Skip to main content
CVE-2017-12243 HIGH POC THREAT Act Now

A vulnerability in the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 40.2%.

Cisco Command Injection Unified Computing System Manager Firmware Firepower 9300 Security Appliance Firmware Firepower 4100 Next Generation Firewall Firmware
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
40.2%
Threat
4.3
CVE-2017-12277 HIGH This Week

A vulnerability in the Smart Licensing Manager service of the Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) and Firepower 9300 Security Appliance could allow an authenticated, remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cisco Firepower Extensible Operating System
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2017-12262 HIGH This Week

A vulnerability within the firewall configuration of the Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) could allow an unauthenticated, adjacent attacker to gain. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Application Policy Infrastructure Controller Enterprise Module
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2017-11508 HIGH This Week

SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection vulnerability that could be exploited by an authenticated user with sufficient privileges to run diagnostic scans. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Authentication Bypass Securitycenter
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2017-10873 HIGH PATCH This Week

OpenAM (Open Source Edition) allows an attacker to bypass authentication and access unauthorized contents via unspecified vectors. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Openam
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2017-12276 HIGH This Week

A vulnerability in the web framework code for the SQL database interface of the Cisco Prime Collaboration Provisioning application could allow an authenticated, remote attacker to impact the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Prime Collaboration Provisioning
NVD
CVSS 3.0
8.1
EPSS
0.2%
CVE-2017-10870 HIGH PATCH This Week

Memory corruption vulnerability in Rakuraku Hagaki (Rakuraku Hagaki 2018, Rakuraku Hagaki 2017, Rakuraku Hagaki 2016) and Rakuraku Hagaki Select for Ichitaro (Ichitaro 2017, Ichitaro 2016, Ichitaro. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow RCE Easy Postcard 2016 Easy Postcard 2017 Easy Postcard 2018 +11
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-10825 HIGH This Week

Untrusted search path vulnerability in Installer of Flets Easy Setup Tool Ver1.2.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Flets Easy Setup Tool
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-12261 HIGH This Week

A vulnerability in the restricted shell of the Cisco Identity Services Engine (ISE) that is accessible via SSH could allow an authenticated, local attacker to run arbitrary CLI commands with elevated. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Identity Services Engine Identity Services Engine Express Identity Services Engine Virtual Appliance
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-12280 HIGH This Week

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) Discovery Request parsing functionality of Cisco Wireless LAN Controllers could allow an unauthenticated, remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Cisco Wireless Lan Controller Software
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2017-12281 HIGH This Week

A vulnerability in the implementation of Protected Extensible Authentication Protocol (PEAP) functionality for standalone configurations of Cisco Aironet 1800, 2800, and 3800 Series Access Points. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Cisco Authentication Bypass Aironet 1800 Firmware Aironet 2800 Firmware Aironet 3800 Firmware
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-12275 HIGH This Week

A vulnerability in the implementation of 802.11v Basic Service Set (BSS) Transition Management functionality in Cisco Wireless LAN Controllers could allow an unauthenticated, adjacent attacker to. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Wireless Lan Controller Software
NVD
CVSS 3.0
7.4
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy