Vulnerabilities > Cisco > Encs 5400 Firmware > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-08-16 CVE-2023-20228 Cross-site Scripting vulnerability in Cisco products
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user input.
network
low complexity
cisco CWE-79
6.1
2021-05-06 CVE-2021-1397 Unspecified vulnerability in Cisco products
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.
network
low complexity
cisco
6.1
2019-05-13 CVE-2019-1649 Improper Locking vulnerability in Cisco products
A vulnerability in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component.
local
low complexity
cisco CWE-667
6.7