Vulnerabilities > Cisco > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-20 | CVE-2025-27091 | Heap-based Buffer Overflow vulnerability in Cisco Openh264 OpenH264 is a free license codec library which supports H.264 encoding and decoding. | 7.5 |
| 2025-02-05 | CVE-2025-20124 | Deserialization of Untrusted Data vulnerability in Cisco Identity Services Engine A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker to execute arbitrary commands as the root user on an affected device. This vulnerability is due to insecure deserialization of user-supplied Java byte streams by the affected software. | 7.2 |
| 2025-02-05 | CVE-2025-20125 | Improper Authorization vulnerability in Cisco Identity Services Engine A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker with valid read-only credentials to obtain sensitive information, change node configurations, and restart the node. This vulnerability is due to a lack of authorization in a specific API and improper validation of user-supplied data. | 7.2 |
| 2024-11-06 | CVE-2024-20528 | Path Traversal vulnerability in Cisco Identity Services Engine A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to upload files to arbitrary locations on the underlying operating system of an affected device. | 7.2 |
| 2024-10-23 | CVE-2024-20412 | Use of Hard-coded Credentials vulnerability in Cisco Firepower Threat Defense A vulnerability in Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000, 2100, 3100, and 4200 Series could allow an unauthenticated, local attacker to access an affected system using static credentials. This vulnerability is due to the presence of static accounts with hard-coded passwords on an affected system. | 8.4 |
| 2024-10-23 | CVE-2024-20426 | Unspecified vulnerability in Cisco products A vulnerability in the Internet Key Exchange version 2 (IKEv2) protocol for VPN termination of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. | 8.6 |
| 2024-10-16 | CVE-2024-20420 | Unspecified vulnerability in Cisco ATA 191 Firmware and ATA 192 Firmware A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an authenticated, remote attacker with low privileges to run commands as an Admin user. | 8.8 |
| 2024-10-16 | CVE-2024-20458 | OS Command Injection vulnerability in Cisco ATA 191 Firmware and ATA 192 Firmware A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to view or delete the configuration or change the firmware on an affected device. This vulnerability is due to a lack of authentication on specific HTTP endpoints. | 8.2 |
| 2024-10-16 | CVE-2024-20459 | OS Command Injection vulnerability in Cisco ATA 191 Firmware and ATA 192 Firmware A vulnerability in the web-based management interface of Cisco ATA 190 Multiplatform Series Analog Telephone Adapter firmware could allow an authenticated, remote attacker with high privileges to execute arbitrary commands as the root user on the underlying operating system. This vulnerability is due to a lack of input sanitization in the web-based management interface. | 7.2 |
| 2024-10-16 | CVE-2024-20463 | Unspecified vulnerability in Cisco ATA 191 Firmware and ATA 192 Firmware A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to modify the configuration or reboot an affected device. This vulnerability is due to the HTTP server allowing state changes in GET requests. | 7.1 |