Vulnerabilities > Cisco > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-02-10 CVE-2022-20700 Out-of-bounds Write vulnerability in Cisco products
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.
network
low complexity
cisco CWE-787
critical
9.8
2022-02-10 CVE-2022-20705 Out-of-bounds Write vulnerability in Cisco products
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.
network
low complexity
cisco CWE-787
critical
9.8
2022-02-10 CVE-2022-20711 Out-of-bounds Write vulnerability in Cisco products
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.
network
low complexity
cisco CWE-787
critical
9.8
2022-02-10 CVE-2022-20712 Out-of-bounds Write vulnerability in Cisco products
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.
network
low complexity
cisco CWE-787
critical
9.8
2022-02-10 CVE-2022-20738 Unspecified vulnerability in Cisco Umbrella Secure web Gateway
A vulnerability in the Cisco Umbrella Secure Web Gateway service could allow an unauthenticated, remote attacker to bypass the file inspection feature.
network
low complexity
cisco
critical
9.8
2022-02-10 CVE-2022-20749 Out-of-bounds Write vulnerability in Cisco products
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.
network
low complexity
cisco CWE-787
critical
9.8
2022-01-14 CVE-2022-20658 Incorrect Resource Transfer Between Spheres vulnerability in Cisco products
A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) and Cisco Unified Contact Center Domain Manager (Unified CCDM) could allow an authenticated, remote attacker to elevate their privileges to Administrator.
network
low complexity
cisco CWE-669
critical
9.6
2021-12-10 CVE-2021-44228 Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. 10.0
2021-11-04 CVE-2021-34795 Insecure Default Initialization of Resource vulnerability in Cisco products
Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions: Log in with a default credential if the Telnet protocol is enabled Perform command injection Modify the configuration For more information about these vulnerabilities, see the Details section of this advisory.
network
low complexity
cisco CWE-1188
critical
9.8
2021-11-04 CVE-2021-40113 OS Command Injection vulnerability in Cisco products
Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions: Log in with a default credential if the Telnet protocol is enabled Perform command injection Modify the configuration For more information about these vulnerabilities, see the Details section of this advisory.
network
low complexity
cisco CWE-78
critical
9.8