Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-20 | CVE-2023-20020 | Improper Input Validation vulnerability in Cisco products A vulnerability in the Device Management Servlet application of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper input validation when parsing HTTP requests. | 8.6 |
| 2023-01-20 | CVE-2023-20025 | Improper Input Validation vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Small Business RV042 Series Routers could allow an unauthenticated, remote attacker to bypass authentication on the affected device. This vulnerability is due to incorrect user input validation of incoming HTTP packets. | 9.8 |
| 2023-01-20 | CVE-2023-20026 | Improper Input Validation vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Small Business Routers RV042 Series could allow an authenticated, remote attacker to inject arbitrary commands on an affected device. This vulnerability is due to improper validation of user input fields within incoming HTTP packets. | 7.2 |
| 2023-01-20 | CVE-2023-20037 | Cross-site Scripting vulnerability in Cisco Industrial Network Director A vulnerability in Cisco Industrial Network Director could allow an authenticated, remote attacker to conduct stored cross-site scripting (XSS) attacks. The vulnerability is due to improper validation of content submitted to the affected application. | 5.4 |
| 2023-01-20 | CVE-2023-20038 | Use of Hard-coded Credentials vulnerability in Cisco Industrial Network Director A vulnerability in the monitoring application of Cisco Industrial Network Director could allow an authenticated, local attacker to access a static secret key used to store both local data and credentials for accessing remote systems. This vulnerability is due to a static key value stored in the application used to encrypt application data and remote credentials. | 8.8 |
| 2023-01-20 | CVE-2023-20040 | Unrestricted Upload of File with Dangerous Type vulnerability in Cisco Network Services Orchestrator A vulnerability in the NETCONF service of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to cause a denial of service (DoS) on an affected system that is running as the root user. | 5.5 |
| 2023-01-20 | CVE-2023-20043 | Incorrect Default Permissions vulnerability in Cisco CX Cloud Agent A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges. This vulnerability is due to insecure file permissions. | 6.7 |
| 2023-01-20 | CVE-2023-20044 | Unspecified vulnerability in Cisco CX Cloud Agent A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges. This vulnerability is due to insecure file permissions. | 7.3 |
| 2023-01-20 | CVE-2023-20045 | Improper Input Validation vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Small Business RV160 and RV260 Series VPN Routers could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user input. | 7.2 |
| 2023-01-20 | CVE-2023-20047 | Allocation of Resources Without Limits or Throttling vulnerability in Cisco products A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco Webex Room Phone and Cisco Webex Share devices could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient resource allocation. | 6.5 |