Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-05 | CVE-2023-20021 | OS Command Injection vulnerability in Cisco Identity Services Engine 3.2 Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. | 6.7 |
| 2023-03-23 | CVE-2023-20027 | Unspecified vulnerability in Cisco IOS XE A vulnerability in the implementation of the IPv4 Virtual Fragmentation Reassembly (VFR) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 8.6 |
| 2023-03-23 | CVE-2023-20029 | Unspecified vulnerability in Cisco IOS XE 17.7.1/17.8.1 A vulnerability in the Meraki onboarding feature of Cisco IOS XE Software could allow an authenticated, local attacker to gain root level privileges on an affected device. | 7.8 |
| 2023-03-23 | CVE-2023-20035 | Unspecified vulnerability in Cisco IOS XE Sd-Wan A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges. | 7.8 |
| 2023-03-23 | CVE-2023-20055 | Unspecified vulnerability in Cisco DNA Center A vulnerability in the management API of Cisco DNA Center could allow an authenticated, remote attacker to elevate privileges in the context of the web-based management interface on an affected device. | 8.8 |
| 2023-03-23 | CVE-2023-20056 | Unspecified vulnerability in Cisco products A vulnerability in the management CLI of Cisco access point (AP) software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. | 5.5 |
| 2023-03-23 | CVE-2023-20059 | Cleartext Storage of Sensitive Information vulnerability in Cisco DNA Center A vulnerability in the implementation of the Cisco Network Plug-and-Play (PnP) agent of Cisco DNA Center could allow an authenticated, remote attacker to view sensitive information in clear text. | 6.5 |
| 2023-03-23 | CVE-2023-20065 | Unspecified vulnerability in Cisco IOS XE 17.11.1/17.6.3 A vulnerability in the Cisco IOx application hosting subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to root on an affected device. | 7.8 |
| 2023-03-23 | CVE-2023-20066 | Path Traversal vulnerability in Cisco IOS XE 16.12.3/17.3.2/17.6.2 A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform a directory traversal and access resources that are outside the filesystem mountpoint of the web UI. | 6.5 |
| 2023-03-23 | CVE-2023-20067 | Allocation of Resources Without Limits or Throttling vulnerability in Cisco IOS XE A vulnerability in the HTTP-based client profiling feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. | 6.5 |