Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-23 | CVE-2023-20115 | Unspecified vulnerability in Cisco Nx-Os A vulnerability in the SFTP server implementation for Cisco Nexus 3000 Series Switches and 9000 Series Switches in standalone NX-OS mode could allow an authenticated, remote attacker to download or overwrite files from the underlying operating system of an affected device. | 5.4 |
| 2023-08-23 | CVE-2023-20168 | Improper Input Validation vulnerability in Cisco Nx-Os 10.2(5)/9.3(11) A vulnerability in TACACS+ and RADIUS remote authentication for Cisco NX-OS Software could allow an unauthenticated, local attacker to cause an affected device to unexpectedly reload. | 6.5 |
| 2023-08-23 | CVE-2023-20169 | Improper Input Validation vulnerability in Cisco Nx-Os 10.3(2) A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco NX-OS Software for the Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the IS-IS process to unexpectedly restart, which could cause an affected device to reload. This vulnerability is due to insufficient input validation when parsing an ingress IS-IS packet. | 7.4 |
| 2023-08-23 | CVE-2023-20200 | Incorrect Permission Assignment for Critical Resource vulnerability in Cisco products A vulnerability in the Simple Network Management Protocol (SNMP) service of Cisco FXOS Software for Firepower 4100 Series and Firepower 9300 Security Appliances and of Cisco UCS 6300 Series Fabric Interconnects could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to the improper handling of specific SNMP requests. | 6.3 |
| 2023-08-23 | CVE-2023-20230 | Incorrect Permission Assignment for Critical Resource vulnerability in Cisco Application Policy Infrastructure Controller 5.2(1G) A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to read, modify, or delete non-tenant policies (for example, access policies) created by users associated with a different security domain on an affected system. This vulnerability is due to improper access control when restricted security domains are used to implement multi-tenancy for policies outside the tenant boundaries. | 5.4 |
| 2023-08-23 | CVE-2023-20234 | Incorrect Permission Assignment for Critical Resource vulnerability in Cisco Firepower Extensible Operating System A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to create a file or overwrite any file on the filesystem of an affected device, including system files. The vulnerability occurs because there is no validation of parameters when a specific CLI command is used. | 6.0 |
| 2023-08-18 | CVE-2023-20212 | Unspecified vulnerability in Cisco Secure Endpoint and Secure Endpoint Private Cloud A vulnerability in the AutoIt module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 7.5 |
| 2023-08-16 | CVE-2023-20013 | Command Injection vulnerability in Cisco Intersight Private Virtual Appliance 1.0.9 Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using root-level privileges. | 9.1 |
| 2023-08-16 | CVE-2023-20017 | Command Injection vulnerability in Cisco Intersight Private Virtual Appliance 1.0.9 Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using root-level privileges. | 9.1 |
| 2023-08-16 | CVE-2023-20111 | Unspecified vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access sensitive information. This vulnerability is due to the improper storage of sensitive information within the web-based management interface. | 6.5 |