Vulnerabilities > Cisco

DATE CVE VULNERABILITY TITLE RISK
2022-06-22 CVE-2022-20651 Information Exposure Through Log Files vulnerability in Cisco Adaptive Security Device Manager
A vulnerability in the logging component of Cisco Adaptive Security Device Manager (ASDM) could allow an authenticated, local attacker to view sensitive information in clear text on an affected system.
local
low complexity
cisco CWE-532
2.1
2022-06-20 CVE-2022-31734 Cross-site Scripting vulnerability in Cisco Ws-C2940-8Tf-S Firmware and Ws-C2940-8Tt-S Firmware
** Unsupported When Assigned ** Cisco Catalyst 2940 Series Switches provided by Cisco Systems, Inc.
network
cisco CWE-79
4.3
2022-06-15 CVE-2022-20664 Information Exposure vulnerability in Cisco Email Security Appliance
A vulnerability in the web management interface of Cisco Secure Email and Web Manager, formerly Cisco Security Management Appliance (SMA), and Cisco Email Security Appliance (ESA) could allow an authenticated, remote attacker to retrieve sensitive information from a Lightweight Directory Access Protocol (LDAP) external authentication server connected to an affected device.
network
cisco CWE-200
3.5
2022-06-15 CVE-2022-20733 Improper Authentication vulnerability in Cisco Identity Services Engine 3.1
A vulnerability in the login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to log in without credentials and access all roles without any restrictions.
network
low complexity
cisco CWE-287
5.0
2022-06-15 CVE-2022-20736 Missing Authorization vulnerability in Cisco Appdynamics Controller
A vulnerability in the web-based management interface of Cisco AppDynamics Controller Software could allow an unauthenticated, remote attacker to access a configuration file and the login page for an administrative console that they would not normally have authorization to access.
network
low complexity
cisco CWE-862
5.0
2022-06-15 CVE-2022-20798 Improper Authentication vulnerability in Cisco products
A vulnerability in the external authentication functionality of Cisco Secure Email and Web Manager, formerly known as Cisco Security Management Appliance (SMA), and Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass authentication and log in to the web management interface of an affected device.
network
cisco CWE-287
6.8
2022-06-15 CVE-2022-20817 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Cisco products
A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user's phone if the Cisco Unified Communications Manager (CUCM) is in secure mode.
network
high complexity
cisco CWE-338
4.0
2022-06-15 CVE-2022-20819 Improper Privilege Management vulnerability in Cisco Identity Services Engine
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device.
network
low complexity
cisco CWE-269
4.0
2022-06-15 CVE-2022-20825 Improper Input Validation vulnerability in Cisco products
A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition.
network
low complexity
cisco CWE-20
critical
10.0
2022-05-27 CVE-2022-20666 Cross-site Scripting vulnerability in Cisco Common Services Platform Collector
Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.
network
cisco CWE-79
4.3