Skip to main content
CVE-2017-12342 MEDIUM This Month

A vulnerability in the Open Agent Container (OAC) feature of Cisco Nexus Series Switches could allow an unauthenticated, local attacker to read and send packets outside the scope of the OAC. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Nx Os
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2017-12341 MEDIUM This Month

A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Unified Computing System Nx Os
NVD
CVSS 3.0
6.7
EPSS
0.4%
CVE-2017-12334 MEDIUM This Month

A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Nx Os Unified Computing System
NVD
CVSS 3.0
6.7
EPSS
0.1%
CVE-2017-12352 MEDIUM This Month

A vulnerability in certain system script files that are installed at boot time on Cisco Application Policy Infrastructure Controllers could allow an authenticated, local attacker to gain elevated. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Application Policy Infrastructure Controller
NVD
CVSS 3.0
6.7
EPSS
0.1%
CVE-2017-12331 MEDIUM This Month

A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software patch. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Authentication Bypass Jwt Attack Nx Os Unified Computing System
NVD
CVSS 3.0
6.7
EPSS
0.0%
CVE-2017-12333 MEDIUM This Month

A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software image. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Authentication Bypass Jwt Attack Nx Os Unified Computing System
NVD
CVSS 3.0
6.7
EPSS
0.0%
CVE-2017-12359 MEDIUM This Month

A Buffer Overflow vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (.arf) files could allow an attacker to execute arbitrary code on a system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Cisco Webex Meeting Center Webex Meetings Server
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2017-12362 MEDIUM This Month

A vulnerability in Cisco Meeting Server versions prior to 2.2.2 could allow an authenticated, remote attacker to cause the system to reload, resulting in a denial of service (DoS) condition. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Meeting Server
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2017-17081 MEDIUM PATCH This Month

The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 2.3 and 3.4 does not properly validate widths and heights, which allows remote attackers to cause a denial of service (integer. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Ffmpeg
NVD GitHub
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-12364 MEDIUM This Month

A SQL Injection vulnerability in the web framework of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to execute unauthorized Structured Query Language (SQL) queries. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco SQLi Prime Service Catalog
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-12329 MEDIUM This Month

A vulnerability in the CLI of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Nx Os Unified Computing System Firepower Extensible Operating System
NVD
CVSS 3.0
6.3
EPSS
0.5%
CVE-2017-12330 MEDIUM This Month

A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.

Cisco Authentication Bypass Command Injection Nx Os
NVD
CVSS 3.0
6.3
EPSS
0.4%
CVE-2017-12335 MEDIUM This Month

A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.

Cisco Authentication Bypass Command Injection Nx Os Unified Computing System
NVD
CVSS 3.0
6.3
EPSS
0.4%
CVE-2017-12366 MEDIUM This Month

A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Webex Meeting Center
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-12347 MEDIUM This Month

Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Data Center Network Manager
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-12346 MEDIUM This Month

Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Data Center Network Manager
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-14197 MEDIUM This Month

An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Matrix
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-12344 MEDIUM This Month

Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Data Center Network Manager
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-12356 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Jabber for Windows, Mac, Android, and iOS could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Google Apple Cisco +1
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-12338 MEDIUM This Month

A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to read the contents of arbitrary files. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Cisco Authentication Bypass Nx Os Unified Computing System Lan Switch Software
NVD
CVSS 3.0
6.0
EPSS
0.2%
CVE-2017-12328 MEDIUM This Month

A vulnerability in Session Initiation Protocol (SIP) call handling in Cisco IP Phone 8800 Series devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Ip Phone 8800 Series Firmware
NVD
CVSS 3.0
5.8
EPSS
0.6%
CVE-2017-12353 MEDIUM This Month

A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Asyncos
NVD
CVSS 3.0
5.8
EPSS
0.4%
CVE-2017-12339 MEDIUM This Month

A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Nx Os Lan Switch Software
NVD
CVSS 3.0
5.7
EPSS
0.2%
CVE-2017-12351 MEDIUM This Month

A vulnerability in the guest shell feature of Cisco NX-OS System Software could allow an authenticated, local attacker to read and send packets outside the scope of the guest shell container. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Nx Os
NVD
CVSS 3.0
5.7
EPSS
0.1%
CVE-2017-17080 MEDIUM This Month

elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate sizes of core notes, which allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Binutils
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2017-15116 MEDIUM PATCH This Month

The rngapi_reset function in crypto/rng.c in the Linux kernel before 4.2 allows attackers to cause a denial of service (NULL pointer dereference). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Linux Linux Kernel Enterprise Linux
NVD GitHub
CVSS 3.0
5.5
EPSS
0.0%
CVE-2017-12363 MEDIUM This Month

A vulnerability in Cisco WebEx Meeting Server could allow an unauthenticated, remote attacker to modify the welcome message of a meeting on an affected system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Webex Meetings Server
NVD
CVSS 3.0
5.3
EPSS
0.9%
CVE-2017-12357 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Unified Communications Manager
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-12349 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Unified Computing System Central Software
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-12348 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Unified Computing System Central Software
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-3764 MEDIUM PATCH This Month

A vulnerability was identified in Lenovo XClarity Administrator (LXCA) before 1.4.0 where LXCA user account names may be exposed to unauthenticated users with access to the LXCA web user interface. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Lenovo Information Disclosure Xclarity Administrator
NVD
CVSS 3.0
5.3
EPSS
0.7%
CVE-2017-12358 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Jabber for Windows, Mac, Android, and iOS could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Microsoft Google Apple Cisco +1
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-12355 MEDIUM This Month

A vulnerability in the Local Packet Transport Services (LPTS) ingress frame-processing functionality of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause one of the LPTS. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Cisco Ios Xr
NVD
CVSS 3.0
5.3
EPSS
0.6%
CVE-2017-12354 MEDIUM This Month

A vulnerability in the web-based interface of Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to view sensitive information on an affected system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Secure Access Control System
NVD
CVSS 3.0
5.3
EPSS
0.5%
CVE-2017-12297 MEDIUM This Month

A vulnerability in Cisco WebEx Meeting Center could allow an authenticated, remote attacker to initiate connections to arbitrary hosts, aka a "URL Redirection Vulnerability." The vulnerability is due. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Webex Meeting Center
NVD
CVSS 3.0
5.0
EPSS
0.2%
CVE-2017-12345 MEDIUM This Month

Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Data Center Network Manager
NVD
CVSS 3.0
4.7
EPSS
0.3%
CVE-2017-12332 MEDIUM This Month

A vulnerability in Cisco NX-OS System Software patch installation could allow an authenticated, local attacker to write a file to arbitrary locations. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Cisco File Upload Unified Computing System Nx Os
NVD
CVSS 3.0
4.4
EPSS
0.2%
CVE-2017-12360 MEDIUM This Month

A vulnerability in Cisco WebEx Network Recording Player for WebEx Recording Format (WRF) files could allow an attacker to cause a denial of service (DoS) condition. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Webex Meeting Center
NVD
CVSS 3.0
4.3
EPSS
0.3%
CVE-2017-12365 MEDIUM This Month

A vulnerability in Cisco WebEx Event Center could allow an authenticated, remote attacker to view unlisted meeting information. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Webex Meeting Center
NVD
CVSS 3.0
4.3
EPSS
0.3%
CVE-2017-12340 MEDIUM This Month

A vulnerability in Cisco NX-OS System Software running on Cisco MDS Multilayer Director Switches, Cisco Nexus 7000 Series Switches, and Cisco Nexus 7700 Series Switches could allow an authenticated,. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.

Python Cisco Authentication Bypass Nx Os
NVD
CVSS 3.0
4.2
EPSS
0.1%
CVE-2017-12336 MEDIUM This Month

A vulnerability in the TCL scripting subsystem of Cisco NX-OS System Software could allow an authenticated, local attacker to escape the interactive TCL shell and gain unauthorized access to the. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.

Cisco Authentication Bypass Nx Os Unified Computing System
NVD
CVSS 3.0
4.2
EPSS
0.1%
CVE-2017-12361 MEDIUM This Month

A vulnerability in Cisco Jabber for Windows could allow an unauthenticated, local attacker to access sensitive communications made by the Jabber client. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Cisco Information Disclosure Jabber
NVD
CVSS 3.0
4.0
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy