Vulnerabilities > Cisco > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-08-10 CVE-2022-20841 Improper Input Validation vulnerability in Cisco products
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device.
network
high complexity
cisco CWE-20
critical
9.0
2022-07-21 CVE-2022-20858 Missing Authentication for Critical Function vulnerability in Cisco Nexus Dashboard
Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack.
network
low complexity
cisco CWE-306
critical
9.8
2022-07-21 CVE-2022-20857 Missing Authentication for Critical Function vulnerability in Cisco Nexus Dashboard
Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack.
network
low complexity
cisco CWE-306
critical
9.8
2022-06-15 CVE-2022-20825 Out-of-bounds Write vulnerability in Cisco products
A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition.
network
low complexity
cisco CWE-787
critical
9.8
2022-06-15 CVE-2022-20798 Improper Authentication vulnerability in Cisco products
A vulnerability in the external authentication functionality of Cisco Secure Email and Web Manager, formerly known as Cisco Security Management Appliance (SMA), and Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass authentication and log in to the web management interface of an affected device.
network
low complexity
cisco CWE-287
critical
9.8
2022-06-15 CVE-2022-20733 Unspecified vulnerability in Cisco Identity Services Engine 3.1
A vulnerability in the login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to log in without credentials and access all roles without any restrictions.
network
low complexity
cisco
critical
9.8
2022-05-27 CVE-2022-20797 OS Command Injection vulnerability in Cisco Secure Network Analytics 2.1.1/7.4.1
A vulnerability in the web-based management interface of Cisco Secure Network Analytics, formerly Cisco Stealthwatch Enterprise, could allow an authenticated, remote attacker to execute arbitrary commands as an administrator on the underlying operating system.
network
low complexity
cisco CWE-78
critical
9.1
2022-05-04 CVE-2022-20777 Unspecified vulnerability in Cisco Enterprise NFV Infrastructure Software
Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM.
network
low complexity
cisco
critical
9.9
2022-04-15 CVE-2022-20695 Improper Authentication vulnerability in Cisco products
A vulnerability in the authentication functionality of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to bypass authentication controls and log in to the device through the management interface This vulnerability is due to the improper implementation of the password validation algorithm.
network
low complexity
cisco CWE-287
critical
10.0
2022-04-01 CVE-2022-22965 Code Injection vulnerability in multiple products
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.
network
low complexity
vmware cisco oracle siemens veritas CWE-94
critical
9.8