Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-04 | CVE-2020-26065 | Path Traversal vulnerability in Cisco Catalyst Sd-Wan Manager A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system. The vulnerability is due to insufficient validation of HTTP requests. | 6.5 |
| 2023-08-04 | CVE-2020-26082 | Unspecified vulnerability in Cisco Asyncos A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass content filters that are configured on an affected device. The vulnerability is due to improper handling of password-protected zip files. | 5.3 |
| 2023-08-03 | CVE-2023-20181 | Cross-site Scripting vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to conduct XSS attacks. | 6.1 |
| 2023-08-03 | CVE-2023-20204 | Cross-site Scripting vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. | 5.4 |
| 2023-08-03 | CVE-2023-20214 | Improper Authentication vulnerability in Cisco Catalyst Sd-Wan Manager and Sd-Wan Vmanage A vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to gain read permissions or limited write permissions to the configuration of an affected Cisco SD-WAN vManage instance. This vulnerability is due to insufficient request validation when using the REST API feature. | 9.1 |
| 2023-08-03 | CVE-2023-20215 | Unspecified vulnerability in Cisco Asyncos A vulnerability in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass a configured rule, allowing traffic onto a network that should have been blocked. This vulnerability is due to improper detection of malicious traffic when the traffic is encoded with a specific content format. | 5.3 |
| 2023-08-03 | CVE-2023-20216 | Incorrect Permission Assignment for Critical Resource vulnerability in Cisco products A vulnerability in the privilege management functionality of all Cisco BroadWorks server types could allow an authenticated, local attacker to elevate privileges to root on an affected system. | 7.8 |
| 2023-08-03 | CVE-2023-20218 | Cross-site Scripting vulnerability in Cisco products A vulnerability in web-based management interface of Cisco SPA500 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to to modify a web page in the context of a user's browser. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. | 6.1 |
| 2023-07-14 | CVE-2023-37464 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Cisco Cjose OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption (JOSE). | 7.5 |
| 2023-07-12 | CVE-2023-20185 | Inadequate Encryption Strength vulnerability in Cisco Nx-Os A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, remote attacker to read or modify intersite encrypted traffic. This vulnerability is due to an issue with the implementation of the ciphers that are used by the CloudSec encryption feature on affected switches. | 7.4 |