Vulnerabilities > Cisco > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-09-06 CVE-2023-20238 Unspecified vulnerability in Cisco products
A vulnerability in the single sign-on (SSO) implementation of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow an unauthenticated, remote attacker to forge the credentials required to access an affected system. This vulnerability is due to the method used to validate SSO tokens.
network
low complexity
cisco
critical
9.8
2023-09-06 CVE-2023-20269 Incorrect Authorization vulnerability in Cisco Adaptive Security Appliance Software
A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a brute force attack in an attempt to identify valid username and password combinations or an authenticated, remote attacker to establish a clientless SSL VPN session with an unauthorized user. This vulnerability is due to improper separation of authentication, authorization, and accounting (AAA) between the remote access VPN feature and the HTTPS management and site-to-site VPN features.
network
low complexity
cisco CWE-863
critical
9.1
2023-08-16 CVE-2023-20013 Command Injection vulnerability in Cisco Intersight Private Virtual Appliance 1.0.9
Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using root-level privileges.
network
low complexity
cisco CWE-77
critical
9.1
2023-08-16 CVE-2023-20017 Command Injection vulnerability in Cisco Intersight Private Virtual Appliance 1.0.9
Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using root-level privileges.
network
low complexity
cisco CWE-77
critical
9.1
2023-08-03 CVE-2023-20214 Improper Authentication vulnerability in Cisco Sd-Wan Vmanage
A vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to gain read permissions or limited write permissions to the configuration of an affected Cisco SD-WAN vManage instance. This vulnerability is due to insufficient request validation when using the REST API feature.
network
low complexity
cisco CWE-287
critical
9.1
2023-05-18 CVE-2023-20156 Classic Buffer Overflow vulnerability in Cisco products
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device.
network
low complexity
cisco CWE-120
critical
9.8
2023-05-18 CVE-2023-20157 Classic Buffer Overflow vulnerability in Cisco products
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device.
network
low complexity
cisco CWE-120
critical
9.8
2023-05-18 CVE-2023-20158 Classic Buffer Overflow vulnerability in Cisco products
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device.
network
low complexity
cisco CWE-120
critical
9.8
2023-05-18 CVE-2023-20159 Classic Buffer Overflow vulnerability in Cisco products
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device.
network
low complexity
cisco CWE-120
critical
9.8
2023-05-18 CVE-2023-20160 Classic Buffer Overflow vulnerability in Cisco products
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device.
network
low complexity
cisco CWE-120
critical
9.8