Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-10 | CVE-2023-31488 | Unspecified vulnerability in Cisco products Hyland Perceptive Filters releases before 2023-12-08 (e.g., 11.4.0.2647), as used in Cisco IronPort Email Security Appliance Software, Cisco Secure Email Gateway, and various non-Cisco products, allow attackers to trigger a segmentation fault and execute arbitrary code via a crafted document. | 9.8 |
| 2023-12-12 | CVE-2023-20275 | Unspecified vulnerability in Cisco Adaptive Security Appliance Software A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to send packets with another VPN user's source IP address. | 4.3 |
| 2023-11-22 | CVE-2023-20084 | Unspecified vulnerability in Cisco Secure Endpoint and Secure Endpoint Private Cloud A vulnerability in the endpoint software of Cisco Secure Endpoint for Windows could allow an authenticated, local attacker to evade endpoint protection within a limited time window. | 4.4 |
| 2023-11-22 | CVE-2023-20240 | Out-of-bounds Read vulnerability in Cisco Anyconnect Secure Mobility Client and Secure Client Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. | 5.5 |
| 2023-11-22 | CVE-2023-20241 | Out-of-bounds Read vulnerability in Cisco Anyconnect Secure Mobility Client and Secure Client Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Client Software. | 5.5 |
| 2023-11-21 | CVE-2023-20208 | Cross-site Scripting vulnerability in Cisco Identity Services Engine 3.0.0/3.1/3.2 A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct an XSS attack against a user of the web-based management interface of an affected device. | 4.8 |
| 2023-11-21 | CVE-2023-20265 | Cross-site Scripting vulnerability in Cisco products A vulnerability in the web-based management interface of a small subset of Cisco IP Phones could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. | 5.4 |
| 2023-11-21 | CVE-2023-20272 | Unspecified vulnerability in Cisco Identity Services Engine 3.0.0/3.1 A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to upload malicious files to the web root of the application. | 8.8 |
| 2023-11-21 | CVE-2023-20274 | Unspecified vulnerability in Cisco Appdynamics A vulnerability in the installer script of Cisco AppDynamics PHP Agent could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient permissions that are set by the PHP Agent Installer on the PHP Agent install directory. | 7.8 |
| 2023-11-01 | CVE-2023-20031 | Unspecified vulnerability in Cisco Firepower Threat Defense A vulnerability in the SSL/TLS certificate handling of Snort 3 Detection Engine integration with Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the Snort 3 detection engine to restart. | 5.4 |