CVE-2018-0445 Cisco Packaged Contact Center Enterprise Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Packaged Contact Center Enterprise could allow an unauthenticated, remote attacker to conduct a CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-bas...

CVE-2018-0424 Cisco RV110W, RV130W, and RV215W Routers Management Interface Command Injection Vulnerability

A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an authenticated, remote attacker to execute arbitrary commands. The vulnerability is due to...

CVE-2018-0451

CVE-2018-0451 affects Cisco Tetration Analytics web-based management interface. An authenticated, remote attacker can perform arbitrary actions on an affected device via CSRF due to insufficient CSRF protections. Exploitation requires a user to click a crafted link; impact is actions performed wi...

CVE-2018-0425

This CVE (CVE-2018-0425) affects Cisco RV110W/RV130W/RV215W routers, where the web-based management interface improperly enforces access control, allowing an unauthenticated, remote attacker to disclose sensitive configuration data including user credentials. The issue arises from insufficient fi...

CVE-2018-15424

Cisco Identity Services Engine (ISE) web-based management interface contains multiple vulnerabilities that could allow an authenticated remote attacker to execute arbitrary commands on the device with the web server’s privileges. Affected component is the ISE web management interface; root cause ...

CVE-2018-0444 Cisco Packaged Contact Center Enterprise Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Packaged Contact Center Enterprise could allow an unauthenticated, remote attacker to conduct a stored XSS attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the...

CVE-2018-0431 Cisco Integrated Management Controller Command Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC Software could allow an authenticated, remote attacker to inject and execute arbitrary commands with root privileges on an affected device. The vulnerability is due to insufficient validation of...

CVE-2018-0426 Cisco RV110W, RV130W, and RV215W Routers Management Interface Directory Traversal Vulnerability

A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is...

CVE-2018-0454 Cisco Cloud Services Platform 2100 Command Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Cloud Services Platform 2100 could allow an authenticated, remote attacker to perform command injection. The vulnerability is due to insufficient input validation of command input. An attacker could exploit this vulnerability by sendi...

CVE-2018-0426 Cisco RV110W, RV130W, and RV215W Routers Management Interface Directory Traversal Vulnerability

A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is...

CVE-2018-0431 Cisco Integrated Management Controller Command Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC Software could allow an authenticated, remote attacker to inject and execute arbitrary commands with root privileges on an affected device. The vulnerability is due to insufficient validation of...

CVE-2018-0450

CVE-2018-0450 concerns Cisco Data Center Network Manager (DCNM). The vulnerability is in the web-based management interface, caused by insufficient validation of user-supplied input, enabling an unauthenticated, remote attacker to perform a cross-site scripting (XSS) attack by tricking a user int...

CVE-2018-15434

The CVE-2018-15434 entry refers to Cisco Unified IP Phone 7900 Series with a vulnerability in the web-based management interface. Affected component: the web-based management interface; root cause: insufficient validation of user-supplied input leading to cross-site scripting (XSS). Impact stated...

CVE-2018-0445

Cisco Packaged Contact Center Enterprise (PCCE) web-based management interface is affected by a CSRF vulnerability due to insufficient protections. An unauthenticated, remote attacker could entice a user to follow a crafted link and perform arbitrary actions on the device with the user’s privileg...

CVE-2018-15401

The CVE-2018-15401 entry concerns Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) with a vulnerability in its web-based management interface due to insufficient CSRF protections. A remote, unauthenticated attacker could coerce a logged-in user to perform arbitrary actions on the affected...

CVE-2018-0452

CVE-2018-0452 affects Cisco Tetration Analytics web-based management interface. The vulnerability is an unauthenticated XSS due to insufficient validation of user-supplied input in the web UI. An attacker could lure a user into clicking a crafted link, enabling arbitrary script execution in the i...

Cisco Industrial Network Director Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Industrial Network Director could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF...

Multiple Vulnerabilities in Cisco Packaged Contact Center Enterprise

Multiple vulnerabilities in the web-based management interface of Cisco Packaged Contact Center Enterprise could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface or conduct a cross-site request forgery CSRF attack. For more...

Cisco Prime Collaboration Assurance Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...

Cisco Tetration Analytics Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Tetration Analytics could allow an authenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for t...