Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-31 | CVE-2020-3461 | Missing Authentication for Critical Function vulnerability in Cisco Data Center Network Manager A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to obtain confidential information from an affected device. | 5.0 |
| 2020-07-31 | CVE-2020-3460 | Cross-site Scripting vulnerability in Cisco Data Center Network Manager A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 4.3 |
| 2020-07-31 | CVE-2020-3386 | Incorrect Authorization vulnerability in Cisco Data Center Network Manager A vulnerability in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with a low-privileged account to bypass authorization on the API of an affected device. | 9.0 |
| 2020-07-31 | CVE-2020-3384 | Unspecified vulnerability in Cisco Data Center Network Manager A vulnerability in specific REST API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to inject arbitrary commands on the underlying operating system with the privileges of the logged-in user. | 8.2 |
| 2020-07-31 | CVE-2020-3383 | Improper Input Validation vulnerability in Cisco Data Center Network Manager A vulnerability in the archive utility of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. | 8.8 |
| 2020-07-31 | CVE-2020-3382 | Use of Hard-coded Credentials vulnerability in Cisco Data Center Network Manager A vulnerability in the REST API of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. | 10.0 |
| 2020-07-31 | CVE-2020-3377 | OS Command Injection vulnerability in Cisco Data Center Network Manager A vulnerability in the Device Manager application of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to inject arbitrary commands on the affected device. | 8.8 |
| 2020-07-31 | CVE-2020-3376 | Missing Authentication for Critical Function vulnerability in Cisco Data Center Network Manager A vulnerability in the Device Manager application of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions on an affected device. | 9.8 |
| 2020-07-31 | CVE-2020-3375 | Improper Input Validation vulnerability in Cisco IOS XE Sd-Wan and Sd-Wan A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. | 10.0 |
| 2020-07-31 | CVE-2020-3374 | Incorrect Authorization vulnerability in Cisco Sd-Wan A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization, enabling them to access sensitive information, modify the system configuration, or impact the availability of the affected system. | 9.0 |