Vulnerabilities > Cisco
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-04-06 | CVE-2022-20755 | Unspecified vulnerability in Cisco Telepresence Video Communication Server Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with read/write privileges to the application to write files or execute arbitrary code on the underlying operating system of an affected device as the root user. | 7.2 |
2022-04-06 | CVE-2022-20756 | Unspecified vulnerability in Cisco Identity Services Engine A vulnerability in the RADIUS feature of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause the affected system to stop processing RADIUS packets. | 7.5 |
2022-04-06 | CVE-2022-20762 | Unspecified vulnerability in Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure 2020.02.2.0/2020.02.7.0 A vulnerability in the Common Execution Environment (CEE) ConfD CLI of Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure (SMI) software could allow an authenticated, local attacker to escalate privileges on an affected device. | 7.8 |
2022-04-06 | CVE-2022-20763 | Deserialization of Untrusted Data vulnerability in Cisco Webex Meetings Online Wbs42.2.11 A vulnerability in the login authorization components of Cisco Webex Meetings could allow an authenticated, remote attacker to inject arbitrary Java code. | 8.8 |
2022-04-06 | CVE-2022-20774 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based interface of an affected system. | 8.1 |
2022-04-06 | CVE-2022-20781 | Cross-site Scripting vulnerability in Cisco Asyncos A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. | 5.4 |
2022-04-06 | CVE-2022-20782 | Improper Privilege Management vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. | 6.5 |
2022-04-06 | CVE-2022-20784 | Improper Input Validation vulnerability in Cisco web Security Appliance A vulnerability in the Web-Based Reputation Score (WBRS) engine of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass established web request policies and access blocked content on an affected device. | 5.3 |
2022-04-01 | CVE-2022-22965 | Code Injection vulnerability in multiple products A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. | 9.8 |
2022-02-23 | CVE-2022-20623 | Unspecified vulnerability in Cisco Nx-Os A vulnerability in the rate limiter for Bidirectional Forwarding Detection (BFD) traffic of Cisco NX-OS Software for Cisco Nexus 9000 Series Switches could allow an unauthenticated, remote attacker to cause BFD traffic to be dropped on an affected device. | 7.5 |