Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-06 | CVE-2020-3178 | Open Redirect vulnerability in Cisco Content Security Management Appliance Multiple vulnerabilities in the web-based GUI of Cisco AsyncOS Software for Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. | 5.8 |
| 2020-05-06 | CVE-2020-3125 | Improper Authentication vulnerability in Cisco products A vulnerability in the Kerberos authentication feature of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to impersonate the Kerberos key distribution center (KDC) and bypass authentication on an affected device that is configured to perform Kerberos authentication for VPN or local device access. | 9.8 |
| 2020-04-29 | CVE-2019-16011 | Improper Input Validation vulnerability in Cisco IOS XE A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. | 7.8 |
| 2020-04-15 | CVE-2020-3273 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products A vulnerability in the 802.11 Generic Advertisement Service (GAS) frame processing function of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS). | 5.0 |
| 2020-04-15 | CVE-2020-3262 | Improper Input Validation vulnerability in Cisco products A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol handler of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 5.0 |
| 2020-04-15 | CVE-2020-3261 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Mobility Express Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. | 4.3 |
| 2020-04-15 | CVE-2020-3260 | Resource Exhaustion vulnerability in Cisco products A vulnerability in Cisco Aironet Series Access Points Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. | 3.3 |
| 2020-04-15 | CVE-2020-3252 | Path Traversal vulnerability in Cisco UCS Director and UCS Director Express FOR BIG Data Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. | 4.0 |
| 2020-04-15 | CVE-2020-3251 | Path Traversal vulnerability in Cisco UCS Director and UCS Director Express FOR BIG Data Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. | 9.0 |
| 2020-04-15 | CVE-2020-3250 | Improper Privilege Management vulnerability in Cisco UCS Director and UCS Director Express FOR BIG Data Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. | 7.5 |