Vulnerabilities > Cisco > High

DATE CVE VULNERABILITY TITLE RISK
2024-09-11 CVE-2024-20398 OS Command Injection vulnerability in Cisco IOS XR
A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to obtain read/write file system access on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands.
local
low complexity
cisco CWE-78
7.8
2024-09-11 CVE-2024-20406 Unspecified vulnerability in Cisco IOS XR
A vulnerability in the segment routing feature for the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of ingress IS-IS packets.
low complexity
cisco
7.4
2024-09-11 CVE-2024-20483 OS Command Injection vulnerability in Cisco IOS XR
Multiple vulnerabilities in Cisco Routed PON Controller Software, which runs as a docker container on hardware that is supported by Cisco IOS XR Software, could allow an authenticated, remote attacker with Administrator-level privileges on the PON Manager or direct access to the PON Manager MongoDB instance to perform command injection attacks on the PON Controller container and execute arbitrary commands as root. These vulnerabilities are due to insufficient validation of arguments that are passed to specific configuration commands.
network
low complexity
cisco CWE-78
7.2
2024-09-04 CVE-2024-20440 Information Exposure Through Log Files vulnerability in Cisco Smart License Utility 2.0.0/2.1.0/2.2.0
A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive information. This vulnerability is due to excessive verbosity in a debug log file.
network
low complexity
cisco CWE-532
7.5
2024-08-28 CVE-2024-20284 Unspecified vulnerability in Cisco Nx-Os 9.3(13)
A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient validation of user-supplied input.
local
low complexity
cisco
8.8
2024-08-28 CVE-2024-20285 Unspecified vulnerability in Cisco Nx-Os 9.3(13)
A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient validation of user-supplied input.
local
low complexity
cisco
8.8
2024-08-28 CVE-2024-20286 Unspecified vulnerability in Cisco Nx-Os 9.3(13)
A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient validation of user-supplied input.
local
low complexity
cisco
8.8
2024-08-07 CVE-2024-20451 Unspecified vulnerability in Cisco products
Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly. These vulnerabilities exist because HTTP packets are not properly checked for errors.
network
low complexity
cisco
7.5
2024-05-22 CVE-2024-20360 SQL Injection vulnerability in Cisco Secure Firewall Management Center
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.
network
low complexity
cisco CWE-89
8.8
2024-04-24 CVE-2024-20313 Classic Buffer Overflow vulnerability in Cisco IOS XE
A vulnerability in the OSPF version 2 (OSPFv2) feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition.
low complexity
cisco CWE-120
7.4