Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-06 | CVE-2022-20862 | Path Traversal vulnerability in Cisco Unified Communications Manager A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. | 4.3 |
| 2022-06-24 | CVE-2022-20828 | Unspecified vulnerability in Cisco ASA Firepower 6.3.0/6.5.0/6.7.0 A vulnerability in the CLI parser of Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected ASA FirePOWER module as the root user. | 7.2 |
| 2022-06-24 | CVE-2022-20829 | Insufficient Verification of Data Authenticity vulnerability in Cisco products A vulnerability in the packaging of Cisco Adaptive Security Device Manager (ASDM) images and the validation of those images by Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker with administrative privileges to upload an ASDM image that contains malicious code to a device that is running Cisco ASA Software. | 7.2 |
| 2022-06-22 | CVE-2022-20651 | Information Exposure Through Log Files vulnerability in Cisco Adaptive Security Device Manager A vulnerability in the logging component of Cisco Adaptive Security Device Manager (ASDM) could allow an authenticated, local attacker to view sensitive information in clear text on an affected system. | 5.5 |
| 2022-06-20 | CVE-2022-31734 | Cross-site Scripting vulnerability in Cisco Ws-C2940-8Tf-S Firmware and Ws-C2940-8Tt-S Firmware Cisco Catalyst 2940 Series Switches provided by Cisco Systems, Inc. | 6.1 |
| 2022-06-15 | CVE-2022-20664 | Information Exposure vulnerability in Cisco Email Security Appliance A vulnerability in the web management interface of Cisco Secure Email and Web Manager, formerly Cisco Security Management Appliance (SMA), and Cisco Email Security Appliance (ESA) could allow an authenticated, remote attacker to retrieve sensitive information from a Lightweight Directory Access Protocol (LDAP) external authentication server connected to an affected device. | 7.7 |
| 2022-06-15 | CVE-2022-20733 | Unspecified vulnerability in Cisco Identity Services Engine 3.1 A vulnerability in the login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to log in without credentials and access all roles without any restrictions. | 9.8 |
| 2022-06-15 | CVE-2022-20736 | Missing Authorization vulnerability in Cisco Appdynamics Controller A vulnerability in the web-based management interface of Cisco AppDynamics Controller Software could allow an unauthenticated, remote attacker to access a configuration file and the login page for an administrative console that they would not normally have authorization to access. | 5.3 |
| 2022-06-15 | CVE-2022-20798 | Improper Authentication vulnerability in Cisco products A vulnerability in the external authentication functionality of Cisco Secure Email and Web Manager, formerly known as Cisco Security Management Appliance (SMA), and Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass authentication and log in to the web management interface of an affected device. | 9.8 |
| 2022-06-15 | CVE-2022-20817 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Cisco products A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user's phone if the Cisco Unified Communications Manager (CUCM) is in secure mode. | 7.4 |