Vulnerabilities > Cisco > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-08-16 CVE-2023-20017 Command Injection vulnerability in Cisco Intersight Private Virtual Appliance 1.0.9
Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using root-level privileges.
network
low complexity
cisco CWE-77
critical
9.1
2023-08-16 CVE-2023-20013 Command Injection vulnerability in Cisco Intersight Private Virtual Appliance 1.0.9
Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using root-level privileges.
network
low complexity
cisco CWE-77
critical
9.1
2023-08-03 CVE-2023-20214 Improper Authentication vulnerability in Cisco Catalyst Sd-Wan Manager and Sd-Wan Vmanage
A vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to gain read permissions or limited write permissions to the configuration of an affected Cisco SD-WAN vManage instance. This vulnerability is due to insufficient request validation when using the REST API feature.
network
low complexity
cisco CWE-287
critical
9.1
2023-05-18 CVE-2023-20189 Classic Buffer Overflow vulnerability in Cisco products
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device.
network
low complexity
cisco CWE-120
critical
9.8
2023-05-18 CVE-2023-20162 Classic Buffer Overflow vulnerability in Cisco products
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device.
network
low complexity
cisco CWE-120
critical
9.8
2023-05-18 CVE-2023-20161 Classic Buffer Overflow vulnerability in Cisco products
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device.
network
low complexity
cisco CWE-120
critical
9.8
2023-05-18 CVE-2023-20160 Classic Buffer Overflow vulnerability in Cisco products
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device.
network
low complexity
cisco CWE-120
critical
9.8
2023-05-18 CVE-2023-20159 Classic Buffer Overflow vulnerability in Cisco products
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device.
network
low complexity
cisco CWE-120
critical
9.8
2023-05-18 CVE-2023-20158 Classic Buffer Overflow vulnerability in Cisco products
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device.
network
low complexity
cisco CWE-120
critical
9.8
2023-05-18 CVE-2023-20157 Classic Buffer Overflow vulnerability in Cisco products
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device.
network
low complexity
cisco CWE-120
critical
9.8