Vulnerabilities > Cisco > Industrial Network Director
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-20 | CVE-2023-20037 | Cross-site Scripting vulnerability in Cisco Industrial Network Director A vulnerability in Cisco Industrial Network Director could allow an authenticated, remote attacker to conduct stored cross-site scripting (XSS) attacks. The vulnerability is due to improper validation of content submitted to the affected application. | 5.4 |
| 2023-01-20 | CVE-2023-20038 | Use of Hard-coded Credentials vulnerability in Cisco Industrial Network Director A vulnerability in the monitoring application of Cisco Industrial Network Director could allow an authenticated, local attacker to access a static secret key used to store both local data and credentials for accessing remote systems. This vulnerability is due to a static key value stored in the application used to encrypt application data and remote credentials. | 8.8 |
| 2020-10-08 | CVE-2020-3567 | Improper Input Validation vulnerability in Cisco Industrial Network Director and Network Level Service A vulnerability in the management REST API of Cisco Industrial Network Director (IND) could allow an authenticated, remote attacker to cause the CPU utilization to increase to 100 percent, resulting in a denial of service (DoS) condition on an affected device. | 6.5 |
| 2019-11-26 | CVE-2019-15973 | Cross-site Scripting vulnerability in Cisco Industrial Network Director and Network Level Service A vulnerability in the web-based management interface of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected application. | 4.3 |
| 2019-09-05 | CVE-2019-1976 | Unspecified vulnerability in Cisco Industrial Network Director and Network Level Service A vulnerability in the “plug-and-play” services component of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to access sensitive information on an affected device. | 5.0 |
| 2019-07-17 | CVE-2019-1940 | Improper Certificate Validation vulnerability in Cisco Industrial Network Director A vulnerability in the Web Services Management Agent (WSMA) feature of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data using an invalid X.509 certificate. | 4.3 |
| 2019-06-05 | CVE-2019-1882 | Cross-site Scripting vulnerability in Cisco Industrial Network Director 1.5(0.250) A vulnerability in Cisco Industrial Network Director could allow an authenticated, remote attacker to conduct stored cross-site scripting (XSS) attacks. | 3.5 |
| 2019-06-05 | CVE-2019-1881 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Industrial Network Director 1.5(0.250) A vulnerability in the web-based management interface of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. | 6.8 |
| 2019-06-05 | CVE-2019-1861 | Unrestricted Upload of File with Dangerous Type vulnerability in Cisco Industrial Network Director 1.1(0.176)/1.5(0.250) A vulnerability in the software update feature of Cisco Industrial Network Director could allow an authenticated, remote attacker to execute arbitrary code. | 9.0 |
| 2018-10-05 | CVE-2018-15392 | Unspecified vulnerability in Cisco Industrial Network Director A vulnerability in the DHCP service of Cisco Industrial Network Director could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. low complexity cisco | 3.3 |