Vulnerabilities > Cisco > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-04 | CVE-2022-20799 | OS Command Injection vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 and RV345 Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. | 7.2 |
| 2022-05-04 | CVE-2022-20801 | OS Command Injection vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 and RV345 Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. | 7.2 |
| 2022-05-03 | CVE-2022-20715 | Improper Input Validation vulnerability in Cisco Firepower Threat Defense A vulnerability in the remote access SSL VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 8.6 |
| 2022-05-03 | CVE-2022-20729 | XML Injection (aka Blind XPath Injection) vulnerability in Cisco Firepower Threat Defense A vulnerability in CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to inject XML into the command parser. | 7.8 |
| 2022-05-03 | CVE-2022-20730 | Unspecified vulnerability in Cisco Firepower Threat Defense A vulnerability in the Security Intelligence feed feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the Security Intelligence DNS feed. | 7.5 |
| 2022-05-03 | CVE-2022-20737 | Out-of-bounds Write vulnerability in Cisco Adaptive Security Appliance Software A vulnerability in the handler for HTTP authentication for resources accessed through the Clientless SSL VPN portal of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device or to obtain portions of process memory from an affected device. | 7.1 |
| 2022-05-03 | CVE-2022-20742 | Unspecified vulnerability in Cisco Firepower Threat Defense A vulnerability in an IPsec VPN library of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to read or modify data within an IPsec IKEv2 VPN tunnel. | 7.4 |
| 2022-05-03 | CVE-2022-20743 | Unrestricted Upload of File with Dangerous Type vulnerability in Cisco Firepower Management Center A vulnerability in the web management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to bypass security protections and upload malicious files to the affected system. | 8.8 |
| 2022-05-03 | CVE-2022-20745 | Improper Input Validation vulnerability in Cisco Firepower Threat Defense A vulnerability in the web services interface for remote access VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. | 7.5 |
| 2022-05-03 | CVE-2022-20746 | NULL Pointer Dereference vulnerability in Cisco Firepower Threat Defense A vulnerability in the TCP proxy functionality of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. | 7.5 |