Suscribirse a CERTSI - Vulnerabilities RSS

Vulnerabilidades

CVE-2017-3821

Gravedad: 
Baja
Fecha publicación : 
21/02/2017
Última modificación: 
21/02/2017
Descripción:  
*** Pendiente de traducción *** A vulnerability in the serviceability page of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks. More Information: CSCvc49348. Known Affected Releases: 10.5(2.14076.1). Known Fixed Releases: 12.0(0.98000.209) 12.0(0.98000.478) 12.0(0.98000.609).

CVE-2017-3845

Gravedad: 
Baja
Fecha publicación : 
21/02/2017
Última modificación: 
21/02/2017
Descripción:  
*** Pendiente de traducción *** A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. Affected Products: Cisco Prime Collaboration Assurance software versions 11.0, 11.1, and 11.5 are vulnerable. Cisco Prime Collaboration Assurance software versions prior to 11.0 are not vulnerable. More Information: CSCvc77783. Known Affected Releases: 11.5(0).

CVE-2017-3827

Gravedad: 
Baja
Fecha publicación : 
21/02/2017
Última modificación: 
21/02/2017
Descripción:  
*** Pendiente de traducción *** A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco ESA and Cisco WSA, both virtual and hardware appliances, that are configured with message or content filters to scan incoming email attachments on the ESA or services scanning content of web access on the WSA. More Information: SCvb91473, CSCvc76500. Known Affected Releases: 10.0.0-203 9.9.9-894 WSA10.0.0-233.

CVE-2017-3847

Gravedad: 
Baja
Fecha publicación : 
21/02/2017
Última modificación: 
21/02/2017
Descripción:  
*** Pendiente de traducción *** A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. More Information: CSCvc72741. Known Affected Releases: 6.2.1.

CVE-2017-3828

Gravedad: 
Baja
Fecha publicación : 
21/02/2017
Última modificación: 
21/02/2017
Descripción:  
*** Pendiente de traducción *** A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvb98777. Known Affected Releases: 11.0(1.10000.10) 11.5(1.10000.6). Known Fixed Releases: 11.0(1.23063.1) 11.5(1.12029.1) 11.5(1.12900.11) 11.5(1.12900.21) 11.6(1.10000.4) 12.0(0.98000.156) 12.0(0.98000.178) 12.0(0.98000.369) 12.0(0.98000.470) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.6).

CVE-2017-3829

Gravedad: 
Baja
Fecha publicación : 
21/02/2017
Última modificación: 
21/02/2017
Descripción:  
*** Pendiente de traducción *** A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc30999. Known Affected Releases: 12.0(0.98000.280). Known Fixed Releases: 11.0(1.23900.3) 12.0(0.98000.180) 12.0(0.98000.422) 12.0(0.98000.541) 12.0(0.98000.6).

CVE-2017-3830

Gravedad: 
Baja
Fecha publicación : 
21/02/2017
Última modificación: 
21/02/2017
Descripción:  
*** Pendiente de traducción *** A vulnerability in an internal API of the Cisco Meeting Server (CMS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected appliance. More Information: CSCvc89678. Known Affected Releases: 2.1. Known Fixed Releases: 2.1.2.

CVE-2017-2684

Gravedad: 
Baja
Fecha publicación : 
21/02/2017
Última modificación: 
21/02/2017
Descripción:  
*** Pendiente de traducción *** Siemens SIMATIC Logon prior to V1.5 SP3 Update 2 could allow an attacker with knowledge of a valid user name, and physical or network access to the affected system, to bypass the application-level authentication.

CVE-2017-3833

Gravedad: 
Baja
Fecha publicación : 
21/02/2017
Última modificación: 
21/02/2017
Descripción:  
*** Pendiente de traducción *** A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected software. More Information: CSCvb95951. Known Affected Releases: 12.0(0.99999.2). Known Fixed Releases: 11.0(1.23064.1) 11.5(1.12031.1) 11.5(1.12900.21) 11.5(1.12900.7) 11.5(1.12900.8) 11.6(1.10000.4) 12.0(0.98000.155) 12.0(0.98000.178) 12.0(0.98000.366) 12.0(0.98000.367) 12.0(0.98000.468) 12.0(0.98000.469) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.6).

CVE-2017-3835

Gravedad: 
Baja
Fecha publicación : 
21/02/2017
Última modificación: 
21/02/2017
Descripción:  
*** Pendiente de traducción *** A vulnerability in the sponsor portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access notices owned by other users, because of SQL Injection. More Information: CSCvb15627. Known Affected Releases: 1.4(0.908).