Vulnerabilities > Cisco > High

DATE CVE VULNERABILITY TITLE RISK
2022-11-15 CVE-2022-20854 Resource Exhaustion vulnerability in Cisco Firepower Management Center
A vulnerability in the processing of SSH connections of Cisco Firepower Management Center (FMC) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
network
low complexity
cisco CWE-400
7.5
2022-11-15 CVE-2022-20918 Improper Privilege Management vulnerability in Cisco products
A vulnerability in the Simple Network Management Protocol (SNMP) access controls for Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module, Cisco Firepower Management Center (FMC) Software, and Cisco Next-Generation Intrusion Prevention System (NGIPS) Software could allow an unauthenticated, remote attacker to perform an SNMP GET request using a default credential.
network
low complexity
cisco CWE-269
7.5
2022-11-15 CVE-2022-20925 Command Injection vulnerability in Cisco Firepower Management Center
A vulnerability in the web management interface of the Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system.
network
low complexity
cisco CWE-77
7.2
2022-11-15 CVE-2022-20926 Command Injection vulnerability in Cisco Firepower Management Center
A vulnerability in the web management interface of the Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system.
network
low complexity
cisco CWE-77
8.8
2022-11-15 CVE-2022-20946 Out-of-bounds Write vulnerability in Cisco Firepower Threat Defense
A vulnerability in the generic routing encapsulation (GRE) tunnel decapsulation feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
network
low complexity
cisco CWE-787
7.5
2022-11-15 CVE-2022-20947 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Adaptive Security Appliance
A vulnerability in dynamic access policies (DAP) functionality of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition.
network
low complexity
cisco CWE-119
7.5
2022-11-04 CVE-2022-20868 Use of Hard-coded Credentials vulnerability in Cisco Asyncos
A vulnerability in the web-based management interface of Cisco Email Security Appliance, Cisco Secure Email and Web Manager and Cisco Secure Web Appliance could allow an authenticated, remote attacker to elevate privileges on an affected system.
network
low complexity
cisco CWE-798
8.8
2022-11-04 CVE-2022-20956 Unspecified vulnerability in Cisco Identity Services Engine 3.1/3.2
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass authorization and access system files.
network
low complexity
cisco
8.8
2022-11-04 CVE-2022-20958 Improper Input Validation vulnerability in Cisco Broadworks Commpilot Application
A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot application could allow an unauthenticated, remote attacker to perform a server-side request forgery (SSRF) attack on an affected device.
network
low complexity
cisco CWE-20
8.8
2022-11-04 CVE-2022-20960 Improper Certificate Validation vulnerability in Cisco Email Security Appliance
A vulnerability in Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition on an affected device.
network
low complexity
cisco CWE-295
7.5