Vulnerabilities > Cisco > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-11-18 | CVE-2020-3531 | Missing Authentication for Critical Function vulnerability in Cisco IOT Field Network Director A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to access the back-end database of an affected system. | 9.8 |
2020-11-18 | CVE-2020-3470 | Improper Input Validation vulnerability in Cisco products Multiple vulnerabilities in the API subsystem of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to execute arbitrary code with root privileges. | 9.8 |
2020-11-18 | CVE-2020-3419 | Improper Control of Dynamically-Managed Code Resources vulnerability in Cisco Webex Meetings Server A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to join a Webex session without appearing on the participant list. | 9.1 |
2020-11-17 | CVE-2020-27131 | Deserialization of Untrusted Data vulnerability in Cisco Security Manager Multiple vulnerabilities in the Java deserialization function that is used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. | 9.8 |
2020-11-17 | CVE-2020-27130 | Unspecified vulnerability in Cisco Security Manager A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to gain access to sensitive information. | 9.1 |
2020-11-17 | CVE-2020-27125 | Improper Input Validation vulnerability in Cisco Security Manager A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information on an affected system. | 9.8 |
2020-11-06 | CVE-2020-3284 | Unspecified vulnerability in Cisco products A vulnerability in the enhanced Preboot eXecution Environment (PXE) boot loader for Cisco IOS XR 64-bit Software could allow an unauthenticated, remote attacker to execute unsigned code during the PXE boot process on an affected device. | 9.8 |
2020-09-24 | CVE-2020-3426 | Improper Input Validation vulnerability in Cisco IOS A vulnerability in the implementation of the Low Power, Wide Area (LPWA) subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data or cause a denial of service (DoS) condition. | 9.1 |
2020-09-23 | CVE-2019-16028 | Improper Authentication vulnerability in Cisco Secure Firewall Management Center A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. | 9.8 |
2020-08-26 | CVE-2020-3446 | Use of Hard-coded Credentials vulnerability in Cisco products A vulnerability in Cisco Virtual Wide Area Application Services (vWAAS) with Cisco Enterprise NFV Infrastructure Software (NFVIS)-bundled images for Cisco ENCS 5400-W Series and CSP 5000-W Series appliances could allow an unauthenticated, remote attacker to log into the NFVIS CLI of an affected device by using accounts that have a default, static password. | 9.8 |