Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-18 | CVE-2023-20184 | Files or Directories Accessible to External Parties vulnerability in Cisco DNA Center Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. | 4.3 |
| 2023-05-18 | CVE-2023-20189 | Classic Buffer Overflow vulnerability in Cisco products Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. | 9.8 |
| 2023-05-09 | CVE-2023-20046 | Insufficiently Protected Credentials vulnerability in Cisco Staros A vulnerability in the key-based SSH authentication feature of Cisco StarOS Software could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied credentials. | 8.8 |
| 2023-05-09 | CVE-2023-20098 | Path Traversal vulnerability in Cisco Sd-Wan Vmanage A vulnerability in the CLI of Cisco SDWAN vManage Software could allow an authenticated, local attacker to delete arbitrary files. This vulnerability is due to improper filtering of directory traversal character sequences within system commands. | 6.0 |
| 2023-05-04 | CVE-2023-20126 | Missing Authentication for Critical Function vulnerability in Cisco Spa112 Firmware 1.4.1 A vulnerability in the web-based management interface of Cisco SPA112 2-Port Phone Adapters could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. | 9.8 |
| 2023-04-13 | CVE-2023-20118 | Improper Input Validation vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Small Business Routers RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to improper validation of user input within incoming HTTP packets. | 7.2 |
| 2023-04-05 | CVE-2023-20096 | Cross-site Scripting vulnerability in Cisco Unified Contact Center Express A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack. | 5.4 |
| 2023-04-05 | CVE-2023-20102 | Deserialization of Untrusted Data vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Secure Network Analytics could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system. | 8.8 |
| 2023-04-05 | CVE-2023-20103 | Improper Input Validation vulnerability in Cisco Secure Network Analytics 2.1.1/7.4.1 A vulnerability in Cisco Secure Network Analytics could allow an authenticated, remote attacker to execute arbitrary code as a root user on an affected device. | 7.2 |
| 2023-04-05 | CVE-2023-20117 | OS Command Injection vulnerability in Cisco Rv320 Firmware and Rv325 Firmware Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. | 7.2 |