Vulnerabilities > Cisco > High

DATE CVE VULNERABILITY TITLE RISK
2023-08-16 CVE-2023-20209 Command Injection vulnerability in Cisco Telepresence Video Communication Server 14.0/14.0.5/14.0.7
A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with read-write privileges on the application to perform a command injection attack that could result in remote code execution on an affected device. This vulnerability is due to insufficient validation of user-supplied input.
network
low complexity
cisco CWE-77
7.2
2023-08-04 CVE-2020-26064 XXE vulnerability in Cisco Catalyst Sd-Wan Manager
A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files.
network
low complexity
cisco CWE-611
8.1
2023-08-03 CVE-2023-20216 Incorrect Permission Assignment for Critical Resource vulnerability in Cisco products
A vulnerability in the privilege management functionality of all Cisco BroadWorks server types could allow an authenticated, local attacker to elevate privileges to root on an affected system.
local
low complexity
cisco CWE-732
7.8
2023-07-14 CVE-2023-37464 Unspecified vulnerability in Cisco Cjose
OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption (JOSE).
network
low complexity
cisco
7.5
2023-07-12 CVE-2023-20185 Inadequate Encryption Strength vulnerability in Cisco Nx-Os
A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, remote attacker to read or modify intersite encrypted traffic. This vulnerability is due to an issue with the implementation of the ciphers that are used by the CloudSec encryption feature on affected switches.
network
high complexity
cisco CWE-326
7.4
2023-06-28 CVE-2023-20006 Incorrect Conversion between Numeric Types vulnerability in Cisco products
A vulnerability in the hardware-based SSL/TLS cryptography functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Appliances could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to an implementation error within the cryptographic functions for SSL/TLS traffic processing when they are offloaded to the hardware.
network
low complexity
cisco CWE-681
7.5
2023-06-28 CVE-2023-20108 Allocation of Resources Without Limits or Throttling vulnerability in Cisco Unified Communications Manager IM and Presence Service 12.5(1)/14Su
A vulnerability in the XCP Authentication Service of the Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to cause a temporary service outage for all Cisco Unified CM IM&P users who are attempting to authenticate to the service, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of user-supplied input.
network
low complexity
cisco CWE-770
7.5
2023-06-28 CVE-2023-20178 Incorrect Default Permissions vulnerability in Cisco Anyconnect Secure Mobility Client and Secure Client
A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows could allow a low-privileged, authenticated, local attacker to elevate privileges to those of SYSTEM.
local
low complexity
cisco CWE-276
7.8
2023-06-28 CVE-2023-20192 Unspecified vulnerability in Cisco Telepresence Video Communication Server
Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated attacker with Administrator-level read-only credentials to elevate their privileges to Administrator with read-write credentials on an affected system.
network
low complexity
cisco
7.7
2023-05-18 CVE-2023-20003 Missing Authentication for Critical Function vulnerability in Cisco products
A vulnerability in the social login configuration option for the guest users of Cisco Business Wireless Access Points (APs) could allow an unauthenticated, adjacent attacker to bypass social login authentication.
low complexity
cisco CWE-306
8.8