Vulnerabilities > Cisco > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-15 | CVE-2020-3250 | Improper Privilege Management vulnerability in Cisco UCS Director and UCS Director Express for BIG Data Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. | 9.8 |
| 2020-04-15 | CVE-2020-3248 | Path Traversal vulnerability in Cisco UCS Director and UCS Director Express for BIG Data Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. | 9.8 |
| 2020-04-15 | CVE-2020-3247 | Path Traversal vulnerability in Cisco UCS Director and UCS Director Express for BIG Data Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. | 9.8 |
| 2020-04-15 | CVE-2020-3243 | Improper Privilege Management vulnerability in Cisco UCS Director and UCS Director Express for BIG Data Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. | 9.8 |
| 2020-04-15 | CVE-2020-3161 | Improper Input Validation vulnerability in Cisco products A vulnerability in the web server for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. | 9.8 |
| 2020-02-19 | CVE-2020-3158 | Use of Hard-coded Credentials vulnerability in Cisco Smart Software Manager On-Prem A vulnerability in the High Availability (HA) service of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to access a sensitive part of the system with a high-privileged account. | 9.1 |
| 2020-02-05 | CVE-2013-2681 | Improper Authentication vulnerability in Cisco Linksys E4200 Firmware 1.0.05 Cisco Linksys E4200 1.0.05 Build 7 devices contain a Security Bypass Vulnerability which could allow remote attackers to gain unauthorized access. | 9.8 |
| 2020-01-26 | CVE-2019-16029 | Improper Input Validation vulnerability in Cisco Smart Software Manager On-Prem 5.0/5.1.0/6.3.0 A vulnerability in the application programming interface (API) of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to change user account information which can prevent users from logging in, resulting in a denial of service (DoS) condition of the web interface. | 9.1 |
| 2020-01-07 | CVE-2013-5122 | Improper Authentication vulnerability in Cisco products Cisco Linksys Routers EA2700, EA3500, E4200, EA4500: A bug can cause an unsafe TCP port to open which leads to unauthenticated access | 9.8 |
| 2020-01-06 | CVE-2019-15976 | Use of Hard-coded Credentials vulnerability in Cisco Data Center Network Manager 4.0 Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. | 9.8 |