Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-17 | CVE-2024-20270 | Cross-site Scripting vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. | 5.4 |
| 2024-01-17 | CVE-2024-20272 | Unspecified vulnerability in Cisco Unity Connection A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system and execute commands on the underlying operating system. | 9.8 |
| 2024-01-17 | CVE-2024-20277 | Unspecified vulnerability in Cisco Thousandeyes Enterprise Agent A vulnerability in the web-based management interface of Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type, could allow an authenticated, remote attacker to perform a command injection and elevate privileges to root. | 8.0 |
| 2024-01-17 | CVE-2024-20287 | Command Injection vulnerability in Cisco Wap371 Firmware A vulnerability in the web-based management interface of the Cisco WAP371 Wireless-AC/N Dual Radio Access Point (AP) with Single Point Setup could allow an authenticated, remote attacker to perform command injection attacks against an affected device. | 7.2 |
| 2024-01-10 | CVE-2023-31488 | Unspecified vulnerability in Cisco products Hyland Perceptive Filters releases before 2023-12-08 (e.g., 11.4.0.2647), as used in Cisco IronPort Email Security Appliance Software, Cisco Secure Email Gateway, and various non-Cisco products, allow attackers to trigger a segmentation fault and execute arbitrary code via a crafted document. | 9.8 |
| 2023-12-12 | CVE-2023-20275 | Unspecified vulnerability in Cisco Adaptive Security Appliance Software A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to send packets with another VPN user's source IP address. | 4.3 |
| 2023-11-22 | CVE-2023-20084 | Unspecified vulnerability in Cisco Secure Endpoint and Secure Endpoint Private Cloud A vulnerability in the endpoint software of Cisco Secure Endpoint for Windows could allow an authenticated, local attacker to evade endpoint protection within a limited time window. | 4.4 |
| 2023-11-22 | CVE-2023-20240 | Out-of-bounds Read vulnerability in Cisco Anyconnect Secure Mobility Client and Secure Client Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. | 5.5 |
| 2023-11-22 | CVE-2023-20241 | Out-of-bounds Read vulnerability in Cisco Anyconnect Secure Mobility Client and Secure Client Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Client Software. | 5.5 |
| 2023-11-21 | CVE-2023-20208 | Cross-site Scripting vulnerability in Cisco Identity Services Engine 3.0.0/3.1/3.2 A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct an XSS attack against a user of the web-based management interface of an affected device. | 4.8 |