Vulnerabilities > Cisco > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-01-26 CVE-2024-20253 Unspecified vulnerability in Cisco products
A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device.
network
low complexity
cisco
critical
10.0
2024-01-17 CVE-2024-20272 Unspecified vulnerability in Cisco Unity Connection
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system and execute commands on the underlying operating system.
network
low complexity
cisco
critical
9.8
2024-01-10 CVE-2023-31488 Unspecified vulnerability in Cisco products
Hyland Perceptive Filters releases before 2023-12-08 (e.g., 11.4.0.2647), as used in Cisco IronPort Email Security Appliance Software, Cisco Secure Email Gateway, and various non-Cisco products, allow attackers to trigger a segmentation fault and execute arbitrary code via a crafted document.
network
low complexity
cisco
critical
9.8
2023-11-01 CVE-2023-20048 Incorrect Authorization vulnerability in Cisco Firepower Management Center
A vulnerability in the web services interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute certain unauthorized configuration commands on a Firepower Threat Defense (FTD) device that is managed by the FMC Software.
network
low complexity
cisco CWE-863
critical
9.9
2023-10-16 CVE-2023-20198 Unspecified vulnerability in Cisco IOS XE
Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software.
network
low complexity
cisco
critical
10.0
2023-10-04 CVE-2023-20101 Use of Hard-coded Credentials vulnerability in Cisco Emergency Responder 12.5(1)Su4
A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted. This vulnerability is due to the presence of static user credentials for the root account that are typically reserved for use during development.
network
low complexity
cisco CWE-798
critical
9.8
2023-09-27 CVE-2023-20186 Unspecified vulnerability in Cisco IOS
A vulnerability in the Authentication, Authorization, and Accounting (AAA) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to bypass command authorization and copy files to or from the file system of an affected device using the Secure Copy Protocol (SCP). This vulnerability is due to incorrect processing of SCP commands in AAA command authorization checks.
network
low complexity
cisco
critical
9.1
2023-09-27 CVE-2023-20252 Improper Authentication vulnerability in Cisco Catalyst Sd-Wan Manager 20.11.1.2/20.9.3.2
A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN Manager Software could allow an unauthenticated, remote attacker to gain unauthorized access to the application as an arbitrary user. This vulnerability is due to improper authentication checks for SAML APIs.
network
low complexity
cisco CWE-287
critical
9.8
2023-09-06 CVE-2023-20238 Unspecified vulnerability in Cisco products
A vulnerability in the single sign-on (SSO) implementation of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow an unauthenticated, remote attacker to forge the credentials required to access an affected system. This vulnerability is due to the method used to validate SSO tokens.
network
low complexity
cisco
critical
9.8
2023-09-06 CVE-2023-20269 Incorrect Authorization vulnerability in Cisco Adaptive Security Appliance Software
A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a brute force attack in an attempt to identify valid username and password combinations or an authenticated, remote attacker to establish a clientless SSL VPN session with an unauthorized user. This vulnerability is due to improper separation of authentication, authorization, and accounting (AAA) between the remote access VPN feature and the HTTPS management and site-to-site VPN features.
network
low complexity
cisco CWE-863
critical
9.1