Vulnerabilities > Cisco > High

DATE CVE VULNERABILITY TITLE RISK
2022-11-04 CVE-2022-20868 Use of Hard-coded Credentials vulnerability in Cisco Asyncos
A vulnerability in the web-based management interface of Cisco Email Security Appliance, Cisco Secure Email and Web Manager and Cisco Secure Web Appliance could allow an authenticated, remote attacker to elevate privileges on an affected system.
network
low complexity
cisco CWE-798
8.8
2022-11-04 CVE-2022-20956 Unspecified vulnerability in Cisco Identity Services Engine 3.1/3.2
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass authorization and access system files. This vulnerability is due to improper access control in the web-based management interface of an affected device.
network
low complexity
cisco
8.8
2022-11-04 CVE-2022-20958 Server-Side Request Forgery (SSRF) vulnerability in Cisco Broadworks Commpilot Application
A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot application could allow an unauthenticated, remote attacker to perform a server-side request forgery (SSRF) attack on an affected device. This vulnerability is due to insufficient validation of user-supplied input.
network
low complexity
cisco CWE-918
8.8
2022-11-04 CVE-2022-20960 Improper Certificate Validation vulnerability in Cisco Email Security Appliance
A vulnerability in Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certain TLS connections that are processed by an affected device.
network
low complexity
cisco CWE-295
7.5
2022-11-04 CVE-2022-20961 Cross-Site Request Forgery (CSRF) vulnerability in Cisco Identity Services Engine
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device.
network
low complexity
cisco CWE-352
8.8
2022-11-04 CVE-2022-20962 Path Traversal vulnerability in Cisco Identity Services Engine 3.1
A vulnerability in the Localdisk Management feature of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to make unauthorized changes to the file system of an affected device. This vulnerability is due to insufficient input validation.
network
low complexity
cisco CWE-22
8.8
2022-10-26 CVE-2022-20811 Path Traversal vulnerability in Cisco Roomos and Telepresence Collaboration Endpoint
Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device.
network
low complexity
cisco CWE-22
7.2
2022-10-26 CVE-2022-20822 Improper Input Validation vulnerability in Cisco Identity Services Engine 3.1/3.2
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to read and delete files on an affected device.
network
low complexity
cisco CWE-20
8.1
2022-10-26 CVE-2022-20933 Unspecified vulnerability in Cisco products
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z3 Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
network
low complexity
cisco
8.6
2022-10-26 CVE-2022-20954 Path Traversal vulnerability in Cisco Roomos and Telepresence Collaboration Endpoint
Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device.
local
low complexity
cisco CWE-22
7.1