an authenticated, remote attacker to view and modify data across their organization and other organizations. The vulnerability is due to insufficient authentication configurations for the API interface... Read more
Affected Products : umbrella- Published: Oct. 05, 2018
- Modified: Nov. 21, 2024
-
7.4
HIGHCVE-2018-0434
A vulnerability in the Zero Touch Provisioning feature of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate. The vulnerability is due to insufficient cer... Read more
- Published: Oct. 05, 2018
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2018-0433
A vulnerability in the command-line interface (CLI) in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. A... Read more
- Published: Oct. 05, 2018
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2018-0432
A vulnerability in the error reporting feature of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to gain elevated privileges on an affected device. The vulnerability is due to a failure to properly validate certain parameters incl... Read more
- Published: Oct. 05, 2018
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2018-0431
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject and execute arbitrary commands with root privileges on an affected device. The vulnerabi... Read more
- Published: Oct. 05, 2018
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2018-0430
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject and execute arbitrary commands with root privileges on an affected device. The vulnerabi... Read more
- Published: Oct. 05, 2018
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2018-0429
Stack-based buffer overflow in the Cisco Thor decoder before commit 18de8f9f0762c3a542b1122589edb8af859d9813 allows local users to cause a denial of service (segmentation fault) and execute arbitrary code via a crafted non-conformant Thor bitstream.... Read more
Affected Products : thor_video_codec- Published: Aug. 09, 2018
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2018-0428
A vulnerability in the account management subsystem of Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to elevate privileges to root. The attacker must authenticate with valid administrator credentials. The vulnerability is... Read more
- Published: Aug. 15, 2018
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2018-0427
A vulnerability in the CronJob scheduler API of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to incorrect input validation of user-supplied da... Read more
Affected Products : application_policy_infrastructure_controller_enterprise_module- Published: Aug. 15, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-0426
A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain access to s... Read more
- Published: Oct. 05, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-0425
A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain access to s... Read more
- Published: Oct. 05, 2018
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2018-0424
A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an authenticated, remote attacker to execute arbitrary ... Read more
- Published: Oct. 05, 2018
- Modified: Nov. 21, 2024
-
9.3
HIGHCVE-2018-0423
A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to cause a denial o... Read more
- Published: Oct. 05, 2018
- Modified: Nov. 21, 2024
-
7.3
HIGHCVE-2018-0422
A vulnerability in the folder permissions of Cisco Webex Meetings client for Windows could allow an authenticated, local attacker to modify locally stored files and execute code on a targeted device with the privilege level of the user. The vulnerability ... Read more
- Published: Oct. 05, 2018
- Modified: Nov. 21, 2024
-
8.6
HIGHCVE-2018-0421
A vulnerability in TCP connection management in Cisco Prime Access Registrar could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition when the application unexpectedly restarts. The vulnerability is due to incorrect han... Read more
- Published: Oct. 05, 2018
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2018-0420
A vulnerability in the web-based interface of Cisco Wireless LAN Controller Software could allow an authenticated, remote attacker to view sensitive information. The issue is due to improper sanitization of user-supplied input in HTTP request parameters t... Read more
- Published: Oct. 17, 2018
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2018-0419
A vulnerability in certain attachment detection mechanisms of Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass the filtering functionality of an affected system. The vulnerability is due to the improper detec... Read more
Affected Products : email_security_appliance- Published: Aug. 15, 2018
- Modified: Nov. 21, 2024
-
8.6
HIGHCVE-2018-0418
A vulnerability in the Local Packet Transport Services (LPTS) feature set of Cisco ASR 9000 Series Aggregation Services Router Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The... Read more
- Published: Aug. 15, 2018
- Modified: Nov. 21, 2024