Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-23 | CVE-2023-20097 | Command Injection vulnerability in Cisco products A vulnerability in Cisco access points (AP) software could allow an authenticated, local attacker to inject arbitrary commands and execute them with root privileges. | 6.7 |
| 2023-03-23 | CVE-2023-20100 | Unspecified vulnerability in Cisco IOS XE 17.10.1 A vulnerability in the access point (AP) joining process of the Control and Provisioning of Wireless Access Points (CAPWAP) protocol of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 6.8 |
| 2023-03-23 | CVE-2023-20112 | Out-of-bounds Read vulnerability in Cisco products A vulnerability in Cisco access point (AP) software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. | 6.5 |
| 2023-03-23 | CVE-2023-20113 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Sd-Wan A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. | 8.1 |
| 2023-03-10 | CVE-2022-20929 | Improper Verification of Cryptographic Signature vulnerability in Cisco Enterprise NFV Infrastructure Software A vulnerability in the upgrade signature verification of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, local attacker to provide an unauthentic upgrade file for upload. This vulnerability is due to insufficient cryptographic signature verification of upgrade files. | 7.8 |
| 2023-03-09 | CVE-2023-20049 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco IOS XR A vulnerability in the bidirectional forwarding detection (BFD) hardware offload feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers could allow an unauthenticated, remote attacker to cause a line card to reset, resulting in a denial of service (DoS) condition. | 7.5 |
| 2023-03-09 | CVE-2023-20064 | Missing Authorization vulnerability in Cisco IOS XR A vulnerability in the GRand Unified Bootloader (GRUB) for Cisco IOS XR Software could allow an unauthenticated attacker with physical access to the device to view sensitive files on the console using the GRUB bootloader command line. | 4.6 |
| 2023-03-03 | CVE-2023-20061 | Exposure of Resource to Wrong Sphere vulnerability in Cisco products Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on an affected system. | 6.5 |
| 2023-03-03 | CVE-2023-20062 | Server-Side Request Forgery (SSRF) vulnerability in Cisco products Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on an affected system. | 4.3 |
| 2023-03-03 | CVE-2023-20069 | Cross-site Scripting vulnerability in Cisco Prime Infrastructure A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. | 5.4 |