Vulnerabilities > Cisco > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-20 | CVE-2022-20964 | OS Command Injection vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to inject arbitrary commands on the underlying operating system. This vulnerability is due to improper validation of user input within requests as part of the web-based management interface. | 8.8 |
| 2023-01-20 | CVE-2023-20007 | OS Command Injection vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code or cause the web-based management process on the device to restart unexpectedly, resulting in a denial of service (DoS) condition. | 7.2 |
| 2023-01-20 | CVE-2023-20008 | Unspecified vulnerability in Cisco Roomos and Telepresence Collaboration Endpoint A vulnerability in the CLI of Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to overwrite arbitrary files on the local system of an affected device. This vulnerability is due to improper access controls on files that are in the local file system. | 7.1 |
| 2023-01-20 | CVE-2023-20010 | SQL Injection vulnerability in Cisco Unified Communications Manager A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface inadequately validates user input. | 8.8 |
| 2023-01-20 | CVE-2023-20020 | Improper Input Validation vulnerability in Cisco products A vulnerability in the Device Management Servlet application of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper input validation when parsing HTTP requests. | 8.6 |
| 2023-01-20 | CVE-2023-20026 | Improper Input Validation vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320 and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to improper validation of user input within incoming HTTP packets. | 7.2 |
| 2023-01-20 | CVE-2023-20038 | Use of Hard-coded Credentials vulnerability in Cisco Industrial Network Director A vulnerability in the monitoring application of Cisco Industrial Network Director could allow an authenticated, local attacker to access a static secret key used to store both local data and credentials for accessing remote systems. This vulnerability is due to a static key value stored in the application used to encrypt application data and remote credentials. | 8.8 |
| 2023-01-20 | CVE-2023-20044 | Unspecified vulnerability in Cisco CX Cloud Agent A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges. This vulnerability is due to insecure file permissions. | 7.3 |
| 2023-01-20 | CVE-2023-20045 | Improper Input Validation vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Small Business RV160 and RV260 Series VPN Routers could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user input. | 7.2 |
| 2022-12-12 | CVE-2022-20689 | Improper Validation of Specified Quantity in Input vulnerability in Cisco products Multiple vulnerabilities in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, adjacent attacker to cause Cisco Discovery Protocol memory corruption on an affected device. These vulnerabilities are due to missing length validation checks when processing Cisco Discovery Protocol messages. | 8.8 |