[German]Cisco has released 22 Security Advisories about vulnerabilities in several of its products. A couple of these vulnerabilities are classified as critical, others as high.
All Security Advisories are published within Cisco-Security-Center. Here are the entries up to March 9, 2018.
Critical security issues
- Cisco Unified Communications Domain Manager Remote Code Execution Vulnerability, CVE-2018-0124
- Cisco Prime Collaboration Provisioning Hard-Coded Password Vulnerability; CVE-2018-0141
- Cisco Secure Access Control System Java Deserialization Vulnerability, CVE-2018-0147
High security issues
Medium security issues
- CPU Side-Channel Information Disclosure Vulnerabilities, CVE-2017-5715
- Cisco Videoscape AnyRes Live Cross-Site Scripting Vulnerability, CVE-2018-0220
- Cisco UCS Director Cross-Site Scripting Vulnerability, CVE-2018-0219
- Cisco StarOS CLI Command Injection Vulnerability, CVE-2018-0224
- Cisco StarOS CLI Command Injection Vulnerability, CVE-2018-0217
- Cisco Security Manager DesktopServlet Reflected Cross-Site Scripting Vulnerability, CVE-2018-0223
- Cisco Registered Envelope Service Cross-Site Scripting Vulnerability, CVE-2018-0208
- Cisco Prime Data Center Network Manager Cross-Site Scripting Vulnerability, CVE-2018-0144
- Cisco Identity Services Engine Command Injection to Underlying Operating System Vulnerability, CVE-2018-0221
- Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability, CVE-2018-0216
- Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability, CVE-2018-0215
- Cisco Identity Services Engine Local Command Injection Vulnerability, CVE-2018-0214
- Cisco Identity Services Engine Authenticated Privilege Escalation Vulnerability, CVE-2018-0213
- Cisco Identity Services Engine Cross-Site Scripting Vulnerability, CVE-2018-0212
- Cisco Identity Services Engine Authenticated CLI Denial of Service Vulnerability, CVE-2018-0211
- Cisco Data Center Network Manager Cross-Site Request Forgery Vulnerability, CVE-2018-0210
- Cisco Secure Access Control Server XML External Entity Injection Vulnerability, CVE-2018-0218
- Cisco Secure Access Control Server XML External Entity Injection Vulnerability, CVE-2018-0207
- Cisco 550X Series Stackable Managed Switches SNMP Denial of Service Vulnerability, CVE-2018-0209
- Cisco IOS and IOS XE Software Cluster Management Protocol Remote Code Execution Vulnerability, CVE-2017-3881
Further details may be obtained from the linked Security Advisories.
