Vulnerabilities > Cisco > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-11-18 CVE-2020-3531 Missing Authentication for Critical Function vulnerability in Cisco IOT Field Network Director
A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to access the back-end database of an affected system.
network
low complexity
cisco CWE-306
critical
9.8
2020-11-18 CVE-2020-3470 Improper Input Validation vulnerability in Cisco products
Multiple vulnerabilities in the API subsystem of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to execute arbitrary code with root privileges.
network
low complexity
cisco CWE-20
critical
9.8
2020-11-18 CVE-2020-3419 Improper Control of Dynamically-Managed Code Resources vulnerability in Cisco Webex Meetings Server
A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to join a Webex session without appearing on the participant list.
network
low complexity
cisco CWE-913
critical
9.1
2020-11-17 CVE-2020-27131 Deserialization of Untrusted Data vulnerability in Cisco Security Manager
Multiple vulnerabilities in the Java deserialization function that is used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device.
network
low complexity
cisco CWE-502
critical
9.8
2020-11-17 CVE-2020-27130 Unspecified vulnerability in Cisco Security Manager
A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to gain access to sensitive information.
network
low complexity
cisco
critical
9.1
2020-11-17 CVE-2020-27125 Improper Input Validation vulnerability in Cisco Security Manager
A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information on an affected system.
network
low complexity
cisco CWE-20
critical
9.8
2020-11-06 CVE-2020-3284 Unspecified vulnerability in Cisco products
A vulnerability in the enhanced Preboot eXecution Environment (PXE) boot loader for Cisco IOS XR 64-bit Software could allow an unauthenticated, remote attacker to execute unsigned code during the PXE boot process on an affected device.
network
low complexity
cisco
critical
9.8
2020-09-24 CVE-2020-3426 Improper Input Validation vulnerability in Cisco IOS
A vulnerability in the implementation of the Low Power, Wide Area (LPWA) subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data or cause a denial of service (DoS) condition.
network
low complexity
cisco CWE-20
critical
9.1
2020-09-23 CVE-2019-16028 Improper Authentication vulnerability in Cisco Secure Firewall Management Center
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device.
network
low complexity
cisco CWE-287
critical
9.8
2020-08-26 CVE-2020-3446 Use of Hard-coded Credentials vulnerability in Cisco products
A vulnerability in Cisco Virtual Wide Area Application Services (vWAAS) with Cisco Enterprise NFV Infrastructure Software (NFVIS)-bundled images for Cisco ENCS 5400-W Series and CSP 5000-W Series appliances could allow an unauthenticated, remote attacker to log into the NFVIS CLI of an affected device by using accounts that have a default, static password.
network
low complexity
cisco CWE-798
critical
9.8