Vulnerabilities > Cisco > High

DATE CVE VULNERABILITY TITLE RISK
2022-05-04 CVE-2022-20801 OS Command Injection vulnerability in Cisco products
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 and RV345 Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system of an affected device.
network
low complexity
cisco CWE-78
7.2
2022-05-03 CVE-2022-20715 Improper Input Validation vulnerability in Cisco Firepower Threat Defense
A vulnerability in the remote access SSL VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
network
low complexity
cisco CWE-20
8.6
2022-05-03 CVE-2022-20729 XML Injection (aka Blind XPath Injection) vulnerability in Cisco Firepower Threat Defense
A vulnerability in CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to inject XML into the command parser.
local
low complexity
cisco CWE-91
7.8
2022-05-03 CVE-2022-20730 Unspecified vulnerability in Cisco Firepower Threat Defense
A vulnerability in the Security Intelligence feed feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the Security Intelligence DNS feed.
network
low complexity
cisco
7.5
2022-05-03 CVE-2022-20737 Out-of-bounds Write vulnerability in Cisco Adaptive Security Appliance Software
A vulnerability in the handler for HTTP authentication for resources accessed through the Clientless SSL VPN portal of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device or to obtain portions of process memory from an affected device.
network
low complexity
cisco CWE-787
7.1
2022-05-03 CVE-2022-20742 Unspecified vulnerability in Cisco Firepower Threat Defense
A vulnerability in an IPsec VPN library of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to read or modify data within an IPsec IKEv2 VPN tunnel.
network
high complexity
cisco
7.4
2022-05-03 CVE-2022-20743 Unrestricted Upload of File with Dangerous Type vulnerability in Cisco Secure Firewall Management Center
A vulnerability in the web management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to bypass security protections and upload malicious files to the affected system.
network
low complexity
cisco CWE-434
8.8
2022-05-03 CVE-2022-20745 Improper Input Validation vulnerability in Cisco Firepower Threat Defense
A vulnerability in the web services interface for remote access VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
network
low complexity
cisco CWE-20
7.5
2022-05-03 CVE-2022-20746 NULL Pointer Dereference vulnerability in Cisco Firepower Threat Defense
A vulnerability in the TCP proxy functionality of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition.
network
low complexity
cisco CWE-476
7.5
2022-05-03 CVE-2022-20751 Allocation of Resources Without Limits or Throttling vulnerability in Cisco Firepower Threat Defense
A vulnerability in the Snort detection engine integration for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause unlimited memory consumption, which could lead to a denial of service (DoS) condition on an affected device.
network
low complexity
cisco CWE-770
7.5