Vulnerabilities > Cisco

DATE CVE VULNERABILITY TITLE RISK
2024-10-02 CVE-2024-20502 Resource Exhaustion vulnerability in Cisco products
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to insufficient resource management while establishing SSL VPN sessions.
network
low complexity
cisco CWE-400
7.5
2024-10-02 CVE-2024-20509 Race Condition vulnerability in Cisco products
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to hijack an AnyConnect VPN session or cause a denial of service (DoS) condition for individual users of the AnyConnect VPN service on an affected device. This vulnerability is due to weak entropy for handlers that are used during the VPN authentication process as well as a race condition that exists in the same process.
network
high complexity
cisco CWE-362
5.9
2024-10-02 CVE-2024-20513 Authorization Bypass Through User-Controlled Key vulnerability in Cisco products
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition for targeted users of the AnyConnect service on an affected device. This vulnerability is due to insufficient entropy for handlers that are used during SSL VPN session establishment.
network
low complexity
cisco CWE-639
5.3
2024-10-02 CVE-2024-20365 Command Injection vulnerability in Cisco Unified Computing System
A vulnerability in the Redfish API of Cisco UCS B-Series, Cisco UCS Managed C-Series, and Cisco UCS X-Series Servers could allow an authenticated, remote attacker with administrative privileges to perform command injection attacks on an affected system and elevate privileges to root. This vulnerability is due to insufficient input validation.
network
low complexity
cisco CWE-77
7.2
2024-10-02 CVE-2024-20385 Improper Certificate Validation vulnerability in Cisco Nexus Dashboard Orchestrator
A vulnerability in the SSL/TLS implementation of Cisco Nexus Dashboard Orchestrator (NDO) could allow an unauthenticated, remote attacker to intercept sensitive information from an affected device.  This vulnerability exists because the Cisco NDO Validate Peer Certificate site management feature validates the certificates for Cisco Application Policy Infrastructure Controller (APIC), Cisco Cloud Network Controller (CNC), and Cisco Nexus Dashboard only when a new site is added or an existing one is reregistered.
network
high complexity
cisco CWE-295
5.9
2024-10-02 CVE-2024-20393 Unspecified vulnerability in Cisco products
A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability exists because the web-based management interface discloses sensitive information.
network
low complexity
cisco
8.8
2024-10-02 CVE-2024-20432 Command Injection vulnerability in Cisco Nexus Dashboard Fabric Controller
A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to perform a command injection attack against an affected device.   This vulnerability is due to improper user authorization and insufficient validation of command arguments.
network
low complexity
cisco CWE-77
8.8
2024-10-02 CVE-2024-20438 Missing Authorization vulnerability in Cisco Nexus Dashboard and Nexus Dashboard Fabric Controller
A vulnerability in the REST API endpoints of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to read or write files on an affected device. This vulnerability exists because of missing authorization controls on some REST API endpoints.
network
low complexity
cisco CWE-862
5.4
2024-10-02 CVE-2024-20441 Unspecified vulnerability in Cisco Nexus Dashboard and Nexus Dashboard Fabric Controller
A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to learn sensitive information on an affected device. This vulnerability is due to insufficient authorization controls on the affected REST API endpoint.
network
low complexity
cisco
6.5
2024-10-02 CVE-2024-20442 Missing Authorization vulnerability in Cisco Nexus Dashboard and Nexus Dashboard Fabric Controller
A vulnerability in the REST API endpoints of Cisco Nexus Dashboard could allow an authenticated, low-privileged, remote attacker to perform limited Administrator actions on an affected device. This vulnerability is due to insufficient authorization controls on some REST API endpoints.
network
low complexity
cisco CWE-862
5.4