Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-18 | CVE-2020-3531 | Missing Authentication for Critical Function vulnerability in Cisco IOT Field Network Director A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to access the back-end database of an affected system. | 10.0 |
| 2020-11-18 | CVE-2020-3482 | Improper Privilege Management vulnerability in Cisco products A vulnerability in the Traversal Using Relays around NAT (TURN) server component of Cisco Expressway software could allow an unauthenticated, remote attacker to bypass security controls and send network traffic to restricted destinations. | 6.4 |
| 2020-11-18 | CVE-2020-3471 | Improper Synchronization vulnerability in Cisco Webex Meetings Server A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to maintain bidirectional audio despite being expelled from an active Webex session. | 6.5 |
| 2020-11-18 | CVE-2020-3470 | Improper Input Validation vulnerability in Cisco products Multiple vulnerabilities in the API subsystem of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to execute arbitrary code with root privileges. | 9.8 |
| 2020-11-18 | CVE-2020-3441 | Unspecified vulnerability in Cisco Webex Meetings Server A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to view sensitive information from the meeting room lobby. | 5.3 |
| 2020-11-18 | CVE-2020-3419 | Improper Control of Dynamically-Managed Code Resources vulnerability in Cisco Webex Meetings Server A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to join a Webex session without appearing on the participant list. | 9.1 |
| 2020-11-18 | CVE-2020-3392 | Missing Authentication for Critical Function vulnerability in Cisco IOT Field Network Director A vulnerability in the API of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to view sensitive information on an affected system. | 5.0 |
| 2020-11-18 | CVE-2020-3367 | OS Command Injection vulnerability in Cisco Asyncos A vulnerability in the log subscription subsystem of Cisco AsyncOS for the Cisco Secure Web Appliance (formerly Web Security Appliance) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. | 7.2 |
| 2020-11-18 | CVE-2020-27126 | Cross-site Scripting vulnerability in Cisco Webex Meetings 40.10.2 A vulnerability in an API of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. | 6.1 |
| 2020-11-18 | CVE-2020-26081 | Injection vulnerability in Cisco IOT Field Network Director Multiple vulnerabilities in the web UI of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against users on an affected system. | 4.3 |