Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-14 | CVE-2020-3483 | Insufficiently Protected Credentials vulnerability in Cisco DUO Network Gateway 1.3.3/1.5.7 Duo has identified and fixed an issue with the Duo Network Gateway (DNG) product in which some customer-provided SSL certificates and private keys were not excluded from logging. | 6.3 |
| 2020-10-14 | CVE-2020-3427 | Unspecified vulnerability in Cisco DUO Authentication for Windows Logon and RDP The Windows Logon installer prior to 4.1.2 did not properly validate file installation paths. | 7.8 |
| 2020-10-08 | CVE-2020-3597 | Path Traversal vulnerability in Cisco Nexus Data Broker 3.9(0) A vulnerability in the configuration restore feature of Cisco Nexus Data Broker software could allow an unauthenticated, remote attacker to perform a directory traversal attack on an affected device. | 5.4 |
| 2020-10-08 | CVE-2020-3602 | OS Command Injection vulnerability in Cisco Staros A vulnerability in the CLI of Cisco StarOS operating system for Cisco ASR 5000 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. | 6.7 |
| 2020-10-08 | CVE-2020-3601 | OS Command Injection vulnerability in Cisco Staros A vulnerability in the CLI of Cisco StarOS operating system for Cisco ASR 5000 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. | 6.7 |
| 2020-10-08 | CVE-2020-3598 | Missing Authentication for Critical Function vulnerability in Cisco Vision Dynamic Signage Director A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to access confidential information or make configuration changes. | 6.5 |
| 2020-10-08 | CVE-2020-3596 | Always-Incorrect Control Flow Implementation vulnerability in Cisco products A vulnerability in the Session Initiation Protocol (SIP) of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 7.5 |
| 2020-10-08 | CVE-2020-3589 | Cross-site Scripting vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface. | 4.8 |
| 2020-10-08 | CVE-2020-3568 | Improper Input Validation vulnerability in Cisco Asyncos A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. | 5.8 |
| 2020-10-08 | CVE-2020-3567 | Improper Input Validation vulnerability in Cisco Industrial Network Director and Network Level Service A vulnerability in the management REST API of Cisco Industrial Network Director (IND) could allow an authenticated, remote attacker to cause the CPU utilization to increase to 100 percent, resulting in a denial of service (DoS) condition on an affected device. | 6.5 |