Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-26 | CVE-2020-3484 | Incorrect Default Permissions vulnerability in Cisco Vision Dynamic Signage Director 6.2(0) A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to view potentially sensitive information on an affected device. | 5.3 |
| 2020-08-26 | CVE-2020-3466 | Cross-site Scripting vulnerability in Cisco DNA Center Multiple vulnerabilities in the web-based management interface of Cisco DNA Center software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. | 4.3 |
| 2020-08-26 | CVE-2020-3446 | Use of Hard-coded Credentials vulnerability in Cisco products A vulnerability in Cisco Virtual Wide Area Application Services (vWAAS) with Cisco Enterprise NFV Infrastructure Software (NFVIS)-bundled images for Cisco ENCS 5400-W Series and CSP 5000-W Series appliances could allow an unauthenticated, remote attacker to log into the NFVIS CLI of an affected device by using accounts that have a default, static password. | 7.5 |
| 2020-08-26 | CVE-2020-3443 | Missing Authorization vulnerability in Cisco Smart Software Manager On-Prem 8202004 A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to elevate privileges and execute commands with higher privileges. | 8.8 |
| 2020-08-26 | CVE-2020-3440 | Path Traversal vulnerability in Cisco Webex Meetings A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an unauthenticated, remote attacker to overwrite arbitrary files on an end-user system. | 4.3 |
| 2020-08-26 | CVE-2020-3439 | Cross-site Scripting vulnerability in Cisco Data Center Network Manager A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 3.5 |
| 2020-08-26 | CVE-2020-3389 | Missing Encryption of Sensitive Data vulnerability in Cisco Hyperflex Hx-Series Software 4.0(2A) A vulnerability in the installation component of Cisco Hyperflex HX-Series Software could allow an authenticated, local attacker to retrieve the password that was configured at installation on an affected device. | 2.1 |
| 2020-08-26 | CVE-2020-3152 | Incorrect Default Permissions vulnerability in Cisco Connected Mobile Experiences 10.6.0/10.6.1/10.6.2 A vulnerability in Cisco Connected Mobile Experiences (CMX) could allow an authenticated, local attacker with administrative credentials to execute arbitrary commands with root privileges. | 7.2 |
| 2020-08-26 | CVE-2020-3151 | Improper Authentication vulnerability in Cisco Connected Mobile Experiences 10.6.0/10.6.1/10.6.2 A vulnerability in the CLI of Cisco Connected Mobile Experiences (CMX) could allow an authenticated, local attacker with administrative credentials to bypass restrictions on the CLI. | 3.6 |
| 2020-08-17 | CVE-2020-3502 | Improper Input Validation vulnerability in Cisco Webex Meetings and Webex Meetings Server Multiple vulnerabilities in the user interface of Cisco Webex Meetings Desktop App could allow an authenticated, remote attacker to obtain restricted information from other Webex users. | 4.1 |