Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-03 | CVE-2023-20214 | Improper Authentication vulnerability in Cisco Catalyst Sd-Wan Manager and Sd-Wan Vmanage A vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to gain read permissions or limited write permissions to the configuration of an affected Cisco SD-WAN vManage instance. This vulnerability is due to insufficient request validation when using the REST API feature. | 9.1 |
| 2023-08-03 | CVE-2023-20215 | Unspecified vulnerability in Cisco Asyncos A vulnerability in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass a configured rule, allowing traffic onto a network that should have been blocked. This vulnerability is due to improper detection of malicious traffic when the traffic is encoded with a specific content format. | 5.3 |
| 2023-08-03 | CVE-2023-20216 | Incorrect Permission Assignment for Critical Resource vulnerability in Cisco products A vulnerability in the privilege management functionality of all Cisco BroadWorks server types could allow an authenticated, local attacker to elevate privileges to root on an affected system. | 7.8 |
| 2023-08-03 | CVE-2023-20218 | Cross-site Scripting vulnerability in Cisco products A vulnerability in web-based management interface of Cisco SPA500 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to to modify a web page in the context of a user's browser. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. | 6.1 |
| 2023-07-14 | CVE-2023-37464 | Unspecified vulnerability in Cisco Cjose OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption (JOSE). | 7.5 |
| 2023-07-12 | CVE-2023-20185 | Inadequate Encryption Strength vulnerability in Cisco Nx-Os A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, remote attacker to read or modify intersite encrypted traffic. This vulnerability is due to an issue with the implementation of the ciphers that are used by the CloudSec encryption feature on affected switches. | 7.4 |
| 2023-07-12 | CVE-2023-20210 | Unspecified vulnerability in Cisco products A vulnerability in Cisco BroadWorks could allow an authenticated, local attacker to elevate privileges to the root user on an affected device. The vulnerability is due to insufficient input validation by the operating system CLI. | 6.0 |
| 2023-07-07 | CVE-2023-20133 | Cross-site Scripting vulnerability in Cisco Webex Meetings A vulnerability in the web interface of Cisco Webex Meetings could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because of insufficient validation of user-supplied input in Webex Events (classic) programs, email templates, and survey questions. | 5.4 |
| 2023-07-07 | CVE-2023-20180 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Webex Meetings A vulnerability in the web interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web interface on an affected system. | 4.3 |
| 2023-06-28 | CVE-2023-20006 | Incorrect Conversion between Numeric Types vulnerability in Cisco products A vulnerability in the hardware-based SSL/TLS cryptography functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Appliances could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to an implementation error within the cryptographic functions for SSL/TLS traffic processing when they are offloaded to the hardware. | 7.5 |