Skip to main content
CVE-2018-15379 CRITICAL POC THREAT Emergency

A vulnerability in which the HTTP web server for Cisco Prime Infrastructure (PI) has unrestricted directory permissions could allow an unauthenticated, remote attacker to upload an arbitrary file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cisco Prime Infrastructure
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
86.2%
CVE-2018-1264 CRITICAL Act Now

Cloud Foundry Log Cache, versions prior to 1.1.1, logs its UAA client secret on startup as part of its envstruct report. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cloud Foundry Log Cache
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-11082 CRITICAL Act Now

Cloud Foundry UAA, all versions prior to 4.20.0 and Cloud Foundry UAA Release, all versions prior to 61.0, allows brute forcing of MFA codes. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cloudfoundry Uaa Cloudfoundry Uaa Release
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2018-15427 CRITICAL Act Now

A vulnerability in Cisco Video Surveillance Manager (VSM) Software running on certain Cisco Connected Safety and Security Unified Computing System (UCS) platforms could allow an unauthenticated,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Video Surveillance Manager
NVD
CVSS 3.0
9.8
EPSS
6.8%
CVE-2018-15389 CRITICAL Act Now

A vulnerability in the install function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to access the administrative web interface using a default. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Prime Collaboration
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-15387 CRITICAL Act Now

A vulnerability in the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to bypass certificate validation on an affected device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Sd Wan
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2018-15386 CRITICAL Act Now

A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and have direct unauthorized access to critical management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Digital Network Architecture Center
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2018-0448 CRITICAL Act Now

A vulnerability in the identity management service of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and take complete. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Digital Network Architecture Center
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2018-0426 CRITICAL Act Now

A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Cisco Rv110W Firmware Rv130W Firmware Rv215W Firmware
NVD
CVSS 3.0
9.8
EPSS
6.4%
CVE-2018-0425 CRITICAL Act Now

A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cisco Rv110W Firmware Rv130W Firmware Rv215W Firmware
NVD
CVSS 3.0
9.8
EPSS
3.4%
CVE-2018-0435 CRITICAL Act Now

A vulnerability in the Cisco Umbrella API could allow an authenticated, remote attacker to view and modify data across their organization and other organizations. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Umbrella
NVD
CVSS 3.0
9.1
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy