cisco-sa-20180521-cpusidechannel
Cisco PSIRT2018-05-22
CPU Side-Channel Information Disclosure Vulnerabilities: May 2018
Every advisory below is enriched with the Vulnetix VDB exploit-intelligence chip (hover a CVE ID in the interactive page to see CVSS, EPSS, KEV status, and PoC maturity).
CPU Side-Channel Information Disclosure Vulnerabilities: May 2018
Cisco Unified Communications Manager and Cisco Unified Presence Cross-Site Scripting Vulnerability
CVEs:CVE-2018-0328
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-7333 | affected | Cisco | — | — |
| CVRFPID-88444 | affected | Cisco | — | — |
Cisco Digital Network Architecture Center Unauthorized Access Vulnerability
CVEs:CVE-2018-0268
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-233151 | affected | Cisco | — | — |
Cisco Digital Network Architecture Center Authentication Bypass Vulnerability
CVEs:CVE-2018-0271
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-233151 | affected | Cisco | — | — |
Cisco Digital Network Architecture Center Static Credentials Vulnerability
CVEs:CVE-2018-0222
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-233151 | affected | Cisco | — | — |
Cisco Firepower Threat Defense Software Policy Bypass Vulnerability
CVEs:CVE-2018-0297
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-220203 | affected | Cisco | — | — |
Cisco IoT Field Network Director Cross-Site Request Forgery Vulnerability
CVEs:CVE-2018-0270
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-227605 | affected | Cisco | — | — |
| CVRFPID-237479 | affected | Cisco | — | — |
| CVRFPID-237480 | affected | Cisco | — | — |
Cisco Identity Services Engine Cross-Site Scripting Vulnerability
CVEs:CVE-2018-0327
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-111903 | affected | Cisco | — | — |
Cisco IP Phone 7800 Series and 8800 Series and Cisco Wireless IP Phone 8821 Denial of Service Vulnerability
CVEs:CVE-2018-0325
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-205455 | affected | Cisco | — | — |
| CVRFPID-211541 | affected | Cisco | — | — |
Cisco Identity Services Engine Logs Cross-Site Scripting Vulnerability
CVEs:CVE-2018-0289
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-111903 | affected | Cisco | — | — |
Cisco Identity Services Engine EAP TLS Certificate Denial of Service Vulnerability
CVEs:CVE-2018-0277
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-111903 | affected | Cisco | — | — |
Cisco Meeting Server Media Services Denial of Service Vulnerability
CVEs:CVE-2018-0280
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-217166 | affected | Cisco | — | — |
Cisco Enterprise NFV Infrastructure Software Linux Shell Access Vulnerability
CVEs:CVE-2018-0279
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-235874 | affected | Cisco | — | — |
Cisco Enterprise NFV Infrastructure Software CLI Command Injection Vulnerability
CVEs:CVE-2018-0324
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-235874 | affected | Cisco | — | — |
Cisco Enterprise NFV Infrastructure Software Web Management Interface Path Traversal Vulnerability
CVEs:CVE-2018-0323
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-235874 | affected | Cisco | — | — |
Cisco SocialMiner Notification System Denial of Service Vulnerability
CVEs:CVE-2018-0290
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-194456 | affected | Cisco | — | — |
Cisco TelePresence IX5000 Series and TelePresence TX9000 Series Cross-Frame Scripting Vulnerability
CVEs:CVE-2018-0326
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-190445 | affected | Cisco | — | — |
| CVRFPID-210082 | affected | Cisco | — | — |
Cisco Secure Access Control System Remote Code Execution Vulnerability
CVEs:CVE-2018-0253
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-2074 | affected | Cisco | — | — |
Cisco Wireless LAN Controller and Aironet Access Points IOS WebAuth Client Authentication Bypass Vulnerability
CVEs:CVE-2018-0247
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-190024 | affected | Cisco | — | — |
| CVRFPID-7368 | affected | Cisco | — | — |
Cisco Aironet 1800 Series Access Point 802.11 Denial of Service Vulnerability
CVEs:CVE-2018-0249
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-190024 | affected | Cisco | — | — |
Cisco Aironet 1800, 2800, and 3800 Series Access Points Secure Shell Privilege Escalation Vulnerability
CVEs:CVE-2018-0226
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-230258 | affected | Cisco | — | — |
Cisco Aironet Access Points Central Web Authentication FlexConnect Client ACL Bypass Vulnerability
CVEs:CVE-2018-0250
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-190024 | affected | Cisco | — | — |
Cisco Aironet 1810, 1830, and 1850 Series Access Points Point-to-Point Tunneling Protocol Denial of Service Vulnerability
CVEs:CVE-2018-0234
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-230258 | affected | Cisco | — | — |
Cisco Meeting Server Remote Code Execution Vulnerability
CVEs:CVE-2018-0262
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-217166 | affected | Cisco | — | — |
Cisco Firepower System Software Transport Layer Security Denial of Service Vulnerability
CVEs:CVE-2018-0283
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-205007 | affected | Cisco | — | — |
Cisco Firepower System Software Cross-Origin Domain Protection Vulnerability
CVEs:CVE-2018-0278
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-212162 | affected | Cisco | — | — |
Cisco Firepower System Software Transport Layer Security Extensions Denial of Service Vulnerability
CVEs:CVE-2018-0281
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-205007 | affected | Cisco | — | — |
Cisco IOS XR Software netconf Denial of Service Vulnerability
CVEs:CVE-2018-0286
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-5834 | affected | Cisco | — | — |
Cisco Prime File Upload Servlet Path Traversal and Remote Code Execution Vulnerability
CVEs:CVE-2018-0258
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-185359 | affected | Cisco | — | — |
| CVRFPID-190324 | affected | Cisco | — | — |
Cisco Prime Service Catalog User Interface Denial of Service Vulnerability
CVEs:CVE-2018-0285
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-202401 | affected | Cisco | — | — |
Cisco WebEx Advanced Recording Format Remote Code Execution Vulnerability
CVEs:CVE-2018-0264
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-100455 | affected | Cisco | — | — |
| CVRFPID-190702 | affected | Cisco | — | — |
| CVRFPID-228295 | affected | Cisco | — | — |
Cisco WebEx Recording Format Player Information Disclosure Vulnerability
CVEs:CVE-2018-0288
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-228295 | affected | Cisco | — | — |
| CVRFPID-96064 | affected | Cisco | — | — |
Cisco WebEx Advanced Recording Format Player Remote Code Execution Vulnerability
CVEs:CVE-2018-0287
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-100455 | affected | Cisco | — | — |
| CVRFPID-190702 | affected | Cisco | — | — |
| CVRFPID-228295 | affected | Cisco | — | — |
Cisco 5500 and 8500 Series Wireless LAN Controller Information Disclosure Vulnerability
CVEs:CVE-2018-0245
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-7368 | affected | Cisco | — | — |
Cisco Wireless LAN Controller IP Fragment Reassembly Denial of Service Vulnerability
CVEs:CVE-2018-0252
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-230842 | affected | Cisco | — | — |
| CVRFPID-230843 | affected | Cisco | — | — |
| CVRFPID-234402 | affected | Cisco | — | — |
Cisco Wireless LAN Controller 802.11 Management Frame Denial of Service Vulnerability
CVEs:CVE-2018-0235
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-230258 | affected | Cisco | — | — |
Every CVE above is indexed in the Vulnetix VDB with KEV, EPSS, and PoC maturity. The interactive page surfaces that on hover.