Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-05-15 | CVE-2024-20369 | Open Redirect vulnerability in Cisco Network Services Orchestrator A vulnerability in the web-based management interface of Cisco Crosswork Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of a parameter in an HTTP request. | 6.1 |
| 2024-05-06 | CVE-2024-3661 | Missing Authentication for Critical Function vulnerability in multiple products DHCP can add routes to a client’s routing table via the classless static route option (121). | 7.6 |
| 2024-04-24 | CVE-2024-20313 | Classic Buffer Overflow vulnerability in Cisco IOS XE A vulnerability in the OSPF version 2 (OSPFv2) feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. | 7.4 |
| 2024-04-24 | CVE-2024-20358 | OS Command Injection vulnerability in Cisco Adaptive Security Appliance Software A vulnerability in the Cisco Adaptive Security Appliance (ASA) restore functionality that is available in Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level privileges. | 6.7 |
| 2024-04-24 | CVE-2024-20353 | Infinite Loop vulnerability in Cisco Adaptive Security Appliance Software A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to incomplete error checking when parsing an HTTP header. | 8.6 |
| 2024-04-24 | CVE-2024-20359 | Code Injection vulnerability in Cisco Adaptive Security Appliance Software A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. | 6.0 |
| 2024-04-03 | CVE-2024-20334 | Cross-site Scripting vulnerability in Cisco Telepresence Management Suite 15.13.5/15.13.6 A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) could allow a low-privileged, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient input validation by the web-based management interface. | 5.4 |
| 2024-04-03 | CVE-2024-20347 | Unspecified vulnerability in Cisco Emergency Responder A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a CSRF attack, which could allow the attacker to perform arbitrary actions on an affected device. | 6.5 |
| 2024-03-06 | CVE-2024-20292 | Cleartext Storage of Sensitive Information vulnerability in Cisco DUO Authentication for Windows Logon and RDP A vulnerability in the logging component of Cisco Duo Authentication for Windows Logon and RDP could allow an authenticated, local attacker to view sensitive information in clear text on an affected system. | 5.5 |
| 2024-03-06 | CVE-2024-20301 | Insufficient Session Expiration vulnerability in Cisco DUO Authentication for Windows Logon and RDP 4.2.2 A vulnerability in Cisco Duo Authentication for Windows Logon and RDP could allow an authenticated, physical attacker to bypass secondary authentication and access an affected Windows device. | 6.2 |