Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-15 | CVE-2022-20731 | Improper Initialization vulnerability in Cisco products Multiple vulnerabilities that affect Cisco Catalyst Digital Building Series Switches and Cisco Catalyst Micro Switches could allow an attacker to execute persistent code at boot time or to permanently prevent the device from booting, resulting in a permanent denial of service (DoS) condition. | 6.8 |
| 2022-04-15 | CVE-2022-20735 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Catalyst Sd-Wan Manager and Sd-Wan Vmanage A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. | 6.5 |
| 2022-04-15 | CVE-2022-20739 | Improper Privilege Management vulnerability in Cisco Catalyst Sd-Wan Manager and Sd-Wan Vmanage A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as the root user. | 7.3 |
| 2022-04-15 | CVE-2022-20747 | Unspecified vulnerability in Cisco Catalyst Sd-Wan Manager and Sd-Wan Vmanage A vulnerability in the History API of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain access to sensitive information on an affected system. | 6.5 |
| 2022-04-15 | CVE-2022-20758 | Unspecified vulnerability in Cisco IOS XR A vulnerability in the implementation of the Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. | 6.8 |
| 2022-04-15 | CVE-2022-20761 | Improper Input Validation vulnerability in Cisco IOS A vulnerability in the integrated wireless access point (AP) packet processing of the Cisco 1000 Series Connected Grid Router (CGR1K) could allow an unauthenticated, adjacent attacker to cause a denial of service condition on an affected device. | 6.5 |
| 2022-04-06 | CVE-2022-20665 | Command Injection vulnerability in Cisco Staros A vulnerability in the CLI of Cisco StarOS could allow an authenticated, local attacker to elevate privileges on an affected device. | 6.7 |
| 2022-04-06 | CVE-2022-20675 | Unspecified vulnerability in Cisco Asyncos A vulnerability in the TCP/IP stack of Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Secure Email and Web Manager, formerly Security Management Appliance, could allow an unauthenticated, remote attacker to crash the Simple Network Management Protocol (SNMP) service, resulting in a denial of service (DoS) condition. | 5.3 |
| 2022-04-06 | CVE-2022-20741 | Cross-site Scripting vulnerability in Cisco Secure Network Analytics A vulnerability in the web-based management interface of the Network Diagrams application for Cisco Secure Network Analytics, formerly Stealthwatch Enterprise, could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 5.4 |
| 2022-04-06 | CVE-2022-20754 | Unspecified vulnerability in Cisco Telepresence Video Communication Server Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with read/write privileges to the application to write files or execute arbitrary code on the underlying operating system of an affected device as the root user. | 7.2 |