Page 3 of 14 results (0.006 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

A vulnerability in Cisco Industrial Network Director could allow an authenticated, remote attacker to conduct stored cross-site scripting (XSS) attacks. The vulnerability is due to improper validation of content submitted to the affected application. An attacker could exploit this vulnerability by sending requests containing malicious values to the affected system. A successful exploit could allow the attacker to conduct XSS attacks. Una vulnerabilidad en Cisco Industrial Network Director podría permitir a un atacante remoto identificado dirigir ataques de tipo cross-site scripting (XSS) almacenados. • http://www.securityfocus.com/bid/108629 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190605-ind-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 0

A vulnerability in the software update feature of Cisco Industrial Network Director could allow an authenticated, remote attacker to execute arbitrary code. The vulnerability is due to improper validation of files uploaded to the affected application. An attacker could exploit this vulnerability by authenticating to the affected system using administrator privileges and uploading an arbitrary file. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges. Una vulnerabilidad en la función de actualización del software Industrial Network Director de Cisco, podría permitir a un atacante remoto identificado ejecutar código arbitrario. • http://www.securityfocus.com/bid/108622 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190605-ind-rce • CWE-20: Improper Input Validation CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

A vulnerability in the DHCP service of Cisco Industrial Network Director could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper handling of DHCP lease requests. An attacker could exploit this vulnerability by sending malicious DHCP lease requests to an affected application. A successful exploit could allow the attacker to cause the DHCP service to terminate, resulting in a DoS condition. Una vulnerabilidad en el servicio DHCP de Cisco Industrial Network Director podría permitir que un atacante adyacente no autenticado provoque una condición de denegación de servicio (DoS). • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-ind-dos • CWE-399: Resource Management Errors •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

A vulnerability in the web interface of Cisco Industrial Network Director could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against an affected system. More Information: CSCvd25405. Known Affected Releases: 1.1(0.176). Una vulnerabilidad en la interfaz web de Cisco Industrial Network Director podría permitir que un atacante remoto no autenticado lleve a cabo un ataque cross-site scripting (XSS) contra un sistema afectado. Más información: CSCvd25405. • http://www.securityfocus.com/bid/98962 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-ind • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •