Vulnerabilities > Cisco

DATE CVE VULNERABILITY TITLE RISK
2024-02-29 CVE-2024-20267 Classic Buffer Overflow vulnerability in Cisco Nx-Os
A vulnerability with the handling of MPLS traffic for Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the netstack process to unexpectedly restart, which could cause the device to stop processing network traffic or to reload.
network
low complexity
cisco CWE-120
8.6
2024-02-29 CVE-2024-20321 Allocation of Resources Without Limits or Throttling vulnerability in Cisco Nx-Os
A vulnerability in the External Border Gateway Protocol (eBGP) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because eBGP traffic is mapped to a shared hardware rate-limiter queue.
network
low complexity
cisco CWE-770
8.6
2024-02-07 CVE-2024-20252 Cross-Site Request Forgery (CSRF) vulnerability in Cisco Expressway 14.0/14.0.7
Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device.
network
low complexity
cisco CWE-352
8.8
2024-02-07 CVE-2024-20254 Cross-Site Request Forgery (CSRF) vulnerability in Cisco Expressway 14.0/14.0.7
Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device.
network
low complexity
cisco CWE-352
8.8
2024-02-07 CVE-2024-20255 Cross-Site Request Forgery (CSRF) vulnerability in Cisco Expressway 14.0/14.0.7
A vulnerability in the SOAP API of Cisco Expressway Series and Cisco TelePresence Video Communication Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected system.
network
low complexity
cisco CWE-352
7.1
2024-02-07 CVE-2024-20290 Out-of-bounds Read vulnerability in multiple products
A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer over-read.
network
low complexity
cisco fedoraproject CWE-125
7.5
2024-01-26 CVE-2024-20253 Unspecified vulnerability in Cisco products
A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device.
network
low complexity
cisco
critical
10.0
2024-01-26 CVE-2024-20263 Unspecified vulnerability in Cisco products
A vulnerability with the access control list (ACL) management within a stacked switch configuration of Cisco Business 250 Series Smart Switches and Business 350 Series Managed Switches could allow an unauthenticated, remote attacker to bypass protection offered by a configured ACL on an affected device.
network
low complexity
cisco
7.2
2024-01-26 CVE-2024-20305 Cross-site Scripting vulnerability in Cisco Unity Connection
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.
network
low complexity
cisco CWE-79
4.8
2024-01-17 CVE-2023-20257 Cross-site Scripting vulnerability in Cisco Prime Infrastructure
A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct cross-site scripting attacks.
network
low complexity
cisco CWE-79
4.8