Vulnerabilities > Cisco > High

DATE CVE VULNERABILITY TITLE RISK
2023-01-20 CVE-2023-20045 Improper Input Validation vulnerability in Cisco products
A vulnerability in the web-based management interface of Cisco Small Business RV160 and RV260 Series VPN Routers could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user input.
network
low complexity
cisco CWE-20
7.2
2022-12-12 CVE-2022-20689 Improper Validation of Specified Quantity in Input vulnerability in Cisco products
Multiple vulnerabilities in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, adjacent attacker to cause Cisco Discovery Protocol memory corruption on an affected device. These vulnerabilities are due to missing length validation checks when processing Cisco Discovery Protocol messages.
low complexity
cisco CWE-1284
8.8
2022-12-12 CVE-2022-20690 Improper Validation of Specified Quantity in Input vulnerability in Cisco products
Multiple vulnerabilities in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, adjacent attacker to cause Cisco Discovery Protocol memory corruption on an affected device. These vulnerabilities are due to missing length validation checks when processing Cisco Discovery Protocol messages.
low complexity
cisco CWE-1284
8.8
2022-12-12 CVE-2022-20968 Out-of-bounds Write vulnerability in Cisco products
A vulnerability in the Cisco Discovery Protocol processing feature of Cisco IP Phone 7800 and 8800 Series firmware could allow an unauthenticated, adjacent attacker to cause a stack overflow on an affected device. This vulnerability is due to insufficient input validation of received Cisco Discovery Protocol packets.
low complexity
cisco CWE-787
8.8
2022-11-15 CVE-2022-20854 Improper Handling of Exceptional Conditions vulnerability in Cisco Secure Firewall Management Center
A vulnerability in the processing of SSH connections of Cisco Firepower Management Center (FMC) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper error handling when an SSH session fails to be established.
network
low complexity
cisco CWE-755
7.5
2022-11-15 CVE-2022-20918 Improper Authentication vulnerability in Cisco products
A vulnerability in the Simple Network Management Protocol (SNMP) access controls for Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module, Cisco Firepower Management Center (FMC) Software, and Cisco Next-Generation Intrusion Prevention System (NGIPS) Software could allow an unauthenticated, remote attacker to perform an SNMP GET request using a default credential. This vulnerability is due to the presence of a default credential for SNMP version 1 (SNMPv1) and SNMP version 2 (SNMPv2).
network
low complexity
cisco CWE-287
7.5
2022-11-15 CVE-2022-20925 OS Command Injection vulnerability in Cisco Secure Firewall Management Center
A vulnerability in the web management interface of the Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The vulnerability is due to insufficient validation of user-supplied parameters for certain API endpoints.
network
low complexity
cisco CWE-78
7.2
2022-11-15 CVE-2022-20926 OS Command Injection vulnerability in Cisco Secure Firewall Management Center
A vulnerability in the web management interface of the Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The vulnerability is due to insufficient validation of user-supplied parameters for certain API endpoints.
network
low complexity
cisco CWE-78
8.8
2022-11-15 CVE-2022-20946 Out-of-bounds Write vulnerability in Cisco Firepower Threat Defense
A vulnerability in the generic routing encapsulation (GRE) tunnel decapsulation feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a memory handling error that occurs when GRE traffic is processed.
network
low complexity
cisco CWE-787
7.5
2022-11-15 CVE-2022-20947 Unspecified vulnerability in Cisco Adaptive Security Appliance Software
A vulnerability in dynamic access policies (DAP) functionality of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to improper processing of HostScan data received from the Posture (HostScan) module.
network
low complexity
cisco
7.5