Multiple vulnerabilities have been discovered in Cisco products including Apache Struts running on various Cisco products, Cisco SD-WAN Solution, Cisco Integrated Management Controller, Cisco Umbrella API, Cisco RV110W, RV130W, and RV215W Routers, Cisco Webex Meetings Suite (WBS31), Cisco Webex Meetings Suite (WBS32), Cisco Webex Meetings Suite (WBS33), Cisco Webex Meetings, Cisco Webex Meetings Server, Cisco Meeting Server, Cisco Umbrella ERC, Cisco Prime Access Registrar, Cisco Prime Access Registrar Jumpstart, Cisco Prime Collaboration Assurance, Cisco Packaged Contact Center Enterprise, Cisco Data Center Network Manager, Cisco Tetration Analytics, Cisco Network Services Orchestrator, Cisco Enterprise NFV Infrastructure, Cisco Email Security Appliance, Cisco Cloud Services Platform 2100, Cisco Secure Access Control Server.

Details of the most severe of these vulnerabilities are as follows: 

• A vulnerability in which the HTTP web server for Cisco Prime Infrastructure (PI) has unrestricted directory permissions could allow an unauthenticated remote attacker to upload an arbitrary file. This file could allow the attacker to execute commands at the privilege level of the user prime. This user does not have administrative or root privileges. (CVE-2018-15379)

• A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated remote attacker to bypass authentication and have direct unauthorized access to critical management functions. (CVE-2018-15386)

• A vulnerability in the identity management service of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated remote attacker to bypass authentication and take complete control of identity management functions. (CVE-2018-0448)

• A vulnerability in the install function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated remote attacker to access the administrative web interface using a default hard-coded username and password that are used during install. (CVE-2018-15389)

• Multiple vulnerabilities in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. (CVE-2018-15408, CVE-2018-15409, CVE-2018-15410, CVE-2018-15411, CVE-2018-15412, CVE-2018-15413, CVE-2018-15415, CVE-2018-15416, CVE-2018-15417, CVE-2018-15418, CVE-2018-15419, CVE-2018-15420, CVE-2018-15431 , CVE-2018-15408 , CVE-2018-15409 , CVE-2018-15410 , CVE-2018-15411 , CVE-2018-15412 , CVE-2018-15413 , CVE-2018-15415 , CVE-2018-15416 , CVE-2018-15417 , CVE-2018-15418 , CVE-2018-15419 , CVE-2018-15420 , CVE-2018-15431) 

A full list of all vulnerabilities can be found at the link in the references section below. 

Successful exploitation of the most severe of these vulnerabilities could result in remote code execution in the context of the affected application. Depending on the privileges associated with the application, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.