Vulnerabilities > Cisco > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-18 | CVE-2023-20024 | Classic Buffer Overflow vulnerability in Cisco products Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. | 7.5 |
| 2023-05-18 | CVE-2023-20163 | OS Command Injection vulnerability in Cisco Identity Services Engine Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. | 7.2 |
| 2023-05-18 | CVE-2023-20164 | OS Command Injection vulnerability in Cisco Identity Services Engine Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. | 7.2 |
| 2023-05-18 | CVE-2023-20182 | Improper Input Validation vulnerability in Cisco DNA Center Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. | 8.8 |
| 2023-05-09 | CVE-2023-20046 | Insufficiently Protected Credentials vulnerability in Cisco Staros A vulnerability in the key-based SSH authentication feature of Cisco StarOS Software could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied credentials. | 8.8 |
| 2023-04-13 | CVE-2023-20118 | Improper Input Validation vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Small Business Routers RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to improper validation of user input within incoming HTTP packets. | 7.2 |
| 2023-04-05 | CVE-2023-20102 | Deserialization of Untrusted Data vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Secure Network Analytics could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system. | 8.8 |
| 2023-04-05 | CVE-2023-20103 | Improper Input Validation vulnerability in Cisco Secure Network Analytics 2.1.1/7.4.1 A vulnerability in Cisco Secure Network Analytics could allow an authenticated, remote attacker to execute arbitrary code as a root user on an affected device. | 7.2 |
| 2023-04-05 | CVE-2023-20117 | OS Command Injection vulnerability in Cisco Rv320 Firmware and Rv325 Firmware Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. | 7.2 |
| 2023-04-05 | CVE-2023-20122 | OS Command Injection vulnerability in Cisco Identity Services Engine 3.2 Multiple vulnerabilities in the restricted shell of Cisco Evolved Programmable Network Manager (EPNM), Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure could allow an authenticated, local attacker to escape the restricted shell and gain root privileges on the underlying operating system. | 7.8 |