cisco-sa-20170530-samba
Cisco PSIRTExploited2017-05-30
Vulnerability in Samba Affecting Cisco Products: May 2017
CVEs:CVE-2017-7494
Every advisory below is enriched with the Vulnetix VDB exploit-intelligence chip (hover a CVE ID in the interactive page to see CVSS, EPSS, KEV status, and PoC maturity). 2 are already weaponised in the wild — see the Exploited section.
Vulnerability in Samba Affecting Cisco Products: May 2017
CVEs:CVE-2017-7494
Cisco Firepower System Software URL Filtering Bypass Vulnerability
CVEs:CVE-2017-6674
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-205007 | affected | Cisco | — | — |
Cisco Policy Suite Privilege Escalation Vulnerability
CVEs:CVE-2017-6623
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-213864 | affected | Cisco | — | — |
Cisco FirePOWER System Software SSL Logging Denial of Service Vulnerability
CVEs:CVE-2017-6632
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-220205 | affected | Cisco | — | — |
| CVRFPID-220206 | affected | Cisco | — | — |
| CVRFPID-223029 | affected | Cisco | — | — |
| CVRFPID-223031 | affected | Cisco | — | — |
| CVRFPID-223033 | affected | Cisco | — | — |
| CVRFPID-225827 | affected | Cisco | — | — |
| CVRFPID-226358 | affected | Cisco | — | — |
| CVRFPID-226359 | affected | Cisco | — | — |
| CVRFPID-226360 | affected | Cisco | — | — |
| CVRFPID-227125 | affected | Cisco | — | — |
Cisco Industrial Ethernet 1000 Series Switches Device Manager Cross-Site Request Forgery Vulnerability
CVEs:CVE-2017-6634
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-227129 | affected | Cisco | — | — |
Cisco Identity Services Engine GUI Denial of Service Vulnerability
CVEs:CVE-2017-6653
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-111903 | affected | Cisco | — | — |
Cisco Nexus Series Switches CLI Command Injection Vulnerability
CVEs:CVE-2017-6649
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-208640 | affected | Cisco | — | — |
| CVRFPID-208806 | affected | Cisco | — | — |
| CVRFPID-209820 | affected | Cisco | — | — |
| CVRFPID-220733 | affected | Cisco | — | — |
| CVRFPID-220734 | affected | Cisco | — | — |
| CVRFPID-224614 | affected | Cisco | — | — |
| CVRFPID-224615 | affected | Cisco | — | — |
Cisco Nexus Series Switches Telnet CLI Command Injection Vulnerability
CVEs:CVE-2017-6650
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-208640 | affected | Cisco | — | — |
| CVRFPID-208806 | affected | Cisco | — | — |
| CVRFPID-209820 | affected | Cisco | — | — |
| CVRFPID-220733 | affected | Cisco | — | — |
| CVRFPID-220734 | affected | Cisco | — | — |
| CVRFPID-224614 | affected | Cisco | — | — |
| CVRFPID-224615 | affected | Cisco | — | — |
Cisco Prime Collaboration Provisioning Authentication Bypass Vulnerability
CVEs:CVE-2017-6622
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-209583 | affected | Cisco | — | — |
Cisco Prime Collaboration Provisioning Information Disclosure Vulnerability
CVEs:CVE-2017-6621
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-209583 | affected | Cisco | — | — |
Cisco Prime Collaboration Provisioning Directory Traversal Arbitrary File Deletion Vulnerability
CVEs:CVE-2017-6635
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-209583 | affected | Cisco | — | — |
Cisco Prime Collaboration Provisioning Directory Traversal Information Disclosure Vulnerability
CVEs:CVE-2017-6636
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-209583 | affected | Cisco | — | — |
Cisco Prime Collaboration Provisioning Directory Traversal Arbitrary File Deletion Vulnerability
CVEs:CVE-2017-6637
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-209583 | affected | Cisco | — | — |
Cisco Remote Expert Manager Denial of Service Vulnerability
CVEs:CVE-2017-6641
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-227169 | affected | Cisco | — | — |
Cisco Remote Expert Manager Information Disclosure Vulnerability
CVEs:CVE-2017-6642
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-227169 | affected | Cisco | — | — |
Cisco Remote Expert Manager Virtual Directory Information Disclosure Vulnerability
CVEs:CVE-2017-6643
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-227169 | affected | Cisco | — | — |
Cisco Remote Expert Manager Information Disclosure Vulnerability
CVEs:CVE-2017-6644
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-227169 | affected | Cisco | — | — |
Cisco Remote Expert Manager Virtual Temporary Directory Information Disclosure Vulnerability
CVEs:CVE-2017-6645
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-227169 | affected | Cisco | — | — |
Cisco Remote Expert Manager Order Information Disclosure Vulnerability
CVEs:CVE-2017-6646
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-227169 | affected | Cisco | — | — |
Cisco Remote Expert Manager Temporary File Information Disclosure Vulnerability
CVEs:CVE-2017-6647
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-227169 | affected | Cisco | — | — |
Cisco IP Phone 8851 Session Initiation Protocol Denial of Service Vulnerability
CVEs:CVE-2017-6630
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-205455 | affected | Cisco | — | — |
Cisco TelePresence IX5000 Series Directory Traversal Vulnerability
CVEs:CVE-2017-6652
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-210082 | affected | Cisco | — | — |
Cisco Unified Communications Manager Cross-Site Scripting Vulnerability
CVEs:CVE-2017-6654
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-88444 | affected | Cisco | — | — |
Cisco UCS C-Series Rack Servers TCP Port Denial of Service Vulnerability
CVEs:CVE-2017-6633
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-191638 | affected | Cisco | — | — |
Cisco Snort++ Protocol Decoder Denial of Service Vulnerabilities
CVEs:CVE-2017-6657CVE-2017-6658
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-227421 | affected | Cisco | — | — |
Intel Active Management Technology Privilege Escalation Vulnerability
CVEs:CVE-2017-5689
Cisco WebEx Meetings Server Information Disclosure Vulnerability
CVEs:CVE-2017-6651
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-190702 | affected | Cisco | — | — |
Cisco Aironet 1800, 2800, and 3800 Series Access Points Plug-and-Play Arbitrary Code Execution Vulnerability
CVEs:CVE-2017-3873
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-190024 | affected | Cisco | — | — |
| CVRFPID-230258 | affected | Cisco | — | — |
Cisco CallManager Express Unauthorized Access Vulnerability
CVEs:CVE-2017-6624
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-2097 | affected | Cisco | — | — |
Cisco TelePresence ICMP Denial of Service Vulnerability
CVEs:CVE-2017-3825
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-192563 | affected | Cisco | — | — |
| CVRFPID-222445 | affected | Cisco | — | — |
Cisco Unity Connection ImageID Parameter Unauthorized Access Vulnerability
CVEs:CVE-2017-6629
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-73608 | affected | Cisco | — | — |
Cisco CVR100W Wireless-N VPN Router Universal Plug-and-Play Buffer Overflow Vulnerability
CVEs:CVE-2017-3882
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-183630 | affected | Cisco | — | — |
Cisco CVR100W Wireless-N VPN Router Remote Management Security Bypass Vulnerability
CVEs:CVE-2017-6620
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-183630 | affected | Cisco | — | — |
Cisco Finesse for Cisco Unified Contact Center Enterprise Information Disclosure Vulnerability
CVEs:CVE-2017-6626
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-7500 | affected | Cisco | — | — |
Cisco Firepower Threat Defense and Cisco ASA with FirePOWER Module Denial of Service Vulnerability
CVEs:CVE-2017-6625
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-212171 | affected | Cisco | — | — |
| CVRFPID-212172 | affected | Cisco | — | — |
| CVRFPID-216309 | affected | Cisco | — | — |
| CVRFPID-220205 | affected | Cisco | — | — |
| CVRFPID-220206 | affected | Cisco | — | — |
| CVRFPID-223033 | affected | Cisco | — | — |
| CVRFPID-224894 | affected | Cisco | — | — |
| CVRFPID-225378 | affected | Cisco | — | — |
| CVRFPID-225827 | affected | Cisco | — | — |
| CVRFPID-226358 | affected | Cisco | — | — |
| CVRFPID-226359 | affected | Cisco | — | — |
| CVRFPID-226360 | affected | Cisco | — | — |
| CVRFPID-226361 | affected | Cisco | — | — |
| CVRFPID-226362 | affected | Cisco | — | — |
Cisco IOS XR Software Denial of Service Vulnerability
CVEs:CVE-2017-3876
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-5834 | affected | Cisco | — | — |
Cisco Wide Area Application Services SMART-SSL Accelerator Denial of Service Vulnerability
CVEs:CVE-2017-6628
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-7367 | affected | Cisco | — | — |
Every CVE above is indexed in the Vulnetix VDB with KEV, EPSS, and PoC maturity. The interactive page surfaces that on hover.