Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-05 | CVE-2024-20405 | Cross-site Scripting vulnerability in Cisco Finesse A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a stored XSS attack by exploiting an RFI vulnerability. | 6.1 |
| 2024-05-22 | CVE-2024-20360 | SQL Injection vulnerability in Cisco Firepower Management Center A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. | 8.8 |
| 2024-04-24 | CVE-2024-20313 | Classic Buffer Overflow vulnerability in Cisco IOS XE A vulnerability in the OSPF version 2 (OSPFv2) feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. | 7.4 |
| 2024-04-24 | CVE-2024-20358 | OS Command Injection vulnerability in Cisco Adaptive Security Appliance Software A vulnerability in the Cisco Adaptive Security Appliance (ASA) restore functionality that is available in Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level privileges. | 6.7 |
| 2024-04-24 | CVE-2024-20353 | Infinite Loop vulnerability in Cisco Adaptive Security Appliance Software A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to incomplete error checking when parsing an HTTP header. | 8.6 |
| 2024-04-24 | CVE-2024-20359 | Code Injection vulnerability in Cisco Adaptive Security Appliance Software A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. | 6.0 |
| 2024-02-29 | CVE-2024-20267 | Classic Buffer Overflow vulnerability in Cisco Nx-Os A vulnerability with the handling of MPLS traffic for Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the netstack process to unexpectedly restart, which could cause the device to stop processing network traffic or to reload. | 8.6 |
| 2024-02-29 | CVE-2024-20321 | Allocation of Resources Without Limits or Throttling vulnerability in Cisco Nx-Os A vulnerability in the External Border Gateway Protocol (eBGP) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because eBGP traffic is mapped to a shared hardware rate-limiter queue. | 8.6 |
| 2024-02-07 | CVE-2024-20252 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Expressway 14.0/14.0.7 Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device. | 8.8 |
| 2024-02-07 | CVE-2024-20254 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Expressway 14.0/14.0.7 Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device. | 8.8 |