Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-18 | CVE-2020-3268 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands. | 9.0 |
| 2020-06-18 | CVE-2020-3263 | Improper Input Validation vulnerability in Cisco Webex Meetings 33.6.6/39.5.11 A vulnerability in Cisco Webex Meetings Desktop App could allow an unauthenticated, remote attacker to execute programs on an affected end-user system. | 7.6 |
| 2020-06-18 | CVE-2020-3245 | Missing Authorization vulnerability in Cisco Smart Software Manager On-Prem 7201910/7202001 A vulnerability in the web application of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to create arbitrary user accounts. | 5.0 |
| 2020-06-18 | CVE-2020-3244 | Improper Input Validation vulnerability in Cisco Staros A vulnerability in the Enhanced Charging Service (ECS) functionality of Cisco ASR 5000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass the traffic classification rules on an affected device. | 5.0 |
| 2020-06-18 | CVE-2020-3242 | Information Exposure vulnerability in Cisco UCS Director A vulnerability in the REST API of Cisco UCS Director could allow an authenticated, remote attacker with administrative privileges to obtain confidential information from an affected device. | 4.0 |
| 2020-06-18 | CVE-2020-3241 | Path Traversal vulnerability in Cisco UCS Director A vulnerability in the orchestration tasks of Cisco UCS Director could allow an authenticated, remote attacker to perform a path traversal attack on an affected device. | 8.5 |
| 2020-06-18 | CVE-2020-3236 | Path Traversal vulnerability in Cisco Enterprise Network Function Virtualization Infrastructure A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to gain root shell access to the underlying operating system and overwrite or read arbitrary files. | 7.2 |
| 2020-06-08 | CVE-2020-12695 | Incorrect Default Permissions vulnerability in multiple products The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. | 7.5 |
| 2020-06-03 | CVE-2020-3353 | Race Condition vulnerability in Cisco Identity Services Engine 2.2.0.470/2.3.0.298/2.4.0.357 A vulnerability in the syslog processing engine of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 5.9 |
| 2020-06-03 | CVE-2020-3339 | SQL Injection vulnerability in Cisco Prime Infrastructure A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. | 6.4 |