Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-23 | CVE-2024-20412 | Use of Hard-coded Credentials vulnerability in Cisco Firepower Threat Defense A vulnerability in Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000, 2100, 3100, and 4200 Series could allow an unauthenticated, local attacker to access an affected system using static credentials. This vulnerability is due to the presence of static accounts with hard-coded passwords on an affected system. | 8.4 |
| 2024-10-23 | CVE-2024-20415 | Cross-site Scripting vulnerability in Cisco Firepower Management Center A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. | 6.1 |
| 2024-10-23 | CVE-2024-20424 | OS Command Injection vulnerability in Cisco Secure Firewall Management Center A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system as root. This vulnerability is due to insufficient input validation of certain HTTP requests. | 9.9 |
| 2024-10-23 | CVE-2024-20426 | Unspecified vulnerability in Cisco products A vulnerability in the Internet Key Exchange version 2 (IKEv2) protocol for VPN termination of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. | 8.6 |
| 2024-10-23 | CVE-2024-20431 | Unspecified vulnerability in Cisco Firepower Threat Defense A vulnerability in the geolocation access control feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass an access control policy. This vulnerability is due to improper assignment of geolocation data. | 5.8 |
| 2024-10-23 | CVE-2024-20471 | SQL Injection vulnerability in Cisco Secure Firewall Management Center A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface does not validate user input adequately. | 6.5 |
| 2024-10-23 | CVE-2024-20472 | SQL Injection vulnerability in Cisco Secure Firewall Management Center A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface does not validate user input adequately. | 6.5 |
| 2024-10-23 | CVE-2024-20473 | SQL Injection vulnerability in Cisco Secure Firewall Management Center A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface does not validate user input adequately. | 6.5 |
| 2024-10-23 | CVE-2024-20474 | Integer Underflow (Wrap or Wraparound) vulnerability in Cisco Anyconnect Secure Mobility Client and Secure Client A vulnerability in Internet Key Exchange version 2 (IKEv2) processing of Cisco Secure Client Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of Cisco Secure Client. This vulnerability is due to an integer underflow condition. | 6.5 |
| 2024-10-23 | CVE-2024-20481 | Missing Release of Resource after Effective Lifetime vulnerability in Cisco Firepower Threat Defense Software A vulnerability in the Remote Access VPN (RAVPN) service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of the RAVPN service. This vulnerability is due to resource exhaustion. | 5.8 |