Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-26 | CVE-2020-3165 | Use of Hard-coded Credentials vulnerability in Cisco Nx-Os A vulnerability in the implementation of Border Gateway Protocol (BGP) Message Digest 5 (MD5) authentication in Cisco NX-OS Software could allow an unauthenticated, remote attacker to bypass MD5 authentication and establish a BGP connection with the device. | 4.3 |
| 2020-02-19 | CVE-2020-3163 | Race Condition vulnerability in Cisco Unified Contact Center Enterprise A vulnerability in the Live Data server of Cisco Unified Contact Center Enterprise could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 7.1 |
| 2020-02-19 | CVE-2020-3160 | Improper Input Validation vulnerability in Cisco Meeting Server A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) feature of Cisco Meeting Server software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition for users of XMPP conferencing applications. | 4.3 |
| 2020-02-19 | CVE-2020-3159 | Cross-site Scripting vulnerability in Cisco Finesse A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. | 4.3 |
| 2020-02-19 | CVE-2020-3158 | Use of Hard-coded Credentials vulnerability in Cisco Smart Software Manager On-Prem 7201910 A vulnerability in the High Availability (HA) service of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to access a sensitive part of the system with a high-privileged account. | 8.8 |
| 2020-02-19 | CVE-2020-3156 | Cross-site Scripting vulnerability in Cisco Identity Services Engine 2.6.0/2.7 A vulnerability in the logging component of Cisco Identity Services Engine could allow an unauthenticated remote attacker to conduct cross-site scripting attacks. | 6.1 |
| 2020-02-19 | CVE-2020-3154 | SQL Injection vulnerability in Cisco Cloud web Security 5.2(0) A vulnerability in the web UI of Cisco Cloud Web Security (CWS) could allow an authenticated, remote attacker to execute arbitrary SQL queries. | 4.0 |
| 2020-02-19 | CVE-2020-3153 | Uncontrolled Search Path Element vulnerability in Cisco Anyconnect Secure Mobility Client 4.8.00175/4.8.01090 A vulnerability in the installer component of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated local attacker to copy user-supplied files to system level directories with system level privileges. | 4.9 |
| 2020-02-19 | CVE-2020-3138 | Improper Verification of Cryptographic Signature vulnerability in Cisco Enterprise Network Function Virtualization Infrastructure 3.11.1/3.5.1/3.5.2 A vulnerability in the upgrade component of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to install a malicious file when upgrading. | 7.2 |
| 2020-02-19 | CVE-2020-3132 | Resource Exhaustion vulnerability in Cisco Cloud Email Security and Email Security Appliance A vulnerability in the email message scanning feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a temporary denial of service (DoS) condition on an affected device. | 7.1 |