Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-28 | CVE-2023-20120 | Cross-site Scripting vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Cisco Secure Email Gateway, formerly Cisco Email Security Appliance (ESA); and Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA), could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 6.1 |
| 2023-06-28 | CVE-2023-20136 | Improper Privilege Management vulnerability in Cisco Secure Workload A vulnerability in the OpenAPI of Cisco Secure Workload could allow an authenticated, remote attacker with the privileges of a read-only user to execute operations that should require Administrator privileges. | 6.5 |
| 2023-06-28 | CVE-2023-20178 | Incorrect Default Permissions vulnerability in Cisco Anyconnect Secure Mobility Client and Secure Client A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows could allow a low-privileged, authenticated, local attacker to elevate privileges to those of SYSTEM. | 7.8 |
| 2023-06-28 | CVE-2023-20188 | Cross-site Scripting vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Small Business 200 Series Smart Switches, Cisco Small Business 300 Series Managed Switches, and Cisco Small Business 500 Series Stackable Managed Switches could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input. | 4.8 |
| 2023-06-28 | CVE-2023-20192 | Unspecified vulnerability in Cisco Telepresence Video Communication Server Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated attacker with Administrator-level read-only credentials to elevate their privileges to Administrator with read-write credentials on an affected system. | 7.7 |
| 2023-06-28 | CVE-2023-20199 | Unspecified vulnerability in Cisco DUO 2.0.1 A vulnerability in Cisco Duo Two-Factor Authentication for macOS could allow an authenticated, physical attacker to bypass secondary authentication and access an affected macOS device. low complexity cisco | 6.6 |
| 2023-05-18 | CVE-2023-20003 | Missing Authentication for Critical Function vulnerability in Cisco products A vulnerability in the social login configuration option for the guest users of Cisco Business Wireless Access Points (APs) could allow an unauthenticated, adjacent attacker to bypass social login authentication. | 8.8 |
| 2023-05-18 | CVE-2023-20024 | Classic Buffer Overflow vulnerability in Cisco products Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. | 7.5 |
| 2023-05-18 | CVE-2023-20077 | Path Traversal vulnerability in Cisco Identity Services Engine Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to download arbitrary files from the filesystem of an affected device. | 6.5 |
| 2023-05-18 | CVE-2023-20087 | Path Traversal vulnerability in Cisco Identity Services Engine Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to download arbitrary files from the filesystem of an affected device. | 6.5 |