Vulnerabilities > Cisco > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-30 | CVE-2022-20851 | OS Command Injection vulnerability in Cisco IOS XE 17.6.1 A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. | 7.2 |
| 2022-09-30 | CVE-2022-20856 | Unspecified vulnerability in Cisco IOS XE 17.3.4C A vulnerability in the processing of Control and Provisioning of Wireless Access Points (CAPWAP) Mobility messages in Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 7.5 |
| 2022-09-30 | CVE-2022-20919 | Improper Handling of Exceptional Conditions vulnerability in Cisco IOS XE 17.9.1 A vulnerability in the processing of malformed Common Industrial Protocol (CIP) packets that are sent to Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition. | 7.5 |
| 2022-09-08 | CVE-2022-20696 | Unspecified vulnerability in Cisco Sd-Wan Vmanage A vulnerability in the binding configuration of Cisco SD-WAN vManage Software containers could allow an unauthenticated, adjacent attacker who has access to the VPN0 logical network to also access the messaging service ports on an affected system. low complexity cisco | 8.8 |
| 2022-08-25 | CVE-2022-20823 | Out-of-bounds Read vulnerability in Cisco products A vulnerability in the OSPF version 3 (OSPFv3) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 8.6 |
| 2022-08-25 | CVE-2022-20824 | Out-of-bounds Write vulnerability in Cisco products A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with root privileges or cause a denial of service (DoS) condition on an affected device. | 8.8 |
| 2022-08-25 | CVE-2022-20921 | Unspecified vulnerability in Cisco ACI Multi-Site Orchestrator A vulnerability in the API implementation of Cisco ACI Multi-Site Orchestrator (MSO) could allow an authenticated, remote attacker to elevate privileges on an affected device. | 8.8 |
| 2022-08-10 | CVE-2022-20866 | Information Exposure Through Discrepancy vulnerability in Cisco products A vulnerability in the handling of RSA keys on devices running Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve an RSA private key. | 7.5 |
| 2022-08-10 | CVE-2022-20816 | Path Traversal vulnerability in Cisco Unified Communications Manager A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to delete arbitrary files from an affected system. | 8.1 |
| 2022-07-22 | CVE-2022-20892 | Classic Buffer Overflow vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. | 7.2 |