Vulnerabilities > Cisco > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-21 | CVE-2022-20857 | Missing Authentication for Critical Function vulnerability in Cisco Nexus Dashboard Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack. | 9.8 |
| 2022-07-21 | CVE-2022-20858 | Missing Authentication for Critical Function vulnerability in Cisco Nexus Dashboard Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack. | 9.8 |
| 2022-06-15 | CVE-2022-20733 | Unspecified vulnerability in Cisco Identity Services Engine 3.1 A vulnerability in the login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to log in without credentials and access all roles without any restrictions. | 9.8 |
| 2022-06-15 | CVE-2022-20798 | Improper Authentication vulnerability in Cisco products A vulnerability in the external authentication functionality of Cisco Secure Email and Web Manager, formerly known as Cisco Security Management Appliance (SMA), and Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass authentication and log in to the web management interface of an affected device. | 9.8 |
| 2022-06-15 | CVE-2022-20825 | Out-of-bounds Write vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. | 9.8 |
| 2022-05-27 | CVE-2022-20797 | OS Command Injection vulnerability in Cisco Secure Network Analytics 2.1.1/7.4.1 A vulnerability in the web-based management interface of Cisco Secure Network Analytics, formerly Cisco Stealthwatch Enterprise, could allow an authenticated, remote attacker to execute arbitrary commands as an administrator on the underlying operating system. | 9.1 |
| 2022-05-04 | CVE-2022-20777 | Unspecified vulnerability in Cisco Enterprise NFV Infrastructure Software Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. | 9.9 |
| 2022-04-15 | CVE-2022-20695 | Improper Authentication vulnerability in Cisco products A vulnerability in the authentication functionality of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to bypass authentication controls and log in to the device through the management interface This vulnerability is due to the improper implementation of the password validation algorithm. | 10.0 |
| 2022-04-01 | CVE-2022-22965 | Code Injection vulnerability in multiple products A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. | 9.8 |
| 2022-02-10 | CVE-2022-20699 | Improper Validation of Specified Quantity in Input vulnerability in Cisco products Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. | 9.8 |