Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-04 | CVE-2022-20956 | Unspecified vulnerability in Cisco Identity Services Engine 3.1/3.2 A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass authorization and access system files. This vulnerability is due to improper access control in the web-based management interface of an affected device. | 8.8 |
| 2022-11-04 | CVE-2022-20958 | Server-Side Request Forgery (SSRF) vulnerability in Cisco Broadworks Commpilot Application A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot application could allow an unauthenticated, remote attacker to perform a server-side request forgery (SSRF) attack on an affected device. This vulnerability is due to insufficient validation of user-supplied input. | 8.8 |
| 2022-11-04 | CVE-2022-20960 | Improper Certificate Validation vulnerability in Cisco Email Security Appliance A vulnerability in Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certain TLS connections that are processed by an affected device. | 7.5 |
| 2022-11-04 | CVE-2022-20961 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. | 8.8 |
| 2022-11-04 | CVE-2022-20962 | Path Traversal vulnerability in Cisco Identity Services Engine 3.1 A vulnerability in the Localdisk Management feature of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to make unauthorized changes to the file system of an affected device. This vulnerability is due to insufficient input validation. | 8.8 |
| 2022-11-04 | CVE-2022-20963 | Cross-site Scripting vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. | 5.4 |
| 2022-11-04 | CVE-2022-20969 | Cross-site Scripting vulnerability in Cisco Umbrella 003.003(000) A vulnerability in multiple management dashboard pages of Cisco Umbrella could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the Cisco Umbrella dashboard. This vulnerability is due to unsanitized user input. | 5.4 |
| 2022-10-26 | CVE-2022-20776 | Path Traversal vulnerability in Cisco Telepresence Collaboration Endpoint Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. | 6.7 |
| 2022-10-26 | CVE-2022-20811 | Path Traversal vulnerability in Cisco Roomos and Telepresence Collaboration Endpoint Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. | 7.2 |
| 2022-10-26 | CVE-2022-20822 | Improper Input Validation vulnerability in Cisco Identity Services Engine 3.1/3.2 A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to read and delete files on an affected device. | 8.1 |